Computation Certification as a Service in the Cloud

This paper proposes a new form of Security as a Service (SECaaS) that allows untrusted, mostly serial computations in untrusted computing environments to be independently and efficiently validated by trusted, commodity clouds. This addresses the longstanding problem of safely executing high assurance computations on untrusted hosts. Untrusted computations are instrumented with a check pointing mechanism that yields a proof of computation integrity as the computation progresses. This proof can be validated by a trusted cloud to ensure that the computation was carried out faithfully. Cloud parallelism and replication is leveraged to validate the proof efficiently even when the original computation is not parallel zed. This affords a means of high-assurance, serial computation on cloud-aware, mobile devices that mix resource-rich but untrusted hardware with trusted but comparatively resource-impoverished hardware components. An implementation for Java and Hadoop MapReduce demonstrates that the approach is effective for commodity VMs, clouds, and software.