Acctee: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting

Goltzsche D, Nieke M, Knauth T, Kapitza R (2019)

Publication Type: Conference contribution

Publication year: 2019

Publisher: Association for Computing Machinery, Inc

Pages Range: 123-135

Conference Proceedings Title: Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference

Event location: Davis, CA, USA

ISBN: 9781450370097

DOI: 10.1145/3361525.3361541

Abstract

Remote computation has numerous use cases such as cloud computing, client-side web applications or volunteer computing. Typically, these computations are executed inside a sandboxed environment for two reasons: first, to isolate the execution in order to protect the host environment from unauthorised access, and second to control and restrict resource usage. Often, there is mutual distrust between entities providing the code and the ones executing it, owing to concerns over three potential problems: (i) loss of control over code and data by the providing entity, (ii) uncertainty of the integrity of the execution environment for customers, and (iii) a missing mutually trusted accounting of resource usage. In this paper we present AccTEE, a two-way sandbox that offers remote computation with resource accounting trusted by consumers and providers. AccTEE leverages two recent technologies: hardware-protected trusted execution environments, and WebAssembly, a novel platform independent byte-code format. We show how AccTEE uses automated code instrumentation for fine-grained resource accounting while maintaining confidentiality and integrity of code and data. Our evaluation of AccTEE in three scenarios – volunteer computing, serverless computing, and pay-by-computation for the web – shows a maximum accounting overhead of 10%.

Authors with CRIS profile

Rüdiger Kapitza

Related research project(s)

PRIMaTE: PRIvacy preserving Multi-compartment Trusted Execution (PRIMaTE) Oct. 16, 2017 - Aug. 31, 2023

Involved external institutions

Technische Universität Braunschweig DE Germany (DE) Intel Corporation US United States (USA) (US)

How to cite

APA:

Goltzsche, D., Nieke, M., Knauth, T., & Kapitza, R. (2019). Acctee: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting. In Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference (pp. 123-135). Davis, CA, USA: Association for Computing Machinery, Inc.

MLA:

Goltzsche, David, et al. "Acctee: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting." Proceedings of the 20th ACM/IFIP/USENIX Middleware Conference, Middleware 2019, Davis, CA, USA Association for Computing Machinery, Inc, 2019. 123-135.

BibTeX: Download