AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting

Remote computation has numerous use cases such as cloud computing, client-side web applications or volunteer computing. Typically, these computations are executed inside a sandboxed environment for two reasons: first, to isolate the execution in order to protect the host environment from unauthorised access, and second to control and restrict resource usage. Often, there is mutual distrust between entities providing the code and the ones executing it, owing to concerns over three potential problems: (i) loss of control over code and data by the providing entity, (ii) uncertainty of the integrity of the execution environment for customers, and (iii) a missing mutually trusted accounting of resource usage. In this paper we present AccTEE, a two-way sandbox that offers remote computation with resource accounting trusted by consumers and providers. AccTEE leverages two recent technologies: hardware-protected trusted execution environments, and Web-Assembly, a novel platform independent byte-code format. We show how AccTEE uses automated code instrumentation for fine-grained resource accounting while maintaining confidentiality and integrity of code and data. Our evaluation of AccTEE in three scenarios – volunteer computing, serverless computing, and pay-by-computation for the web – shows a maximum accounting overhead of 10%

Towards Peer-to-Peer-based Cryptanalysis

Abstract-Modern cryptanalytic algorithms require a large amount of computational power. An approach to cope with this requirement is to distribute these algorithms among many computers and to perform the computation massively parallel. However, existing approaches for distributing cryptanalytic algorithms are based on a client/server or a grid architecture. In this paper we propose the usage of peer-to-peer (P2P) technology for distributed cryptanalytic calculations. Our contribution in this paper is three-fold: We first identify the challenges resulting from this approach and provide a classification of algorithms suited for P2P-based computation. Secondly, we discuss and classify some specific cryptanalytic algorithms and their suitability for such an approach. Finally we provide a new, fully decentralized approach for distributing such computationally intensive jobs. Our design takes special care about scalability and the possible untrustworthy nature of the participating peers

Shadow Banning in Browser-based Volunteering Computing

Browser-based volunteering computing projects are mainly used to perform scientific computations in heterogeneous clusters at a low cost. As for every community-driven approach, saboteurs can try to cheat the system for various reasons. In this paper, we propose to study whether such solutions could improve their performance and resilience by using shadow banning instead of a classic ban scheme. To do so, we have built a framework simulating a real system and studied the impact of shadow banning in relation with task types, saboteur rates, and detection techniques such as majority, m-first and credibility-based voting. Results show that shadow banning is overall more resilient, reducing the number of errors of detection by more than 33.5% in average. It also improves the server-side performance in a significant manner for saboteur rates between 0 and 20%

Solving key design issues for massively multiplayer online games on peer-to-peer architectures

Massively Multiplayer Online Games (MMOGs) are increasing in both popularity and scale on the Internet and are predominantly implemented by Client/Server architectures. While such a classical approach to distributed system design offers many benefits, it suffers from significant technical and commercial drawbacks, primarily reliability and scalability costs. This realisation has sparked recent research interest in adapting MMOGs to Peer-to-Peer (P2P) architectures. This thesis identifies six key design issues to be addressed by P2P MMOGs, namely interest management, event dissemination, task sharing, state persistency, cheating mitigation, and incentive mechanisms. Design alternatives for each issue are systematically compared, and their interrelationships discussed. How well representative P2P MMOG architectures fulfil the design criteria is also evaluated. It is argued that although P2P MMOG architectures are developing rapidly, their support for task sharing and incentive mechanisms still need to be improved. The design of a novel framework for P2P MMOGs, Mediator, is presented. It employs a self-organising super-peer network over a P2P overlay infrastructure, and addresses the six design issues in an integrated system. The Mediator framework is extensible, as it supports flexible policy plug-ins and can accommodate the introduction of new superpeer roles. Key components of this framework have been implemented and evaluated with a simulated P2P MMOG. As the Mediator framework relies on super-peers for computational and administrative tasks, membership management is crucial, e.g. to allow the system to recover from super-peer failures. A new technology for this, namely Membership-Aware Multicast with Bushiness Optimisation (MAMBO), has been designed, implemented and evaluated. It reuses the communication structure of a tree-based application-level multicast to track group membership efficiently. Evaluation of a demonstration application shows i that MAMBO is able to quickly detect and handle peers joining and leaving. Compared to a conventional supervision architecture, MAMBO is more scalable, and yet incurs less communication overheads. Besides MMOGs, MAMBO is suitable for other P2P applications, such as collaborative computing and multimedia streaming. This thesis also presents the design, implementation and evaluation of a novel task mapping infrastructure for heterogeneous P2P environments, Deadline-Driven Auctions (DDA). DDA is primarily designed to support NPC host allocation in P2P MMOGs, and specifically in the Mediator framework. However, it can also support the sharing of computational and interactive tasks with various deadlines in general P2P applications. Experimental and analytical results demonstrate that DDA efficiently allocates computing resources for large numbers of real-time NPC tasks in a simulated P2P MMOG with approximately 1000 players. Furthermore, DDA supports gaming interactivity by keeping the communication latency among NPC hosts and ordinary players low. It also supports flexible matchmaking policies, and can motivate application participants to contribute resources to the system

Cloud-edge hybrid applications

Many modern applications are designed to provide interactions among users, including multi- user games, social networks and collaborative tools. Users expect application response time to be in the order of milliseconds, to foster interaction and interactivity. The design of these applications typically adopts a client-server model, where all interac- tions are mediated by a centralized component. This approach introduces availability and fault- tolerance issues, which can be mitigated by replicating the server component, and even relying on geo-replicated solutions in cloud computing infrastructures. Even in this case, the client-server communication model leads to unnecessary latency penalties for geographically close clients and high operational costs for the application provider. This dissertation proposes a cloud-edge hybrid model with secure and ecient propagation and consistency mechanisms. This model combines client-side replication and client-to-client propagation for providing low latency and minimizing the dependency on the server infras- tructure, fostering availability and fault tolerance. To realize this model, this works makes the following key contributions. First, the cloud-edge hybrid model is materialized by a system design where clients maintain replicas of the data and synchronize in a peer-to-peer fashion, and servers are used to assist clients’ operation. We study how to bring most of the application logic to the client-side, us- ing the centralized service primarily for durability, access control, discovery, and overcoming internetwork limitations. Second, we dene protocols for weakly consistent data replication, including a novel CRDT model (∆-CRDTs). We provide a study on partial replication, exploring the challenges and fundamental limitations in providing causal consistency, and the diculty in supporting client- side replicas due to their ephemeral nature. Third, we study how client misbehaviour can impact the guarantees of causal consistency. We propose new secure weak consistency models for insecure settings, and algorithms to enforce such consistency models. The experimental evaluation of our contributions have shown their specic benets and limitations compared with the state-of-the-art. In general, the cloud-edge hybrid model leads to faster application response times, lower client-to-client latency, higher system scalability as fewer clients need to connect to servers at the same time, the possibility to work oine or disconnected from the server, and reduced server bandwidth usage. In summary, we propose a hybrid of cloud-and-edge which provides lower user-to-user la- tency, availability under server disconnections, and improved server scalability – while being ecient, reliable, and secure.Muitas aplicações modernas são criadas para fornecer interações entre utilizadores, incluindo jogos multiutilizador, redes sociais e ferramentas colaborativas. Os utilizadores esperam que o tempo de resposta nas aplicações seja da ordem de milissegundos, promovendo a interação e interatividade. A arquitetura dessas aplicações normalmente adota um modelo cliente-servidor, onde todas as interações são mediadas por um componente centralizado. Essa abordagem apresenta problemas de disponibilidade e tolerância a falhas, que podem ser mitigadas com replicação no componente do servidor, até com a utilização de soluções replicadas geogracamente em infraestruturas de computação na nuvem. Mesmo neste caso, o modelo de comunicação cliente-servidor leva a penalidades de latência desnecessárias para clientes geogracamente próximos e altos custos operacionais para o provedor das aplicações. Esta dissertação propõe um modelo híbrido cloud-edge com mecanismos seguros e ecientes de propagação e consistência. Esse modelo combina replicação do lado do cliente e propagação de cliente para cliente para fornecer baixa latência e minimizar a dependência na infraestrutura do servidor, promovendo a disponibilidade e tolerância a falhas. Para realizar este modelo, este trabalho faz as seguintes contribuições principais. Primeiro, o modelo híbrido cloud-edge é materializado por uma arquitetura do sistema em que os clientes mantêm réplicas dos dados e sincronizam de maneira ponto a ponto e onde os servidores são usados para auxiliar na operação dos clientes. Estudamos como trazer a maior parte da lógica das aplicações para o lado do cliente, usando o serviço centralizado principalmente para durabilidade, controlo de acesso, descoberta e superação das limitações inter-rede. Em segundo lugar, denimos protocolos para replicação de dados fracamente consistentes, incluindo um novo modelo de CRDTs (∆-CRDTs). Fornecemos um estudo sobre replicação parcial, explorando os desaos e limitações fundamentais em fornecer consistência causal e a diculdade em suportar réplicas do lado do cliente devido à sua natureza efémera. Terceiro, estudamos como o mau comportamento da parte do cliente pode afetar as garantias da consistência causal. Propomos novos modelos seguros de consistência fraca para congurações inseguras e algoritmos para impor tais modelos de consistência. A avaliação experimental das nossas contribuições mostrou os benefícios e limitações em comparação com o estado da arte. Em geral, o modelo híbrido cloud-edge leva a tempos de resposta nas aplicações mais rápidos, a uma menor latência de cliente para cliente e à possibilidade de trabalhar oine ou desconectado do servidor. Adicionalmente, obtemos uma maior escalabilidade do sistema, visto que menos clientes precisam de estar conectados aos servidores ao mesmo tempo e devido à redução na utilização da largura de banda no servidor. Em resumo, propomos um modelo híbrido entre a orla (edge) e a nuvem (cloud) que fornece menor latência entre utilizadores, disponibilidade durante desconexões do servidor e uma melhor escalabilidade do servidor – ao mesmo tempo que é eciente, conável e seguro

Providing incentive to peer-to-peer applications

Cooperative peer-to-peer applications are designed to share the resources of participating computers for the common good of ail users. However, users do not necessarily have an incentive to donate resources to the system if they can use the system's resources for free. As commonly observed in deployed applications, this situation adversely affects the applications' performance and sometimes even their availability and usability. While traditional resource management is handled by a centralized enforcement entity, adopting similar solution raises new concerns for distributed peer-to-peer systems. This dissertation proposes to solve the incentive problem in peer-to-peer applications by designing fair sharing policies and enforcing these policies in a distributed manner. The feasibility and practicability of this approach is demonstrated through numerous applications, namely archival storage systems, streaming systems, content distribution systems, and anonymous communication systems

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

ADDRESSING SELFISHNESS IN THE DESIGN OF COOPERATIVE SYSTEMS

I sistemi distribuiti cooperativi, tra cui in particolare i sistemi peer-to-peer, sono oggi alla base di applicazioni Internet di larga diffusione come file-sharing e media streaming, nonch\ue9 di tecnologie emergenti quali Blockchain e l'Internet of Things. Uno dei fattori chiave per il successo di un sistema cooperativo \ue8 che i nodi che vi partecipano mettano a disposizione della comunit\ue0 una parte delle proprie risorse (es. capacit\ue0 di calcolo, banda, spazio disco). Alcuni nodi, poich\ue9 controllati da agenti autonomi e indipendenti, potrebbero tuttavia agire egoisticamente e scegliere di non condividere alcuna risorsa, spinti dall'obiettivo di massimizzare la propria utilit\ue0 anche se a danno delle prestazioni dell'intero sistema. Affrontare l'egoismo dei nodi rappresenta dunque un'attivit\ue0 imprescindibile per lo sviluppo di un sistema cooperativo affidabile e performante. Nonostante il grande numero di tecniche ed approcci presenti in letteratura, tale attivit\ue0 richiede elaborazioni complesse, manuali e laboriose, nonch\ue9 conoscenze approfondite in vari domini di applicazione. Obiettivo di questa tesi \ue8 di fornire strumenti sia pratici che teorici per semplificare lo studio e il contrasto dei comportamenti egoistici nei sistemi cooperativi. Il primo contributo, basato su un'analisi esaustiva dello stato dell'arte sull'egoismo in sistemi distribuiti, presenta un framework di classificazione finalizzato all'identificazione e comprensione dei comportamenti egoistici pi\uf9 importanti su cui concentrarsi durante la progettazione di un sistema cooperativo. Come secondo contributo, presentiamo RACOON, un framework per la progettazione e configurazione di sistemi cooperativi resilienti all'egoismo dei nodi. L'obiettivo di RACOON \ue8 di semplificare tali attivit\ue0 fornendo una metodologia generale e semi-automatica, capace di integrare in un dato sistema pratici meccanismi di incentivo alla cooperazione, attentamente calibrati in modo da raggiungere gli obiettivi di resilienza e performance desiderati. A tal fine, RACOON impiega sia strumenti analitici appartenenti alla teoria dei giochi che metodi simulativi, che vengono utilizzati per fare previsioni sul comportamento del sistema in presenza di nodi egoisti. In questa tesi presentiamo inoltre una versione estesa del framework, chiamata RACOON++, sviluppata per migliorare l'accuratezza, flessibilit\ue0 e usabilit\ue0 del framework originale. Infine, come ultimo contributo del lavoro di tesi, presentiamo SEINE, un framework per la rapida modellazione e analisi sperimentale di vari tipi di comportamenti egoistici in un dato sistema cooperativo. Il framework \ue8 basato su un nuovo linguaggio specifico di dominio (SEINE-L) sviluppato per la descrizione degli scenari di egoismo da analizzare. SEINE fornisce inoltre supporto semi-automatico per l'implementazione e lo studio di tali scenari in un simulatore di sistemi distribuiti selezionato dallo stato dell'arte.Cooperative distributed systems, particularly peer-to-peer systems, are the basis of several mainstream Internet applications (e.g., file-sharing, media streaming) and the key enablers of new and emerging technologies, including blockchain and the Internet of Things. Essential to the success of cooperative systems is that nodes are willing to cooperate with each other by sharing part of their resources, e.g., network bandwidth, CPU capability, storage space. However, as nodes are autonomous entities, they may be tempted to behave in a selfish manner by not contributing their fair share, potentially causing system performance degradation and instability. Addressing selfish nodes is, therefore, key to building efficient and reliable cooperative systems. Yet, it is a challenging task, as current techniques for analysing selfishness and designing effective countermeasures remain manual and time-consuming, requiring multi-domain expertise. In this thesis, we aim to provide practical and conceptual tools to help system designers in dealing with selfish nodes. First, based on a comprehensive survey of existing work on selfishness, we develop a classification framework to identify and understand the most important selfish behaviours to focus on when designing a cooperative system. Second, we propose RACOON, a unifying framework for the selfishness-aware design and configuration of cooperative systems. RACOON provides a semi-automatic methodology to integrate a given system with practical and finely tuned mechanisms to meet specified resilience and performance objectives, using game theory and simulations to predict the behaviour of the system when subjected to selfish nodes. An extension of the framework (RACOON++) is also proposed to improve the accuracy, flexibility, and usability of RACOON. Finally, we propose SEINE, a framework for fast modelling and evaluation of various types of selfish behaviour in a given cooperative system. SEINE relies on a domain-specific language for describing the selfishness scenario to evaluate and provides semi-automatic support for its implementation and study in a state-of-the-art simulator.Les syst\ue8mes distribu\ue9s collaboratifs, en particulier les syst\ue8mes pair-\ue0-pair, forment l\u2019infrastructure sous-jacente de nombreuses applications Internet, certaines parmi les plus populaires (ex\ua0: partage de fichiers, streaming multim\ue9dia). Ils se situent \ue9galement \ue0 la base d\u2019un ensemble de technologies \ue9mergentes telles que la blockchain et l\u2019Internet des Objets. Le succ\ue8s de ces syst\ue8mes repose sur la contribution volontaire, de la part des n\u153uds participants, aux ressources partag\ue9es (ex : bande passante r\ue9seau, puissance de calcul, stockage de donn\ue9es). Or ces n\u153uds sont des entit\ue9s autonomes qui peuvent consid\ue9rer comme plus avantageux de se comporter de mani\ue8re \ue9go\uefste, c\u2019est-\ue0- dire de refuser de collaborer. De tels comportements peuvent fortement impacter les performances et la stabilit\ue9 op\ue9rationnelles du syst\ue8me cible. Prendre en compte et pr\ue9venir les comportements \ue9go\uefstes des n\u153uds est donc essentiel pour garantir l\u2019efficacit\ue9 et la fiabilit\ue9 des syst\ue8mes coop\ue9ratifs. Cependant, cela exige du d\ue9veloppeur, en d\ue9pit de la grande quantit\ue9 de techniques et d\u2019approches propos\ue9es dans la litt\ue9rature, des connaissances multisectorielles approfondies. L'objectif de cette th\ue8se est de concevoir et \ue9tudier de nouveaux outils th\ue9oriques et pratiques pour aider les concepteurs de syst\ue8mes distribu\ue9s collaboratifs \ue0 faire face \ue0 des n\u153uds \ue9go\uefstes. La premi\ue8re contribution, bas\ue9e sur une analyse exhaustive de la litt\ue9rature sur les comportements \ue9go\uefstes dans les syst\ue8mes distribu\ue9s, propose un mod\ue8le de classification pour identifier et analyser les comportements \ue9go\uefstes les plus importants sur lesquels il est important de se concentrer lors de la conception d'un syst\ue8me coop\ue9ratif. Dans la deuxi\ue8me contribution, nous proposons RACOON, un framework pour la conception et la configuration de syst\ue8mes coop\ue9ratifs r\ue9silients aux comportements \ue9go\uefstes. Outre un ensemble de m\ue9canismes d'incitation \ue0 la coop\ue9ration, RACOON fournit une m\ue9thodologie semi-automatique d\u2019int\ue9gration et de calibration de ces m\ue9canismes de mani\ue8re \ue0 garantir le niveau de performance souhait\ue9. RACOON s\u2019appuie sur une analyse du syst\ue8me cible fond\ue9e sur la th\ue9orie des jeux et sur des simulations pour pr\ue9dire l\u2019existence de n\u153uds \ue9go\uefstes dans le syst\ue8me. RACOON a \ue9t\ue9 \ue9tendu en un deuxi\ue8me framework, RACOON++. Plus pr\ue9cis, plus flexible, RACOON++ offre \ue9galement une plus grande facilit\ue9 d'utilisation. Une derni\ue8re contribution, SEINE, propose un framework pour la mod\ue9lisation et l'analyse des diff\ue9rents types de comportements \ue9go\uefstes dans un syst\ue8me coop\ue9ratif. Bas\ue9 sur un langage d\ue9di\ue9, d\ue9velopp\ue9 pour d\ue9crire les sc\ue9narios de comportement \ue9go\uefstes, SEINE fournit un support semi-automatique pour la mise en \u153uvre et l'\ue9tude de ces sc\ue9narios dans un simulateur choisi sur la base de l\u2019\ue9tat de l\u2019art (PeerSim)

Provable Security for Cryptocurrencies

The past several years have seen the surprising and rapid rise of Bitcoin and other “cryptocurrencies.” These are decentralized peer-to-peer networks that allow users to transmit money, tocompose financial instruments, and to enforce contracts between mutually distrusting peers, andthat show great promise as a foundation for financial infrastructure that is more robust, efficientand equitable than ours today. However, it is difficult to reason about the security of cryptocurrencies. Bitcoin is a complex system, comprising many intricate and subtly-interacting protocol layers. At each layer it features design innovations that (prior to our work) have not undergone any rigorous analysis. Compounding the challenge, Bitcoin is but one of hundreds of competing cryptocurrencies in an ecosystem that is constantly evolving. The goal of this thesis is to formally reason about the security of cryptocurrencies, reining in their complexity, and providing well-defined and justified statements of their guarantees. We provide a formal specification and construction for each layer of an abstract cryptocurrency protocol, and prove that our constructions satisfy their specifications. The contributions of this thesis are centered around two new abstractions: “scratch-off puzzles,” and the “blockchain functionality” model. Scratch-off puzzles are a generalization of the Bitcoin “mining” algorithm, its most iconic and novel design feature. We show how to provide secure upgrades to a cryptocurrency by instantiating the protocol with alternative puzzle schemes. We construct secure puzzles that address important and well-known challenges facing Bitcoin today, including wasted energy and dangerous coalitions. The blockchain functionality is a general-purpose model of a cryptocurrency rooted in the “Universal Composability” cryptography theory. We use this model to express a wide range of applications, including transparent “smart contracts” (like those featured in Bitcoin and Ethereum), and also privacy-preserving applications like sealed-bid auctions. We also construct a new protocol compiler, called Hawk, which translates user-provided specifications into privacy-preserving protocols based on zero-knowledge proofs

WISE Abstraction Framework for Wireless Networks

Current wireless networks commonly consist of nodes with different capabilities (e.g., laptops and PDAs). Link quality such as link error rate and data transmit rate can differ widely. For efficient operation, the design of wireless networks must take into account such heterogeneity among nodes and wireless links. We present systematic approaches to overcome problems due to heterogeneous node capability and link quality in wireless networks. We first present a general framework called WISE (Wireless Integration Sublayer Extension) that abstracts specific details of low-level wireless communication technologies (e.g., modulation or backoff scheme). WISE provides a set of common primitives, based on which upper-level protocols can operate efficiently without knowing the underlying details. We also present a number of protocol extensions that employ the WISE framework to enhance the performance of specific upper-level protocols while hiding lower-level heterogeneity (e.g., link error rate). Our multihop WLAN architecture improves system performance by allowing client nodes to use multihop paths via other clients to reach an AP. Our geographic routing extension considers both location and link quality in the next hop selection, which leads to optimal paths under certain conditions. To address heterogeneity in node capability, we consider virtual routing backbone construction in two settings: cooperative and selfish. In the cooperative setting, we present a protocol extension that constructs an optimal backbone composed of a small number of high-capability nodes, which can be generalized to a more resilient backbone. For the selfish case, we use game theory and design an incentive-compatible backbone construction scheme. We evaluate our work from multiple perspectives. We use theoretical analysis to prove that our extensions lead to optimal solutions. We use simulations to experiment with our schemes in various scenarios and real-world implementation to understand the performance in practice. Our experiment results show that our schemes significantly outperform existing schemes