Issue No.03 - July-Sept. (2013 vol.6)
pp: 300-313
Ki-Woong Park , Korea Advanced Institute of Science and Technology, Daejeon
Jaesun Han , NexR Corporation, Seoul
JaeWoong Chung , Intel Co. Ltd., Santa Clara
Kyu Ho Park , Korea Advanced Institute of Science and Technology, Daejeon
With the widespread adoption of cloud computing, the ability to record and account for the usage of cloud resources in a credible and verifiable way has become critical for cloud service providers and users alike. The success of such a billing system depends on several factors: The billing transactions must have integrity and nonrepudiation capabilities; the billing transactions must be nonobstructive and have a minimal computation cost; and the service level agreement (SLA) monitoring should be provided in a trusted manner. Existing billing systems are limited in terms of security capabilities or computational overhead. In this paper, we propose a secure and nonobstructive billing system called THEMIS as a remedy for these limitations. The system uses a novel concept of a cloud notary authority for the supervision of billing. The cloud notary authority generates mutually verifiable binding information that can be used to resolve future disputes between a user and a cloud service provider in a computationally efficient way. Furthermore, to provide a forgery-resistive SLA monitoring mechanism, we devised a SLA monitoring module enhanced with a trusted platform module (TPM), called S-Mon. The performance evaluation confirms that the overall latency of THEMIS billing transactions (avg. 4.89 ms) is much shorter than the latency of public key infrastructure (PKI)-based billing transactions (avg. 82.51 ms), though THEMIS guarantees identical security features as a PKI. This work has been undertaken on a real cloud computing service called iCubeCloud.
Monitoring, Cloud computing, Protocols, Digital signatures, Computer architecture, Grid computing, and resource allocation, Records, verification, transaction processing, pricing
Ki-Woong Park, Jaesun Han, JaeWoong Chung, Kyu Ho Park, "THEMIS: A Mutually Verifiable Billing System for the Cloud Computing Environment", IEEE Transactions on Services Computing, vol.6, no. 3, pp. 300-313, July-Sept. 2013, doi:10.1109/TSC.2012.1
[1] Amazon Web Services, "Amazon Elastic Compute Cloud EC2, Simple Storage Service,",, Apr. 2011.
[2] Microsoft, "Microsoft, Windows Azure Platform,", 2010.
[3] M. Armbrust and A.E. Fox, "Above the Clouds: A Berkeley View of Cloud Computing," Technical Report UCB/EECS-2009-28, Electrical Engineering and Computer Sciences Dept., Univ. of California, Berkeley, Feb. 2009.
[4] N. Santos, K.P. Gummadi, and R. Rodrigues, "Towards Trusted Cloud Computing," Proc. Conf. Hot Topics in Cloud Computing (HotCloud), 2009.
[5] R.T. Snodgrass, S.S. Yao, and C. Collberg, "Tamper Detection in Audit Logs," Proc. 30th Int'l Conf. Very Large Data Bases (VLDB '04), pp. 504-515, 2004.
[6] L. Cornwall, M. Craig, R. Byrom, and R. Cordenonsib, "APEL: An Implementation of Grid Accounting Using R-GMA," Proc. UK E-Science All Hands Conf., Sept. 2005.
[7] F. Tannenbaum, L. Foster, and Tuecke, "Condor-G: A Computation Management Agent for Multi-Institutional Grids," Cluster Computing, vol. 5, pp. 237-246, 2002.
[8] O.-K. Kwon, J. Hahm, S. Kim, and J. Lee, "GRASP: A Grid Resource Allocation System Based on OGSA," Proc. IEEE 13th Int'l Symp. High Performance Distributed Computing, pp. 278-279, 2004.
[9] "Tivoli: Usage and Accounting Manager," IBM press release, 2009.
[10] PKIX Working Group, , 2008.
[11] A. Guarise, R. Piro, and A. Werbrouck, "Datagrid Accounting System---Architecture---v1.0," technical report, EU DataGrid, 2003.
[12] P. Gardfill, E. Elmroth, L. Johson, O. Mulmo, and T. Sandholm, "Scalable Grid-Wide Capacity Allocation with the SweGrid Accounting System (SGAS)," Concurrency Computation: Practice Experience, vol. 20, pp. 2089-2122, Dec. 2008.
[13] A. Barmouta and R. Buyya, "Gridbank: A Grid Accounting Services Architecture (GASA) for Distributed Systems Sharing and Integration," Proc. 17th Int'l Symp. Parallel and Distributed Processing (IPDPS '03), pp. 22-26, 2003.
[14] G. von Voigt and W. Muller, "Comparison of Grid Accounting Concepts for D-Grid," Proc. Cracow Grid Workshop, pp. 459-466, Oct. 2006.
[15] NexR, "iCube Cloud Computing and Elastic-Storage Services," http:/, Mar. 2011.
[16] H. Rajan and M. Hosamani, "Tisa: Toward Trustworthy Services in a Service-Oriented Architecture," IEEE Trans. Services Computing, vol. 1, no. 4, pp. 201-213, Oct.-Dec. 2008.
[17] S. Meng, L. Liu, and T. Wang, "State Monitoring in Cloud Datacenters," IEEE Trans. Knowledge and Data Eng., vol. 23, no. 9, pp. 1328-1344, Sept. 2011.
[18] C. Olston and B. Reed, "Inspector Gadget: A Framework for Custom Monitoring and Debugging of Distributed Dataflows," Proc. ACM SIGMOD Int'l Conf. Management of Data (SIGMOD '11), pp. 1221-1224, 2011.
[19] P. Leitner, A. Michlmayr, F. Rosenberg, and S. Dustdar, "Monitoring, Prediction and Prevention of SLA Violations in Composite Services," Proc. IEEE Int'l Conf. Web Services (ICWS), pp. 369-376, 2010.
[20] S. Pearson and B. Balacheff, Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall Professional, 2003.
[21] "Intel Trusted Execution Technology, Hardware-Based Technology for Enhancing Server Platform Security," white paper, Intel, 2010.
[22] A. Haeberlen, "A Case for the Accountable Cloud," SIGOPS Operating Systems Rev., vol. 44, pp. 52-57, Apr. 2010.
[23] F. Koeppe and J. Schneider, "Do You Get What You Pay for? Using Proof-of-Work Functions to Verify Performance Assertions in the Cloud," Proc. IEEE Second Int'l Conf. Cloud Computing Technology and Science (CloudCom), pp. 687-692, 2010.
[24] R. Buyya, D. Abramson, J. Giddy, and H. Stockinger, "Economic Models for Resource Management and Scheduling in Grid Computing," J. Concurrency Computation: Practice and Experience, vol. 14, pp. 1507-1542, 2002.
[25] B.N. Chun and D.E. Culler, "Market-Based Proportional Resource Sharing for Clusters," technical report, 1999.
[26] A. Herzberg and H. Yochai, "MiniPay: Charging per Click on the Web," Proc. Selected Papers from the Sixth Int'l Conf. World Wide Web, pp. 939-951, 1997.
[27] X. Dai and J. Grundy, "NetPay: An Off-Line, Decentralized Micro-Payment System for Thin-Client Applications," Electronic Commerce Research Applications, vol. 6, pp. 91-101, Jan. 2007.
[28] G.O. Karame, A. Francillon, and S. Cˇapkun, "Pay as You Browse: Microcomputations as Micropayments in Web-Based Services," Proc. 20th Int'l Conf. World Wide Web (WWW), pp. 307-316, 2011.
[29] Y. Chen, R. Sion, and B. Carbunar, "XPay: Practical Anonymous Payments for tor Routing and Other Networked Services," Proc. Eighth ACM Workshop Privacy in the Electronic Soc., pp. 41-50, 2009.
[30] Amazon Web Services,, 2010.
[31] R.L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM, vol. 26, pp. 96-99, Jan. 1983.
[32] K.-W. Park, S.K. Park, J. Han, and K.H. Park, "THEMIS: Towards Mutually Verifiable Billing Transactions in the Cloud Computing Environment," Proc. IEEE Third Int'l Conf. Cloud Computing, pp. 139-147, 2010.
[33] D. Challener, K. Yoder, and R. Catherman, A Practical Guide to Trusted Computing. IBM Press, 2008.
[34] "Trusted Boot: Open Source, Pre-Kernel/VMM Module," http:/, 2011.
[35] J. Cihula, "Trusted Boot: Verifying the Xen Launch," Intel presentation at Xen Summit, Oct. 2007.
[36] C. Li, A. Raghunathan, and N.K. Jha, "Secure Virtual Machine Execution under an Untrusted Management OS," Proc. IEEE Int'l Conf. Cloud Computing, pp. 172-179, 2010.
[37] The UNIX and Linux Forums, "UNIX Benchmarks," http://www.unix.comunix-benchmarks/, 1991.
[38] S. Berger, R. Cáceres, K.A. Goldman, R. Perez, R. Sailer, and L. van Doorn, "vTPM: Virtualizing the Trusted Platform Module," Proc. 15th Conf. USENIX Security Symp., vol. 15, 2006.