Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Any way to make code running on a cloud service publicly verifiable?

Recently I've run into a couple of situations where I've wanted to run
some code on a server somewhere, in such a way that people can verify
that it's really running the code that I say I am.

For example, I'd like to run a simple, api-only version of, where in essence what my app has to do is:
1) You tell me an email address.
2) I make up a random number.
3) I make a private/public keypair based on the random number.
4) I email the private key to the email address.
5) I tell you the public key.
6) I forget all about the random number and the private key.

I don't mind people having to trust some big, well-known organization
with no particular interest in my service, but I'd like them to be
able to be able to put as little trust as possible in me - in
particular to be able to check up on me to make sure that I'm not
secretly keeping the private key.

Ideally I'd be running a known, public, verifiable image, which I
couldn't log into, on some trusted organization's hardware, and the
image would grab my code from some public, verifiable URL.

I stumbled on this paper talking about the same thing - their example
is a voting system - but I'm looking for a way to actually do it.

It looks like I could get part of the way by making an EC2 AMI,
setting it to fetch code based on a parameter set when it was run and
locking myself out of it, but I'm not sure that I could effectively
let people verify that the server I was running at a given IP address
was really using that AMI, and I'm also not quite confident that there
isn't some other way of secretly horsing around with an instance that
you own.

Can anyone think of a good way to do this?

Edmund Edgar
Avatar Classroom
Your classroom, on the web, in a virtual world.
+81 090 3912 3380
Skype: edmundedgar
Second Life: Edmund Earp
Linked In: edmundedgar
Twitter: @edmundedgar

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links