[tlug] Any way to make code running on a cloud service publicly verifiable?

["Stephen J. Turnbull" <stephen@example.com>]

Edmund Edgar writes:

 > Recently I've run into a couple of situations where I've wanted to run
 > some code on a server somewhere, in such a way that people can verify
 > that it's really running the code that I say I am.

The best way to do this is not to do it on a server at all.  Do it on
the client in Javascript or Java.  This is moderately verifiable by
anybody with access to wget. ;-)  Python has OpenSSL bindings, maybe JS
and/or Java do too.  This would work for the coinapult example.
Whether it would be fast enough if you have to do it in JS or Python
(ie, no OpenSSL bindings) is another question.

 > For example, I'd like to run a simple, api-only version of
 > www.coinapult.com, where in essence what my app has to do is:
 > 1) You tell me an email address.
 > 2) I make up a random number.
 > 3) I make a private/public keypair based on the random number.
 > 4) I email the private key to the email address.
 > 5) I tell you the public key.
 > 6) I forget all about the random number and the private key.

Coinapult doesn't promise (6), only implicitly not to use them.  I
don't understand why simply promising to be good doesn't work for
you.  (This matters because although there are no absolutely
trustworthy ways to do this without 3rd party certification AFAICS,
depending on the application you might be able to convince people with
something short of bulletproof security.)

 > I don't mind people having to trust some big, well-known
 > organization with no particular interest in my service,

Well, then I don't see why you wouldn't be able to use the approach in
the Brown-Chase paper.  Of course you'd have to pay for it, but isn't
trust the most valuable thing in the world? ;-)

 > It looks like I could get part of the way by making an EC2 AMI,
 > setting it to fetch code based on a parameter set when it was run and
 > locking myself out of it, but I'm not sure that I could effectively
 > let people verify that the server I was running at a given IP address
 > was really using that AMI, and I'm also not quite confident that there
 > isn't some other way of secretly horsing around with an instance that
 > you own.

Ken Thompson proved that there is such a way 3 decades ago.  See ref
#14 in the Brown-Chase paper.

The thing is, you absolutely have to have a third party certify that
(1) they know exactly what the system that downloaded your code is,
and they know it's safe (ie, the code doesn't have backdoors that Ken
put there and the only server visible outside of the instance itself
is a vanilla webserver using HTTPS, and (2) that the initial code it
downloaded is the code you published.  ("Initial" because you could
trivially add a backdoor to upload additional code via HTTPS or
whatever -- this can only be dealt with by a 3rd party certifying that
your initial code doesn't do that.)

If you trust SHA1 is cryptographically strong, then you could do this
easily with git or hg (or maybe bzr, but they have a weird way of
creating revids whose implications I don't understand, and therefore
cannot trust in this application).  Have the cloud provider install a
trusted, known clean version of the DVCS, which checks out a revision
you specify from a public repo.  Then have the domain name of your
virtual host be derived from that revid by the trusted cloud provider's
nameserver.  (AFAICT, this doesn't cost any security due to DNS holes.
You already have that problem, just as Coinapult has the problem that
reading somebody's email is trivial for the Russian mafia etc.  So
anything you do to make the DNS secure if you don't use this naming
scheme you can do if you do use it.)

 > Can anyone think of a good way to do this?

My half-serious response is "if you are trusting the advice of people
on this list, you don't really care about trust."<wink/>

Seriously, the Brown-Chase paper looks pretty good to me.  The ugly
part is "With the existing Web trust management framework, this
approach requires the user browser to accept C as a Certifying
Authority."  That is not something I'd want to try to explain the
pluses and minuses of to the average soccer mom.

Steve