Re: [tlug] Any way to make code running on a cloud service publicly verifiable?

[Brian LaVallee <b.lavallee@example.com>]

To get what you are looking take the following approach:

1. Compute and sign the hash for each file in the source.
2. Include the signed hash in the source.
3. Package the source.
4. Compute and sign the hash for the package.
5. Make the signed hash available with the package.

At this point, you ONLY have generated trusted source code.  [Add a script
making it easier for a user to verify the files.]

The next step involves a third-party server that should do the following:

1. Get a fresh copy of the package and signed hash.
2. Verify the package.
3. Install the local package locally.
4. Fetch the file and associated hash from Cloud Provider.
5. Compare and verify hash files from the source and Cloud Provider.
6. Fetch the file, compute the hash, and verify.

Now we have ONLY verified files used at the Cloud Provider.  Should be
enough for most users to accept THE CODE is creditable.  But it does NOT
guarantee the Cloud Provider isn't doing anything between the application
and user.

Because the application is intended to be API driven, use that as another
verification step.  Do permeation testing by running scripts on a
third-party server and make API calls, then compare against expected
results.  You could even create API's to specifically verify the code.

This will get you most of the way there.  HOWEVERŠ  Without controlling your
own infrastructure, this is where verification (TRUST) runs against a brick
wall.  

I see the integrity of public-key cryptography is your biggest risk, both
keys are theoretically available to the Cloud Provider.  In memory,
temporary files, mail queue, etc...

A bigger concern is using public-key cryptography on a Cloud Provider, there
is not way to insure the integrity of a random seed.  Theoretically it could
be compromised by logging /dev/random (urandom, PRNG, etc...), which could
allow another user of the Cloud Provider infrastructure to duplicate your
keys.


Sincerely,
Brian LaVallee


On 9/14/12 4:47 PM, "Edmund Edgar" <lists@example.com> wrote:

> Recently I've run into a couple of situations where I've wanted to run
> some code on a server somewhere, in such a way that people can verify
> that it's really running the code that I say I am.
> 
> For example, I'd like to run a simple, api-only version of
> www.coinapult.com, where in essence what my app has to do is:
> 1) You tell me an email address.
> 2) I make up a random number.
> 3) I make a private/public keypair based on the random number.
> 4) I email the private key to the email address.
> 5) I tell you the public key.
> 6) I forget all about the random number and the private key.
> 
> I don't mind people having to trust some big, well-known organization
> with no particular interest in my service, but I'd like them to be
> able to be able to put as little trust as possible in me - in
> particular to be able to check up on me to make sure that I'm not
> secretly keeping the private key.
> 
> Ideally I'd be running a known, public, verifiable image, which I
> couldn't log into, on some trusted organization's hardware, and the
> image would grab my code from some public, verifiable URL.
> 
> I stumbled on this paper talking about the same thing - their example
> is a voting system - but I'm looking for a way to actually do it.
> http://www.cs.duke.edu/~brownan/pubs/trusted-cloud-platform-services.pdf
> 
> It looks like I could get part of the way by making an EC2 AMI,
> setting it to fetch code based on a parameter set when it was run and
> locking myself out of it, but I'm not sure that I could effectively
> let people verify that the server I was running at a given IP address
> was really using that AMI, and I'm also not quite confident that there
> isn't some other way of secretly horsing around with an instance that
> you own.
> 
> Can anyone think of a good way to do this?