Accountable Execution of Untrusted Programs

Many networked applications could beneet from executing components of their functionality closer to the data or services with which they interact. By doing this they may be able to circumvent long communication latencies or avoid transferring large quantities of data over congested or expensive network links. However, no public infrastructure currently exists to enable users to do this; they are restricted to running applications on systems which are either owned by them or dedicated to them. We propose a system that can execute code supplied by an untrusted user, yet can charge this user for all resources consumed by the computation. Such servers could be deployed at strategic locations throughout the Internet, enabling network users such as content providers to distribute their applications in a manner that is both eecient in terms of performance and-nancial cost. We call such a server a Xenoserver 1. This paper discusses the construction of such a system, examining how accounting, billing and quality of service provision can be achieved.