SIGCOMM24 Posters & Demos Paper #47 Reviews and Comments =========================================================================== Paper #47 Poster: Jasper, A Scalable and Fair Multicast for Financial Exchanges in the Cloud Review #47A =========================================================================== Overall merit ------------- 4. Accept Reviewer expertise ------------------ 3. Knowledgeable Paper summary ------------- This paper presents Jasper, a multicasting system for financial exchanges in the public cloud. Jasper adopts a tree of proxies, leverages VM hedging, and uses TEE to guarantee no trust. It reduces the median latency by nearly half compared to the existing solution offered by the public cloud. Comments for authors -------------------- Thanks for submitting the poster! I like the target application, which is a new and very important application for the public cloud. I just have a few comments or questions: 1) Does the transport protocol use UDP? If so, how do you handle packet loss without causing a big variation in the delivery window size? 2) TEE VMs are pretty limited in the public cloud. It would be great to think of another mechanism to guarantee no trust that does not require special TEE hardware, eg, maybe employing some verification techniques. Review #47B =========================================================================== Overall merit ------------- 4. Accept Reviewer expertise ------------------ 3. Knowledgeable Paper summary ------------- The poster presents Jasper, a fair and fast multicast algorithm to support financial transactions in public clouds. It has been implemented, and results show that the algorithm outperforms market leaders like AWS. Comments for authors -------------------- On the positive side, the motivation, idea, concept and realization are very convincing. The authors also have a solution for the obvious problem that market participants have a strong motivation for not adhering to the hold-and-release protocol, thus gaining an unfair advantage over others. Jasper thus looks like a very good solution for running financial transactions in public clouds which would render such systems much more flexible and more cost-effective. On the negative side, I never really understand how such numbers a s in Figure 2 can be computed in a distributed system without a global clock. How can timing delays be compared in such an absolute way? I suggest to explain this. Review #47C =========================================================================== Overall merit ------------- 4. Accept Reviewer expertise ------------------ 2. Some familiarity Paper summary ------------- This paper proposed Jasper, a scalable overlay multicast financial exchange in the cloud. Jasper introduced a proxy tree to improve scalability and tuned its structure to minimize latency. It built a VM hedging to achieve low latency, and leveraged TEE as a security guarantee between MPs and the exchange server. Comments for authors -------------------- It is an interesting design addressing the challenges of financial exchanges in the cloud. The tree and hedging design reduces latency, and the hold-and-release mechanism with TEE ensures fairness in message propagation. I have some questions about the design. In the proxy tree, it is unclear who performs as the intermediate-level proxy. Since intermediate-level proxies are responsible for propagating market data, does this mean that MP's VM cannot serve as an intermediate proxy? Or, with the hold-and-release mechanism, it doesn't matter if any VM performs as either an intermediate or receiver VM. This paper uses TEE to protect the trading algorithm. However, TEE is not bulletproof and has known vulnerabilities. The kernel itself, side-channel attacks, or even physical attacks can be used to undermine process isolation[1]. The authors might need to discuss this problem in their full version of this paper in the future. Overall, I like the idea and look forward to the full design and completed version of this paper. [1] Jauernig, Patrick, Ahmad-Reza Sadeghi, and Emmanuel Stapf. "Trusted execution environments: properties, applications, and challenges." IEEE Security & Privacy 2020