Attack on the Clouds

photofitterInternet και Εφαρμογές Web

4 Δεκ 2013 (πριν από 3 χρόνια και 11 μήνες)

107 εμφανίσεις

Attack on the Clouds

Sonia
Jahid

Imranul

Hoque


CS523 Project Presentation

April 29, 2009

Department of Computer Science

University of Illinois at Urbana
-
Champaign


Large scale infrastructure available for rent.


Involves 3 parties:


Cloud Owner, Cloud Client, End User


Example


New York Times uses Google
AppEngine
.


Yahoo! processes 84 TB of data per week from all its
services.


Infrastructure as a Service (
IaaS
): Amazon’s EC2


Platform as a Service (
PaaS
): Google’s
AppEngine


Software as a Service (
SaaS
): Microsoft’s
LiveMesh

Cloud Computing

2


Elasticity


A property that allows resource allocation in the
cloud within a short range of time.


Dynamic resource provisioning


Available for grids.


Secured dynamic provisioning algorithm for
resource allocation in the clouds



The Problem

3


Architecture


Attack Scenario


Results


Related Works


Conclusion

Outline

4


Cloud Manager


Group Manager


Instance Manager


Clients: Companies that pay for
resources.



Client Request:


<
resource
1
, min, max; resource
2
,
min, max; ... ;
resource
N
, min,
max>



Allocate resources to client
applications depending on its
load.



Perform dynamic allocation
based on resource threshold.

5

Architecture

Attack Scenario

Attacker

Cloud

6


Simulator for cost analysis.


Modified Eucalyptus to add dynamic resource
provisioning.


C compilers


Java Developer Kit (SDK) version 1.6 or above


Apache ant 1.6.5 or above


Curl development package


openssl development package


Eucalyptus node controller: Xen

Implementation

7

Evaluation

8

0
2
4
6
8
10
12
732
4392
8784
Cost in USD (Thousands)

Usage (Hours)

Cost for On
-
Demand Windows Instances

Standard Small Instance
Standard Large Instance
Standard Extra Large
Instance
High CPU Medium
Instance
High CPU Extra Large
Instance
Evaluation

9

1.098

3.294

2.6352

7.9056

0
2
4
6
8
10
12
0
6
12
18
24
Cost in USD (Thousands)

Hours
of Usage Per Day

Effect of Attack on
Annual Cost

Standard Large
Instance
High CPU XL
Instance

Amazon Elastic Compute Cloud (Amazon EC2)
http://aws.amazon.com/ec2/


Google App Engine.
http://code.google.com/appengine/


Live Mesh.
http://www.livemesh.com


Nimbus.
http://workspace.globus.org/


J. S. Chase, D. C. Anderson, P. N.
Thakar
, and A. M.
Vahdat
. Managing energy and server
resources in hosting centers.
In Proceedings of the 18th ACM Symposium on Operating
System
Principles


B. Krebs. Amazon: Hey Spammers, Get Off My Cloud!
Washington Post, July 2008


D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman,

L.
Youseff
, and D.
Zagorodnov
. The Eucalyptus Open
-
source Cloud
-
computing system. In
Proceedings of
Cloud Computing and Its Applications 2008


M. Rodriguez, D.
Tapiador
, J.
Fontan
, E.
Huedo
, R. S. Montero, and I. M.
Llorente
.
Dynamic virtual clusters in a grid site manager. In
3rd Workshop on Virtualization in
High
-
Performance Cluster and Grid Computing (VHPC 08),
EuroPar

2008, Gran
Canaria
,
Spain, 2008.


B.
Sotomayor
, R. S. Montero, I. M.
Llorente
, and I. Foster. Capacity Leasing in Cloud
Systems using the
OpenNebula

Engine. In
Proceedings of Cloud Computing and Its
Applications 2008.


Related Work

10


Dynamic Resource Provisioning facilitates 3
rd

party applications running on clouds


Attackers can exploit this technique and confer
monetary damage to the 3
rd

parties, i.e., cloud
clients

Conclusion

11

12