Attack on the Clouds

photofitterInternet and Web Development

Dec 4, 2013 (3 years and 11 months ago)

107 views

Attack on the Clouds

Sonia
Jahid

Imranul

Hoque


CS523 Project Presentation

April 29, 2009

Department of Computer Science

University of Illinois at Urbana
-
Champaign


Large scale infrastructure available for rent.


Involves 3 parties:


Cloud Owner, Cloud Client, End User


Example


New York Times uses Google
AppEngine
.


Yahoo! processes 84 TB of data per week from all its
services.


Infrastructure as a Service (
IaaS
): Amazon’s EC2


Platform as a Service (
PaaS
): Google’s
AppEngine


Software as a Service (
SaaS
): Microsoft’s
LiveMesh

Cloud Computing

2


Elasticity


A property that allows resource allocation in the
cloud within a short range of time.


Dynamic resource provisioning


Available for grids.


Secured dynamic provisioning algorithm for
resource allocation in the clouds



The Problem

3


Architecture


Attack Scenario


Results


Related Works


Conclusion

Outline

4


Cloud Manager


Group Manager


Instance Manager


Clients: Companies that pay for
resources.



Client Request:


<
resource
1
, min, max; resource
2
,
min, max; ... ;
resource
N
, min,
max>



Allocate resources to client
applications depending on its
load.



Perform dynamic allocation
based on resource threshold.

5

Architecture

Attack Scenario

Attacker

Cloud

6


Simulator for cost analysis.


Modified Eucalyptus to add dynamic resource
provisioning.


C compilers


Java Developer Kit (SDK) version 1.6 or above


Apache ant 1.6.5 or above


Curl development package


openssl development package


Eucalyptus node controller: Xen

Implementation

7

Evaluation

8

0
2
4
6
8
10
12
732
4392
8784
Cost in USD (Thousands)

Usage (Hours)

Cost for On
-
Demand Windows Instances

Standard Small Instance
Standard Large Instance
Standard Extra Large
Instance
High CPU Medium
Instance
High CPU Extra Large
Instance
Evaluation

9

1.098

3.294

2.6352

7.9056

0
2
4
6
8
10
12
0
6
12
18
24
Cost in USD (Thousands)

Hours
of Usage Per Day

Effect of Attack on
Annual Cost

Standard Large
Instance
High CPU XL
Instance

Amazon Elastic Compute Cloud (Amazon EC2)
http://aws.amazon.com/ec2/


Google App Engine.
http://code.google.com/appengine/


Live Mesh.
http://www.livemesh.com


Nimbus.
http://workspace.globus.org/


J. S. Chase, D. C. Anderson, P. N.
Thakar
, and A. M.
Vahdat
. Managing energy and server
resources in hosting centers.
In Proceedings of the 18th ACM Symposium on Operating
System
Principles


B. Krebs. Amazon: Hey Spammers, Get Off My Cloud!
Washington Post, July 2008


D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman,

L.
Youseff
, and D.
Zagorodnov
. The Eucalyptus Open
-
source Cloud
-
computing system. In
Proceedings of
Cloud Computing and Its Applications 2008


M. Rodriguez, D.
Tapiador
, J.
Fontan
, E.
Huedo
, R. S. Montero, and I. M.
Llorente
.
Dynamic virtual clusters in a grid site manager. In
3rd Workshop on Virtualization in
High
-
Performance Cluster and Grid Computing (VHPC 08),
EuroPar

2008, Gran
Canaria
,
Spain, 2008.


B.
Sotomayor
, R. S. Montero, I. M.
Llorente
, and I. Foster. Capacity Leasing in Cloud
Systems using the
OpenNebula

Engine. In
Proceedings of Cloud Computing and Its
Applications 2008.


Related Work

10


Dynamic Resource Provisioning facilitates 3
rd

party applications running on clouds


Attackers can exploit this technique and confer
monetary damage to the 3
rd

parties, i.e., cloud
clients

Conclusion

11

12