Title :
Exploiting Cloud Utility Models for Profit and Ruin
Author :
Idziorek, Joseph ; Tannian, Mark
Author_Institution :
Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA, USA
Abstract :
This paper discusses an attack on the cloud computing model by which an attacker subtly exploits a fundamental vulnerability of current utility compute models over a sustained period of time. Internet-accessible cloud services expose resources that are metered for billing purposes. These resources are subject to fraudulent resource consumption that is intended to run up the operating expenses for public cloud service customers. The details and significance of this attack are discussed as well as two detection methodologies and there respective experimental results. This work investigates a potentially significant vulnerability of the cloud computing model that could be exploited from any Internet connected host. Well-crafted transactions that only differ in intent but not in content are challenging to differentiate and thus this attack may be difficult to detect and prevent.
Keywords :
cloud computing; security of data; Internet accessible cloud services; cloud computing; exploiting cloud utility models; fraudulent resource consumption; public cloud service customers; Analytical models; Cloud computing; Computational modeling; Computer crime; Pricing; Web pages; Web servers; anomaly detection; application-layer DDoS; cloud computing; fraudulent resource consumption attack; utility compute model;
Conference_Titel :
Cloud Computing (CLOUD), 2011 IEEE International Conference on
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4577-0836-7
Electronic_ISBN :
2159-6182
DOI :
10.1109/CLOUD.2011.45
