DocumentCode :
650653
Title :
Cloud-as-a-Gift: Effectively Exploiting Personal Cloud Free Accounts via REST APIs
Author :
Gracia-Tinedo, Raul ; Sanchez Artigas, Marc ; Garcia Lopez, Pedro
Author_Institution :
Univ. Rovira i Virgili, Tarragona, Spain
fYear :
2013
fDate :
June 28 2013-July 3 2013
Firstpage :
621
Lastpage :
628
Abstract :
Personal Clouds, such as DropBox and Box, provide open REST APIs for developers to create clever applications that make their service even more attractive. These APIs are a powerful abstraction that makes it possible for applications to transparently manage data from user accounts, blurring the lines between a Personal Cloud service and storage IaaS. Jointly, Personal Clouds also offer free accounts to lure new users, that normally include reduced storage space and unlimited transfers. However, the unintended consequence of combining open APIs and free accounts is that these companies are exposing automated access to a free storage infrastructure, which may lead to abuse by malicious parties. By exploiting the freemium API service, users may fraudulently consume resources or they can use free accounts as a Cloud storage layer to support abusive applications. We call this vulnerability the storage leeching problem. In this paper, we show how easy it is to implement a file-sharing application able to distribute digital content by abusing Personal Clouds. Making use of open APIs, this application transparently aggregates the limited-space free accounts from multiple providers into a single larger storage layer, while achieving better transfer speed than that received from one provider alone. This demonstrates that free accounts can be easily exploited to obtain a practical Cloud storage service, and therefore, the potential impact of storage leeching.
Keywords :
application program interfaces; cloud computing; peer-to-peer computing; security of data; storage management; DropBox; automated access; cloud storage layer; cloud-as-a-gift; digital content; file-sharing application; freemium API service; limited-space free accounts; malicious party; multiple providers; open API; open REST API; personal cloud free accounts; personal cloud service; reduced storage space; storage IaaS; storage infrastructure; storage leeching problem; transfer speed; unlimited transfers; user accounts; Aggregates; Cloud computing; Companies; Economics; Registers; Cloud Storage; Personal Clouds; Security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on
Conference_Location :
Santa Clara, CA
Print_ISBN :
978-0-7695-5028-2
Type :
conf
DOI :
10.1109/CLOUD.2013.47
Filename :
6676749
Link To Document :
بازگشت