Introducing fraudulent energy consumption in cloud infrastructures: A new generation of denial-of-service attacks

Currently, cloud computing is the target business environment for many enterprises and government organizations. However, despite the huge potential gains that can be achieved, security represents a fundamental issue, which prevents the massive cloud adoption in mission-critical Information Technology sectors. The most common security issues are amplified in the cloud environment since new complex features, with their inherent weaknesses, enter into the problem space, particularly those associated to multitenancy and elasticity. Thus, new threats, such as the energy-related denial-of-service attacks against large-scale cloud infrastructures, may involve not only the quality of the delivered services but also their operational costs in terms of energy bill. The longer is the time necessary to identify such attacks, the heavier is the impact on the overall energy consumption and, consequently, on the associated expenses. This work presents a detailed analysis of such new sophisticated menaces, by focusing on those that are specifically tailored to originate the worst-case energy demands by leveraging properly crafted low-rate traffic patterns in order to ensure stealth operations. We present some strategies exploiting the cloud flexibility in order to increase in a fraudulent way the overall energy consumption and analyze their impact within large-scale cloud infrastructures. This should help cloud providers in understanding such weaknesses and highlighting their root causes, as well as in providing some hints on how they can counter these subtle security issues.