Cloud paradigm is vulnerable to emerging breeds of fraudulent energy-related threats, which seek to exploit the cloud elasticity and the multi-tenant model. Recently, several sophisticated attacks have been reported by the cloud customers, which induced sustained and prolonged fraudulent resource consumptions, making the cloud costs unsustainable. If properly orchestrated, such attacks can also significantly affect the cloud service providers, forcing a frequent scaling and migration of virtual machines in the cloud. Such attacks aim at exploiting the elasticity and multi-tenacity of the cloud paradigm, in order to compromise the long-term financial viability of operating in the cloud, and thus, inflicting significant energy cost and loss of reputation to the cloud provider. This paper discusses the vulnerabilities associated to such a new breed of attacks, paying special emphasis to the risks for the cloud service providers. Practical experiments and simulations have been used to demonstrate the vulnerability of the cloud resource manager against emerging energy-related threats, named Fraudulent Energy Consumption attacks. Finally, some countermeasures are also discussed.
Could emerging fraudulent energy consumption attacks make the cloud infrastructure costs unsustainable?
Ficco, Massimo
2019-01-01
Abstract
Cloud paradigm is vulnerable to emerging breeds of fraudulent energy-related threats, which seek to exploit the cloud elasticity and the multi-tenant model. Recently, several sophisticated attacks have been reported by the cloud customers, which induced sustained and prolonged fraudulent resource consumptions, making the cloud costs unsustainable. If properly orchestrated, such attacks can also significantly affect the cloud service providers, forcing a frequent scaling and migration of virtual machines in the cloud. Such attacks aim at exploiting the elasticity and multi-tenacity of the cloud paradigm, in order to compromise the long-term financial viability of operating in the cloud, and thus, inflicting significant energy cost and loss of reputation to the cloud provider. This paper discusses the vulnerabilities associated to such a new breed of attacks, paying special emphasis to the risks for the cloud service providers. Practical experiments and simulations have been used to demonstrate the vulnerability of the cloud resource manager against emerging energy-related threats, named Fraudulent Energy Consumption attacks. Finally, some countermeasures are also discussed.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.