Archive for January, 2009
A Denial of Service (DoS) attack is one in which a server or service is “overwhelmed” by traffic and consequently either disabled or made unavailable to its customers. Typically the effect on the target of a DoS attack is a loss of business, or in the less critical cases, just failure to get his/her message out.
However, cloud computing allows us to scale our servers up and up in order to service greater numbers of requests for service. This opens a new avenue of approach for attackers, which originally was labeled an Economic Denial of Sustainability attack by Christofer Hoff (November 2008), with a follow-up just recently. (I was introduced to the concept by Reuven Cohen’s description published just today.)
In short, if your cloud-based service is designed to scale up automatically (which some like Amazon EC2 are), then an attacker can grief you economically by sending a huge number of (automated) requests that appear on the surface to be legitimate, but are actually fake. Your costs will rise as you scale up, using more and/or larger servers (automatically) to service those fake requests. Ultimately you will reach a point where your costs overtake your ability to pay – a point at which your economic sustainability becomes questionable.
[The EDoS concept applies primarily to cloud-based services and not to people who own their own servers, because if you own your own servers and are the target of a DoS attack, you don't immediately and automatically scale your operation up to a larger size, so the attack doesn’t immediately cost you money. It’s only when the scaling-up is automated and there’s no ceiling that you run the risk of economic damage.]
Thubten Samphel, information secretary (of DIIR- the Department of Information and International Relations) of the Tibetan government in exile in India, has written a fictional account of young Tibetan exiles living in India, entitled Falling through the Roof. —That’s a reference to Tibet as the “roof of the world.” The book isn’t yet available outside of India. It looks like it’s an in-depth introduction to what it feels like to fall out of your native land and end up being educated and living in a foreign culture.
I guess them that passes the laws first will get the kudos. So here’s some credit, and honestly if you google around you won’t find this law anywhere else. This is so simple yet it’s the basis of everything we do (and many things we overlook) every day online… Jerry Michalski’s “Law of Convenience.”
Every additional step that stands between people’s desires and the fulfillment of those desires greatly decreases the likelihood that they will undertake the activity.
Jerry reminds us that even one little impediment – one additional click; an additional password; a confirmation – can stand in the way of a product’s being used or not. Ya, everybody already knows this, but a reminder every once in a while is welcome because we sometimes get overly-impressed with the features of the products we’re designing and think that people will love them so much they won’t mind all of the extra steps and clicks.
I’ve mentioned before that I’m bringing up web sites on Slicehost. It’s a cloud computing environment and that means I don’t know and don’t care exactly what or where the server is, and I only buy as much as I need.
It’s an interesting experience because in the rest of my life I’m constantly expanding my (personal) computers by adding storage and processor power so they can run faster and faster, but in the case of cloud computing, instead, I’m scaling down the pieces of software so they can run more efficiently in a small “computer” instead. (continue reading…)