EDoS [Economic Denial of Sustainability] attacks
by Sky on Jan.26, 2009, under Security, Software and online tools, Sustainability
A Denial of Service (DoS) attack is one in which a server or service is “overwhelmed” by traffic and consequently either disabled or made unavailable to its customers. Typically the effect on the target of a DoS attack is a loss of business, or in the less critical cases, just failure to get his/her message out.
However, cloud computing allows us to scale our servers up and up in order to service greater numbers of requests for service. This opens a new avenue of approach for attackers, which originally was labeled an Economic Denial of Sustainability attack by Christofer Hoff (November 2008), with a follow-up just recently. (I was introduced to the concept by Reuven Cohen’s description published just today.)
In short, if your cloud-based service is designed to scale up automatically (which some like Amazon EC2 are), then an attacker can grief you economically by sending a huge number of (automated) requests that appear on the surface to be legitimate, but are actually fake. Your costs will rise as you scale up, using more and/or larger servers (automatically) to service those fake requests. Ultimately you will reach a point where your costs overtake your ability to pay – a point at which your economic sustainability becomes questionable.
Ouch!
[The EDoS concept applies primarily to cloud-based services and not to people who own their own servers, because if you own your own servers and are the target of a DoS attack, you don't immediately and automatically scale your operation up to a larger size, so the attack doesn’t immediately cost you money. It’s only when the scaling-up is automated and there’s no ceiling that you run the risk of economic damage.]
No related posts.
}Leave a Reply
-
Welcome!
I hope you'll enjoy this mix of topics stemming from my ongoing experiences in the world of online communication. Oh, and sometimes the inspiration comes from face-to-face communications too. Many are sparked by my work as Chief Technology Officer of The Dalai Lama Foundation. Current Features —
CyberSpark.net — Cyber-defense for free speech and human rights onlineMany Paths to Peace — Explore the many ways compassionate peacemakers are working to make this a better world. (Video interviews)
Traveling Geeks — The fun continues! The geeks traveled to London and Cambridge in July, and to Paris in December — and the conversation continues long after the trip has finished. Join us.
October 14th, 2009 on 9:05 am
[...] written about “economic denial-of-sustainability” attacks, in which an attacker causes a cloud user to so scale up their server usage that it [...]