A Denial of Service (DoS) attack is one in which a server or service is “overwhelmed” by traffic and consequently either disabled or made unavailable to its customers. Typically the effect on the target of a DoS attack is a loss of business, or in the less critical cases, just failure to get his/her message out.
However, cloud computing allows us to scale our servers up and up in order to service greater numbers of requests for service. This opens a new avenue of approach for attackers, which originally was labeled an Economic Denial of Sustainability attack by Christofer Hoff (November 2008), with a follow-up just recently. (I was introduced to the concept by Reuven Cohen’s description published just today.)
In short, if your cloud-based service is designed to scale up automatically (which some like Amazon EC2 are), then an attacker can grief you economically by sending a huge number of (automated) requests that appear on the surface to be legitimate, but are actually fake. Your costs will rise as you scale up, using more and/or larger servers (automatically) to service those fake requests. Ultimately you will reach a point where your costs overtake your ability to pay – a point at which your economic sustainability becomes questionable.
Ouch!
[The EDoS concept applies primarily to cloud-based services and not to people who own their own servers, because if you own your own servers and are the target of a DoS attack, you don’t immediately and automatically scale your operation up to a larger size, so the attack doesn’t immediately cost you money. It’s only when the scaling-up is automated and there’s no ceiling that you run the risk of economic damage.]
[…] written about “economic denial-of-sustainability” attacks, in which an attacker causes a cloud user to so scale up their server usage that it […]