help promote
USENIX Conference Policies
Abusing Public Third-Party Services for EDoS Attacks
Huangxin Wang, Zhonghua Xi, Fei Li, and Songqing Chen, George Mason University
Cloud computing has been widely adopted nowadays as it provides economical, elastic and scalable services to customers. The cloud resources are offered in an on demand manner and the consumers are charged based on their resource usage, known as “pay-as-you-go.” Such a cloud utility scheme opens the door to Economic Denial of Sustainability (EDoS) attacks in which the cloud consumers would suffer from financial losses. In this paper, we uncover the severity of EDoS attacks through demonstrating that EDoS attacks can be easily conducted at very low costs. In specific, we show that attackers can launch amplification attacks against the cloud consumers by abusing the free public third-party services provided by the Internet giants such as Google, Microsoft, Facebook and LinkedIn. Through studying the characteristics of 10 main public third-party services, we reveal that all of them can be abused to launch EDoS attacks and the amplification factor can reach up to 135K. To combat against the uncovered attacks, we propose several mitigation strategies for the third-party service providers as well as the cloud consumers.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Huangxin Wang and Zhonghua Xi and Fei Li and Songqing Chen},
title = {Abusing Public {Third-Party} Services for {EDoS} Attacks},
booktitle = {10th USENIX Workshop on Offensive Technologies (WOOT 16)},
year = {2016},
address = {Austin, TX},
url = {https://www.usenix.org/conference/woot16/workshop-program/presentation/wang},
publisher = {USENIX Association},
month = aug
}