25th USENIX Security Symposium has ended
Back To Schedule
Tuesday, August 9 • 11:30am - 12:00pm
Abusing Public Third-Party Services for EDoS Attacks

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Cloud computing has been widely adopted nowadays as it provides economical, elastic and scalable services to customers. The cloud resources are offered in an on demand manner and the consumers are charged based on their resource usage, known as “pay-as-you-go.” Such a cloud utility scheme opens the door to Economic Denial of Sustainability (EDoS) attacks in which the cloud consumers would suffer from financial losses. In this paper, we uncover the severity of EDoS attacks through demonstrating that EDoS attacks can be easily conducted at very low costs. In specific, we show that attackers can launch amplification attacks against the cloud consumers by abusing the free public third-party services provided by the Internet giants such as Google, Microsoft, Facebook and LinkedIn. Through studying the characteristics of 10 main public third-party services, we reveal that all of them can be abused to launch EDoS attacks and the amplification factor can reach up to 135K. To combat against the uncovered attacks, we propose several mitigation strategies for the third-party service providers as well as the cloud consumers.

Tuesday August 9, 2016 11:30am - 12:00pm PDT
Texas Ballroom 1

Attendees (6)