cloud as gift
TRANSCRIPT
![Page 1: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/1.jpg)
Team:
Surya Prakash Singh (2014H112186p)
Nishant kumar (2014H112193p)
Cloud as a Gift: Effectively Exploiting Personal
Cloud Free Accounts via Rest APIs
![Page 2: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/2.jpg)
Introduction Problem Storage Leeching Problem Rest Architecture in cloud Problem Motivation Simple Cost Model Boxleech Possible Solutions Conclusion References
Contents
![Page 3: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/3.jpg)
Personal Clouds, such as DropBox and Box, provide open REST APIs
for developers to create clever applications that make their service
even more attractive.
These APIs are a powerful abstraction that makes it possible for
applications to transparently manage data from user accounts,
blurring the lines between a Personal Cloud service and storage
IaaS.
Personal Clouds also offer free accounts to lure new users, that
normally include reduced storage space and unlimited transfers
Introduction
![Page 4: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/4.jpg)
5 GB free account
5 GB free account
DropBoxDropBox
REST APIsREST APIs
Personal Clouds offer free accounts to lure new customers and gain market share
Provide open REST APIs for developers to create clever applications that make their service even more attractive. From a functional viewpoint, these APIs enable an application to upload/download files to/from user account
![Page 5: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/5.jpg)
5 GB free account
5 GB free account
DropBoxDropBox
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
![Page 6: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/6.jpg)
5 GB free account
5 GB free account
DropBoxDropBox
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
BoxBox
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
![Page 7: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/7.jpg)
5 GB free account
5 GB free account
DropBoxDropBox
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
BoxBox
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
SugarSyncSugarSync
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
![Page 8: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/8.jpg)
Problem
5 GB free account
5 GB free account
DropBoxDropBox
45 Gb45 Gb
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
BoxBox
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
5 GB free account
SugarSyncSugarSync
REST APIsREST APIs
5 GB free account
5 GB free account
5 GB free account
5 GB free account
Abusive Application
Abusive Application
![Page 9: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/9.jpg)
Storage Leeching Problem
![Page 10: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/10.jpg)
Provide Software interface to connect and consume services in various ways.
Interface multiple systems.Service offering to third party clients and allow to build
application. Ex: Login By Facebook, Twitter, Sharing on Social Media
Provide support in heterogeneous ecosystems Abstract away business logic so that ecosystems of
services can easily connect and work.
Why REST in the cloud??
![Page 11: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/11.jpg)
REST Architecture in cloud
![Page 12: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/12.jpg)
Example: Google REST Services
![Page 13: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/13.jpg)
Step 1: Client Application Originate Request For Resources
Step 2: Redirect to “Server” for authorization
Step 3: Response is from server domain asking resources owner to
authenticate ( Enter credential Username and Password)
Step 4: Resources owner authenticate
Step 5: Server issue token to client
Step 6: Client confirms access and access services through issued token
OAuth2.0
![Page 14: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/14.jpg)
Entities OAuth 2.0
User AgentWeb Browser
Authorization
Request
Application
Token Request
Access Request
Authorization Server
Resources Server
![Page 15: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/15.jpg)
Economic Impact of Storage Leeching
Problem Motivation
![Page 16: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/16.jpg)
User arrive to the system and start using a certain abusive application that benefits from storage leeching.
Consider discrete time intervals (denoted by n) of duration ∆ .
Let λdenotes the average rate of new user arrivals per time interval.
μDenotes the average rate at which user permanently leaves the system
Simple Cost Model
![Page 17: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/17.jpg)
Number of alive user abusing the system at time n will given as
N(n) = N(0) + nλ − nμ, where λ ≥ μ Where N(0) represents the initial number of users which
are already in the system.
![Page 18: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/18.jpg)
The fraction of users that creates storage accounts of size a when they arrive to the system is defined by fs ∈ [0,1]
We assumes that once user creates an account, he does not cancel it after he leaves the system.
So the maximum amount of available storage (Sa) at time n is
Sa(n)=n·λ·fs ·a
![Page 19: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/19.jpg)
Storage consumption at time n will be given as:
Where s is the average storage consumption per user at every time interval.
€
Sc(n) = N(i)∗si=0
n
∑
![Page 20: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/20.jpg)
Download traffic is given by:
Where d is the average amount of consumed download traffic per time-slot n by every user .
€
D(n) = N(i)∗di=0
n
∑
![Page 21: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/21.jpg)
So overall monetary cost : C(n)=Sc(n)*cs +D(n)*cd Where cs represent the monetary cost per storage unit
and time interval, and cd the price of downloading a unit of data.
![Page 22: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/22.jpg)
The number of user arrivals,
namely λ, is one of the most
important factors re- garding the
monetary costs of storage leeching
We observe that a small number of
active users (4, 500) illicitly
consume an amount of resources
equivalent to $2,670 after 90 days
In case of a large-scale abuse,
these costs may reach dramatic
numbers at short or medium term
(e.g. $0.81M)
![Page 23: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/23.jpg)
![Page 24: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/24.jpg)
Boxleech is a proof-of-concept file-sharing application able to disseminate
illegal or copyrighted content by abusing Personal Clouds.
It aggregates free accounts from multiple Personal Clouds into a single
storage unit that can be freely accessed by users interested in a certain
content
Boxleech :an abusive file sharing application
![Page 25: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/25.jpg)
The design of Boxleech can be
divided into three main blocks: data
management, metadata and, chunk
assignment.
![Page 26: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/26.jpg)
Boxleech splits every file into chunks of up to 100MB in size
There were three good reasons for this: To surpass the file size limitations commonly imposed in the
REST API access to free accounts To exploit storage diversity by allocating chunks of the same
file to different Personal Clouds and To make it impossible for a single provider to store an entire
copy of an illicit content.
Locally Boxleech maintain an index.
Data Management
![Page 27: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/27.jpg)
index table
id Storage Provider 1
Storage Provider 2
Storage Provider 3
…
File 1 Chunk_11,Chunk_1 2
-------- ------
File 2 ------- Chunk_2 1 Chunk_2 2
File 1File 1
Chunk_1 1Chunk_1 1
Chunk_2 2Chunk_2 2
Chunk_1 2Chunk_1 2
Chunk_2 1Chunk_2 1
Storage Provider
1
Storage Provider
1
Storage Provider 2Storage
Provider 2
Storage Provider 3Storage
Provider 3
File 2File 2
![Page 28: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/28.jpg)
The objective of Boxleech metadata files (.boxleech) is to map a set of chunks corresponding to the same content to their location in diverse Personal Cloud accounts.
A metadata file is formed by a set of rows .
Metadata
chunk id order provider access credentials
![Page 29: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/29.jpg)
Round Robin (RR)
Upload/Download Proportional (UP, DP)
Chunk Assignment
![Page 30: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/30.jpg)
![Page 31: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/31.jpg)
Enforce accountable user identitiesIntroduce filters in the creation of free account such as phone number, Human Intervention
Expiration time for developer applicationsTo discourage malicious users to exploit open APIs as a durable storage substrate, we believe
that introducing expiration mechanisms to both developer applications and the related free
accounts could be an effective countermeasure.
Identify anomalous workloadsPersonal Clouds could benefit from research efforts focused on identifying fraudulent resource
consumption to detect abuse in storage accounts related to developer applications
Possible Solutions
![Page 32: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/32.jpg)
To lure customers and developers, Personal Clouds provide open REST APIs to
create new applications that make their service even more attractive. However,
the unintended consequence of this strategy is that it is very easy for a user to
abuse the service by aggregating free accounts, from one or several providers,
to obtain a high-quality storage service, what we term as the storage leeching
problem.
Conclusions
![Page 33: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/33.jpg)
[1] F. Research, “The personal cloud: Transforming personal computing, mobile, and web markets,” 2011. [Online]. Available: http://www.forrester.com/rb/Research/personal cloud transforming personal computing\%2C
mobile\%2C and/q/id/57403/t/2 [2] [Online]. Available: http://en.wikipedia.org/wiki/Dropbox (service) [3] M. Jensen, N. Gruschka, and R. Herkenh¨oner, “A survey of attacks on web services,” Computer
Science - Research and Development, vol. 24, pp. 185–197, 2009. [4] “A survey on security issues in service delivery models of cloud computing,” Journal of Network
and Computer Applications, vol. 34, no. 1, pp. 1–11, 2011. [5] J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, “All your
clouds are belong to us: security analysis of cloud management interfaces,” in ACM CCSW’11, 2011, pp. 3–14.
[6] L. Vaquero, L. Rodero-Merino, and D. Mor´an, “Locking the sky: asurvey on iaas cloud security,” Computing, vol. 91, pp. 93–118, 2011.
[7] J. Idziorek and M. Tannian, “Exploiting cloud utility models for profit and ruin,” in IEEE CLOUD’11, july 2011, pp. 33–40.
[8] J. Idziorek, M. Tannian, and D. Jacobson, “Attribution of fraudulent resource consumption in the cloud,” in IEEE CLOUD’12, 2012, pp. 99–106.
References:
![Page 34: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/34.jpg)
[9] M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E.Weippl., “Dark clouds on the horizon: Using cloud storage as attack vector and online slack space,” in USENIX Security, 2011, pp. 5–8.
[10] J. Srinivasan, W. Wei, X. Ma, and T. Yu, “Emfs: Email-based personal cloud storage,” in NAS’11, 2011, pp. 248–257.
[11] A. Traeger, N. Joukov, J. Sipek, and E. Zadok, “Using free web storage for data backup,” in StorageSS’06, 2006, pp. 73–78.
[12] H.-C. Chao, T.-J. Liu, K.-H. Chen, and C.-R. Dow, “A seamless and reliable distributed network file system utilizing webspace,” in WSE’08, 2008, pp. 65–68.
[13] E. Hammer-Lahav, “The OAuth 1.0 Protocol,” http://tools.ietf.org/html/ rfc5849, 2010. [14] J. R. Douceur, “The sybil attack,” in IPTPS’01, 2002, pp. 251–260. [15] R. Gracia-Tinedo, M. S´anchez-Artigas, A. Moreno-Mart´ınez, and P. Garc´ıa-L´opez,
“FRIENDBOX: A Hybrid F2F Personal Storage Application,” in IEEE CLOUD’12, 2012, pp. 131–138. [16] B. Cohen, “Incentives build robustness in bittorrent,” in Workshop on Economics of Peer-to-Peer systems, vol. 6, 2003, pp. 68–72. [17] D. Karger, E. Lehman, T. Leighton, R. Panigrahy, M. Levine, and D. Lewin, “Consistent hashing
and random trees: distributed caching protocols for relieving hot spots on the world wide web,” in ACM
STOC’97, 1997, pp. 654–663.
References:
![Page 35: Cloud as Gift](https://reader033.vdocument.in/reader033/viewer/2022052401/55c39440bb61eb653b8b4588/html5/thumbnails/35.jpg)
Thank You