Failure or denial of service? A rethink of the cloud recovery model

Muhammed Bello Abdulazeez, Dariusz Kowalski, Alexei Lisista, Sultan Alshamrani

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

One of the dominant paradigms of cloud computing is infrastructure as a service (IaaS), which allows organizations to outsource computing equipment and resources such as servers, storage, networking, as well as services such as load balancing and content delivery networks. For vendors offering IaaS, load balancing is a critical aspect and selling point. One component of load balancing is auto-scaling. This feature allows applications to scale up and down dynamically based on load, performance and 'health' of a virtual machine (VM). It used to take years to grow businesses to millions of customers but now this can happen in months or even days, therefore the ability to access a seemingly infinite amount of resources on demand is very appealing to businesses. The entire cloud model relies on dynamic scalability and configurability because it is not practical to manually configure on-demand services. In this paper we reconsider the scaling of services on the cloud, and consider the definition of 'healthy' scaling, a concept vendors do not formally define. We also look at application layer denial of service (DOS) attacks on application servers running compute services. While there have been extensive efforts to defend the cloud against volumetric DOS using network layer defences, detecting and preventing application layer DOS attacks on the cloud is non-trivial due to the size of cloud and the heterogeneity of applications running. We surveyed some of the key cloud providers that offer IaaS such as Amazon Web Services, Windows Azure, Google Compute Engine, Rack Space Open Cloud, and IBM Smart Cloud Enterprise. We specifically analysed their auto-scaling features and looked at the cost implications for customers. We ask the question, does the monitoring feature of these services differentiate between load increase and Application Layer DOS when making the decision to scale up its services VM?.

Original languageEnglish (US)
Title of host publicationProceedings of the 15th European Conference on Cyber Warfare and Security, ECCWS 2016
EditorsRobert Koch, Gabi Dreo Rodosek
PublisherCurran Associates Inc.
Pages1-8
Number of pages8
ISBN (Electronic)9781910810934
StatePublished - Jan 1 2016
Externally publishedYes
Event15th European Conference on Cyber Warfare and Security, ECCWS 2016 - Munich, Germany
Duration: Jul 7 2016Jul 8 2016

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
Volume2016-January
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference15th European Conference on Cyber Warfare and Security, ECCWS 2016
CountryGermany
CityMunich
Period7/7/167/8/16

    Fingerprint

Keywords

  • Auto scaling
  • Cloud monitoring
  • Denial of service
  • DOS
  • IaaS

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

Abdulazeez, M. B., Kowalski, D., Lisista, A., & Alshamrani, S. (2016). Failure or denial of service? A rethink of the cloud recovery model. In R. Koch, & G. D. Rodosek (Eds.), Proceedings of the 15th European Conference on Cyber Warfare and Security, ECCWS 2016 (pp. 1-8). (European Conference on Information Warfare and Security, ECCWS; Vol. 2016-January). Curran Associates Inc..