Researchers Steal Cloud Computing Power Via Browsers - InformationWeek
Cloud // Infrastructure as a Service
05:40 PM
Connect Directly
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Researchers Steal Cloud Computing Power Via Browsers

Security researchers demonstrate that cloud computing can be taken at no cost, if you know where to find the processing cycles.

7 Cheap Cloud Storage Options
7 Cheap Cloud Storage Options
(click image for larger view and for slideshow)
While Amazon and Google compete in a cloud computing price war, neither company can beat the price proposed by academic computer researchers: free.

Computer scientists at North Carolina State University and the University of Oregon have demonstrated that it is possible to conduct large-scale cloud computing tasks anonymously at no cost by abusing cloud-based browsers, such as Amazon Silk, Cloud Browse, Opera Mini and Puffin.

Their paper, "Abusing Cloud-Based Browsers for Fun and Profit," is scheduled to be presented on December 6 at the 2012 Annual Computer Security Applications Conference in Orlando, Fla.

Other security researchers have demonstrated ways in which cloud computing can be used to break weak security. For example, Moxie Marlinspike's CloudCracker service leverages the power of cloud-based servers to crack network passwords. But such number crunching costs money.

[ Learn how to get 10 times faster query performance at one-tenth the price. Read Amazon Debuts Low-Cost, Big Data Warehousing. ]

What William Enck, an assistant professor of computer science at N.C. State, and his five co-authors describe in their paper is a technique they call a Browser MapReduce (BMR).

MapReduce, developed by Google, is a way to handle the parallel processing of large data sets. Browser MapReduce involves the aggregation of free JavaScript processing offered by cloud-based browsers, in conjunction with a scheduling scheme to work around the computational limitations imposed by cloud-browser providers, to perform MapReduce jobs.

With careful coordination, BMR demonstrates "a new way of performing parasitic computing," the paper states. For free storage, the BMR experiments conducted relied on the URL shortening service, through which data encoded in URLs could be preserved and accessed via the API.

The paper's authors liken cloud browsers to insecure mail servers. "By rendering Web pages in the cloud, the providers of cloud browsers can become open computation centers, much in the same way that poorly configured mail servers become open relays," they say.

BMR outperformed Amazon's Elastic MapReduce and Hadoop running on Amazon EC2 for a distributed grep job. It performed less well when processing word count and distributed sort experiments, but the researchers note that BMR was not designed to outpace MapReduce and that the meager savings in the experiments -- the Amazon jobs cost three or four cents, while BMR cost nothing -- could be much more significant for a large job over a long period of time, like distributed password cracking.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/1/2012 | 6:55:42 PM
re: Researchers Steal Cloud Computing Power Via Browsers
Cloud computing is done for free and successfully through the BOINC network for years now. People willingly donate idle processing time. I don't see why researches even have to 'steal' could computing power.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll