Energy Attack on Server Systems

Power management has become increasingly important for server systems. Numerous techniques have been proposed and developed to optimize server power consumption and achieve energy proportional computing. However, the security perspective of server power management has not yet been studied. In this paper, we investigate energy attacks, a new type of malicious exploits on server systems. Targeted solely at abusing server power consumption, energy attacks exhibit very different attacking behaviors and cause very different victim symptoms from conventional cyberspace attacks. First, we unveil that today's server systems with improved power saving technologies are more vulnerable to energy attacks. Then, we demonstrate a realistic energy attack on a standalone server system in three steps: (1) by profiling energy cost of an open Web service under different operation conditions, we identify the vulnerabilities that subject a server to energy attacks; (2) exploiting the discovered attack vectors, we design an energy attack that can be launched anonymously from remote; and (3) we execute the attack and measure the extent of its damage in a systematic manner. Finally, we highlight the challenges in defending against energy attacks.

[1]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[2]  Ricardo Bianchini,et al.  Conserving disk energy in network servers , 2003, ICS '03.

[3]  E. N. Elnozahy,et al.  Energy Conservation Policies for Web Servers , 2003, USENIX Symposium on Internet Technologies and Systems.

[4]  Amin Vahdat,et al.  Managing energy and server resources in hosting centers , 2001, SOSP.

[5]  Luiz André Barroso,et al.  The Case for Energy-Proportional Computing , 2007, Computer.

[6]  Richard E. Brown,et al.  Report to Congress on Server and Data Center Energy Efficiency: Public Law 109-431 , 2008 .

[7]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[8]  Cheng Jin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[9]  Karsten Schwan,et al.  VirtualPower: coordinated power management in virtualized enterprise systems , 2007, SOSP.

[10]  Wolf-Dietrich Weber,et al.  Power provisioning for a warehouse-sized computer , 2007, ISCA '07.

[11]  James R. Hamilton Where Does the Power Go and What to do About it? , 2008, HotPower.

[12]  Michael Wallace,et al.  Advanced Configuration and Power Interface , 2009 .

[13]  Xue Liu,et al.  Dynamic Voltage Scaling in Multitier Web Servers with End-to-End Delay Control , 2007, IEEE Transactions on Computers.

[14]  Mahmut T. Kandemir,et al.  DRPM: dynamic speed control for power management in server class disks , 2003, 30th Annual International Symposium on Computer Architecture, 2003. Proceedings..

[15]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[16]  Paul Barford,et al.  Generating representative Web workloads for network and server performance evaluation , 1998, SIGMETRICS '98/PERFORMANCE '98.

[17]  Ricardo Bianchini,et al.  Dynamic cluster reconfiguration for power and performance , 2003 .

[18]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[19]  Xiang Cai,et al.  Exploiting Unix File-System Races via Algorithmic Complexity Attacks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[20]  Derek McAuley,et al.  Energy is just another resource: energy accounting and energy pricing in the Nemesis OS , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[21]  AbdelzaherTarek,et al.  Dynamic Voltage Scaling in Multitier Web Servers with End-to-End Delay Control , 2007 .

[22]  J.G. Tront,et al.  Battery Exhaustion Attack Detection with Small Handheld Mobile Computers , 2007, 2007 IEEE International Conference on Portable Information Devices.

[23]  Luiz André Barroso,et al.  The Price of Performance , 2005, ACM Queue.