Exploiting the Cloud Control Plane for Fun and Profit

Cloud providers typically charge for their services. There are diverse pricing models which often follow a pay-per-use paradigm. The consumers' payments are expected to cover all cost which incurs to the provider for processing, storage, bandwidth, data centre operation and engineering efforts, among others. In contrast, the consumer management interfaces are free of charge as they are expected to cause only a minority of the load compared to the actual computing services. With new service models and more complex and powerful management abilities, it is time to rethink this decision. The paper shows how to exploit the control plane of AWS Lambda to implement stateful services practically for free and under some circumstances even guaranteed for free which if widely deployed would cause a monetary loss for the provider. It also elaborates on the consistency model for AWS Lambda.

[1]  Fabrizio Montesi,et al.  Process-aware web programming with Jolie , 2013, SAC '13.

[2]  Rubby Casallas,et al.  Infrastructure Cost Comparison of Running Web Applications in the Cloud Using AWS Lambda and Monolithic and Microservice Architectures , 2016, 2016 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid).

[3]  Ian A. Kash,et al.  Pricing the Cloud , 2016, IEEE Internet Computing.

[4]  Augusto Ciuffoletti,et al.  Application level interface for a cloud monitoring service , 2016, Comput. Stand. Interfaces.

[5]  Raihan Ur Rasool,et al.  Cloud Market Maker: An automated dynamic pricing marketplace for cloud users , 2016, Future Gener. Comput. Syst..

[6]  David Bernstein Is Amazon Becoming the New Cool Software Company for Developers? , 2015, IEEE Cloud Computing.

[7]  Anja Feldmann,et al.  Reins to the Cloud: Compromising Cloud Systems via the Data Plane , 2016, 1610.08717.

[8]  Abhinav Srivastava,et al.  On the Control Plane of a Self-service Cloud Platform , 2014, SoCC.

[9]  Josef Spillner,et al.  Stealth Databases: Ensuring User-Controlled Queries in Untrusted Cloud Environments , 2015, 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC).