Skip to main content
SpringerLink
Log in
Book cover

International Conference on the Economics of Grids, Clouds, Systems, and Services

GECON 2018: Economics of Grids, Clouds, Systems, and Services pp 39–51Cite as

Why Are Repeated Auctions in RaaS Clouds Risky?

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 11113))

Abstract

The world of cloud computing is progressing from the concept of securing resources by predefined units to dynamically allocating resources using economic mechanisms. New mechanisms offer better utilization of the hardware by sharing it among multiple users. However, they allow new types of economic attacks. We introduce two new economic attacks performed by malicious users. These attacks harm the aggregate utility of Resource-as-a-Service (RaaS) clouds. Our first attack aims at raising bills in the system, and causing victims to pay more for the same amount of resources. Over time the attack may cause victims to exhaust their budget, thus lowering their demand for resource allocation, and allowing the attacker to acquire the freed resources at a negligible cost. Our second attack is designed to hinder the victim’s performance at specific points in time by outbidding them for a single round. For resources of high regaining costs or that their full utilization takes time (e.g., RAM), even a single round without the resource may significantly hinder the performance. In this work we demonstrate on a simple representative example how the first attack reduces the victim’s profit sevenfold and the second attack causes damage of $290–$630 for every dollar spent on the attack.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Most of the provider’s revenue comes from the constant hourly fee the guests pay for their base RAM. This allows the provider to use an auction to optimize the social welfare of the guests without worrying about its own revenue.

References

  1. Litke, A.G.: Memory Overcommitment Manager. https://github.com/aglitke/mom. Accessed 19 July 2018

  2. Agmon, S., Agmon Ben-Yehuda, O., Schuster, A.: Preventing collusion in cloud computing auctions. In: Coppola, M., Carlini, E., D’Agostino, D., Altmann, J., Bañares, J.Á. (eds.) Economics of Grids, Clouds, Systems, and Services - 15th International Conference, GECON 2018, Proceedings. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-13342-9

    Chapter  Google Scholar 

  3. Agmon Ben-Yehuda, O., Ben-Yehuda, M., Schuster, A., Tsafrir, D.: The Resource-as-a-Service (RaaS) cloud. In: USENIX Conference on Hot Topics in Cloud Computing (HotCloud) (2012)

    Google Scholar 

  4. Agmon Ben-Yehuda, O., Ben-Yehuda, M., Schuster, A., Tsafrir, D.: Deconstructing Amazon EC2 spot instance pricing. ACM Trans. Econ. Comput. 1(3), 16:1–16:20 (2013). http://doi.acm.org/10.1145/2509413.2509416

    Article  Google Scholar 

  5. Agmon Ben-Yehuda, O., Ben-Yehuda, M., Schuster, A., Tsafrir, D.: The rise of RaaS: the Resource-as-a-Service cloud. Commun. ACM 57(7), 76–84 (2014). http://doi.acm.org/10.1145/2627422

    Article  Google Scholar 

  6. Agmon Ben-Yehuda, O., Posener, E., Ben-Yehuda, M., Schuster, A., Mu’alem, A.: Ginseng: market-driven memory allocation. ACM SIGPLAN Not. 49(7), 41–52 (2014)

    Article  Google Scholar 

  7. Alibaba Cloud Spot Instances. https://www.alibabacloud.com/help/doc-detail/52088.htm. Accessed 11 Mar 2018

  8. Azure. https://tinyurl.com/burstable-azure-cloud-instance. Accessed 03 June 2018

  9. Brandt, F., Weiß, G.: Antisocial agents and Vickrey auctions. In: Meyer, J.-J.C., Tambe, M. (eds.) ATAL 2001. LNCS, vol. 2333, pp. 335–347. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45448-9_25

    Chapter  MATH  Google Scholar 

  10. Cary, M., et al.: Greedy bidding strategies for keyword auctions. In: Proceedings of the 8th ACM Conference on Electronic Commerce, pp. 262–271. ACM (2007)

    Google Scholar 

  11. Charting CloudSigma Burst Prices. https://kkovacs.eu/cloudsigma-burst-price-chart. Accessed 21 Apr 2018

  12. Clarke, E.H.: Multipart pricing of public goods. Public Choice 11(1), 17–33 (1971)

    Article  Google Scholar 

  13. Dolgikh, A., Birnbaum, Z., Chen, Y., Skormin, V.: Behavioral modeling for suspicious process detection in cloud computing environments. In: 2013 IEEE 14th International Conference on Mobile Data Management (MDM), vol. 2, pp. 177–181. IEEE (2013)

    Google Scholar 

  14. EC2 Instances with Burstable Performance. https://aws.amazon.com/blogs/aws/low-cost-burstable-ec2-instances/. Accessed 11 Mar 2018

  15. Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M., Inácio, P.R.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2014)

    Article  Google Scholar 

  16. Funaro, L., Agmon Ben-Yehuda, O., Schuster, A.: Ginseng: market-driven LLC allocation. In: 2016 USENIX Annual Technical Conference, p. 295 (2016)

    Google Scholar 

  17. Google Cloud Platform. https://cloud.googleblog.com/2016/09/introducing-Google-Cloud.html. Accessed 11 Mar 2018

  18. Groves, T.: Incentives in teams. Econ. J. Econ. Soc. 617–631 (1973)

    Article  MathSciNet  Google Scholar 

  19. Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 5 (2013)

    Article  Google Scholar 

  20. Hoff, C.: Cloud Computing Security: From DDoS (Distributed Denial of Service) to EDoS (Economic Denial of Sustainability). https://tinyurl.com/from-ddos-to-edos. Accessed 27 May 2018

  21. Idziorek, J., Tannian, M.: Exploiting cloud utility models for profit and ruin. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), pp. 33–40. IEEE (2011)

    Google Scholar 

  22. Jellinek, R., Zhai, Y., Ristenpart, T., Swift, M.M.: A day late and a dollar short: the case for research on cloud billing systems. In: HOTCLOUD (2014)

    Google Scholar 

  23. Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: KVM: the Linux virtual machine monitor. In: Proceedings of the Linux symposium, vol. 1, pp. 225–230 (2007)

    Google Scholar 

  24. Kumar, M.N., Sujatha, P., Kalva, V., Nagori, R., Katukojwala, A.K., Kumar, M.: Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. In: 2012 Fourth International Conference on Computational Intelligence and Communication Networks (CICN), pp. 535–539. IEEE (2012)

    Google Scholar 

  25. Lazar, A.A., Semret, N.: Design, analysis and simulation of the progressive second price auction for network bandwidth sharing. Columbia University (1998)

    Google Scholar 

  26. Maillé, P., Tuffin, B.: Multi-bid auctions for bandwidth allocation in communication networks. In: Proceedings IEEE INFOCOM 2004, The 23rd Annual Joint Conference of the IEEE Computer and Communications Societies, Hong Kong, China, 7–11 March 2004. IEEE (2004). https://doi.org/10.1109/INFCOM.2004.1354481

  27. memcached. https://github.com/ladypine/memcached. Accessed 12 Mar 2018

  28. Metz, C.: Facebook Doesn’t Make As Much Money As It Could–On Purpose. https://tinyurl.com/facesbook-ads. Accessed 12 Mar 2018

  29. Movsowitz, D., Agmon Ben-Yehuda, O., Schuster, A.: Attacks in the Resource-as-a-Service (RaaS) cloud context. In: Bjørner, N., Prasad, S., Parida, L. (eds.) ICDCIT 2016. LNCS, vol. 9581, pp. 10–18. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-28034-9_2

    Chapter  Google Scholar 

  30. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM (2009)

    Google Scholar 

  31. Spot Marketing Pricing–discount Packet Bare Metal Servers. https://www.packet.net/bare-metal/deploy/spot/. Accessed 02 June 2018

  32. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  33. Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbor’s expense). In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 281–292. ACM (2012)

    Google Scholar 

  34. Varadarajan, V., Zhang, Y., Ristenpart, T., Swift, M.M.: A placement vulnerability study in multi-tenant public clouds. In: Jung, J., Holz, T. (eds.) 24th USENIX Security Symposium, USENIX Security 2015, Washington, D.C., USA, 12–14 August 2015, pp. 913–928. USENIX Association (2015). https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/varadarajan

  35. Vickrey, W.: Counterspeculation, auctions, and competitive sealed tenders. J. Financ. 16(1), 8–37 (1961)

    Article  MathSciNet  Google Scholar 

  36. Waldspurger, C.A.: Memory resource management in VMware ESX server. In: Culler, D.E., Druschel, P. (eds.) 5th Symposium on Operating System Design and Implementation (OSDI 2002), Boston, Massachusetts, USA, 9–11 December 2002. USENIX Association (2002), http://www.usenix.org/events/osdi02/tech/waldspurger.html

  37. Yu, D., Mai, L., Arianfar, S., Fonseca, R., Krieger, O., Oran, D.: Towards a network marketplace in a cloud. In: HotCloud (2016)

    Google Scholar 

  38. Zhou, Y., Lukose, R.: Vindictive bidding in keyword auctions. In: Proceedings of the Ninth International Conference on Electronic Commerce, pp. 141–146. ACM (2007)

    Google Scholar 

Download references

Acknowledgments

This work was partially funded by the Amnon Pazi memorial research foundation. We thank A. Schuster and E. Tromer for fruitful discussions. We thank Y. Lev, A. Ohayon, and S. Levenzon for their contribution in creating the allocation plots presented in Sect. 5. We also thank the Caesarea Rothschild Institute for Interdisciplinary Applications of Computer Science in the University of Haifa for their support.

Author information

Authors and Affiliations

  1. Computer Science Department, University of Haifa, Haifa, Israel

    Danielle Movsowitz & Orr Dunkelman

  2. Computer Science Department, Technion—Israel Institute of Technology, Haifa, Israel

    Liran Funaro, Shunit Agmon & Orna Agmon Ben-Yehuda

  3. Caesarea Rothschild Institute for Interdisciplinary Applications of Computer Science, University of Haifa, Haifa, Israel

    Orna Agmon Ben-Yehuda

Authors
  1. Danielle Movsowitz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liran Funaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shunit Agmon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Orna Agmon Ben-Yehuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Orr Dunkelman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Danielle Movsowitz .

Editor information

Editors and Affiliations

  1. National Research Council of Italy, Pisa, Italy

    Massimo Coppola

  2. National Research Council of Italy, Pisa, Italy

    Emanuele Carlini

  3. National Research Council of Italy, Genoa, Italy

    Daniele D’Agostino

  4. Seoul National University, Seoul, Korea (Republic of)

    Jörn Altmann

  5. University of Zaragoza, Zaragoza, Spain

    José Ángel Bañares

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Movsowitz, D., Funaro, L., Agmon, S., Agmon Ben-Yehuda, O., Dunkelman, O. (2019). Why Are Repeated Auctions in RaaS Clouds Risky?. In: Coppola, M., Carlini, E., D’Agostino, D., Altmann, J., Bañares, J. (eds) Economics of Grids, Clouds, Systems, and Services. GECON 2018. Lecture Notes in Computer Science(), vol 11113. Springer, Cham. https://doi.org/10.1007/978-3-030-13342-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-13342-9_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-13341-2

  • Online ISBN: 978-3-030-13342-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation