Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures

This work analyzes a new and very subtle kind of security threat that can affect large-scale cloud-based IT service infrastructures, by exploiting the computational resources of their component data center to waste as much energy as possible. The consequence of these threats ranges from increased costs in the energy bill, to penalization for exceeding the agreed quantity of greenhouse gases (GHG) emissions, up to complete denial of service caused by electrical outages due to power budget exhaustion. We analyzed different types of such attacks with their potential impacts on the energy consumption, modeled their behavior and quantified how current energy-proportional technologies may provide attackers with great opportunities for raising the target facility emissions and costs. These efforts resulted in a simple model with some parametric reference values that can be used to estimate the impact of such attacks also in presence of very large infrastructures containing thousands or millions of servers.