Abusing cloud based browsers for fun and profit
Download
1 / 23

Abusing Cloud-Based Browsers for Fun and Profit - PowerPoint PPT Presentation


  • 100 Views
  • Uploaded on

Abusing Cloud-Based Browsers for Fun and Profit. Vasant Tendulkar, Joe Pletcher , Ashwin Shashidharan , Ryan Snyder, Kevin Butler, William Enck. 2012 Annual Computer Security Applications Conference. Outline. Introduction Approach overview Browser resource limitations

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Abusing Cloud-Based Browsers for Fun and Profit' - salene


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Abusing cloud based browsers for fun and profit

Abusing Cloud-Based Browsers for Fun and Profit

Vasant Tendulkar, Joe Pletcher, AshwinShashidharan,

Ryan Snyder, Kevin Butler, William Enck

2012 Annual Computer Security Applications Conference


Outline
Outline

  • Introduction

  • Approach overview

  • Browser resource limitations

  • Designing and scheduling jobs

  • Evaluation

  • Discussion


Introduction
Introduction

  • Pay-per-use computation

    • EC2

  • Cloud-based Web browsers

    • JavaScript executes on the server

  • Arbitrary general-purpose computation within cloud-based browsers

  • Browser MapReduce(BMR)

    • Mapper.js

    • Reducer.js



Approach overview 2
Approach overview(2)

  • Cloud browsers have articiallimitations

  • Mappers cannot use local storage to communicate intermediate results

    • Bit.ly

      • Encode URLs up to 2022 characters in length

      • Rate-limits requests to 99 per IP address per minute

  • Job scheduling


Browser resource limitations
Browser resource limitations

  • Benchmarks

    • Computation

    • Elapsed Time

    • Memory

  • Cloud browsers

    • Amazon Silk

    • Cloud Browse

    • Opera Mini

    • Puffin





Designing and scheduling jobs
Designing and scheduling jobs

  • Map and reduce abstraction

  • Scheduling jobs

  • Example applications

    • Word Count

    • Distributed Grep

    • Distributed Sort



Reduc er abstraction
Reducer Abstraction


Scheduling jobs 1
Scheduling Jobs(1)

  • To effectively use cloud browser an URL shortening service resource

  • Assume

    • Input is divided into a large number of equally sized files

  • Mapper scheduling

  • Reducer scheduling


Scheduling jobs 2
Scheduling Jobs(2)


Mapper scheduling 1
Mapper Scheduling(1)

  • Master determines

    • Mn, the number of mappers to spawn

    • Mf, the number of input files to pass to each mapper

Assumes fs is several times smaller than bs


Mapper scheduling 2
Mapper Scheduling(2)

  • Rate limiting of URL shortening services

    • Bit.ly

      • Encode URLs up to 2022 characters in length, Us = 2022

      • Rate-limits requests to 99 per IP address per minute, Un = 99


Reducer scheduling
Reducer Scheduling

  • Application spefic

    • bucket in bucket sort

    • Partition in word count


Example applications
Example Applications

  • Word Count

    • http://foo.com/?word1=5&word2=7&...

  • Distributed Grep

    • http://foo.com/?bar1.txt=45&bar1.txt=48&bar2.txt=34

  • Distributed Sort

    • TeraSort

    • http://foo.com/?key1=file1&key2=file2&key3=file3


Evaluation
Evaluation

  • Experiment setup

  • Word Count

    • 100 most downloaded books from www.gutenberg.com/ebooks/

  • Distributed Grep

    • IRC logs for the #debian channel

  • Distributed Sort

    • Hadoopteragen

    • A 10 character key and an 88 character value




Discussion
Discussion

  • Recommendations for Cloud Browser Providers

    • Rate limits on authenticated user

  • Enhancing BMR

    • Using multiple cloud browser

    • Combination of URL shortening services



ad