1 / 23

Abusing Cloud-Based Browsers for Fun and Profit

Abusing Cloud-Based Browsers for Fun and Profit. Vasant Tendulkar, Joe Pletcher , Ashwin Shashidharan , Ryan Snyder, Kevin Butler, William Enck. 2012 Annual Computer Security Applications Conference. Outline. Introduction Approach overview Browser resource limitations

salene
Download Presentation

Abusing Cloud-Based Browsers for Fun and Profit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Abusing Cloud-Based Browsers for Fun and Profit Vasant Tendulkar, Joe Pletcher, AshwinShashidharan, Ryan Snyder, Kevin Butler, William Enck 2012 Annual Computer Security Applications Conference

  2. Outline • Introduction • Approach overview • Browser resource limitations • Designing and scheduling jobs • Evaluation • Discussion

  3. Introduction • Pay-per-use computation • EC2 • Cloud-based Web browsers • JavaScript executes on the server • Arbitrary general-purpose computation within cloud-based browsers • Browser MapReduce(BMR) • Mapper.js • Reducer.js

  4. Approach overview(1)

  5. Approach overview(2) • Cloud browsers have articiallimitations • Mappers cannot use local storage to communicate intermediate results • Bit.ly • Encode URLs up to 2022 characters in length • Rate-limits requests to 99 per IP address per minute • Job scheduling

  6. Browser resource limitations • Benchmarks • Computation • Elapsed Time • Memory • Cloud browsers • Amazon Silk • Cloud Browse • Opera Mini • Puffin

  7. Benchmarks(1)

  8. Benchmarks(2)

  9. Benchmark Results

  10. Designing and scheduling jobs • Map and reduce abstraction • Scheduling jobs • Example applications • Word Count • Distributed Grep • Distributed Sort

  11. Mapper Abstraction

  12. Reducer Abstraction

  13. Scheduling Jobs(1) • To effectively use cloud browser an URL shortening service resource • Assume • Input is divided into a large number of equally sized files • Mapper scheduling • Reducer scheduling

  14. Scheduling Jobs(2)

  15. Mapper Scheduling(1) • Master determines • Mn, the number of mappers to spawn • Mf, the number of input files to pass to each mapper Assumes fs is several times smaller than bs

  16. Mapper Scheduling(2) • Rate limiting of URL shortening services • Bit.ly • Encode URLs up to 2022 characters in length, Us = 2022 • Rate-limits requests to 99 per IP address per minute, Un = 99

  17. Reducer Scheduling • Application spefic • bucket in bucket sort • Partition in word count

  18. Example Applications • Word Count • http://foo.com/?word1=5&word2=7&... • Distributed Grep • http://foo.com/?bar1.txt=45&bar1.txt=48&bar2.txt=34 • Distributed Sort • TeraSort • http://foo.com/?key1=file1&key2=file2&key3=file3

  19. Evaluation • Experiment setup • Word Count • 100 most downloaded books from www.gutenberg.com/ebooks/ • Distributed Grep • IRC logs for the #debian channel • Distributed Sort • Hadoopteragen • A 10 character key and an 88 character value

  20. Evaluation - results(1)

  21. Evaluation - results(2)

  22. Discussion • Recommendations for Cloud Browser Providers • Rate limits on authenticated user • Enhancing BMR • Using multiple cloud browser • Combination of URL shortening services

  23. THE END

More Related