Researchers identify ways to exploit 'cloud browsers' for large-scale, anonymous computing

November 28, 2012

Researchers from North Carolina State University and the University of Oregon have found a way to exploit cloud-based Web browsers, using them to perform large-scale computing tasks anonymously. The finding has potential ramifications for the security of "cloud browser" services.

At issue are cloud browsers, which create a in the cloud so that computing is done there rather than on a user's machine. This is particularly useful for mobile devices, such as smartphones, which have limited .The cloud-computing paradigm pools the and storage of , allowing shared resources for multiple users.

"Think of a cloud browser as being just like the browser on your desktop computer, but working entirely in the cloud and providing only the resulting image to your screen," says Dr. William Enck, an assistant professor of computer science at NC State and co-author of a paper describing the research.

Because these cloud browsers are designed to perform complex functions, the researchers wanted to see if they could be used to perform a series of large-scale computations that had nothing to do with browsing. Specifically, the researchers wanted to determine if they could perform those functions using the "MapReduce" technique developed by , which facilitates coordinated computation involving parallel efforts by multiple machines.

The research team knew that coordinating any new series of computations would entail passing large packets of data between different nodes, or cloud browsers. To address this challenge, researchers stored data packets on bit.ly and other URL-shortening sites, and then passed the resulting "links" between various nodes.

Using this technique, the researchers were able to perform standard computation functions using that were 1, 10 and 100 in size. "It could have been much larger," Enck says, "but we did not want to be an undue burden on any of the free services we were using."

"We've shown that this can be done," Enck adds. "And one of the broader ramifications of this is that it could be done anonymously. For instance, a third party could easily abuse these systems, taking the free computational power and using it to crack passwords."

However, Enck says cloud browsers can protect themselves to some extent by requiring users to create accounts – and then putting limits on how those accounts are used. This would make it easier to detect potential problems.

The paper, "Abusing Cloud-Based Browsers for Fun and Profit," will be presented Dec. 6 at the 2012 Annual Computer Security Applications Conference in Orlando, Fla. The paper was co-authored by Vasant Tendulkar and Ashwin Shashidharan, graduate students at NC State, and Joe Pletcher, Ryan Snyder and Dr. Kevin Butler, of the University of Oregon. The research was supported by the National Science Foundation and the U.S. Army Research Office.

Explore further: Dynamic Nimbus cloud deployment wins Challenge Award at Grid5000 conference

Related Stories

Head for the clouds, feet firmly on the ground

March 5, 2012

Computer engineers in the US writing in the International Journal of Communication Networks and Distributed Systems have reviewed the research literature to get a clear picture of cloud computing, its adoption, use and the ...

Recommended for you

Netherlands bank customers can get vocal on payments

August 1, 2015

Are some people fed up with remembering and using passwords and PINs to make it though the day? Those who have had enough would prefer to do without them. For mobile tasks that involve banking, though, it is obvious that ...

Power grid forecasting tool reduces costly errors

July 30, 2015

Accurately forecasting future electricity needs is tricky, with sudden weather changes and other variables impacting projections minute by minute. Errors can have grave repercussions, from blackouts to high market costs. ...

Microsoft describes hard-to-mimic authentication gesture

August 1, 2015

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

Caliban
not rated yet Nov 29, 2012
Hahahaha -- this is one "Tragedy of the Commons" that you can be sure will be quickly rectified.

NONE of the Cloud Fairies will be pleased to learn that people are making use of all that floppage WITHOUT PAYING FOR IT!

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.