Researchers identify ways to exploit 'cloud browsers' for large-scale, anonymous computing

November 28, 2012

Researchers from North Carolina State University and the University of Oregon have found a way to exploit cloud-based Web browsers, using them to perform large-scale computing tasks anonymously. The finding has potential ramifications for the security of "cloud browser" services.

At issue are cloud browsers, which create a Web interface in the cloud so that computing is done there rather than on a user's machine. This is particularly useful for mobile devices, such as smartphones, which have limited computing power.The cloud-computing paradigm pools the computational power and storage of multiple computers, allowing shared resources for multiple users.

"Think of a cloud browser as being just like the browser on your desktop computer, but working entirely in the cloud and providing only the resulting image to your screen," says Dr. William Enck, an assistant professor of computer science at NC State and co-author of a paper describing the research.

Because these cloud browsers are designed to perform complex functions, the researchers wanted to see if they could be used to perform a series of large-scale computations that had nothing to do with browsing. Specifically, the researchers wanted to determine if they could perform those functions using the "MapReduce" technique developed by Google, which facilitates coordinated computation involving parallel efforts by multiple machines.

The research team knew that coordinating any new series of computations would entail passing large packets of data between different nodes, or cloud browsers. To address this challenge, researchers stored data packets on bit.ly and other URL-shortening sites, and then passed the resulting "links" between various nodes.

Using this technique, the researchers were able to perform standard computation functions using data packets that were 1, 10 and 100 megabytes in size. "It could have been much larger," Enck says, "but we did not want to be an undue burden on any of the free services we were using."

"We've shown that this can be done," Enck adds. "And one of the broader ramifications of this is that it could be done anonymously. For instance, a third party could easily abuse these systems, taking the free computational power and using it to crack passwords."

However, Enck says cloud browsers can protect themselves to some extent by requiring users to create accounts - and then putting limits on how those accounts are used. This would make it easier to detect potential problems.

The paper, "Abusing Cloud-Based Browsers for Fun and Profit," will be presented Dec. 6 at the 2012 Annual Computer Security Applications Conference in Orlando, Fla. The paper was co-authored by Vasant Tendulkar and Ashwin Shashidharan, graduate students at NC State, and Joe Pletcher, Ryan Snyder and Dr. Kevin Butler, of the University of Oregon. The research was supported by the National Science Foundation and the U.S. Army Research Office.
-end-


North Carolina State University

Related Data Articles from Brightsurf:

Keep the data coming
A continuous data supply ensures data-intensive simulations can run at maximum speed.

Astronomers are bulging with data
For the first time, over 250 million stars in our galaxy's bulge have been surveyed in near-ultraviolet, optical, and near-infrared light, opening the door for astronomers to reexamine key questions about the Milky Way's formation and history.

Novel method for measuring spatial dependencies turns less data into more data
Researcher makes 'little data' act big through, the application of mathematical techniques normally used for time-series, to spatial processes.

Ups and downs in COVID-19 data may be caused by data reporting practices
As data accumulates on COVID-19 cases and deaths, researchers have observed patterns of peaks and valleys that repeat on a near-weekly basis.

Data centers use less energy than you think
Using the most detailed model to date of global data center energy use, researchers found that massive efficiency gains by data centers have kept energy use roughly flat over the past decade.

Storing data in music
Researchers at ETH Zurich have developed a technique for embedding data in music and transmitting it to a smartphone.

Life data economics: calling for new models to assess the value of human data
After the collapse of the blockchain bubble a number of research organisations are developing platforms to enable individual ownership of life data and establish the data valuation and pricing models.

Geoscience data group urges all scientific disciplines to make data open and accessible
Institutions, science funders, data repositories, publishers, researchers and scientific societies from all scientific disciplines must work together to ensure all scientific data are easy to find, access and use, according to a new commentary in Nature by members of the Enabling FAIR Data Steering Committee.

Democratizing data science
MIT researchers are hoping to advance the democratization of data science with a new tool for nonstatisticians that automatically generates models for analyzing raw data.

Getting the most out of atmospheric data analysis
An international team including researchers from Kanazawa University used a new approach to analyze an atmospheric data set spanning 18 years for the investigation of new-particle formation.

Read More: Data News and Data Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.