Issue No.06 - Nov.-Dec. (2012 vol.9)
pp: 865-876
Zhenyu Wu , College of William and Mary, Williamsburg
Mengjun Xie , University of Arkansas at Little Rock, Little Rock
Haining Wang , College of William and Mary, Williamsburg
Power management has become increasingly important for server systems. Numerous techniques have been proposed and developed to optimize server power consumption and achieve energy proportional computing. However, the security perspective of server power management has not yet been studied. In this paper, we investigate energy attacks, a new type of malicious exploits on server systems. Targeted solely at abusing server power consumption, energy attacks exhibit very different attacking behaviors and cause very different victim symptoms from conventional cyberspace attacks. First, we unveil that today's server systems with improved power saving technologies are more vulnerable to energy attacks. Then, we demonstrate a realistic energy attack on a stand-alone server system in three steps: 1) by profiling energy cost of an open web service under different operation conditions, we identify the vulnerabilities that subject a server to energy attacks; 2) exploiting the discovered attack vectors, we design an energy attack that can be launched anonymously from remote; and 3) we execute the attack and measure the extent of its damage in a systematic manner. Finally, we highlight the challenges in defending against energy attacks, and we propose an effective defense scheme to meet the challenges and evaluate its effectiveness.
Servers, Power demand, Network security, Energy management, Internet, Power measurement, energy-aware programming, Energy attack, server security
Zhenyu Wu, Mengjun Xie, Haining Wang, "On Energy Security of Server Systems", IEEE Transactions on Dependable and Secure Computing, vol.9, no. 6, pp. 865-876, Nov.-Dec. 2012, doi:10.1109/TDSC.2012.70
[1] "Advanced Configuration and Power Interface," http:/www., 2009.
[2] P. Barford and M. Crovella, "Generating Representative Web Workloads for Network and Server Performance Evaluation," Proc. ACM SIGMETRICS Joint Int'l Conf. Measurement and Modeling of Computer Systems, pp. 151-160, 1998.
[3] L.A. Barroso, "The Price of Performance," ACM Queue, vol. 3, no. 7, pp. 48-53, Sept. 2005.
[4] L.A. Barroso and U. Hölzle, "The Case for Energy-Proportional Computing," Computer, vol. 40, no. 12, pp. 33-37, Dec. 2007.
[5] R. Bianchini and R. Rajamony, "Power and Energy Management for Server Systems," Computer, vol. 37, no. 11, pp. 68-74, Nov. 2004.
[6] T.K. Buennemeyer, M. Gora, R.C. Marchany, and J.G. Tront, "Battery Exhaustion Attack Detection with Small Handheld Mobile Computers," Proc. IEEE Int'l Conf. Portable Information Devices (PORTABLE), 2007.
[7] X. Cai, Y. Gui, and R. Johnson, "Exploiting Unix File-System Races via Algorithmic Complexity Attacks," Proc. IEEE 30th Symp. Security and Privacy, May 2009.
[8] E.V. Carrera, E. Pinheiro, and R. Bianchini, "Conserving Disk Energy in Network Servers," Proc. 17th Ann. Int'l Conf. Supercomputing (ICS), pp. 86-97, 2003.
[9] J.S. Chase, D.C. Anderson, P.N. Thakar, A.M. Vahdat, and R.P. Doyle, "Managing Energy and Server Resources in Hosting Centers," Proc. 18th ACM Symp. Operating Systems Principles (SOSP), pp. 103-116, 2001.
[10] S.A. Crosby and D.S. Wallach, "Denial of Service via Algorithmic Complexity Attacks," Proc. 12th Conf. USENIX Security Symp., 2003.
[11] D. Dagon, T. Martin, and T. Starner, "Mobile Phones as Computing Devices: The Viruses Are Coming!" IEEE Pervasive Computing, vol. 3, no. 4, pp. 11-15, Oct.-Dec. 2004.
[12] M. Elnozahy, M. Kistler, and R. Rajamony, "Energy-Efficient Server Clusters," Proc. Second Workshop Power-Aware Computing Systems, pp. 179-196, 2002.
[13] M. Elnozahy, M. Kistler, and R. Rajamony, "Energy Conservation Policies for Web Servers," Proc. Fourth Conf. USENIX Symp. Internet Technologies and Systems (USITS), 2003.
[14] X. Fan, W.-D. Weber, and L.A. Barroso, "Power Provisioning for a Warehouse-Sized Computer," Proc. 34th Ann. Int'l Symp. Computer Architecture (ISCA), pp. 13-23, 2007.
[15] W. Felter, K. Rajamani, T. Keller, and C. Rusu, "A Performance-Conserving Approach for Reducing Peak Power Consumption in Server Systems," Proc. 19th Ann. Int'l Conf. Supercomputing (ICS), pp. 293-302, 2005.
[16] S. Gurumurthi, A. Sivasubramaniam, M. Kandemir, and H. Franke, "DRPM: Dynamic Speed Control for Power Management in Server Class Disks," Proc. 30th Ann. Int'l Symp. Computer Architecture (ISCA), pp. 169-182, 2003.
[17] J. Hamilton, "Where Does the Power Go and What to Do About It?" Proc. USENIX Workshop Power Aware Computing and Systems (HotPower), 2008.
[18] T. Heath, B. Diniz, E.V. Carrera, W. MeiraJr., and R. Bianchini, "Energy Conservation in Heterogeneous Server Clusters," Proc. 10th ACM SIGPLAN Symp. Principles and Practice of Parallel Programming (PPoPP), pp. 186-195, 2005.
[19] T. Horvath, T. Abdelzaher, K. Skadron, and X. Liu, "Dynamic Voltage Scaling in Multitier Web Servers with End-to-End Delay Control," IEEE Trans. Computers, vol. 56, no. 4, pp. 444-458, Apr. 2007.
[20] Intel 6400/6402 Advanced Memory Buffer: Thermal/Mechanical Design Guide, Intel, Dec. 2006.
[21] S. Kandula, D. Katabi, M. Jacob, and A. Berger, "Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds," Proc. Second USENIX Symp. Networked Systems Design and Implementation (NSDI), May 2005.
[22] H. Kim, J. Smith, and K.G. Shin, "Detecting Energy-Greedy Anomalies and Mobile Malware Variants," Proc. Sixth Int'l Conf. Mobile Systems, Applications, and Services (MobiSys), pp. 239-252, June 2008.
[23] T. Martin, M. Hsiao, D. Ha, and J. Krishnaswami, "Denial-of-Service Attacks on Battery-Powered Mobile Computers," Proc. IEEE Second Int'l Conf. Pervasive Computing and Comm. (PerCom), 2004.
[24] D. Meisner, B.T. Gold, and T.F. Wenisch, "PowerNap: Eliminating Server Idle Power," Proc. 14th ACM Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 205-216, Mar. 2009.
[25] R. Nathuji and K. Schwan, "VirtualPower: Coordinated Power Management in Virtualized Enterprise Systems," Proc. 21st ACM SIGOPS Symp. Operating Systems Principles (SOSP), pp. 265-278, 2007.
[26] R. Neugebauer and D. McAuley, "Energy Is Just Another Resource: Energy Accounting and Energy Pricing in the Nemesis OS," Proc. Eighth Workshop Hot Topics in Operating Systems (HOTOS), 2001.
[27] E. Pinheiro, R. Bianchini, E.V. Carrera, and T. Heath, Dynamic Cluster Reconfiguration for Power and Performance, pp. 75-93. Kluwer Academic Publishers, 2003.
[28] M. Pirretti, S. Zhu, V. Narayanan, P. Mcdaniel, and M. Kandemir, "The Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense," Proc. Innovations and Commercial Applications of Distributed Sensor Networks Symp. (ICA DSN), 2005.
[29] B.R. Racic, D. Ma, and H. Chen, "Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery," Proc. Second Int'l Conf. Security and Privacy in Comm. Networks (SecureComm), pp. 1-10, Sept. 2006.
[30] K. Rajamani and C. Lefurgy, "On Evaluating Request-Distribution Schemes for Saving Energy in Server Clusters," Proc. IEEE Int'l Symp. Performance Analysis of Systems and Software (ISPASS), pp. 111-122, 2003.
[31] S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly, "DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection," Proc. IEEE INFOCOM, Apr. 2006.
[32] Seagate, "Barracuda ES.2 Data Sheet," discds_barracuda_es_2.pdf, 2012.
[33] Seagate, "Cheetah 15K.6 Data Sheet," discds_cheetah_15k_6.pdf, 2012.
[34] US Environmental Protection Agency, "Report to Congress on Server and Data Center Energy Efficiency," 2007.
[35] US Environmental Protection Agency, "The ENERGY STAR Version 5.0 Specification for Computers," 2008.
[36] H. Wang, C. Jin, and K.G. Shin, "Defense Against Spoofed IP Traffic Using Hop-Count Filtering," IEEE/ACM Trans. Networking, vol. 15, no. 1, pp. 40-53, Feb. 2007.
[37] Watts Up?, "Watts Up? .Net Digital Power Meter," , 2009.