2013 IEEE Sixth International Conference on Cloud Computing (2013)
Santa Clara, CA USA
June 28, 2013 to July 3, 2013
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CLOUD.2013.47
Raul Gracia-Tinedo , Univ. Rovira i Virgili, Tarragona, Spain
Marc Sanchez Artigas , Univ. Rovira i Virgili, Tarragona, Spain
Pedro Garcia Lopez , Univ. Rovira i Virgili, Tarragona, Spain
Personal Clouds, such as DropBox and Box, provide open REST APIs for developers to create clever applications that make their service even more attractive. These APIs are a powerful abstraction that makes it possible for applications to transparently manage data from user accounts, blurring the lines between a Personal Cloud service and storage IaaS. Jointly, Personal Clouds also offer free accounts to lure new users, that normally include reduced storage space and unlimited transfers. However, the unintended consequence of combining open APIs and free accounts is that these companies are exposing automated access to a free storage infrastructure, which may lead to abuse by malicious parties. By exploiting the freemium API service, users may fraudulently consume resources or they can use free accounts as a Cloud storage layer to support abusive applications. We call this vulnerability the storage leeching problem. In this paper, we show how easy it is to implement a file-sharing application able to distribute digital content by abusing Personal Clouds. Making use of open APIs, this application transparently aggregates the limited-space free accounts from multiple providers into a single larger storage layer, while achieving better transfer speed than that received from one provider alone. This demonstrates that free accounts can be easily exploited to obtain a practical Cloud storage service, and therefore, the potential impact of storage leeching.
Cloud computing, Aggregates, Economics, Companies, Registers
R. Gracia-Tinedo, M. Sanchez Artigas and P. Garcia Lopez, "Cloud-as-a-Gift: Effectively Exploiting Personal Cloud Free Accounts via REST APIs," 2013 IEEE 6th International Conference on Cloud Computing (CLOUD), Santa Clara, CA, USA, 2013, pp. 621-628.