Issue No. 06 - Nov.-Dec. (2012 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.70
Zhenyu Wu , College of William and Mary, Williamsburg
Mengjun Xie , University of Arkansas at Little Rock, Little Rock
Haining Wang , College of William and Mary, Williamsburg
Power management has become increasingly important for server systems. Numerous techniques have been proposed and developed to optimize server power consumption and achieve energy proportional computing. However, the security perspective of server power management has not yet been studied. In this paper, we investigate energy attacks, a new type of malicious exploits on server systems. Targeted solely at abusing server power consumption, energy attacks exhibit very different attacking behaviors and cause very different victim symptoms from conventional cyberspace attacks. First, we unveil that today's server systems with improved power saving technologies are more vulnerable to energy attacks. Then, we demonstrate a realistic energy attack on a stand-alone server system in three steps: 1) by profiling energy cost of an open web service under different operation conditions, we identify the vulnerabilities that subject a server to energy attacks; 2) exploiting the discovered attack vectors, we design an energy attack that can be launched anonymously from remote; and 3) we execute the attack and measure the extent of its damage in a systematic manner. Finally, we highlight the challenges in defending against energy attacks, and we propose an effective defense scheme to meet the challenges and evaluate its effectiveness.
Servers, Power demand, Network security, Energy management, Internet, Power measurement, energy-aware programming, Energy attack, server security
Zhenyu Wu, Mengjun Xie, Haining Wang, "On Energy Security of Server Systems", IEEE Transactions on Dependable and Secure Computing, vol. 9, no. , pp. 865-876, Nov.-Dec. 2012, doi:10.1109/TDSC.2012.70