Researchers from UO and North Carolina State Exploit 'Cloud Browsers' for Large-Scale, Anonymous Computing
A research team led by Professor Kevin Butler, CIS and Prof. William Enck of North Carolina State University has found a way to exploit cloud-based Web browsers to perform large-scale computing tasks anonymously. This work has potential ramifications for the security of "cloud browser" services.
Cloud-based browsers have been developed recently to assemble and render Web pages on behalf of low-powered devices such as smartphones and other mobile devices. Professors Butler and Enck and their graduate students were interested in the idea of utilizing these computational resources for tasks unrelated to web browsing. Using a Browser MapReduce (BMR) architecture to execute several large parallel applications, the team was able to test the computational and memory limits of four cloud browsers. These resources were harnessed through the BMR by implementing a client based on a reverse engineering of the Puffin cloud browser. Techniques to minimize packet traffic through the cloud enabled the researchers to perform standard computational functions using data packets of at most 100 megabytes in size. These limits were self-imposed in order not to disrupt the free cloud browsing services which were used as the experimental platform. The group's work serves as an important proof of concept that the computational resources of cloud browsers can be exploited anonymously by third parties for their own purposes.
The paper, "Abusing Cloud-Based Browsers for Fun and Profit," will be presented December 6 at the 2012 Annual Computer Security Applications Conference in Orlando, FL. The paper was co-authored by Vasant Tendulkar, Ashwin Shashidharan, and Dr. Willam Enck of NC State, and Joe Pletcher, Ryan Snyder and Dr. Kevin Butler, of the University of Oregon. The research was supported by the National Science Foundation and the U.S. Army Research Office. For more information, see Prof. Butler's OSIRIS website and the Annual Computer Security Applications Conference website.
Read more at Around the O.