advertise
« ZooKeeper - A Reliable, Scalable Distributed Coordination System | Main | Federation at Flickr: Doing Billions of Queries Per Day »
Thursday
Jul102008

Can cloud computing smite down evil zombie botnet armies?

In the more cool stuff I've never heard of before department is something called Self Cleansing Intrusion Tolerance (SCIT). Botnets are created when vulnerable computers live long enough to become infected with the will to do the evil bidding of their evil masters. Security is almost always about removing vulnerabilities (a process which to outside observers often looks like a dog chasing its tail). SCIT takes a different approach, it works on the availability angle. Something I never thought of before, but which makes a great deal of sense once I thought about it.

With SCIT you stop and restart VM instances every minute (or whatever depending in your desired window vulnerability)....


This short exposure window means worms and viri do not have long enough to fully infect a machine and carry out a coordinated attack. A machine is up for a while. Does work. And then is torn down again only to be reborn as a clean VM with no possibility of infection (unless of course the VM mechanisms become infected). It's like curing cancer by constantly moving your consciousness to new blemish free bodies. Hmmm...

SCIT is really a genius approach to scalable (I have to work in scalability somewhere) security and and fits perfectly with cloud computing and swarm (cloud of clouds) computing. Clouds provide plenty of VMs so there is a constant ready supply of new hosts. From a software design perspective EC2 has been training us to expect failures and build Crash Only Software. We've gone stateless where we can so load balancing to a new VM is not problem. Where we can't go stateless we use work queues and clusters so again, reincarnating to new VMs is not a problem. So purposefully restarting VMs to starve zombie networks was born for cloud computing.

If a wider move could be made to cloud backed thin clients the internet might be a safer place to live, play, and work. Imagine being free(er) from spam blasts and DDOS attacks. Oh what a wonderful world it would be...

Reader Comments (9)

Ummm. What's good for the goose is good for the gander.

Cloud computing is also great for spambots and zombie networks and malware servers for exactly the same reasons. As Amazon EC2 has already discovered...

November 29, 1990 | Unregistered CommenterAnonymous

At least in this case the spammers are identifiable. It it's really such a huge problem, amazon can always run spam-assassin on outgoing SMTP traffic.

... and if it's legitimate and on AWS, Amazon has someone with a credit card they can go after - much better than the current situation.

November 29, 1990 | Unregistered Commenternordsieck

Most of the botnets are due to home pc with unpatch vulnerabilities and easily tricked users. Most are not servers. Even if you could figure out how to adapt this to a home market, its not going to replace the billion computers already out there. Its really more like trying to cure ovarian cancer in men by constantly moving the consciousness to new male bodies.

November 29, 1990 | Unregistered CommenterBill

No, probably not. Especially in the short term. But in the long term we'll probably move more towards a thin client interface, probably over a phone, and those clients logically can be served from a cloud where these techniques would be effective.

November 29, 1990 | Unregistered CommenterTodd Hoff

For SSH, FTP attacks we see they definitely aren't Windows PCs. Unfortunately there are many servers that aren't properly administrated or administrated at all.

November 29, 1990 | Unregistered CommenterAnonymous

Are you proposing the ultimate Cloud Race Condition? ;-)

November 29, 1990 | Unregistered CommenterCraig Balding

Wouldn't the methodology of starting and stopping the VM every minute place unnecessary strain on the server itself?

November 29, 1990 | Unregistered Commenteracne

The bigger problem is cloud computing companies hosting botnets in their own clouds. They don't really have systems in place to stop spammers from using their clouds, and can't without "spying" on what everyone is doing. Worse, they have a financial incentive not to be too eager to shut down these customers, so long as they are paying customers.

November 29, 1990 | Unregistered CommenterEric Beland

What did Amazon discover lately? Was it attacked by a zombie network or what?

November 29, 1990 | Unregistered CommentersystEm

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>