By Topic

On Energy Security of Server Systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Zhenyu Wu ; NEC Labs. America, Inc., Princeton, NJ, USA ; Mengjun Xie ; Haining Wang

Power management has become increasingly important for server systems. Numerous techniques have been proposed and developed to optimize server power consumption and achieve energy proportional computing. However, the security perspective of server power management has not yet been studied. In this paper, we investigate energy attacks, a new type of malicious exploits on server systems. Targeted solely at abusing server power consumption, energy attacks exhibit very different attacking behaviors and cause very different victim symptoms from conventional cyberspace attacks. First, we unveil that today's server systems with improved power saving technologies are more vulnerable to energy attacks. Then, we demonstrate a realistic energy attack on a stand-alone server system in three steps: 1) by profiling energy cost of an open web service under different operation conditions, we identify the vulnerabilities that subject a server to energy attacks; 2) exploiting the discovered attack vectors, we design an energy attack that can be launched anonymously from remote; and 3) we execute the attack and measure the extent of its damage in a systematic manner. Finally, we highlight the challenges in defending against energy attacks, and we propose an effective defense scheme to meet the challenges and evaluate its effectiveness.

Published in:

Dependable and Secure Computing, IEEE Transactions on  (Volume:9 ,  Issue: 6 )