Cloud computing allows on-demand access to a shared pool of resources, including networks, servers, storage and services. DoS and DDoS attacks are serious threats to the availability of services offered on the cloud because of the various new vulnerabilities introduced by the very nature of cloud computing, such as resource sharing and multi-tenancy.
Cloud computing can be subjected to DDoS attacks from three different routes: external to internal: the botnet comes from outside the target system; internal to external: the attack begins by taking ownership of a Virtual Machine (VM); and internal to internal: an internal botnet is formed within the cloud infrastructure, which can attack another target within the system. The route selected depends on the motivation and location of the attacker.
Attacks on cloud computing can be direct or indirect. Direct attacks tend to preselect a target service or host machine; whereas indirect attacks come about because of collateral damage: other services hosted on the same machine or network to the targeted service are simultaneously brought down. Cloud elasticity can be used to mitigate the effects, but this could actually spread the workload, directing the attack to multiple other servers instead.
A DDoS attack in the cloud can have two goals. The first involves overwhelming the target system resources or the network connections, and the second involves exploiting vulnerabilities within the system by sending malicious packets intended to have more widespread consequences.
Overwhelming the resources in cloud infrastructures can occur in multiple different ways: (i) exhausting memory e.g. via SYN flood attacks; (ii) exhausting bandwidth in order to prevent legitimate users from accessing the cloud by (a) gaining access to the topology (b) taking possession of a sufficient number of hosts in the target subnet (c) producing a huge amount of UDP traffic through the vulnerable uplink; (iii) exhausting computing time/bandwidth (stealing this from other users); (iv) XML-DoS and HTTP-DoS attacks, which belong to the resource exhaustion attack category.
Furthermore in a category of its own exist resource-exhaustion vulnerabilities, which are harder to detect because of the factors leading to them, and the fact that the vulnerability can only be leveraged under a very specific set of circumstances or following many activations of a new software. Resource-exhaustion vulnerabilities cause the consumption or allocation of a resource in an undefined or unnecessary way, eventually leading to its depletion.