Denial of Wallet -- Defining a Looming Threat to Serverless Computing
This addresses a new cybersecurity problem for serverless computing users and providers, though it is incremental in building on known attack types.
The paper tackles the threat of Denial of Wallet attacks in serverless computing, defining the attack patterns and demonstrating how they can bypass existing Denial of Service mitigation systems, with simulated experiments highlighting potential financial damage.
Serverless computing is the latest paradigm in cloud computing, offering a framework for the development of event driven, pay-as-you-go functions in a highly scalable environment. While these traits offer a powerful new development paradigm, they have also given rise to a new form of cyber-attack known as Denial of Wallet (forced financial exhaustion). In this work, we define and identify the threat of Denial of Wallet and its potential attack patterns. Also, we demonstrate how this new form of attack can potentially circumvent existing mitigation systems developed for a similar style of attack, Denial of Service. Our goal is twofold. Firstly, we will provide a concise and informative overview of this emerging attack paradigm. Secondly, we propose this paper as a starting point to enable researchers and service providers to create effective mitigation strategies. We include some simulated experiments to highlight the potential financial damage that such attacks can cause and the creation of an isolated test bed for continued safe research on these attacks.