Abusing Cloud-based Browsers for Fun and Profit Vasant Tendulkar Joe Pletcher Ashwin Shashidharan NC State University University of Oregon NC State University [email protected] [email protected] [email protected] Ryan Snyder Kevin Butler William Enck University of Oregon University of Oregon NC State University [email protected] [email protected] [email protected] ABSTRACT tures have deployed infrastructures for rendering Web pages Cloud services have become a cheap and popular means of in the cloud (e.g., Amazon Silk [5], Opera Mini [24], and Puf- computing. They allow users to synchronize data between fin [12]). The obvious benefit to this architecture is relieving devices and relieve low-powered devices from heavy com- the mobile device from the graphical rendering. However, putations. In response to the surge of smartphones and this is less of a concern for newer, more powerful smart- mobile devices, several cloud-based Web browsers have be- phones. Such devices benefit more from the cloud server come commercially available. These \cloud browsers" as- downloading the many parts of a Web page using high- semble and render Web pages within the cloud, executing bandwidth links and only using the higher-latency, last-mile JavaScript code for the mobile client. This paper explores wireless network once. Proxy-based Web page rendering has how the computational abilities of cloud browsers may be ex- existed in literature for more than a decade [17, 16, 20, 8, 9] ploited through a Browser MapReduce (BMR) architecture and is of continued interest [10, 31]; however, it was not until for executing large, parallel tasks. We explore the computa- the recent surge in smartphone popularity that commercial tion and memory limits of four cloud browsers, and demon- offerings became more widespread and well provisioned. strate the viability of BMR by implementing a client based Cloud-based Web browsers (which we call\cloud browsers" on a reverse engineering of the Puffin cloud browser. We for short) are often provisioned to exceed the computational implement and test three canonical MapReduce applications power and functionality of a desktop browser. For example, (word count, distributed grep, and distributed sort). While CloudBrowse runs a modified version of the Firefox desktop we perform experiments on relatively small amounts of data browser [3]. Over the past decade, websites have evolved into (100 MB) for ethical considerations, our results strongly sug- full fledged applications executing nontrivial computations gest that current cloud browsers are a viable source of arbi- written in JavaScript. Cloud browsers must execute this trary free computing at large scale. JavaScript. Given this mix of powerful cloud-based com- puting ability and a substrate for general executions, we sought to investigate whether opportunities for exploiting 1. INTRODUCTION unintended funcionality were now possible. Specifically, was Software and computation is increasingly moving into\the it now possible to perform arbitrary general-purpose compu- 1 cloud." Infrastructure-as-a-Service (IaaS) and Platform-as- tation within cloud-based browsers, at no cost to the user? a-Service (PaaS) have effectively commoditized computing A successful outcome would demonstrate the ability to per- resources, enabling pay-per-use computation. For example, form parasitic computing [7] within the cloud environment, in April 2012, Amazon's on-demand instances of EC2 cost as whereby the cloud is transformed into an unwitting com- little as US$0.08 per hour [4]. This shift towards cloud com- putational resource merely through supplying browser re- puting provides many benefits to enterprises and developers. quests. It consolidates hardware and maintenance, and it allows or- In this paper, we explore the ability to use cloud browsers ganizations to purchase only as much computing as they as open computation centers. To do this, we propose the need. Equally importantly, the ubiquity of cloud providers Browser MapReduce (BMR|pronounced beemer) architec- and sophisticated interfaces make incorporating cloud func- ture, which is motivated by MapReduce [14], but contains tionality simple for virtually any piece of software. distinct architectural differences. In our architecture, a mas- Cloud computing has substantially benefited smartphones ter script running on a PC parameterizes and invokes map- and mobile devices, relieving them of computation, storage, per jobs in separate cloud browser rendering tasks. When and energy constraints. Recently, several commercial ven- complete, these workers save their state in free cloud storage facilities (e.g., provided by URL shortening services), and re- turn a link to the storage location. The master script then spawns reducer jobs that retrieve the intermediate state and aggregate the mapper results. Permission to make digital or hard copies of all or part of this work for To demonstrate the functionality of our cloud browser- personal or classroom use is granted without fee provided that copies are based computational infrastructure, we implement three canon- not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to 1 republish, to post on servers or to redistribute to lists, requires prior specific Since JavaScript is a Turing-complete as it can be reduced permission and/or a fee. to the lambda calculus [19], any comptuation is theoretically Copyright 200X ACM X-XXXXX-XX-X/XX/XX ...$10.00. feasible. 1 ical MapReduce programs: a) word count, b) distributed Dataset Server grep, and c) distributed sorting. Compared to Amazon's (3) Download Elastic MapReduce (EMR), BMR was faster for distributed Partial Dataset Dataset grep, but several time slower for word count and distributed sort due to high communications costs. However, it does (1) Spawn Mapper mapper.html BMR Job Server so at no monetary cost. Note that due to ethical consid- - a) mapper script URL erations, we executed relatively small-scale computations in - b) data URLs (2) Download mapper.html Cloud Browser order to not overly tax the cloud browsers or the URL short- Mapper Script mapper.js ening services. As such our experiments only show a savings (5) Return results of only a few cents. However, larger jobs over longer peri- Master Script URL(s) and meta-info (4) Store Intermediate reducer.html (9) Return Results Results ods of time can lead to substantial savings. Additionally, we User PC explore the potential of BMR for performing parallelizable reducer.js tasks that benefit from anonymity, e.g., cracking passwords. reducer.html (6) Spawn Reducer (7) Download Attackers have already paid to use Amazon EC2 [2], and - a) reducer script URL Reducer Script moving such activities to cloud browsers is likely. - b) partial results URLs Cloud Browser URL Shortener This paper makes the following contributions: (8) Retrieve Link Data Intermediate • We identify a source of free computation and charac- Results terize the limitations of four existing cloud browsers. To our knowledge, we are the first to consider cloud- Figure 1: Browser MapReduce (BMR) Architecture based Web browsers as a means of performing arbi- trary computation. phase. A mapper extracts a set of key-value pairs of interest • We design and implement BMR, a MapReduce mo- from each input record. For example, for a MapReduce job tivated architecture for performing large jobs within to count the number of words in a set of documents, the cloud browsers. Cloud browser providers artificially mapper determines the number of instances of each word limit computation to mitigate buggy Web pages. Using in a small subset of the documents. Here, the word is the a MapReduce motivated architecture, we show how to key and the number of instances is the value. The results of coordinate resources in multiple cloud browser render- multiple mappers are then combined in the reducer phase. ing tasks through the use of free storage made available For word count, the reducer aggregates the word counts to by URL shortening services. produce an overall count for each word in the entire dataset. In MapReduce, computational resources are abstracted • We port three existing sample MapReduce example ap- as nodes within a cluster. Job coordination is performed plications to BMR and characterize their performance by a master node. The master is responsible for handling and monetary savings. BMR has different limitations communication synchronization, fault tolerance, and paral- than traditional MapReduce (e.g., storage), and there- lelization. Since a failure of the master node leads to a failed fore must be optimized accordingly. We report on our computation, the master node is often replicated. The re- experiences working within these limitations. maining nodes in the cluster are worker nodes. A worker node can be a mapper, a reducer, or both. Note that a single The remainder of this paper proceeds as follows. Section 2 MapReduce job consists of many mappers and reducers. To overviews our architecture and lays out our design chal- minimize communication overhead, the intermediate results lenges. Section 3 characterizes the computation and mem- generated by the mappers are stored locally and the loca- ory limitations of several popular cloud browsers. Section 4 tions are communicated to the master. By strategically par- describes the BMR map and reduce primitives, scheduling, titioning the dataset, scheduling mapper and reducer jobs, and the example applications.