Han-Peng JIANG Ming-Lung WENG Wei-Mei CHEN
Now that the subject of green computing is receiving a lot of attention, the energy consumption of datacenters has emerged as a significant issue. Consolidation of Virtual Machines (VMs) reduces the energy consumption since VM live migration not only optimizes VM placement, but also switches idle nodes to sleep mode. However, VM migration may negatively impact the performance of the system and lead to violations in SLA (Service Level Agreement) requirements between end users and cloud providers. In this study, we propose a VM consolidation mechanism that reduces the energy consumption of datacenters, eliminates unnecessary migrations, and minimizes the SLA violations. Compared to previous studies, the proposed policy shows a reduction of 2% to 3% in energy consumption, 13% to 41% in VM migration frequency, and 15% to 50% in SLA violations.
Fangming ZHAO Takashi NISHIDE Kouichi SAKURAI
We consider the problems of access control and encrypted keyword search for cryptographic cloud storage in such a way that they can be implemented for a multiple users setting. Our fine-grained access control aware multi-user secure keyword search approach interdependently harmonizes these two security notions, access control and encrypted keyword search. Owing to the shrinkage of the cloud server's search space to the user's decryptable subset, the proposed scheme both decreases information leakage and is shown to be efficient by the results of our contrastive performance simulation.
Yu GU Chuanyi LIU Dongsheng WANG
Cloud computing has rising as a new popular service paradigm with typical advantages as ease of use, unlimited resources and pay-as-you-go pricing model. Cloud resources are more flexible and cost-effective than private or colocation resources thus more suitable for storing the outdated backup data that are infrequently accessed by continuous data protection (CDP) systems. However, the cloud achieves low cost at the same time may slow down the recovery procedure due to its low bandwidth and high latency. In this paper, a novel block-level CDP system architecture: MYCDP is proposed to utilize cloud resources as the back-end storage. Unlike traditional delta-encoding based CDP approaches which should traverse all the dependent versions and decode the recovery point, MYCDP adopts data deduplication mechanism to eliminate data redundancy between all versions of all blocks, and constructs a version index for all versions of the protected storage, thus it can use a query-and-fetch process to recover version data. And with a specific version index data structure and a disk/memory hybrid cache module, MYCDP reduces the storage space consumption and data transfer between local and cloud. It also supports deletion of arbitrary versions without risk of invalidating some other versions. Experimental results demonstrate that MYCDP can achieve much lower cost than traditional local based CDP approaches, while remaining almost the same recovery speed with the local based deduplication approach for most recovery cases. Furthermore, MYCDP can obtain both faster recovery and lower cost than cloud based delta-encoding CDP approaches for any recovery points. And MYCDP gets more profits while protecting multiple systems together.
Byoung-Dai LEE Kwang-Ho LIM Yoon-Ho CHOI Namgi KIM
In recent years, computation offloading, through which applications on a mobile device can offload their computations onto more resource-rich clouds, has emerged as a promising technique to reduce battery consumption as well as augment the devices' limited computation and memory capabilities. In order for computation offloading to be energy-efficient, an accurate estimate of battery consumption is required to decide between local processing and computation offloading. In this paper, we propose a novel technique for estimating battery consumption without requiring detailed information about the mobile application's internal structure or its execution behavior. In our approach, the relationship is derived between variables that affect battery consumption (i.e., the input to the application, the transmitted data, and resource status) and the actual consumed energy from the application's past run history. We evaluated the performance of the proposed technique using two different types of mobile applications over different wireless network environments such as 3G, Wi-Fi, and LTE. The experimental results show that our technique can provide tolerable estimation accuracy and thus make correct decisions between local processing and computation offloading.
Shunsuke KURUMATANI Masashi TOYAMA Yukio TSURUOKA Eric Y. CHEN
We propose an architecture for offloading processes in applications to support low-performance devices. Almost all applications based on standardized web technologies are compatible with our architecture. We discuss how interfaces should be used properly to offload processes in JavaScript and argue that an interface for offloading should only be used for defining complex processes. We also propose a method for applying our architecture to web applications that use web workers. Our method automatically offloads some worker processes to the cloud. We also compare the processing times achieved with and without our method. Our architecture exhibits good efficacy with regards to the N-Queen problem, although it is influenced by network latency between a device and the cloud.
Hiroshi YAMADA Shuntaro TONOSAKI Kenji KONO
Infrastructure as a Service (IaaS), a form of cloud computing, is gaining attention for its ability to enable efficient server administration in dynamic workload environments. In such environments, however, updating the software stack or content files of virtual machines (VMs) is a time-consuming task, discouraging administrators from frequently enhancing their services and fixing security holes. This is because the administrator has to upload the whole new disk image to the cloud platform via the Internet, which is not yet fast enough that large amounts of data can be transferred smoothly. Although the administrator can apply incremental updates directly to the running VMs, he or she has to carefully consider the type of update and perform operations on all running VMs, such as application restarts. This is a tedious and error-prone task. This paper presents a technique for synchronizing VMs with less time and lower administrative burden. We introduce the Virtual Disk Image Repository, which runs on the cloud platform and automatically updates the virtual disk image and the running VMs with only the incremental update information. We also show a mechanism that performs necessary operations on the running VM such as restarting server processes, based on the types of files that are updated. We implement a prototype on Linux 2.6.31.14 and Amazon Elastic Compute Cloud. An experiment shows that our technique can synchronize VMs in an order-of-magnitude shorter time than the conventional disk-image-based VM method. Also, we discuss limitations of our technique and some directions for more efficient VM updates.
Outsourcing to a cloud storage brings forth new challenges for the efficient utilization of computing resources as well as simultaneously maintaining privacy and security for the outsourced data. Data deduplication refers to a technique that eliminates redundant data on the storage and the network, and is considered to be one of the most-promising technologies that offers efficient resource utilization in the cloud computing. In terms of data security, however, deduplication obstructs applying encryption on the outsourced data and even causes a side channel through which information can be leaked. Achieving both efficient resource utilization and data security still remains open. This paper addresses this challenging issue and proposes a novel solution that enables data deduplication while also providing the required data security and privacy. We achieve this goal by constructing and utilizing equality predicate encryption schemes which allow to know only equivalence relations between encrypted data. We also utilize a hybrid approach for data deduplication to prevent information leakage due to the side channel. The performance and security analyses indicate that the proposed scheme is efficient to securely manage the outsourced data in the cloud computing.
Youwen ZHU Tsuyoshi TAKAGI Rong HU
Recently, Yuan et al. (IEEE Infocom'13, pp.2652-2660) proposed an efficient secure nearest neighbor (SNN) search scheme on encrypted cloud database. Their scheme is claimed to be secure against the collusion attack of query clients and cloud server, because the colluding attackers cannot infer the encryption/decryption key. In this letter, we observe that the encrypted dataset in Yuan's scheme can be broken by the collusion attack without deducing the key, and present a simple but powerful attack to their scheme. Experiment results validate the high efficiency of our attacking approach. Additionally, we also indicate an upper bound of collusion-resistant ability of any accurate SNN query scheme.
This paper proposes a new optimization problem and several implementation algorithms for energy-efficient clouds where energy efficiency is measured by the number of physical machines that can be removed from operation and turned off. The optimization problem is formulated is such a way that solutions are considered favorable not only when the number of migrations is minimized but also when the resulting layout has more free physical machines which can therefore be turned off to save electricity.
Shaojing FU Dongsheng WANG Ming XU Jiangchun REN
Remote data possession checking for cloud storage is very important, since data owners can check the integrity of outsourced data without downloading a copy to their local computers. In a previous work, Chen proposed a remote data possession checking protocol using algebraic signature and showed that it can resist against various known attacks. In this paper, we find serious security flaws in Chen's protocol, and shows that it is vulnerable to replay attack by a malicious cloud server. Finally, we propose an improved version of the protocol to guarantee secure data storage for data owners.
Md Golam RABBANI Mohamed Faten ZHANI Raouf BOUTABA
As businesses are increasingly relying on the cloud to host their services, cloud providers are striving to offer guaranteed and highly-available resources. To achieve this goal, recent proposals have advocated to offer both computing and networking resources in the form of Virtual Data Centers (VDCs). Subsequently, several attempts have been made to improve the availability of VDCs through reliability-aware resource allocation schemes and redundancy provisioning techniques. However, the research to date has not considered the heterogeneity of the underlying physical components. Specifically, it does not consider recent findings showing that failure rates and availability of data center equipments can vary significantly depending on various parameters including their types and ages. To address this limitation, in this paper we propose a High-availability Virtual Infrastructure management framework (Hi-VI) that takes into account the heterogeneity of cloud data center equipments to dynamically provision backup resources in order to ensure required VDC availability. Specifically, we propose a technique to compute the availability of a VDC that considers both (1) the heterogeneity of data center networking and computing equipments in terms of failure rates and availability, and (2) the number of redundant virtual nodes and links provisioned as backups. We then leverage this technique to propose an allocation scheme that jointly provisions resources for VDCs and backups of virtual components with the goal of achieving the required VDC availability while minimizing energy costs. Through simulations, we demonstrate the effectiveness of our framework compared to heterogeneity-oblivious solutions.
Ryousei TAKANO Hidemoto NAKADA Takahiro HIROFUCHI Yoshio TANAKA Tomohiro KUDOH
A virtual machine (VM) migration is useful for improving flexibility and maintainability in cloud computing environments. However, VM monitor (VMM)-bypass I/O technologies, including PCI passthrough and SR-IOV, in which the overhead of I/O virtualization can be significantly reduced, make VM migration impossible. This paper proposes a novel and practical mechanism, called Symbiotic Virtualization (SymVirt), for enabling migration and checkpoint/restart on a virtualized cluster with VMM-bypass I/O devices, without the virtualization overhead during normal operations. SymVirt allows a VMM to cooperate with a message passing layer on the guest OS, then it realizes VM-level migration and checkpoint/restart by using a combination of a user-level dynamic device configuration and coordination of distributed VMMs. We have implemented the proposed mechanism on top of QEMU/KVM and the Open MPI system. All PCI devices, including Infiniband, Ethernet, and Myrinet, are supported without implementing specific para-virtualized drivers; and it is not necessary to modify either of the MPI runtime and applications. Using the proposed mechanism, we demonstrate reactive and proactive FT mechanisms on a virtualized Infiniband cluster. We have confirmed the effectiveness using both a memory intensive micro benchmark and the NAS parallel benchmark.
Yoichi SATO Ichiro FUKUDA Tomonori FUJITA
The use of computing resources on network is becoming active in the Internet and private networks. OpenFlow/Software-Defined Networking (SDN) is drawing attention as a method to control network virtualization for the cloud computing services and other carrier services. This paper introduces examples of OpenFlow/SDN technologies applied to commercial cloud services. Various activities to expand coverage over commercial carrier networks are also mentioned.
Jining ZHAO Chunxiang XU Fagen LI Wenzheng ZHANG
In the Cloud computing era, users could have their data outsourced to cloud service provider (CSP) to enjoy on-demand high quality service. On the behalf of the user, a third party auditor (TPA) which could verify the real data possession on CSP is critically important. The central challenge is to build efficient and provably secure data verification scheme while ensuring that no users' privacy is leaked to any unauthorized party, including TPA. In this paper, we propose the first identity-based public verification scheme, based on the identity-based aggregate signature (IBAS). In particular, by minimizing information that verification messages carry and TPA obtains or stores, we could simplify key management and greatly reduce the overheads of communication and computation. Unlike the existing works based on certificates, in our scheme, only a private key generator (PKG) has a traditional public key while the user just keeps its identity without binding with certificate. Meanwhile, we utilize privacy-preserving technology to keep users' private data off TPA. We also extend our scheme with the support of batch verification task to enable TPA to perform public audits among different users simultaneously. Our scheme is provably secure in the random oracle model under the hardness of computational Diffie-Hellman assumption over pairing-friendly groups and Discrete Logarithm assumption.
Hui ZHAO Shuqiang YANG Hua FAN Zhikun CHEN Jinghu XU
Scheduling plays a key role in MapReduce systems. In this paper, we explore the efficiency of an MapReduce cluster running lots of independent and continuously arriving MapReduce jobs. Data locality and load balancing are two important factors to improve computation efficiency in MapReduce systems for data-intensive computations. Traditional cluster scheduling technologies are not well suitable for MapReduce environment, there are some in-used schedulers for the popular open-source Hadoop MapReduce implementation, however, they can not well optimize both factors. Our main objective is to minimize total flowtime of all jobs, given it's a strong NP-hard problem, we adopt some effective heuristics to seek satisfied solution. In this paper, we formalize the scheduling problem as job selection problem, a load balance aware job selection algorithm is proposed, in task level we design a strict data locality tasks scheduling algorithm for map tasks on map machines and a load balance aware scheduling algorithm for reduce tasks on reduce machines. Comprehensive experiments have been conducted to compare our scheduling strategy with well-known Hadoop scheduling strategies. The experimental results validate the efficiency of our proposed scheduling strategy.
Chuanyi LIU Jie LIN Binxing FANG
Cloud computing is broadly recognized as as the prevalent trend in IT. However, in cloud computing mode, customers lose the direct control of their data and applications hosted by the cloud providers, which leads to the trustworthiness issue of the cloud providers, hindering the widespread use of cloud computing. This paper proposes a trustworthiness verification and audit mechanism on cloud providers called T-YUN. It introduces a trusted third party to cyclically attest the remote clouds, which are instrumented with the trusted chain covering the whole architecture stack. According to the main operations of the clouds, remote verification protocols are also proposed in T-YUN, with a dedicated key management scheme. This paper also implements a proof-of-concept emulator to validate the effectiveness and performance overhead of T-YUN. The experimental results show that T-YUN is effective and the extra overhead incurred by it is acceptable.
Ziwen ZHANG Zhigang SUN Baokang ZHAO Jiangchuan LIU Xicheng LU
In cloud computing, multiple users coexist in one datacenter infrastructure and the network is always shared using VMs. Network bandwidth allocation is necessary for security and performance guarantees in the datacenter. InfiniBand (IB) is more widely applied in the construction of datacenter cluster and attracts more interest from the academic field. In this paper, we propose an IB dynamic bandwidth allocation mechanism IBShare to achieve different Weight-proportional and Min-guarantee requirements of allocation entities. The differentiated IB Congestion Control (CC) configuration is proven to offer the proportional throughput characteristic at the flow level. IBShare leverages distributed congestion detection, global congestion computation and configuration to dynamically provide predictable bandwidth division. The real IB experiment results showed IBShare can promptly adapt to the congestion variation and achieve the above two allocation demands through CC reconfiguration. IBShare improved the network utilization than reservation and its computation/configuration overhead was low.
Markus HELFERT Ray WALSHE Cathal GURRIN
Information affects almost all aspects of life, and thus the Quality of Information (IQ) plays a critical role in businesses and societies; It can have significant positive and negative impacts on the quality of life of citizens, employees and organizations. Over many years aspects and challenges of IQ have been studied within various contexts. As a result, the general approach to the study of IQ has offered numerous management and measurement approaches, IQ frameworks and list of IQ criteria. As the volume of data and information increases, IQ problems become pervasive. Whereas earlier studies investigated specific aspects of IQ, the next phase of IQ research will need to examine IQ in a wider context, thus its impact on the quality of life and societies. In this paper we apply an IQ oriented framework to two cases, cloud computing and lifelogging, illustrating the impact of IQ on the quality of life. The paper demonstrates the value of the framework, the impact IQ can have on the quality of life and in summary provides a foundation for further research.
Jun HUANG Yanbing LIU Ruozhou YU Qiang DUAN Yoshiaki TANAKA
Cloud computing is an emerging computing paradigm that may have a significant impact on various aspects of the development of information infrastructure. In a Cloud environment, different types of network resources need to be virtualized as a series of service components by network virtualization, and these service components should be further composed into Cloud services provided to end users. Therefore Quality of Service (QoS) aware service composition plays a crucial role in Cloud service provisioning. This paper addresses the problem on how to compose a sequence of service components for QoS guaranteed service provisioning in a virtualization-based Cloud computing environment. The contributions of this paper include a system model for Cloud service provisioning and two approximation algorithms for QoS-aware service composition. Specifically, a system model is first developed to characterize service provisioning behavior in virtualization-based Cloud computing, then a novel approximation algorithm and a variant of a well-known QoS routing procedure are presented to resolve QoS-aware service composition. Theoretical analysis shows that these two algorithms have the same level of time complexity. Comparison study conducted based on simulation experiments indicates that the proposed novel algorithm achieves better performance in time efficiency and scalability without compromising quality of solution. The modeling technique and algorithms developed in this paper are general and effective; thus are applicable to practical Cloud computing systems.
Network slicing for wide-area coordinated packet processing has attracted attentions for improving efficiency of handling network traffic. We have recently proposed a tag-based network slicing mechanism called OpenTag, and introduced the prototype implementation of the OpenTag redirector on an evaluation board. In this paper, we investigate the integration of the OpenTag redirector into a commercial network device. Our contributions are three-fold: (1) designing the architecture aiming OpenTag-capable intermediaries embedded on commercial network devices, (2) implementing a prototype of the embedded OpenTag redirector using the Advanced Mezzanine Card (AMC) which has an OCTEON network processor, (3) showing our implementation can tolerate high bandwidth environment.