Privacy-preserving computation of participatory noise maps in the cloud

This paper presents a privacy-preserving system for participatory sensing, which relies on cryptographic techniques and distributed computations in the cloud. Each individual user is represented by a personal software agent, deployed in the cloud, where it collaborates on distributed computations without loss of privacy, including with respect to the cloud service providers. We present a generic system architecture involving a cryptographic protocol based on a homomorphic encryption scheme for aggregating sensing data into maps, and demonstrate security in the Honest-But-Curious model both for the users and the cloud service providers. We validate our system in the context of NoiseTube, a participatory sensing framework for noise pollution, presenting experiments with real and artificially generated data sets, and a demo on a heterogeneous set of commercial cloud providers. To the best of our knowledge our system is the first operational privacy-preserving system for participatory sensing. While our validation pertains to the noise domain, the approach used is applicable in any crowd-sourcing application relying on location-based contributions of citizens where maps are produced by aggregating data – also beyond the domain of environmental monitoring.     

安全可验证的行列式云外包计算及其电子交易方案

针对现有的云外包计算协议中服务端可能存在的用户信息被泄露、篡改等问题,提出了一个云环境下的安全、高效、可验证的矩阵行列式外包计算协议。首先,基于矩阵模糊技术构造云外包计算协议,它能够在不需要任何困难性假设的前提下保证用户信息的安全性;其次,通过构造一类特殊的变换矩阵对明文矩阵进行处理,使用户在收到返还结果后,能有效验证所反馈的计算结果是否被篡改,性能分析表明,此协议可以有效提高云外包计算的效率;最后,给出一个行列式外包计算的电子交易框架,能够有效应用于电子商务等领域。     

方阵幂安全外包云计算

为解决计算能力有限的对象(用户)所面临的大维数方阵的高次幂计算问题,利用云计算平台(云端),提出一个安全可验证的方阵幂云计算外包协议。协议中,用户首先构造一个随机置换,再结合克罗内克函数,生成一个非奇异方阵,并求得其逆矩阵,这两个方阵即为密钥;用户用此密钥完成对原方阵的加密,然后将加密所得方阵和原有的幂数发送给云端;云端完成加密所得方阵的求幂运算,并将计算所得方阵返回给用户;用户使用持有的密钥解密云端返回方阵,并随机选取若干解密所得方阵中的元素与相应的正确值进行对比,以验证解密所得方阵是否正确。经过理论分析可知,此协议满足外包协议的四个基本要求,即正确性、安全性、可验证性和高效性。基于此协议模型,在仿真实验中,将方阵幂问题分为方阵维数固定幂数变化和幂数固定方阵维数变化两种情形分别进行仿真。实验结果表明,这两种情形下,与用户自身完成原计算任务相比,外包计算均能大幅减少用户的计算耗时,获得较好的外包性能,且随着方阵维数和幂数的增加,外包效果更加明显。     

安全高效的大矩阵行列式计算云外包协议

云计算的应用,在给大家带来便利的同时,也带来一些新的安全问题：如客户端输入/输出的私密性以及云端运算的高效性等。针对此类问题,构建了一个适用于大矩阵行列式计算的云外包协议：在客户端将原始矩阵加密后再传送到云服务器端求解,在保证云服务器端运算高效性的同时,将其返回的结果解密后得到原始矩阵的行列式值。经理论分析和实验评估证明,协议满足正确性、输入/输出私密性和高效性。     

基于安全比较码的云环境隐私保护排序方法

基于云计算的外包服务模式因节省计算、存储等资源配置和维护成本 而被越来越多的公司和个人所使用。然而,资源外包模式也使得数据拥有者失去对其数据的直接控制,敏感数据的隐私保护问题日益凸显。排序是计算机中常用的一种操作,数据加密是云环境中常用的隐私保护策略。如何在不泄露明文信息的前提下实现基于密文的隐私保护排序,是一个难点问题。文中提出面向云环境的基于安全比较码的隐私保护排序方法。通过引入0-1编码和HMAC来构造安全比较码机制;数据所有者对其敏感数据进行加密和编码预处理,将生成的密文和安全比较码外包存储至云服务端;此时云服务器即可利用安全比较码实现无需明文数值参与的密文数据排序,从而实现针对数据拥有者外包数据的隐私保护排序。实验结果表明,隐私保护排序方法在时间和空间上均优于现有同类方法。     

Towards building a cloud for scientific applications

The Cloud computing becomes an innovative computing paradigm, which aims to provide reliable, customized and QoS guaranteed computing infrastructures for users. This paper presents our early experience of Cloud computing based on the Cumulus project for compute centers. In this paper, we give the Cloud computing definition and Cloud computing functionalities. This paper also introduces the Cumulus project with its various aspects, such as design pattern, infrastructure, and middleware. This paper delivers the state-of-the-art for Cloud computing with theoretical definition and practical experience.     

A tensor-based distributed discovery of missing association rules on the cloud

An increasing number of data applications such as monitoring weather data, data streaming, data web logs, and cloud data, are going online and are playing vital in our every-day life. The underlying data of such applications change very frequently, especially in the cloud environment. Many interesting events can be detected by discovering such data from different distributed sources and analyzing it for specific purposes (e.g., car accident detection or market analysis). However, several isolated events could be erroneous due to the fact that important data sets are either discarded or improperly analyzed as they contain missing data. Such events therefore need to be monitored globally and be detected jointly in order to understand their patterns and correlated relationships. In the context of current cloud computing infrastructure, no solutions exist for enabling the correlations between multi-source events in the presence of missing data. This paper addresses the problem of capturing the underlying latent structure of the data with missing entries based on association rules. This necessitate to factorize the data set with missing data.The paper proposes a novel model to handle high amount of data in cloud environment. It is a model of aggregated data that are confidences of association rules. We first propose a method to discover the association rules locally on each node of a cloud in the presence of missing rules. Afterward, we provide a tensor based model to perform a global correlation between all the local models of each node of the network.The proposed approach based on tensor decomposition, deals with a multi modal network where missing association rules are detected and their confidences are approximated. The approach is scalable in terms of factorizing multi-way arrays (i.e. tensor) in the presence of missing association rules. It is validated through experimental results which show its significance and viability in terms of detecting missing rules.     

Automatic offloading of mobile applications into the cloud by means of genetic programming

The limited battery life of modern mobile devices is one of the key problems limiting their use. Even if the offloading of computation onto cloud computing platforms can considerably extend battery duration, it is really hard not only to evaluate the cases where offloading guarantees real advantages on the basis of the requirements of the application in terms of data transfer, computing power needed, etc., but also to evaluate whether user requirements (i.e. the costs of using the cloud services, a determined QoS required, etc.) are satisfied. To this aim, this paper presents a framework for generating models to make automatic decisions on the offloading of mobile applications using a genetic programming (GP) approach. The GP system is designed using a taxonomy of the properties useful to the offloading process concerning the user, the network, the data and the application. The fitness function adopted permits different weights to be given to the four categories considered during the process of building the model. Experimental results, conducted on datasets representing different categories of mobile applications, permit the analysis of the behavior of our algorithm in different applicative contexts. Finally, a comparison with the state of the art of the classification algorithm establishes the goodness of the approach in modeling the offloading process.     

On-demand minimum cost benchmarking for intermediate dataset storage in scientific cloud workflow systems

Many scientific workflows are data intensive: large volumes of intermediate datasets are generated during their execution. Some valuable intermediate datasets need to be stored for sharing or reuse. Traditionally, they are selectively stored according to the system storage capacity, determined manually. As doing science on clouds has become popular nowadays, more intermediate datasets in scientific cloud workflows can be stored by different storage strategies based on a pay-as-you-go model. In this paper, we build an intermediate data dependency graph (IDG) from the data provenances in scientific workflows. With the IDG, deleted intermediate datasets can be regenerated, and as such we develop a novel algorithm that can find a minimum cost storage strategy for the intermediate datasets in scientific cloud workflow systems. The strategy achieves the best trade-off of computation cost and storage cost by automatically storing the most appropriate intermediate datasets in the cloud storage. This strategy can be utilised on demand as a minimum cost benchmark for all other intermediate dataset storage strategies in the cloud. We utilise Amazon clouds’ cost model and apply the algorithm to general random as well as specific astrophysics pulsar searching scientific workflows for evaluation. The results show that benchmarking effectively demonstrates the cost effectiveness over other representative storage strategies.     

Copernicus,a hybrid dataflow and peer-to-peer scientific computing platform for efficient large-scale ensemble sampling

Compute-intensive applications have gradually changed focus from massively parallel supercomputers to capacity as a resource obtained on-demand. This is particularly true for the large-scale adoption of cloud computing and MapReduce in industry, while it has been difficult for traditional high-performance computing (HPC) usage in scientific and engineering computing to exploit this type of resources. However, with the strong trend of increasing parallelism rather than faster processors, a growing number of applications target parallelism already on the algorithm level with loosely coupled approaches based on sampling and ensembles. While these cannot trivially be formulated as MapReduce, they are highly amenable to throughput computing. There are many general and powerful frameworks, but in particular for sampling-based algorithms in scientific computing there are some clear advantages from having a platform and scheduler that are highly aware of the underlying physical problem. Here, we present how these challenges are addressed with combinations of dataflow programming, peer-to-peer techniques and peer-to-peer networks in the Copernicus platform. This allows automation of sampling-focused workflows, task generation, dependency tracking, and not least distributing these to a diverse set of compute resources ranging from supercomputers to clouds and distributed computing (across firewalls and fragile networks). Workflows are defined from modules using existing programs, which makes them reusable without programming requirements. The system achieves resiliency by handling node failures transparently with minimal loss of computing time due to checkpointing, and a single server can manage hundreds of thousands of cores e.g. for computational chemistry applications.     

Anomaly detection for construction vibration signals using unsupervised deep learning and cloud computing

In-operation construction vibration monitoring records inevitably contain various anomalies caused by sensor faults, system errors, or environmental influence. An accurate and efficient anomaly detection technique is essential for vibration impact assessment. Identifying anomalies using visualization tools is computationally expensive, time-consuming, and labor-intensive. In this study, an unsupervised approach for detecting anomalies in construction vibration monitoring data was proposed based on a temporal convolutional network and autoencoder. The anomalies were autonomously detected on the basis of the reconstruction errors between the original and reconstructed signals. Considering the false and missed detections caused by great variability in vibration signals, an adaptive threshold method was applied to achieve the best identification performance. This method used the log-likelihood of the reconstruction errors to search for an optimal coefficient for anomalies. A distributed training strategy was implemented on a cloud platform to speed up training and perform anomaly detection without significant time delay. Construction-induced accelerations measured by a real vibration monitoring system were used to evaluate the proposed method. Experimental results show that the proposed approach can successfully detect anomalies with high accuracy; and the distributed training can remarkably save training time, thereby realizing anomaly detection for online monitoring systems with accumulated massive data.     

云计算中的入侵检测模型

本文提出了一种云环境下的网络安全处理模型,模型中的每台云服务器都拥有自己的入侵检测系统,并且所有的服务器共享一个异常管理平台,该平台负责报警信息的接收、处理和日志管理.模型采用报警级别动态调整技术和攻击信息共享方法,最大限度地降低了漏报率和服务器遭受同种攻击的可能性,有效提高了检测效率和系统安全水平.     

智能电网中虚拟化云计算的应用和安全技术分析

智能电网符合当前需求,意义重大。首先简单介绍了云计算和智能电网,并对云计算在智能电网中的应用做了阐述,然后主要对云计算的安全技术进行了分析。     

Analysis of a trust model for SLA negotiation and enforcement in cloud markets

Online Reputation Systems help mitigate the information asymmetry between clients and providers in Cloud Computing Markets. However, those systems raise two main drawbacks: the disagreement for assuming the cost of ownership of such services and their vulnerability to reputation attacks from dishonest parties that want to increase their reputation. This article faces both problems by describing a decentralised (peer-to-peer) trust model that does not require the intervention of a central entity to manage it. This model includes mechanisms to allow participants to avoid dishonest behaviour from other peers: each client statistically analyses the external reports about providers and updates the trustworthiness of the peers. The trustworthiness values will be used to negotiate prices in later transactions. The trust model is then incorporated in the Service-Level Agreement negotiation and enforcement processes, prioritising trusted clients over non-trusted clients to minimise the consequences of low Quality of Service in relation to the trust of the provider, and incentivise accurate trust reports from the clients. Finally, this article evaluates and discusses the validity of the trust model under different attacks from dishonest clients and providers.     

Bounds on the multi-clients incremental computing for homogeneous decreasing computation sequences

This paper studies the performance of network-based incremental computing under various message sequences. We show the bounds on the time needed to compute the tasks requested by multiple clients. Our simulation result shows that the expected performance of random message sequences is close to the optimal performance.     

A robust optimisation approach to the problem of supplier selection and allocation in outsourcing

We formulate the supplier selection and allocation problem in outsourcing under an uncertain environment as a stochastic programming problem. Both the decision-maker's attitude towards risk and the penalty parameters for demand deviation are considered in the objective function. A service level agreement, upper bound for each selected supplier's allocation and the number of selected suppliers are considered as constraints. A novel robust optimisation approach is employed to solve this problem under different economic situations. Illustrative examples are presented with managerial implications highlighted to support decision-making.     

A survey on design and implementation of protected searchable data in the cloud

While cloud computing has exploded in popularity in recent years thanks to the potential efficiency and cost savings of outsourcing the storage and management of data and applications, a number of vulnerabilities that led to multiple attacks have deterred many potential users.As a result, experts in the field argued that new mechanisms are needed in order to create trusted and secure cloud services. Such mechanisms would eradicate the suspicion of users towards cloud computing by providing the necessary security guarantees. Searchable Encryption is among the most promising solutions—one that has the potential to help offer truly secure and privacy-preserving cloud services. We start this paper by surveying the most important searchable encryption schemes and their relevance to cloud computing. In light of this analysis we demonstrate the inefficiencies of the existing schemes and expand our analysis by discussing certain confidentiality and privacy issues. Further, we examine how to integrate such a scheme with a popular cloud platform. Finally, we have chosen – based on the findings of our analysis – an existing scheme and implemented it to review its practical maturity for deployment in real systems. The survey of the field, together with the analysis and with the extensive experimental results provides a comprehensive review of the theoretical and practical aspects of searchable encryption.     

Understanding and predicting students' intention to use mobile cloud storage services

The challenges of mobile devices such as limited bandwidth, computing, and storage have led manufacturers and service providers to develop new value-added mobile services. To address these limitations, mobile cloud computing, which offers on-demand services including platforms, infrastructure, and software have been developed. This study attempts to build a significantly improved research framework based on the Technology Acceptance Model in order to identify factors that affect students' attitudes toward and intentions in using mobile cloud storage services. A structural equation model was used to assess the proposed model based on the data collected from 262 undergraduate students. Results show that perceived usefulness, subjective norm, and trust have a significantly positive effect on the attitude, which in turn is a significant predictor of behavioral intentions. The research model, which explains 82% of the variance in attitudes toward using mobile cloud storage services has a strong predictive power. The findings have both theoretical and practical implications for academics, managers, and educational institutions.     

基于智能网络与虚拟化计算的移动办公系统信息安全的研究与应用简

本文基于政府行业3G网络和云计算环境移动办公系统的应用实例,重点讨论了构建以网络通信、区域边界、云计算环境、安全管控中心为基础的信息安全平台,为移动办公系统提供一个安全稳定的可信可控可管的移动应用环境的可行性,     

Empirical prediction models for adaptive resource provisioning in the cloud

Cloud computing allows dynamic resource scaling for enterprise online transaction systems, one of the key characteristics that differentiates the cloud from the traditional computing paradigm. However, initializing a new virtual instance in a cloud is not instantaneous; cloud hosting platforms introduce several minutes delay in the hardware resource allocation. In this paper, we develop prediction-based resource measurement and provisioning strategies using Neural Network and Linear Regression to satisfy upcoming resource demands.Experimental results demonstrate that the proposed technique offers more adaptive resource management for applications hosted in the cloud environment, an important mechanism to achieve on-demand resource allocation in the cloud.