A method for trust management in cloud computing: Data coloring by cloud watermarking

With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtualized resources are provided as services. With virtualization technology, cloud computing offers diverse services (such as virtual computing, virtual storage, virtual bandwidth, etc.) for the public by means of multi-tenancy mode. Although users are enjoying the capabilities of super-computing and mass storage supplied by cloud computing, cloud security still remains as a hot spot problem, which is in essence the trust management between data owners and storage service providers. In this paper, we propose a data coloring method based on cloud watermarking to recognize and ensure mutual reputations. The experimental results show that the robustness of reverse cloud generator can guarantee users embedded social reputation identifications. Hence, our work provides a reference solution to the critical problem of cloud security.     

云中多媒体应用中基于混合DAG的最优任务调度研究

云计算的平台优势使得它在多媒体应用中得到广泛使用。由于多媒体服务的多样性和异构性,如何将多媒体任务有效地调度至虚拟机进行处理成为当前多媒体应用的研究重点。对此,研究了云中多媒体最优任务调度问题,首先引入有向无环图来模拟任务中的优先级及任务之间的依赖性,分别对串行、并行、混合结构任务调度模型进行任务调度研究,根据有限资源成本将关键路径中任务节点融合,提出一种实用的启发式近似最优调度方法。实验结果表明,所提调度方法能够以最短的执行时间在有限的资源成本下完成最优的任务分配。     

A security-aware virtual machine placement in the cloud using hesitant fuzzy decision-making processes

The introduction of cloud computing systems brought with itself a solution for the dynamic scaling of computing resources leveraging various approaches for providing computing power, networking, and storage. On the other hand, it helped decrease the human resource cost by delegating the maintenance cost of infrastructures and platforms to the cloud providers. Nevertheless, the security risks of utilizing shared resources are recognized as one of the major concerns in using cloud computing environments. To be more specific, an intruder can attack a virtual machine and consequently extend his/her attack to other virtual machines that are co-located on the same physical machine. The worst situation is when the hypervisor is compromised in which all the virtual machines assigned to the physical node will be under security risk. To address these issues, we have proposed a security-aware virtual machine placement scheme to reduce the risk of co-location for vulnerable virtual machines. Four attributes are introduced to reduce the aforementioned risk including the vulnerability level of a virtual machine, the importance level of a virtual machine in the given context, the cumulative vulnerability level of a physical machine, and the capacity of a physical machine for the allocation of new virtual machines. Nevertheless, the evaluation of security risks, due to the various vulnerabilities’ nature as well as the different properties of deployment environments is not quite accurate. To manage the precision of security evaluations, it is vital to consider hesitancy factors regarding security evaluations. To consider hesitancy in the proposed method, hesitant fuzzy sets are used. In the proposed method, the priorities of the cloud provider for the allocation of virtual machines are also considered. This will allow the model to assign more weights to attributes that have higher importance for the cloud provider. Eventually, the simulation results for the devised scenarios demonstrate that the proposed method can reduce the overall security risk of the given cloud data center. The results show that the proposed approach can reduce the risk of attacks caused by the co-location of virtual machines up to 41% compared to the existing approaches.

     

Multi-tenant intrusion detection system for public cloud (MTIDS)

Cloud computing is an innovative paradigm technology that is known for its versatility. It provides many creative services as requested, and it is both cost efficient and reliable. More specifically, cloud computing provides an opportunity for tenants to reduce cost and raise effectiveness by offering an alternative method of service utilization. Although these services are easily provided to tenants on demand with minor infrastructure investment, they are significantly exposed to intrusion attempts since the services are offered under the administration of diverse supervision over the Internet. Moreover, the security mechanisms offered by cloud providers do not take into consideration the variation of tenants’ needs as they provide the same security mechanism for all tenants. So, meeting tenants’ security requirements are still a major challenge for cloud providers. In this paper, we concentrate on the security service offered to cloud tenants and service providers and their infrastructure to restrain intruders. We intend to provide a flexible, on-demand, scalable, and pay-as-you-go multi-tenant intrusion detection system as a service that targets the security of the public cloud. Further, it is designed to deliver appropriate and optimized security taking into consideration the tenants’ needs in terms of security service requirements and budget.     

面向云联网的云服务协商机制

随着云计算的快速发展,越来越多的用户开始使用云服务提供商提供的服务,而云联网作为云计算研究的新领域,可以实现跨云服务提供商的服务,当单个云服务提供商无法满足用户的服务需求时,云服务提供商之间以合作的方式为用户提供服务,以便更好地满足用户的服务需求。针对上述情况,提出了面向云联网的云服务协商机制,该机制利用云联网和改进的经典合同网模型来实现云服务提供商的交互协商。为了有效地选出合作伙伴以提高合作效率,还为每一个云服务提供商建立了一个熟人集。实验表明,本文设计的机制可以有效地提高云服务提供商之间的合作效率,并且可以更好地满足用户的服务需求。     

一种云计算的虚拟网络管理系统

云计算技术是IT产业界的一场技术革命,已经成为IT行业未来发展的方向,这种变化使得IT基础架构的运营专业化程度不断集中和提高。在云计算的使用中,云计算使用者缺乏对于网络的配置能力,这部分目前并没有开放给用户所使用。虽然云计算的虚拟网络服务已经受到了更多云计算提供商的关注,但是目前对这方面的支持还处于不完善的阶段。本文提出了一种基于云计算的虚拟网络管理系统,本系统能够以动态的方式为用户提供基于云计算的网络服务,可以根据用户需求实现虚拟网络配置,并加以优化,以便最大限度地提高虚拟网络的性能。     

Autonomic resource provisioning for multilayer cloud applications with K-nearest neighbor resource scaling and priority-based resource allocation

Providing a pool of various resources and services to customers on the Internet in exchanging money has made cloud computing as one of the most popular technologies. Management of the provided resources and services at the lowest cost and maximum profit is a crucial issue for cloud providers. Thus, cloud providers proceed to auto-scale the computing resources according to the users' requests in order to minimize the operational costs. Therefore, the required time and costs to scale-up and down computing resources are considered as one of the major limits of scaling which has made this issue an important challenge in cloud computing. In this paper, a new approach is proposed based on MAPE-K loop to auto-scale the resources for multilayered cloud applications. K-nearest neighbor (K-NN) algorithm is used to analyze and label virtual machines and statistical methods are used to make scaling decision. In addition, a resource allocation algorithm is proposed to allocate requests on the resources. Results of the simulation revealed that the proposed approach results in operational costs reduction, as well as improving the resource utilization, response time, and profit.     

TRainbow: a new trusted virtual machine based platform

Currently, with the evolution of virtualization technology, cloud computing mode has become more and more popular. However, people still concern the issues of the runtime integrity and data security of cloud computing platform, as well as the service efficiency on such computing platform. At the same time, according to our knowledge, the design theory of the trusted virtual computing environment and its core system software for such network-based computing platform is at the exploratory stage. In this paper, we believe that efficiency and isolation are the two key proprieties of the trusted virtual computing environment. To guarantee these two proprieties, based on the design principle of splitting, customizing, reconstructing, and isolation-based enhancing to the platform, we introduce TRainbow, a novel trusted virtual computing platform developing by our research group. With the two creative mechanisms, that is, capacity flowing amongst VMs and VM-based kernel reconstructing, TRainbow provides great improvements (up to 42%) in service performance and isolated reliable computing environment for Internet-oriented, large-scale, concurrent services.     

Security and Control in the Cloud

ABSTRACT

Cloud computing is a new IT delivery paradigm that offers computing resources as on-demand services over the Internet. Like all forms of outsourcing, cloud computing raises serious concerns about the security of the data assets that are outsourced to providers of cloud services. To address these security concerns, we show how today's generation of information security management systems (ISMSs), as specified in the ISO/IEC 27001:2005, must be extended to address the transfer of security controls into cloud environments. The resulting virtual ISMS is a standards-compliant management approach for developing a sound control environment while supporting the various modalities of cloud computing.

This article addresses chief security and/or information officers of cloud client and cloud provider organizations. Cloud clients will benefit from our exposition of how to manage risk when corporate assets are outsourced to cloud providers. Providers of cloud services will learn what processes and controls they can offer in order to provide superior security that differentiates their offerings in the market.     

云工作流中基于分时虚拟机的任务层调度算法

云计算是新的一种面向市场的商业计算模式,向用户按需提供服务,云计算的商业特性使其关注向用户提供服务的服务质量。任务调度和资源分配是云计算中两个关键的技术,所使用的虚拟化技术使得其资源分配和任务调度有别于以往的并行分布式计算。目前主要的调度算法是借鉴网格环境下的调度策略,研究基于QoS的调度算法,存在执行效率较低的问题。我们对云工作流任务层调度进行深入研究,分析由底层资源虚拟化形成的虚拟机的特性,结合工作流任务的各类QoS约束,提出了基于虚拟机分时特性的任务层ACS调度算法。经过试验,我们提出的算法相比于文献[1]中的算法在对于较多并行任务的执行上存在较大的优势,能够很好的利用虚拟的分时特性,优化任务到虚拟机的调度。     

Optimizing virtual machine allocation for parallel scientific workflows in federated clouds

Cloud computing has established itself as an interesting computational model that provides a wide range of resources such as storage, databases and computing power for several types of users. Recently, the concept of cloud computing was extended with the concept of federated clouds where several resources from different cloud providers are inter-connected to perform a common action (e.g. execute a scientific workflow). Users can benefit from both single-provider and federated cloud environment to execute their scientific workflows since they can get the necessary amount of resources on demand. In several of these workflows, there is a demand for high performance and parallelism techniques since many activities are data and computing intensive and can execute for hours, days or even weeks. There are some Scientific Workflow Management Systems (SWfMS) that already provide parallelism capabilities for scientific workflows in single-provider cloud. Most of them rely on creating a virtual cluster to execute the workflow in parallel. However, they also rely on the user to estimate the amount of virtual machines to be allocated to create this virtual cluster. Most SWfMS use this initial virtual cluster configuration made by the user for the entire workflow execution. Dimensioning the virtual cluster to execute the workflow in parallel is then a top priority task since if the virtual cluster is under or over dimensioned it can impact on the workflow performance or increase (unnecessarily) financial costs. This dimensioning is far from trivial in a single-provider cloud and specially in federated clouds due to the huge number of virtual machine types to choose in each location and provider. In this article, we propose an approach named GraspCC-fed to produce the optimal (or near-optimal) estimation of the amount of virtual machines to allocate for each workflow. GraspCC-fed extends a previously proposed heuristic based on GRASP for executing standalone applications to consider scientific workflows executed in both single-provider and federated clouds. For the experiments, GraspCC-fed was coupled to an adapted version of SciCumulus workflow engine for federated clouds. This way, we believe that GraspCC-fed can be an important decision support tool for users and it can help determining an optimal configuration for the virtual cluster for parallel cloud-based scientific workflows.     

Combinatorial auction-based allocation of virtual machine instances in clouds

Most of the current cloud computing providers allocate virtual machine instances to their users through fixed-price allocation mechanisms. We argue that combinatorial auction-based allocation mechanisms are especially efficient over the fixed-price mechanisms since the virtual machine instances are assigned to users having the highest valuation. We formulate the problem of virtual machine allocation in clouds as a combinatorial auction problem and propose two mechanisms to solve it. The proposed mechanisms are extensions of two existing combinatorial auction mechanisms. We perform extensive simulation experiments to compare the two proposed combinatorial auction-based mechanisms with the currently used fixed-price allocation mechanism. Our experiments reveal that the combinatorial auction-based mechanisms can significantly improve the allocation efficiency while generating higher revenue for the cloud providers.     

Resource Management in Cloud Computing with Optimal Pricing Policies

As a new computing paradigm, cloud computing has received much attention from research and economics fields in recent years. Cloud resources can be priced according to several pricing options in cloud markets. Usage-based and reserved pricing schemes are commonly adopted by leading cloud service providers (CSPs) such as Amazon and Google. With more and more CSPs entering cloud computing markets, the pricing of cloud resources is an important issue that they need to consider. In this paper, we study how to segment cloud resources using hybrid pricing schemes in order to obtain the maximum revenue by means of optimal pricing schemes in what is a largely monopolized cloud market. We first study how the revenue of a cloud provider can be maximised using an on-demand pricing scheme. We then turn to the study of revenue maximization with a reserved pricing scheme and, finally, we compare the revenues obtained from the two pricing schemes.     

A meta-heuristic optimization approach to the scheduling of bag-of-tasks applications on heterogeneous clouds with multi-level arrivals and critical jobs

As cloud computing evolves, it is becoming more and more apparent that the future of this industry lies in interconnected cloud systems where resources will be provided by multiple “Cloud” providers instead of just one. In this way, the hosts of services that are cloud-based will have access to even larger resource pools while at the same time increasing their scalability and availability by diversifying both their computing resources and the geographical locations where those resources operate from. Furthermore the increased competition between the cloud providers in conjunction with the commoditization of hardware has already led to large decreases in the cost of cloud computing and this trend is bound to continue in the future. Scientific focus in cloud computing is also headed this way with more studies on the efficient allocation of resources and effective distribution of computing tasks between those resources. This study evaluates the use of meta-heuristic optimization algorithms in the scheduling of bag-of-tasks applications in a heterogeneous cloud of clouds. The study of both local and globally arriving jobs has been considered along with the introduction of sporadically arriving critical jobs. Simulation results show that the use of these meta-heuristics can provide significant benefits in costs and performance.     

Cloud computing system risk estimation and service selection approach based on cloud focus theory

The main cloud computing service providers usually provide cross-regional and services of Crossing Multi-Internet Data Centers that supported with selection strategy of service level agreement risk constraint. But the traditional quality of service (QoS)-aware Web service selection approach cannot ensure the real-time and the reliability of services selection. We proposed a cloud computing system risk assessment method based on cloud theory, and generated the five property clouds by collecting the risk value and four risk indicators from each virtual machine. The cloud backward generator integrated these five clouds into one cloud, according to the weight matrix. So the risk prediction value is transferred to the risk level quantification. Then we tested the Web service selection experiments by using risk assessment level as QoS mainly constraint and comparing with LRU and MAIS methods. The result showed that the success rate and efficiency of risk assessment with cloud focus theory Web services selection approaches are more quickly and efficient.

     

基于可信计算的云用户安全模型

随着云计算的发展,它的安全问题不容忽视。根据云用户所面临的数据安全及身份的隐私性问题,提出了基于可信计算的云用户安全模型。安全模型以可信计算技术为支撑,除了采用传统的安全策略外,提出了建立私有虚拟机,为用户提供一个私密的运行空间,防止其他恶意用户或管理员访问该虚拟机;给出了用户信息匿名化的方法,当高安全级用户申请服务和变更服务时保证用户身份信息的私密性,防止服务提供商恶意利用和泄露用户信息,为用户提供一个安全的运行环境。     

云计算虚拟化技术的发展与趋势

云计算是一种融合了多项计算机技术的以数据和处理能力为中心的密集型计算模式,其中以虚拟化、分布式数据存储、分布式并发编程模型、大规模数据管理和分布式资源管理技术最为关键。经过十多年的发展,云计算技术已经从发展培育期步入快速成长期,越来越多的企业已经开始使用云计算服务。与此同时,云计算的核心技术也在发生着巨大的变化,新一代的技术正在改进甚至取代前一代技术。容器虚拟化技术以其轻便、灵活和快速部署等特性对传统的基于虚拟机的虚拟化技术带来了颠覆性的挑战,正在改变着基础设施即服务（IaaS）平台和平台即服务（PaaS）平台的架构和实现。对容器虚拟化技术进行深入介绍,并通过分析和比较阐述容器虚拟化技术和虚拟机虚拟化技术各自的优势、适应场景和亟待解决的问题,然后对云计算虚拟化技术的下一步研究方向和发展趋势进行展望。     

A Pliant-based Virtual Machine Scheduling Solution to Improve the Energy Efficiency of IaaS Clouds

Recently cloud computing is facing increasing attention as it is applied in many business scenarios by advertising the illusion of infinite resources towards its customers. Nevertheless, it raises severe issues with energy consumption: the higher levels of quality and availability require irrational energy expenditures. This paper proposes Pliant system-based virtual machine scheduling approaches for reducing the energy consumption of cloud datacenters. We have designed a CloudSim-based simulation environment for task-based cloud applications to evaluate our proposed solution, and applied industrial workload traces for our experiments. We show that significant savings can be achieved in energy consumption by our proposed Pliant-based algorithms, in this way a beneficial trade-off can be reached by IaaS providers between energy consumption and execution time.     

Novel resource allocation algorithms to performance and energy efficiency in cloud computing

The rapid growth in demand for computational power has led to a shift to the cloud computing model established by large-scale virtualized data centers. Such data centers consume enormous amounts of electrical energy. Cloud providers must ensure that their service delivery is flexible to meet various consumer requirements. However, to support green computing, cloud providers also need to minimize the cloud infrastructure energy consumption while conducting the service delivery. In this paper, for cloud environments, a novel QoS-aware VMs consolidation approach is proposed that adopts a method based on resource utilization history of virtual machines. Proposed algorithms have been implemented and evaluated using CloudSim simulator. Simulation results show improvement in QoS metrics and energy consumption as well as demonstrate that there is a trade-off between energy consumption and quality of service in the cloud environment.     

Reliability and Incentive of Performance Assessment for Decentralized Clouds

Decentralized cloud platforms have emerged as a promising paradigm to exploit the idle computing resources across the Internet to catch up with the ever-increasing cloud computing demands. As any user or enterprise can be the cloud provider in the decentralized cloud, the performance assessment of the heterogeneous computing resources is of vital significance. However, with the consideration of the untrustworthiness of the participants and the lack of unified performance assessment metric, the performance monitoring reliability and the incentive for cloud providers to offer real and stable performance together constitute the computational performance assessment problem in the decentralized cloud. In this paper, we present a robust performance assessment solution RODE to solve this problem. RODE mainly consists of a performance monitoring mechanism and an assessment of the claimed performance (AoCP) mechanism. The performance monitoring mechanism first generates reliable and verifiable performance monitoring results for the workloads executed by untrusted cloud providers. Based on the performance monitoring results, the AoCP mechanism forms a unified performance assessment metric to incentivize cloud providers to offer performance as claimed. Via extensive experiments, we show RODE can accurately monitor the performance of cloud providers on the premise of reliability, and incentivize cloud providers to honestly present the performance information and maintain the performance stability.