虚拟化环境下的USB设备访问方法

虚拟机对设备的直接访问可以减小系统开销,并充分利用现有的驱动程序。提出一种在虚拟化环境下直接访问USB设备的方法,并基于QEMU设计实现了虚拟机直接访问真实设备的系统模型及相关流程。实验结果表明,该方法能够帮助虚拟机对各类USB设备进行直接访问,数据传输效率在可接受的范围内。     

USBWall: A novel security mechanism to protect against maliciously reprogrammed USB devices

Universal Serial Bus (USB) is a popular choice of interfacing computer systems with peripherals. With the increasing support of modern operating systems, it is now truly plug-and-play for most USB devices. However, this great convenience comes with a risk that can allow a device to perform arbitrary actions at any time while it is connected. Researchers have confirmed that a simple USB device such as a mass storage device can be disguised to have an additional functionality such as a keyboard. An unauthorized keyboard attachment can compromise the security of the host by allowing arbitrary keystrokes to enter the host. This undetectable threat differs from traditional virus that spreads via USB devices due to the location where it is stored and the way it behaves. We propose a novel way to protect the host via a software/hardware solution we named a USBWall. USBWall uses BeagleBone Black (BBB), a low-cost open-source computer, to act as a middleware to enumerate the devices on behalf of the host. We developed a program to assist the user to identify the risk of a device. We present a simulated USB device with malicious firmware to the USBWall. Based on the results, we confirm that using the USBWall to enumerate USB devices on behalf of the host eliminates risks to the hosts.     

A study on virtual machine deployment for application outsourcing in mobile cloud computing

In mobile cloud computing, application offloading is implemented as a software level solution for augmenting computing potentials of smart mobile devices. VM is one of the prominent approaches for offloading computational load to cloud server nodes. A challenging aspect of such frameworks is the additional computing resources utilization in the deployment and management of VM on Smartphone. The deployment of Virtual Machine (VM) requires computing resources for VM creation and configuration. The management of VM includes computing resources utilization in the monitoring of VM in entire lifecycle and physical resources management for VM on Smartphone. The objective of this work is to ensure that VM deployment and management requires additional computing resources on mobile device for application offloading. This paper analyzes the impact of VM deployment and management on the execution time of application in different experiments. We investigate VM deployment and management for application processing in simulation environment by using CloudSim, which is a simulation toolkit that provides an extensible simulation framework to model the simulation of VM deployment and management for application processing in cloud-computing infrastructure. VM deployment and management in application processing is evaluated by analyzing VM deployment, the execution time of applications and total execution time of the simulation. The analysis concludes that VM deployment and management require additional resources on the computing host. Therefore, VM deployment is a heavyweight approach for process offloading on smart mobile devices.     

Integrating QoS awareness with virtualization in cloud computing systems for delay-sensitive applications

Cloud computing provides scalable computing and storage resources over the Internet. These scalable resources can be dynamically organized as many virtual machines (VMs) to run user applications based on a pay-per-use basis. The required resources of a VM are sliced from a physical machine (PM) in the cloud computing system. A PM may hold one or more VMs. When a cloud provider would like to create a number of VMs, the main concerned issue is the VM placement problem, such that how to place these VMs at appropriate PMs to provision their required resources of VMs. However, if two or more VMs are placed at the same PM, there exists certain degree of interference between these VMs due to sharing non-sliceable resources, e.g. I/O resources. This phenomenon is called as the VM interference. The VM interference will affect the performance of applications running in VMs, especially the delay-sensitive applications. The delay-sensitive applications have quality of service (QoS) requirements in their data access delays. This paper investigates how to integrate QoS awareness with virtualization in cloud computing systems, such as the QoS-aware VM placement (QAVMP) problem. In addition to fully exploiting the resources of PMs, the QAVMP problem considers the QoS requirements of user applications and the VM interference reduction. Therefore, in the QAVMP problem, there are following three factors: resource utilization, application QoS, and VM interference. We first formulate the QAVMP problem as an Integer Linear Programming (ILP) model by integrating the three factors as the profit of cloud provider. Due to the computation complexity of the ILP model, we propose a polynomial-time heuristic algorithm to efficiently solve the QAVMP problem. In the heuristic algorithm, a bipartite graph is modeled to represent all the possible placement relationships between VMs and PMs. Then, the VMs are gradually placed at their preferable PMs to maximize the profit of cloud provider as much as possible. Finally, simulation experiments are performed to demonstrate the effectiveness of the proposed heuristic algorithm by comparing with other VM placement algorithms.     

ZGL分布式操作系统的设备共享

本文介绍南京大学设计和实现的异构型分布式操作系统ZGL中的设备共享系统.在ZGL中,一些处理器和外部设备被定为专职的服务器.此外,任何工作站在空闲时还可以使自己临时成为计算服务器.用户可以在命令级和程序级访问设备服务器.在这两种情况下系统都将自动从可用的服务器池中选择一个服务器完成指定的任务.工作站可以作为远程控制终端与在计算服务器上执行的任务进行交互.     

Context-aware service roaming for heterogeneous embedded devices over cloud

Cloud computing advocates a promising paradigm that facilitates the access within heterogeneous services, platforms, and end users. However, platforms (or host servers) have confined to devices which require a considerable computing resources. In this case, solutions concerning the efficient use of pervasive devices with constrained resources become an open issue. This study investigates the seamless connection between embedded devices and cloud resources to enhance the capability of computing and furthermore provide context-aware services. A method for wireless program dissemination and boot loading is proposed to transfer necessary information and resources between service and target device(s). The experiment results on time delay and energy cost demonstrate the feasibility and performance.     

税控USB终端设备安全过滤器的设计与实现

为了防止不法分子在USB设备与电脑连接时植入非法程序,从而窃取电脑中的敏感信息或控制电脑向外设发出非法指令,本文针对USB-key的接入安全问题,提出了建立黑、白名单的方案。传统的USB-key安全防范措施都是基于加密认证,未考虑税控机接入的USB设备安全性。因此,本文提出对接入的USB设备进行分类,并对不同类别的USB设备执行相应的处理方案。通过设计开发针对税控系统的硬件检测设备和软件控制程序,从物理层面对接入税控机的USB设备进行安全检测。文中给出了USB设备过滤器的硬件设计图和软件控制程序的流程图,并对几种有代表性的设备进行了测试。测试结果表明,该设备能够对USB设备合法性进行有效的检测,并对违规的USB设备做出相应的处理,提高了税控系统USB-key接入USB设备的安全性。     

VM consolidation: A real case based on OpenStack Cloud

In recent years, Cloud computing has been emerging as the next big revolution in both computer networks and Web provisioning. Because of raised expectations, several vendors, such as Amazon and IBM, started designing, developing, and deploying Cloud solutions to optimize the usage of their own data centers, and some open-source solutions are also underway, such as Eucalyptus and OpenStack. Cloud architectures exploit virtualization techniques to provision multiple Virtual Machines (VMs) on the same physical host, so as to efficiently use available resources, for instance, to consolidate VMs in the minimal number of physical servers to reduce the runtime power consumption. VM consolidation has to carefully consider the aggregated resource consumption of co-located VMs, in order to avoid performance reductions and Service Level Agreement (SLA) violations. While various works have already treated the VM consolidation problem from a theoretical perspective, this paper focuses on it from a more practical viewpoint, with specific attention on the consolidation aspects related to power, CPU, and networking resource sharing. Moreover, the paper proposes a Cloud management platform to optimize VM consolidation along three main dimensions, namely power consumption, host resources, and networking. Reported experimental results point out that interferences between co-located VMs have to be carefully considered to avoid placement solutions that, although being feasible from a more theoretical viewpoint, cannot ensure VM provisioning with SLA guarantees.     

Two-channel user authentication by using USB on Cloud

According to parallel computing technology, Cloud service is popular, and it is easy to use Cloud service at everywhere. Cloud means involving application systems that are executed within the cloud and operated via the internet enabled devices. Cloud computing does not rely on the use of cloud storage as it will be removed upon users download action. Clouds can be classified as public, private and hybrid. Cloud service comes up with Ubiquitous; Cloud service users can use their service at anywhere at any time. It is convenient. However, there is a tradeoff. If user’s username and password are compromised, user’s cloud system is in danger, and their confidential information will be in jeopardy. At anywhere and anytime with any device, Cloud user’s credential could be in jeopardy. Security concerns in Cloud play a major role. It is the biggest obstacle to developing in Cloud. However, Cloud is still popular and vulnerability for hacking because of one channel user authentication. Therefore, this research proposes two-channel user authentication by using USB to emphasise security.     

面向移动云计算弹性应用的安全模型

根据云计算资源建立了资源受限设备弹性应用的安全模型。首先介绍了由一个或多个Weblet组成的一个弹性应用程序,每个Weblet可在移动设备端或云端启动,Weblet之间可根据所处的计算环境的动态变化或用户的配置进行迁移。分析了该模式的安全性,提出建立弹性应用程序的安全设计模型,包括实现Weblet运行所在的移动设备端和云端之间的身份验证、安全会话管理和通过外部网络的访问服务。该模型解决了Weblet之间的安全迁移和授权云Weblet通过外部Web网络去访问敏感用户数据的问题。该方案能应用在云计算场景,如在企业应用环境下的私有云和公有云之间的应用集成。     

基于vsftp的嵌入式设备受控访问方法

介绍了嵌入式Linux系统上vsftp的搭建和配置方法。给出了一种不使用Linux USB gad-get driver API进行复杂的驱动开发仍能方便快捷地访问嵌入式设备SD卡等多种外设的统一方法 ,并介绍了利用用户权限来实现嵌入式设备受控访问的方法。     

An Efficient On-Demand Virtual Machine Migration in Cloud Using Common Deployment Model

Cloud Computing provides various services to the customer in a flexible and reliable manner. Virtual Machines (VM) are created from physical resources of the data center for handling huge number of requests as a task. These tasks are executed in the VM at the data center which needs excess hosts for satisfying the customer request. The VM migration solves this problem by migrating the VM from one host to another host and makes the resources available at any time. This process is carried out based on various algorithms which follow a predefined capacity of source VM leads to the capacity issue at the destination VM. The proposed VM migration technique performs the migration process based on the request of the requesting host machine. This technique can perform in three ways namely single VM migration, Multiple VM migration and Cluster VM migration. Common Deployment Manager (CDM) is used to support through negotiation that happens across the source host and destination host for providing the high quality service to their customer. The VM migration requests are handled with an exposure of the source host capabilities. The proposed analysis also uses the retired instructions with execution by the hypervisor to achieve high reliability. The objective of the proposed technique is to perform a VM migration process based on the prior knowledge of the resource availability in the target VM.     

云计算环境下实训教学平台动态迁移策略

云服务环境下最大特点是按需交付,通过虚拟化技术将相关资源构建统一调度池,并且按照用户需求为用户提供服务,因此,云服务具有并行计算、开放性以及按需交付特性.对于实训教学平台来说,在云计算环境下需要面对各种用户需求,如请求任务各种各样,实验任务类型不尽相同,设备资源存在较大差异,通过虚拟化技术来实现规范化管理何资源共享,对云资源进行调度来才能有效满足用户需求,为此,在本文中提出了云计算环境下实训教学平台动态迁移策略.策略设计了三层协同资源调度机制来实现对资源和任务管理,重点研究了任务分割、资源划分、资源调度策略等,在此基础上对系统进行仿真实验,验证云计算环境下实训教学平台动态迁移策略可行与有效性.     

一种抗窃听USB设备控制器

针对USB总线窃听问题,通过深入分析USB传输特性设计实现了一种抗窃听设备控制器。该设备控制器于接口电路与端点缓冲区之间嵌入分组密码模块与端点独立的序列密码模块,使得加解密能够在数据存取过程中透明进行且支持USB的全部传输方式与多管道应用。接口电路与密码模块设计支持流水传输,基本消除了加解密对端点缓冲区存取速度的影响。基于FPGA平台对其进行了实现,并结合Nios II片上系统与主机端软件进行了测试。测试结果表明该设备控制器能够正确地对总线数据进行加解密,可为各类外设提供抗窃听的USB通信能力。     

Risk driven Smart Home resource management using cloud services

In order to fully exploit the concept of Smart Home, challenges associated with multiple device management in consumer facing applications have to be addressed. Specific to this is the management of resource usage in the home via the improved utilization of devices, this is achieved by integration with the wider environment they operate in. The traditional model of the isolated device no longer applies, the future home will be connected with services provided by third parties ranging from supermarkets to domestic appliance manufacturers. In order to achieve this risk based integrated device management and contextualization is explored in this paper based on the cloud computing model. We produce an architecture and evaluate risk models to assist in this management of devices from a security, privacy and resource management perspective. We later propose an expansion on the risk based approach to wider data sharing between the home and external services using the key indicators of TREC (Trust, Risk, Eco-efficiency and Cost). The paper contributes to Smart Home research by defining how Cloud service management principles of risk and contextualization for virtual machines can produce solutions to emerging challenges facing a new generation of Smart Home devices.     

基于云计算的网络学习资源共建共享关键技术研究

云计算具备十分可靠的安全的数据存储系统和方便快捷的网络服务系统,教育资源通过云计算可以有效地进 行提取、组织、分类和索引,进而实现教育资源的有效共享。本文就网络学习资源共享中出现的一些问题进行分析,探究在云 计算环境下网络学习资源共建共享的解决方案     

A survey of cloud resource management for complex engineering applications

Traditionally, complex engineering applications (CEAs), which consist of numerous components (software) and require a large amount of computing resources, usually run in dedicated clusters or high performance computing (HPC) centers. Nowadays, Cloud computing system with the ability of providing massive computing resources and customizable execution environment is becoming an attractive option for CEAs. As a new type on Cloud applications, CEA also brings the challenges of dealing with Cloud resources. In this paper, we provide a comprehensive survey of Cloud resource management research for CEAs. The survey puts forward two important questions: 1) what are the main challenges for CEAs to run in Clouds? and 2) what are the prior research topics addressing these challenges? We summarize and highlight the main challenges and prior research topics. Our work can be probably helpful to those scientists and engineers who are interested in running CEAs in Cloud environment.     

Investigation on runtime partitioning of elastic mobile applications for mobile cloud computing

The latest developments in mobile computing technology have increased the computing capabilities of smartphones in terms of storage capacity, features support such as multimodal connectivity, and support for customized user applications. Mobile devices are, however, still intrinsically limited by low bandwidth, computing power, and battery lifetime. Therefore, the computing power of computational clouds is tapped on demand basis for mitigating resources limitations in mobile devices. Mobile cloud computing (MCC) is believed to be able to leverage cloud application processing services for alleviating the computing limitations of smartphones. In MCC, application offloading is implemented as a significant software level solution for sharing the application processing load of smartphones. The challenging aspect of application offloading frameworks is the resources intensive mechanism of runtime profiling and partitioning of elastic mobile applications, which involves additional computing resources utilization on Smart Mobile Devices (SMDs). This paper investigates the overhead of runtime application partitioning on SMD by analyzing additional resources utilization on SMD in the mechanism of runtime application profiling and partitioning. We evaluate the mechanism of runtime application partitioning on SMDs in the SmartSim simulation environment and validate the overhead of runtime application profiling by running prototype application in the real mobile computing environment. Empirical results indicate that additional computing resources are utilized in runtime application profiling and partitioning. Hence, lightweight alternatives with optimal distributed deployment and management mechanism are mandatory for accessing application processing services of computational clouds.     

创建软件定义网络中的进程级纵深防御体系结构

云计算因其资源的弹性和可拓展性,在为用户提供各项服务时,相对于传统方式占据了先机。在用户考虑是否转向云计算时,一个极其重要的安全风险是：攻击者可以通过共享的云资源对云用户发起针对虚拟机的高效攻击。虚拟机作为云服务的基本资源,攻击者在攻击或者租用了某虚拟机之后,通过在其中部署恶意软件,并针对云内其他虚拟机发起更大范围的攻击行为,如分布式拒绝服务型攻击。为防止此种情况的发生,提出基于软件定义网络的纵深防御系统,以及时检测可疑虚拟机并控制其发出的流量,抑制来自该虚拟机的攻击行为并减轻因攻击所受到的影响。该系统以完全无代理的非侵入方式检测虚拟机状态,且基于软件定义网络,对同主机内虚拟机间或云主机间的网络流量进行进程级的监控。实验结果表明了该系统的有效性。     

Simulation of SLA-based VM-scaling algorithms for cloud-distributed applications

Cloud Computing has evolved to become an enabler for delivering access to large scale distributed applications running on managed network-connected computing systems. This makes possible hosting Distributed Enterprise Information Systems (dEISs) in cloud environments, while enforcing strict performance and quality of service requirements, defined using Service Level Agreements (SLAs). SLAs define the performance boundaries of distributed applications, and are enforced by a cloud management system (CMS) dynamically allocating the available computing resources to the cloud services. We present two novel VM-scaling algorithms focused on dEIS systems, which optimally detect most appropriate scaling conditions using performance-models of distributed applications derived from constant-workload benchmarks, together with SLA-specified performance constraints. We simulate the VM-scaling algorithms in a cloud simulator and compare against trace-based performance models of dEISs. We compare a total of three SLA-based VM-scaling algorithms (one using prediction mechanisms) based on a real-world application scenario involving a large variable number of users. Our results show that it is beneficial to use autoregressive predictive SLA-driven scaling algorithms in cloud management systems for guaranteeing performance invariants of distributed cloud applications, as opposed to using only reactive SLA-based VM-scaling algorithms.