一种新的云存储服务模型研究*

如何用可生存理论与技术来增强存储服务的可生存性是一个重要的研究内容。本文提出了一种基于云存储的可生存存储服务模型,对模型架构进行了详细设计和构造,并分别采用了一种存储服务模型可用性的度量方法(资源分配失效概率模型)进行了分析,通过该方法分析可得本文提出的可生存云存储服务模型能够满足较高的可生存性的需要。     

企业级私有云中的虚拟化实现

在云存储的概念被提出之后,虚拟化技术在云存储系统中得到了广泛的应用,出现了全新的数据中心部署和管理方式。实现了一个企业级私有云存储系统WFS,在WFS云存储系统的四层架构中,分别采用了统一存储管理、虚拟路径、数据与元数据分离、云存储接口、多路径访问等虚拟化技术。通过对该系统进行分析,说明了虚拟化技术在云存储系统中的应用方式、特点以及在提高资源利用率、增强系统安全性、易用性等方面的重要作用。     

User continuance intention to use cloud storage service

Cloud computing is a huge and important change in the field of network application in recent years to provide users with a completely different IT service and delivery mode. Among various cloud services, cloud storage is a service most closely related to web users’ need because it involves the storage of users’ all important data and backup files. In this study, a sample survey was conducted in Taiwan, and key factors influencing individual users’ adoption of the cloud storage service were analyzed and discussed based on Task-Technology Fit theory. The research results indicate that “cloud storage service”, “unstructured task”, “cloud storage self-efficacy” and “opinion of reference groups” all have significant positive influences on the “perceived usefulness”, which further has influence on users’ continuance intention to use the cloud storage service. The findings also support that the privacy protection risk and the lack of privacy-policy risk in the cloud storage service produce negative moderating effects on the perceived usefulness and the continuance intention.     

基于NAS的私有云存储平台的设计与实现

随着大数据时代的到来与高速网络建设的快速推进,数据化网络资源共享已渗透到人们的日常工作、学习、生活当中。数据网络化储存、多人资源共享成为现代信息传播与保存的重要方式。但是,网络储存平台的安全性一直令使用者担忧。因此,各种各样的私有云储存平台孕育而生,为使用者提供相对独立的个人使用空间。经过长期的使用发现,传统的私有云存储平台虽然可以达到一定的安全性,但是,安全性只相对公共开放网盘而言。同时,存在多用户瞬时访问下协议拥堵、大数据交互节点回馈延迟高的问题。针对传统私有云的架构特点与问题产生原因,提出基于NAS的私有云存储平台的设计与实现方法。采用基于NAS的协议加密技术、多路访问优化单元、数据压缩单元对传统私有云存在的问题进行针对性解决。通过仿真实验证明,提出的基于NAS的私有云存储平台的设计与实现方法,具有数据储存安全性高、峰值状态下访问点网络畅通性好、数据网络传输交互率高、延迟小等优点。     

云存储服务中支持动态数据完整性检测方法

在云存储服务中,为了让用户可以验证存储在云存储服务器上数据的完整性,提出一种支持动态更新和公开验证的云存储数据完整性检测方法.通过引入双线性对和用户随机选择待检测数据块可以无限次验证数据完整性是否完好无损;可信第三方的引入解决了云用户与云存储供应商在数据完整性问题上产生的纠纷,实现数据完整性的公开验证;然后给出该方法的正确性、安全性以及性能分析,最后通过实验验证了该方法是高效可行的.     

Multi-datacenter cloud storage service selection strategy based on AHP and backward cloud generator model

This paper proposed the Cloud Storage Service Selection Strategy under the cross-datacenter environment. Due to the dynamic network environment and the independence between the data centers, this paper presented Cloud Storage Service Selection Strategy across the data center based on AHP–backward cloud generator algorithm. The strategy combines the theory of analytic hierarchy process (AHP) analysis and uncertainty reasoning of cloud method by means of collecting cloud storage providers’ quantitative performance data and inferring qualitative classification of service capability, to select Cloud Storage Service Selection Strategy across the data center. Simulation results show that the strategy has a great advantage in system load balance, replica access rate, and data reliability.

     

基于云存储的农业虚拟服务平台架构

提出了一种基于云存储模型的农业虚拟服务平台架构,用于整合各种农业信息资源,提供统一的海量农业信息存储、高性能计算、软件和数据共享服务。分析、设计了资源申请解析和虚拟资源预留分配两个核心模块,提出了一种树型虚拟资源分配策略算法。给出了原型系统的部署方案。通过实验证明了该体系架构的可行性。     

基于云存储服务的AR博物馆系统研究

针对传统AR博物馆中资源不能有效利用、共享和管理的问题,构建了基于云存储服务的AR博物馆系统。该系统采用FAST-SURF算法对特征点进行检测,通过计算机视觉和无线相结合的方式进行跟踪匹配,同时利用云存储服务技术对博物馆资源进行管理,最终实现虚实融合显示。实例测试表明,与传统AR博物馆相比,该系统能够有效管理博物馆资源,且检测速度快、定位精度较高、匹配性好,特别是在实时性和稳定性方面有明显的优势。结果表明,借助云存储服务技术对AR博物馆资源进行管理的系统方案是可行的,可以为博物馆的研究提供新的技术支持。     

Data error locations reported by public auditing in cloud storage service

Public auditing is an important issue in cloud storage service because a cloud service provider may try to hide management mistakes and system errors from users or even steal or tamper with a user’s data for monetary reasons. Without the protection of a proper auditing mechanism, cloud users would have to run high risks of having their legal rights and interests spoiled without their knowledge. Therefore, many data integrity, assurance, and correctness schemes have been proposed for data auditing. Most of these schemes work by randomly sampling and aggregating signatures from bilinear maps (for more efficiency) to check whether the cloud storage service is honest and whether the data stored in the cloud is correct. Although aggregating signatures can reduce the auditor’s computing overhead and time, unfortunately, none of these schemes have offered any workable solution to giving detailed information on where the errors are when the cloud data as a whole fails the auditing. To fix this problem, we shall propose a new public auditing scheme with a mechanism integrated into it especially to locate the problematic data blocks when they exist. With efficiency, the proposed scheme is capable not only of giving an accurate pass/fail report but also providing detailed information on the locations of the errors detected.     

Availability evaluation of system service hosted in private cloud computing through hierarchical modeling process

The Journal of Supercomputing - Cloud computing provides an abstraction of the physical tiers, allowing a sense of infinite resources. However, the physical resources are not unlimited and need to...     

Shop-floor resource virtualization layer with private cloud support

Large scale emergence of mature cloud solutions, ranging from software-as-a-service based solutions for business management, to very sophisticate private cloud solutions; offer the building blocks for constructing extremely flexible enterprise systems that can respond to environmental changes with great agility. Manufacturing enterprises need to adopt these new technologies to advance in a new era of mass customization where flexibility, scalability and agility are the differentiating factors. In this context, this paper introduces the virtualized MES and shop floor architecture as an intermediate layer in the manufacturing stack and discusses the advantages offered by this approach for manufacturing enterprises. A classification of MES and shop floor devices is presented focusing on the virtualization techniques suitable for each device type, considering the level of distributed intelligence and the virtualization overhead. Shop floor virtualization through shop floor profiles is presented and discussed underlying the flexibility of the solution. A pilot multi-agent implementation for virtual shop floor configuration based on the CoBASA reference architecture is presented and discussed. The shop floor profiles which define the virtual layout and mappings of the robotized manufacturing system are also provided in this context. The pilot implementation using six Adapt robots and a IBM CloudBurst 2.1 private cloud, is described and virtualization overhead in terms of event propagation delays is measured and presented in several scenarios of resource workload collocation on physical cloud blades     

基于水利云存储技术的天气雷达数据共享服务

天气雷达数据量大,共享程度难,在一定程度上制约着天气雷达数据跨部门、系统、平台应用,为此研究基于水利云存储技术的天气雷达数据共享服务。从数据层、服务层、表现层3个分层介绍水利云共享存储平台的技术架构,以及在数据安全性、跨平台传输及用户权限管理等方面的技术特点,从结构、功能、数据维护等方面阐述天气雷达数据共享系统在国家防汛抗旱指挥系统二期工程天气雷达应用系统中的应用,实现水利部与各流域之间天气雷达数据的共享与交换。     

A framework with data-centric accountability and auditability for cloud storage

The cross-domain characteristic of cloud storage service decides that both users and service providers have limited trust toward each other. Judging from a real-world perspective, both parties may have the motivation to engage in dishonest activity for monetary reasons. Hence, accountability should be seriously treated in designing storage systems with practical security. This paper proposes a general accountable framework for cloud storage in a data-centric manner. We design non-repudiable action records to log all data-related access behavior, and through later auditing to detect possible misbehavior. To resist replay attacks, we adopt signature exchange idea to let both parties verify and maintain different metadata signatures signed by the other party. For potential disputes about data content or access records, we also design arbitration protocol to fairly and efficiently settle the dispute and find out the cheating party. Experimental evaluation of our prototype shows that cryptographic cost, storage overhead and throughput are reasonable and acceptable.     

Entangled cloud storage

Entangled cloud storage (Aspnes et al., ESORICS 2004) enables a set of clients to “entangle” their files into a single clew to be stored by a (potentially malicious) cloud provider. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files encoded in the clew. A clew keeps the files in it private but still lets each client recover his own data by interacting with the cloud provider; no cooperation from other clients is needed. At the same time, the cloud provider is discouraged from altering or overwriting any significant part of the clew as this will imply that none of the clients can recover their files.We put forward the first simulation-based security definition for entangled cloud storage, in the framework of universal composability (Canetti, 2001). We then construct a protocol satisfying our security definition, relying on an entangled encoding scheme based on privacy-preserving polynomial interpolation; entangled encodings were originally proposed by Aspnes et al. as useful tools for the purpose of data entanglement. As a contribution of independent interest we revisit the security notions for entangled encodings, putting forward stronger definitions than previous work (that for instance did not consider collusion between clients and the cloud provider).Protocols for entangled cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not modify or delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, require the server to be challenged regularly to provide evidence that the clients’ files are stored at a given time. Entangled cloud storage provides an alternative approach where any single client operates implicitly on behalf of all others, i.e., as long as one client’s files are intact, the entire remote database continues to be safe and unblemished.     

Secure proof of storage with deduplication for cloud storage systems

Explosion of multimedia content brings forth the needs of efficient resource utilization using the state of the arts cloud computing technologies such as data deduplication. In the cloud computing environments, achieving both data privacy and integrity is the challenging issue for data outsourcing service. Proof of Storage with Deduplication (POSD) is a promising solution that addresses the issue for the cloud storage systems with deduplication enabled. However, the validity of the current POSD scheme stands on the strong assumption that all clients are honest in terms of generating their keys. We present insecurity of this approach under new attack model that malicious clients exploit dishonestly manipulated keys. We also propose an improved POSD scheme to mitigate our attack.     

A service provisioning system for distributed personalization with private data protection

Personalized services can provide significant user benefits since they adapt their behavior to better support the user. Personalized services use a variety of data related to the user to decide their behavior. Thus personalized service needs a provisioning system that can collect the data that impacts service behavior and allows selection of the most appropriate service. However, in the coming ubiquitous environment, some data necessary for determining service behavior might be unavailable due to two possible reasons. One is that the data does not exit. The other is that the data exists but cannot be accessed. For example, users do not want to disclose their personal information, and service providers do not also want to expose data related to their knowhow in services. This paper describes a new service provisioning system for distributed personalization with private data protection. Specifically, the system selects applicable services by assessing how well each candidate service behaves when some data is missing. It then executes those selected services while hiding the users’ and providers’ private data in a distributed manner. We first summarize the requirements for a personalized service system, and introduce our fundamental policies for the system. The two main components of our system are then described in detail. One component is a service assessment mechanism that can judge if a service can work without data that can be used for adaptation. The second component is a service execution mechanism that can utilize private data while still ensuring privacy. This component divides service logic and executes divided logic where necessary data is available. The paper finally describes our prototype implementation and its performance evaluation results.     

Data storage auditing service in cloud computing: challenges,methods and opportunities

Cloud computing is a promising computing model that enables convenient and on-demand network access to a shared pool of configurable computing resources. The first offered cloud service is moving data into the cloud: data owners let cloud service providers host their data on cloud servers and data consumers can access the data from the cloud servers. This new paradigm of data storage service also introduces new security challenges, because data owners and data servers have different identities and different business interests. Therefore, an independent auditing service is required to make sure that the data is correctly hosted in the Cloud. In this paper, we investigate this kind of problem and give an extensive survey of storage auditing methods in the literature. First, we give a set of requirements of the auditing protocol for data storage in cloud computing. Then, we introduce some existing auditing schemes and analyze them in terms of security and performance. Finally, some challenging issues are introduced in the design of efficient auditing protocol for data storage in cloud computing.     

Feedback-based optimization of a private cloud

The optimization problem addressed by this paper involves the allocation of resources in a private cloud such that cost to the provider is minimized (through the maximization of resource sharing) while attempting to meet all client application requirements (as specified in the SLAs). At the heart of any optimization based resource allocation algorithm, there are two models: one that relates the application level quality of service to the given set of resources and one that maps a given service level and resource consumption to profit metrics. In this paper we investigate the optimization loop in which each application’s performance model is dynamically updated at runtime to adapt to the changes in the system. These changes could be perturbations in the environment that had not been included in the model. Through experimentation we show that using these tracking models in the optimization loop will result in a more accurate optimization and thus result in the generation of greater profit.