云计算环境下支持属性撤销的外包解密DRM方案

数字版权管理(digital rights management, DRM)是我国信息化建设的重要内容.但高昂的投资成本和欠佳的用户体验是其进一步推广的瓶颈.而已有的采用云计算解决DRM瓶颈问题的研究大都只着眼于云计算的存储服务功能,较少关注云计算的计算优势.提出了一种云计算环境下支持属性撤销的外包解密DRM方案.考虑到DRM中用户隐私保护的问题,提出用户通过匿名标签购买许可证.此外,为了充分发挥云计算在计算上的优势以及可以灵活、细粒度地撤销用户的属性,提出了一种支持属性撤销的外包解密CP-ABE(ciphertext-policy attribute-based encryption)机制.与已有的基于云计算的数字版权保护方案相比,提出的方案在保护内容和用户隐私的同时,支持灵活的访问控制机制和细粒度的用户属性撤销,并且支持CP-ABE的解密外包计算,方案具有较好的实用性.     

一种基于多Agent系统的云服务自组织管理方法

在开放动态的互联网环境下的云服务呈现出发散、动态演化、异构等特征,为了适应多样的应用需求以及持续变化的云环境,云需要以灵活、适应的方法来有效地管理和提供云服务.针对这一需求,提出了一种云服务自组织管理方法,该方法利用agent的环境感知和自主行为决策的能力,依据它的职责实现对云服务的自主管理,并通过agent间的交互以自组织的方式实现对服务资源的有效管理,进而适应云环境和应用需求的变化;提出了支持上述方法和机制的实现技术,包括云服务自组织管理的核心机制和实现框架、云服务汇聚和提供的运行机制及相关实现算法.利用支持语义Web服务发现匹配的公共测试数据设计并完成了两组验证实验,实验结果表明:所提出的方法可以在持续变化的云环境下有效地管理和提供云服务,进而满足动态多样化的应用需求.     

A secure re‐encryption scheme for data services in a cloud computing environment

Cloud computing as a promising technology and paradigm can provide various data services, such as data sharing and distribution, which allows users to derive benefits without the need for deep knowledge about them. However, the popular cloud data services also bring forth many new data security and privacy challenges. Cloud service provider untrusted, outsourced data security, hence collusion attacks from cloud service providers and data users become extremely challenging issues. To resolve these issues, we design the basic parts of secure re‐encryption scheme for data services in a cloud computing environment, and further propose an efficient and secure re‐encryption algorithm based on the EIGamal algorithm, to satisfy basic security requirements. The proposed scheme not only makes full use of the powerful processing ability of cloud computing but also can effectively ensure cloud data security. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security model. Copyright © 2015 John Wiley & Sons, Ltd.     

Digital rights management in information publishing

In this article, we present a solution to digital rights management (DRM) for electronic publishing and document management services provided by a third-party application service provider (ASP). We identify legal requirements that service providers have to guarantee with respect to DRM. We elaborate on related technological requirements and implement specific DRM service components compliant with the Open Digital Rights Language (ODRL) standard. Moreover, we show how digital rights of document content can be specified and subsequently enforced using ODRL. We conclude by discussing legal implications of technological innovation—for example, the conflicts that may arise between digital rights enforcement and privacy protection measures, and how it is possible to resolve them.     

Towards an accurate evaluation of quality of cloud service in service-oriented cloud computing

Cloud computing promises to provide high quality, on-demand services with service-oriented architecture. However, cloud service typically come with various levels of services and performance characteristics, which makes Quality of Cloud Service (QoCS) high variance. Hence, it is difficult for the users to evaluate these cloud services and select them to fit their QoCS requirements. In this paper, we propose an accurate evaluation approach of QoCS in service-oriented cloud computing. We first employ fuzzy synthetic decision to evaluate cloud service providers according to cloud users’ preferences and then adopt cloud model to computing the uncertainty of cloud services based on monitored QoCS data. Finally, we obtain the evaluation results of QoCS using fuzzy logic control. The simulation results demonstrate that our proposed approach can perform an accurate evaluation of QoCS in service-oriented cloud computing.     

Weighted principal component analysis-based service selection method for multimedia services in cloud

Cloud computing has rendered its ever-increasing advantages in flexible service provisions, which attracts the attentions from large-scale enterprise applications to small-scale smart uses. For example, more and more multimedia services are moving towards cloud to better accommodate people’s daily uses on various smart devices that support cloud, some of which are similar or equivalent in their functionality (e.g., more than 1,000 video services that share similar “video-play” functionality are present in APP Store). In this situation, it is necessary to discriminate these functional-equivalent multimedia services, based on their Quality of Service (QoS) information. However, due to the abundant information of multimedia content, dozens of QoS criteria are often needed to evaluate a multimedia service, which places a heavy burden on users’ multimedia service selection. Besides, the QoS criteria of multimedia services are usually not independent, but correlated, which cannot be accommodated very well by the traditional selection methods, e.g., traditional simple weighting methods. In view of these challenges, we put forward a multimedia service selection method based on weighted Principal Component Analysis (PCA), i.e., Weighted PCA-based Multimedia Service Selection Method (W_PCA_MSSM). The advantage of our proposal is two-fold. First, weighted PCA could reduce the number of QoS criteria for evaluation, by which the service selection process is simplified. Second, PCA could eliminate the correlations between different QoS criteria, which may bring a more accurate service selection result. Finally, the feasibility of W_PCA_MSSM is validated, by a set of experiments deployed on real-world service quality set QWS Dataset.     

Enhancing Federated Cloud Management with an Integrated Service Monitoring Approach

Cloud Computing enables the construction and the provisioning of virtualized service-based applications in a simple and cost effective outsourcing to dynamic service environments. Cloud Federations envisage a distributed, heterogeneous environment consisting of various cloud infrastructures by aggregating different IaaS provider capabilities coming from both the commercial and the academic area. In this paper, we introduce a federated cloud management solution that operates the federation through utilizing cloud-brokers for various IaaS providers. In order to enable an enhanced provider selection and inter-cloud service executions, an integrated monitoring approach is proposed which is capable of measuring the availability and reliability of the provisioned services in different providers. To this end, a minimal metric monitoring service has been designed and used together with a service monitoring solution to measure cloud performance. The transparent and cost effective operation on commercial clouds and the capability to simultaneously monitor both private and public clouds were the major design goals of this integrated cloud monitoring approach. Finally, the evaluation of our proposed solution is presented on different private IaaS systems participating in federations.     

Contract RBAC in cloud computing

Cloud computing is a fast growing field, which is arguably a new computing paradigm. In cloud computing, computing resources are provided as services over the Internet and users can access resources based on their payments. The issue of access control is an important security scheme in the cloud computing. In this paper, a Contract RBAC model with continuous services for user to access various source services provided by different providers is proposed. The Contract RBAC model extending from the well-known RBAC model in cloud computing is shown. The extending definitions in the model could increase the ability to meet new challenges. The Contract RBAC model can provide continuous services with more flexible management in security to meet the application requirements including Intra-cross cloud service and Inter-cross cloud service. Finally, the performance analyses between the traditional manner and the scheme are given. Therefore, the proposed Contract RBAC model can achieve more efficient management for cloud computing environments.     

Development of a Hybrid Manufacturing Cloud

Cloud manufacturing is emerging as a novel business paradigm for the manufacturing industry, in which dynamically scalable and virtualised resources are provided as consumable services over the Internet. A handful of cloud manufacturing systems are proposed for different business scenarios, most of which fall into one of three deployment modes, i.e. private cloud, community cloud, and public cloud. One of the challenges in the existing solutions is that few of them are capable of adapting to changes in the business environment. In fact, different companies may have different cloud requirements in different business situations; even a company at different business stages may need different cloud modes. Nevertheless, there is limited support on migrating to different cloud modes in existing solutions. This paper proposes a Hybrid Manufacturing Cloud that allows companies to deploy different cloud modes for their periodic business goals. Three typical cloud modes, i.e. private cloud, community cloud and public cloud are supported in the system. Furthermore, it enables companies to set self-defined access rules for each resource so that unauthorised companies will not have access to the resource. This self-managed mechanism gives companies full control of their businesses and boosts their trust with enhanced privacy protection. A unified ontology is developed to enhance semantic interoperability throughout the whole process of service provision in the clouds. A Cloud Management Engine is developed to manage all the user-defined clouds, in which Semantic Web technologies are used as the main toolkit. The feasibility of this approach is verified through a group of companies, each of which has complex access requirements for their resources. In addition, a use case is carried out between customers and service providers. This way, optimal service is delivered through the proposed system.     

From cloud computing to cloud manufacturing

Cloud computing is changing the way industries and enterprises do their businesses in that dynamically scalable and virtualized resources are provided as a service over the Internet. This model creates a brand new opportunity for enterprises. In this paper, some of the essential features of cloud computing are briefly discussed with regard to the end-users, enterprises that use the cloud as a platform, and cloud providers themselves. Cloud computing is emerging as one of the major enablers for the manufacturing industry; it can transform the traditional manufacturing business model, help it to align product innovation with business strategy, and create intelligent factory networks that encourage effective collaboration. Two types of cloud computing adoptions in the manufacturing sector have been suggested, manufacturing with direct adoption of cloud computing technologies and cloud manufacturing—the manufacturing version of cloud computing. Cloud computing has been in some of key areas of manufacturing such as IT, pay-as-you-go business models, production scaling up and down per demand, and flexibility in deploying and customizing solutions. In cloud manufacturing, distributed resources are encapsulated into cloud services and managed in a centralized way. Clients can use cloud services according to their requirements. Cloud users can request services ranging from product design, manufacturing, testing, management, and all other stages of a product life cycle.     

Towards an autonomic performance management approach for a cloud broker environment using a decomposition–coordination based methodology

Efficient resource allocation of computational resources to services is one of the predominant challenges in a cloud computing environment. Furthermore, the advent of cloud brokerage and federated cloud computing systems increases the complexity of cloud resource management. Cloud brokers are considered third party organizations that work as intermediaries between the service providers and the cloud providers. Cloud brokers rent different types of cloud resources from a number of cloud providers and sublet these resources to the requesting service providers. In this paper, an autonomic performance management approach is introduced that provides dynamic resource allocation capabilities for deploying a set of services over a federated cloud computing infrastructure by considering the availability as well as the demand of the cloud computing resources. A distributed control based approach is used for providing autonomic computing features to the proposed framework via a feedback-based control loop. This distributed control based approach is developed using one of the decomposition–coordination methodologies, named interaction balance, for interactive bidding of cloud computing resources. The primary goals of the proposed approach are to maintain the service level agreements, maximize the profit, and minimize the operating cost for the service providers and the cloud broker. The application of interaction balance methodology and prioritization of profit maximization for the cloud broker and the service providers during resource allocation are novel contributions of the proposed approach.     

Ontology as a Service (OaaS): a case for sub-ontology merging on the cloud

Cloud computing is a revolution in the information technology industry. It allows computing services provided as utilities. The traditional cloud services include Software as a Service, Platform as a Service, Hardware/Infrastructure as a Service, and Database as a Service. In this paper, we introduce the notion of Ontology as a Service (OaaS), whereby the ontology tailoring process is a service in the cloud. This is particularly relevant as we are moving toward Cloud 2.0—multi-cloud providers to provide an interoperable service to customers. To illustrate OaaS, in this paper we propose sub-ontology extraction and merging, whereby multiple sub-ontologies are extracted from various source ontologies, and then these extracted sub-ontologies are merged to form a complete ontology to be used by the user. We use the Minimum extraction method to facilitate this. A walkthrough case study using the UMLS meta-thesaurus ontology is elaborated, and its performance in the cloud is also discussed.     

Fragile watermarking with permutation code for content-leakage in digital rights management system

In this paper, we present a new scheme of digital rights management (DRM) system employing the fragile watermarking with permutation code for the image distribution via network. General DRM systems are designed to protect the copyright of contents and to trace the source of the illegal distributors based on the user-side watermarking. However, in the typical DRM systems, the original digital contents are temporarily disclosed without the watermarking information inside user’s system by the decryption process. Therefore, the user can copy the leaked original content inside the system and illegally redistribute via network without the permission of the content providers. Our work describes the idea of a DRM method which is composed of the incomplete cryptography based on permutation codes and user identification mechanism to control the quality of digital contents. There are two fundamental steps in our proposed cryptography: incomplete encoding and incomplete decoding. These two steps will create the scrambled content that is used as trial content and the watermarked content that is used to prevent unauthorized duplication or business of digital contents, respectively. Experimental results show that the proposed method is suitable for DRM in the network distribution system.     

云工作流中基于分时虚拟机的任务层调度算法

云计算是新的一种面向市场的商业计算模式,向用户按需提供服务,云计算的商业特性使其关注向用户提供服务的服务质量。任务调度和资源分配是云计算中两个关键的技术,所使用的虚拟化技术使得其资源分配和任务调度有别于以往的并行分布式计算。目前主要的调度算法是借鉴网格环境下的调度策略,研究基于QoS的调度算法,存在执行效率较低的问题。我们对云工作流任务层调度进行深入研究,分析由底层资源虚拟化形成的虚拟机的特性,结合工作流任务的各类QoS约束,提出了基于虚拟机分时特性的任务层ACS调度算法。经过试验,我们提出的算法相比于文献[1]中的算法在对于较多并行任务的执行上存在较大的优势,能够很好的利用虚拟的分时特性,优化任务到虚拟机的调度。     

A generic partial encryption scheme for low-power mobile devices

Content protection that allows only legitimate users to use specified content is essential in order to secure business in the consumer market. However, service providers and users suffer from low responsiveness when content is encrypted with traditional cryptographic tools that require strong decryption algorithms on mobile devices. In this paper, we introduce a generic partial encryption scheme for low-power mobile devices. Our primary goal is to design a generic architecture for partial encryption of downloadable and real-time streaming contents, and also to facilitate a trade-off between minimizing the encryption/decryption overhead and providing sufficient DRM security for the service provider. We also evaluate the efficacy of our proposed scheme by applying it to real-world multimedia contents. The results of our experiments indicate that encrypting only a small portion (about 2.5 %) of video content can effectively impose DRM restriction on the content. This significantly reduces the decryption overhead on low-power mobile devices. In the smart phone environment, it is shown that the time overhead during the decryption is less that 5 % of on-the-fly decoding time and the power overhead is reduced by up to 94.5 %, compared to the traditional full encryption scheme.     

DoS-DDoS: TAXONOMIES OF ATTACKS,COUNTERMEASURES, AND WELL-KNOWN DEFENSE MECHANISMS IN CLOUD ENVIRONMENT

Cloud computing has become a suitable provider of services for organizations as well as individuals through the Internet. Generally, these services become unavailable because of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that can deny the legitimate users access to the service delivered by cloud. Taxonomy is an important opportunity for researchers and cloud service providers. Therefore, it provides researchers with a general view about some contributions to understand and ameliorate their limitations and helps cloud service providers to select the best defense strategy to protect their cloud service against DoS and DDoS attacks. In this article, we present taxonomies of DoS and DDoS attacks in cloud environment, countermeasures, and highlight their solutions with another taxonomy of well-known defense mechanisms.     

A Cloud-Based Trust Model for Evaluating Quality of Web Services

Because trust is regarded as an essential secured relationship within a distributed network environment, selecting services over the Internet from the viewpoint of trust has been a major trend. Current research about trust model and evaluation in the context of Web services does not rationally and accurately reflect some essential characteristics of trust such as subjective uncertainty and dynamism. In this paper, we analyze some important characteristics of trust, and some key factors that affect the trust relation in the Web service environment. Accordingly, we propose a trust model based on Cloud Model theory to describe the subjective uncertainty of trust factors. A time-related backward cloud generation algorithm is given to express the dynamism of trust. Furthermore, according to the trust model and algorithm, a formalized calculation approach is provided to evaluate the trust degree of services requestors in providers. Our experiment shows that the evaluation of trust degree can effectively support trust-decisions and provide a helpful exploitation for selecting services based on the viewpoint of trust.     

An indoor location tracking based on mobile RFID for smart exhibition service

Recently, various smart application services have been developed using GPS (Global Positioning System), RFID (Radio Frequency IDentification) and sensor networks. The GPS has been successfully applied for outdoor location tracking by many applications, but it might still be insufficient in an indoor environment where GPS signals are often severely obstructed. The RFID technology has been utilized to play an important role in location tracking for indoor smart applications. Therefore, in this paper, we present the scenario and architecture of an indoor location tracking service for things or space in an exhibition environment based on mobile RFID. The RFID tags of things or spaces are identified as the locations of point being passed and we obtain the spatial data from the tags using mobile RFID readers, Web server and Database server. We have designed and implemented the prototype of location tracking system for exhibition scenario using Microsoft .NET framework. Additionally, we have verified the functionality of this system so various other indoor smart services may be provided using the proposed system.     

Efficient application scheduling in mobile cloud computing based on MAX–MIN ant system

Combining the advantages of mobile computing and cloud computing, Mobile Cloud Computing (MCC) greatly enriches the types of applications on mobile devices and enhances the quality of service of the applications. Under various circumstances, researchers have put forward several MCC architectures. However, it still remains a challenging task of how to design a reasonable mobile cloud model with efficient application processing structure for some particular environment. This paper firstly presents a Hybrid Local Mobile Cloud Model (HLMCM) with detailed application scheduling structure. Secondly, a scheduling algorithm for HLMCM based on MAX–MIN Ant System is put forward. Finally, the effectiveness and suitability of our proposed algorithms are evaluated through a series of simulation experiments.