Context-aware privacy-preserving access control for mobile computing

In mobile and pervasive computing applications, opportunistic connections allow co-located devices to exchange data directly. Keeping data sharing local enables large-scale cooperative applications and empowers individual users to control what and how information is shared. Supporting such applications requires runtime frameworks that allow them to manage the who, what, when, and how of access to resources. Existing frameworks have limited expressiveness and do not allow data owners to modulate the granularity of information released. In addition, these frameworks focus exclusively on security and privacy concerns of data providers and do not consider the privacy of data consumers. We present PADEC, a context-sensitive, privacy-aware framework that allows users to define rich access control rules over their resources and to attach levels of granularity to each rule. PADEC is also characterized by its expressiveness, allowing users to decide under which conditions should which information be shared. We provide a formal definition of PADEC and an implementation based on private function evaluation. Our evaluation shows that PADEC is more expressive than other mechanisms, protecting privacy of both consumers and providers.     

An incentive compatible reputation mechanism for ubiquitous computing environments

The vision of ubiquitous computing is becoming a reality thanks to the advent of portable devices and the advances in wireless networking technologies. It aims to facilitate user tasks through seamless utilization of services available in the surrounding environments. In such distributed environments featuring openness, interactions such as service provision and consumption between entities that are unknown or barely known to each other, are commonplace. Trust management through reputation mechanism for facilitating such interactions is recognized as an important element of ubiquitous computing. It is, however, faced by the problems of how to stimulate reputation information sharing and enforce honest recommendation elicitation. We present in this paper an incentive compatible reputation mechanism to facilitate the trustworthiness evaluation of entities in ubiquitous computing environments. It is based on probability theory and supports reputation evolution and propagation. Our reputation mechanism not only shows robustness against lies, but also stimulates honest and active recommendations. The latter is realized by ensuring that active and honest recommenders, compared to inactive or dishonest ones, can obtain the most number of honest (helpful) recommendations and thus suffer the least number of wrong trust decisions, as validated by simulation based evaluation. The proposed reputation mechanism is also implemented as part of a QoS-aware Web service discovery middleware and evaluated regarding its overhead on service discovery latency.     

基于移动agent的云计算身份认证机制研究

针对当前云计算的安全需求,提出了一种适用于云计算环境下的身份认证方案。首先设计出适用于云计算身份认证场景的移动agent(mobile agent)结构模型,然后给出了基于mobile agent的云计算安全认证策略。该方案引入了可信第三方机构对认证agent建立定量信任评估,每次进行认证前通过信任度的判断对认证过程进行控制;在认证完成后,又进一步引入了信任反馈评价机制。理论分析和原型系统的实现表明,提出的云计算认证方案具有一定的可行性和可用性。     

面向云计算隐私保护的5A问责制建模

针对云计算数据安全的核心问题——隐私安全的保护问题,提出了一种面向云计算隐私保护的5A问责机制。并基于该5A问责机制,对服务提供方的隐私安全策略、租户的隐私需求、云隐私暴露条件和安全场景等进行了精确定义和形式化描述与建模。主要以描述逻辑为基础,重点研究面向语义的云隐私需求描述方法,并对云隐私需求和服务提供方的隐私策略一致性等问题进行检测,避免冲突。在界定并形式化描述云隐私暴露条件和云安全场景的基础上,采用Protégé本体建模工具对云租户的隐私需求和云服务提供方的隐私策略、隐私暴露条件和安全场景等进行建模并检验,验证了形式化建模及其描述的一致性和完整性,为后续5A问责制机制的实现奠定了基础。     

A trustworthy agent-based encrypted access control method for mobile cloud computing environment

To strengthen the security of access control protocols for mobile cloud environment, dynamic attributes of mobile devices are used. The weak or disconnection issue of the mobile network is a critical task to deal with. The proposed approach provides access control as well as data confidentiality using dynamic attributes encryption. The pairs of mobile agents are used to deal with the issue of network connection. The secret key is distributed using the anonymous key-issuing protocol which preserves the anonymity of the user. The approach is implemented in a real mobile cloud environment, and the performance under various parameters is evaluated.     

Precise execution offloading for applications with dynamic behavior in mobile cloud computing

In order to accommodate the high demand for performance in smartphones, mobile cloud computing techniques, which aim to enhance a smartphone’s performance through utilizing powerful cloud servers, were suggested. Among such techniques, execution offloading, which migrates a thread between a mobile device and a server, is often employed. In such execution offloading techniques, it is typical to dynamically decide what code part is to be offloaded through decision making algorithms. In order to achieve optimal offloading performance, however, the gain and cost of offloading must be predicted accurately for such algorithms. Previous works did not try hard to do this because it is usually expensive to make an accurate prediction. Thus in this paper, we introduce novel techniques to automatically generate accurate and efficient method-wise performance predictors for mobile applications and empirically show they enhance the performance of offloading.     

A new definition of homomorphic signature for identity management in mobile cloud computing

In this paper, we define a new homomorphic signature for identity management in mobile cloud computing. A mobile user firstly computes a full signature on all his sensitive personal information (SPI), and stores it in a trusted third party (TTP). During the valid period of his full signature, if the user wants to call a cloud service, he should authenticate him to the cloud service provider (CSP) through TTP. In our scheme, the mobile user only needs to send a {0,1}ⁿ${\{0,1\}}^n$ vector to the access controlling server (TTP). The access controlling server who doesn?t know the secret key can compute a partial signature on a small part of user?s SPI, and then sends it to the CSP. We give a formal secure definition of this homomorphic signature, and construct a scheme from GHR signature. We prove that our scheme is secure under GHR signature.     

A modeling and simulation framework for mobile cloud computing

Mobile cloud computing (MCC) is an emerging paradigm for transparent elastic augmentation of mobile devices capabilities, exploiting ubiquitous wireless access to cloud storage and computing resources. MCC aims at increasing the range of resource-intensive tasks supported by mobile devices, while preserving and extending their resources. Its main concerns regard the augmentation of energy efficiency, storage capabilities, processing power and data safety, to improve the experience of mobile users. The design of MCC systems is a challenging task, because both the mobile device and the Cloud have to find energy-time tradeoffs and the choices on one side affect the performance of the other side. The analysis of the MCC literature points out that all existing models focus on mobile devices, considering the Cloud as a system with unlimited resources. Also, to the best of our knowledge, no MCC-specific simulation tool exists. To fill this gap, in this paper, we propose a modeling and simulation framework for the design and analysis of MCC systems, encompassing all their components. The main pillar of the proposed framework is the autonomic strategy consisting of adaptive loops between every mobile devices and the Cloud. The proposed model of the mobile device takes into account online estimations of the actual Cloud performance – not only the nominal values of the performance indicators. At the same time, the model of the Cloud takes into consideration the characteristics of the workload, to adapt its configuration in terms of active virtual machines and task management strategies. Moreover, the developed discrete event simulator is an effective tool for the evaluation of an MCC system as a whole, or single components, considering different classes of parallel jobs.     

移动云计算中能效感知的计算卸载机制研究

移动云计算可以将任务从移动设备计算卸载至云端以增强设备计算能力,而如何实现能效计算卸载机制是当前的主要挑战。为了解决该问题,以降低移动设备能耗和应用完成时间为目标,将计算卸载问题形式化为满足任务顺序与截止时间约束的能效代价最小化问题,并提出一种动态能效感知计算卸载算法。算法由三个子算法组成：计算卸载选择、时钟频率控制及传输功率分配。实验结果表明,通过局部计算时优化调整移动设备CPU时钟频率,以及云端计算时自适应分配传输功率,新算法可以有效降低应用执行能效代价,同时确保满足约束条件,提高执行效率。     

Sensitivity analysis of a hierarchical model of mobile cloud computing

Mobile cloud computing is a new paradigm that uses cloud computing resources to overcome the limitations of mobile computing. Due to its complexity, dependability and performance studies of mobile clouds may require composite modeling techniques, using distinct models for each subsystem and combining state-based and non-state-based formalisms. This paper uses hierarchical modeling and four different sensitivity analysis techniques to determine the parameters that cause the greatest impact on the availability of a mobile cloud. The results show that distinct approaches provide similar results regarding the sensitivity ranking, with specific exceptions. A combined evaluation indicates that system availability may be improved effectively by focusing on a reduced set of factors that produce large variation on the measure of interest. The time needed to replace a fully discharged battery in the mobile device is a parameter with high impact on steady-state availability, as well as the coverage factor for the failures of some cloud servers. This paper also shows that a sensitivity analysis through partial derivatives may not capture the real level of impact for some parameters in a discrete domain, such as the number of active servers. The analysis through percentage differences, or the factorial design of experiments, fulfills such a gap.     

一种面向可靠云计算的自适应故障检测方法

提出了一种保障云系统可靠性的自适应故障检测方法。首先基于步进指标搜索算法和指标空间分离技术进行云指标提取, 得到最能刻画云行为和健康状况的最大关联性标准和最小冗余度标准, 然后使用最小封闭球体将云指标数据点从数据空间映射到内核空间进行降维, 最后将低维数据输入故障检测器。故障检测器在内核空间产生一个能够容纳数据的最小封闭球面, 确定潜在故障, 如果以前故障历史无法获得, 则故障检测器通过寻找与其他状态存在明显不同的云健康状态来确定故障。当检测结果被云运营商验证后, 要么被判定为真实故障, 要么被判定为正常状态（虚警）。实现了一种故障检测原型系统, 并在校园云计算环境下展开实验。实验结果表明, 与其他现有故障检测技术相比, 该方法的检测更高效、更准确。     

Genetic-variable neighborhood search with thread replication for mobile cloud computing

The resource-intensive resettlement procedure and inherent restrictions of the wireless medium obstruct the understanding of faultless implementation in mobile cloud computing (MCC) surroundings. In MCC, transfer of thread execution to high end servers allows the processing of those jobs which demand more resources on the mobile equipment. Hence, implementing the application with stumpy cost, least overhead and non-obtrusive relocation is a demanding research area in MCC. Many scheduling mechanisms have been proposed so far to balance the load between the given set of mobile servers, but it is found to be NP-Hard problem. Therefore, evolutionary techniques are required to balance the load among mobile servers. Genetic Algorithm (GA) has been verified to be fine by jumble up the key values, but it becomes unsuccessful to strengthen the exploration in the rising areas. In Variable Neighborhood Search (VNS), local exploration technique is implemented continually to evaluate optimistic outcomes in neighborhood to attain local best solution. But VNS is still prone to premature convergence traps only because of limited search capability. Therefore hybridization with non-global finding techniques may conquer the limitations and guide the dominant search mechanisms to some extent. The GA along with VNS using thread replication (GVNSTR) is implemented to set stability of non-local searching and local utilization for an evolutionary processing period and get the optimized solution.     

MASHED: Security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services

ABSTRACT

Rapid development in mobile devices and cloud computing technologies has increased the number of mobile services from different vendors on the cloud platform. However, users of these services are facing different security and access control challenges due to the nonexistence of security solutions capable of providing secure access to these services, which are from different vendors, using a single key. An effective security solution for heterogeneous Mobile Cloud Computing (MCC) services should be able to guarantee confidentiality and integrity through single key-based authentication scheme. Meanwhile, a few of the existing authentication schemes for MCC services require different keys to access different services from different vendors on a cloud platform, thus increases complexity and overhead incurred through generation and storage of different keys for different services.

In this paper, an efficient mutual authentication scheme for accessing heterogeneous MCC services is proposed. The proposed scheme combines the user’s voice signature with cryptography operations to evolve efficient mutual authentication scheme devoid of key escrow problem and allows authorized users to use single key to access the heterogeneous MCC services at a reduced cost.     

Multi-device task offloading with time-constraints for energy efficiency in mobile cloud computing

Nowadays, in order to deal with the increasingly complex applications on mobile devices, mobile cloud offloading techniques have been studied extensively to meet the ever-increasing energy requirements. In this study, an offloading decision method is investigated to minimize the energy consumption of mobile device with an acceptable time delay and communication quality. In general, mobile devices can execute a sequence of tasks in parallel. In the proposed offloading decision method, only parts of the tasks are offloaded for task characteristics to save the energy of multi-devices. The issue of the offloading decision is formulated as an NP-hard 0–1 nonlinear integer programming problem with time deadline and transmission error rate constraints. Through decision-variable relaxation from the integer to the real domain, this problem can be transformed as a continuous convex optimization. Based on Lagrange duality and the Karush–Kuhn–Tucker condition, a solution with coupled terms is derived to determine the priority of tasks for offloading. Then, an iterative decoupling algorithm with high efficiency is proposed to obtain near-optimal offloading decisions for energy saving. Simulation results demonstrate that considerable energy can be saved via the proposed method in various mobile cloud scenarios.     

基于效益博弈的云计算资源动态可协调分配策略研究

在对用户的任务进行计算资源分配时,为了有效提高计算资源的利用效率,减少任务执行所需要的成本,提出了一种基于效益博弈的云计算资源动态可协调分配机制。该机制采用时间矩阵和费用矩阵作为任务效益的衡量指标,提出效益博弈模型,通过该模型的效益计算方程来得到最好的资源分配策略。为了使得计算资源能够合理地按需进行分配,提出了动态可协调分配机制,在合理地分配资源,满足所有任务正常执行时所需资源的同时,最大化任务的执行效益。实验仿真及对比结果表明,在任务完成时间、任务执行的平均成本、任务完成成功率上,本文算法都取得了较好的效果。     

移动云计算的任务迁移方法

移动设备在移动过程中受到网络波动的影响很大,由于工作流中任务会传输到云端执行,会带来传输与接收的能耗,再加上所处云域中微云受到不同请求数、剩余资源等因素的影响,造成了微云响应延迟、任务等待执行时间延迟和网络活跃能量损耗,再加上异构网络对数据传输造成的切换延迟影响,使任务迁移延迟更加严重,所以在上传与接收阶段采用延时传输的策略,在保证总完成时间的基础上减少传输时间;在任务迁移阶段提出了微云跳跃选择算法和网络切换算法相结合的MJSA-NHA算法,通过跳跃选择找到合适的微云以减少不必要的响应与等待延迟,并且通过切换网络空闲—活跃状态减少网络能量损耗;并在延时传输基础上加入移动速度调节算法(MSAA),在发生网络变化过程中变换移动设备的速度,这样可以在减少网络切换次数的同时减少网络切换延迟。实验结果证明,延时传输策略比Random算法在总完成时间和移动端总能耗问题上优化了很多;MJSA-NHA比MuSIC算法、task delegation和code-offloading在迁移时间上分别优化了66%~86%、36%~56%和5%~8%,在能耗方面分别优化了56%~78%、25%~46%和6%~8%;MSAA比MuSIC算法、task delegation和code-offloading在网络切换延迟上优化了50%。     

Joint optimization method for task scheduling time and energy consumption in mobile cloud computing environment

An unheard of growth in mobile data traffic has drawn attention from academia and industry. Mobile cloud computing is an emerging computing paradigm combining cloud computing and mobile networks to alleviate resource-constrained limitations of mobile devices, which can greatly improve network quality of service and efficiency to make good use of available network resource. Mobile cloud computing not only inherits the advantages of strong computing capacity and massive storage of cloud computing, but also overcomes the time and geographical restrictions, bringing benefits for mobile users to offload complex computation to powerful cloud servers for execution anytime and anywhere. To this end, an optimal task workflow scheduling scheme is proposed for the mobile devices, based on the dynamic voltage and frequency scaling technique and the whale optimization algorithm. Through considering three factors: task execution position, task execution sequence, and operating voltage and frequency of mobile devices, this study makes a tradeoff between performance and energy consumption by solving the joint optimization for task completion time and energy consumption simultaneously. Finally, a series of extensive simulation results has demonstrated and verified the scheme has distinguished performance in terms of efficiency and operational cost, providing feasible solutions to similar optimization problems of mobile cloud computing.     

基于分层与容错机制的云计算负载均衡策略

针对混合动态负载均衡算法应用在云计算中,出现的站点信息交换过于频繁导致处理效率低下以及缺乏容错机制等问题,提出了基于分层与容错机制的负载均衡算法。算法融合集中式和分布式的优点,通过组织邻站点,使站点信息交换控制在邻站点范围之内,在任务调度时携带站点实时负载信息以解决频繁广播负载消息导致网络繁忙与服务器效率低下的问题。算法实现云系统负载均衡,减小请求响应时间,引入容错备份机制,以增强系统鲁棒性。实验结果表明,基于分层与容错机制的云计算负载均衡策略在任务分配时间、任务响应时间方面比传统算法提高20%以上,且在稳定性方面所提算法优于传统算法。     

基于云计算的校园教学云平台建设

随着教育信息化和互联网的高速发展,校园里面的教育信息化建设已经成为众多行业关注的重点。为了适应当前彳言,息化的发展,提高学生的学习质量和效率,文章重点结合云计算的特点以及我国目前校园信息化建设的现状,研究探讨了基于云计算的校园教育云平台的新模型建设。