ElaClo: A framework for optimizing software application topology in the cloud environment

Application architectures in the cloud employ elastic components, and achieve lower operating costs without sacrificing quality. Software architects strive to provide efficient services by deciding on software topology: a set of structural architectural decisions. For a given application, there can be numerous software topology alternatives creating the need for automated optimization methods. Current optimization approaches rely on experts providing application performance models built upfront, based on their experience and the requirements provided. While such techniques are effective and valuable, they require additional maintenance effort as the software evolves.This paper introduces ElaClo, a framework for optimizing application topologies in a cloud environment. ElaClo’s main contribution is in providing optimization in the software assembly phase from automatically extracted application models. ElaClo provides workload generation, monitoring, topology management, elasticity mechanisms, and algorithms to support the optimization process. We have implemented ElaClo as an expert tool and evaluated it on a real-life cloud application from the retailing business domain. ElaClo was used to select optimal topologies with regards to service response time objectives and infrastructure costs. The efficiency of the optimization process and the quality of optimization results were validated quantitatively on a set of optimization runs. Results demonstrate the effectiveness of the suggested framework in yielding optimal topologies.     

A trustworthy agent-based encrypted access control method for mobile cloud computing environment

To strengthen the security of access control protocols for mobile cloud environment, dynamic attributes of mobile devices are used. The weak or disconnection issue of the mobile network is a critical task to deal with. The proposed approach provides access control as well as data confidentiality using dynamic attributes encryption. The pairs of mobile agents are used to deal with the issue of network connection. The secret key is distributed using the anonymous key-issuing protocol which preserves the anonymity of the user. The approach is implemented in a real mobile cloud environment, and the performance under various parameters is evaluated.     

A modeling and simulation framework for mobile cloud computing

Mobile cloud computing (MCC) is an emerging paradigm for transparent elastic augmentation of mobile devices capabilities, exploiting ubiquitous wireless access to cloud storage and computing resources. MCC aims at increasing the range of resource-intensive tasks supported by mobile devices, while preserving and extending their resources. Its main concerns regard the augmentation of energy efficiency, storage capabilities, processing power and data safety, to improve the experience of mobile users. The design of MCC systems is a challenging task, because both the mobile device and the Cloud have to find energy-time tradeoffs and the choices on one side affect the performance of the other side. The analysis of the MCC literature points out that all existing models focus on mobile devices, considering the Cloud as a system with unlimited resources. Also, to the best of our knowledge, no MCC-specific simulation tool exists. To fill this gap, in this paper, we propose a modeling and simulation framework for the design and analysis of MCC systems, encompassing all their components. The main pillar of the proposed framework is the autonomic strategy consisting of adaptive loops between every mobile devices and the Cloud. The proposed model of the mobile device takes into account online estimations of the actual Cloud performance – not only the nominal values of the performance indicators. At the same time, the model of the Cloud takes into consideration the characteristics of the workload, to adapt its configuration in terms of active virtual machines and task management strategies. Moreover, the developed discrete event simulator is an effective tool for the evaluation of an MCC system as a whole, or single components, considering different classes of parallel jobs.     

Efficient framework for mobile walkthrough application

The past few years have witnessed a dramatic growth in the number and variety of graphics intensive mobile applications, which allow users to interact and navigate through large scenes such as historical sites, museums and virtual cities. These applications support many clients and impose a heavy requirement on network resources and computational resources. One key issue in the design of cost efficient mobile walkthrough applications is the data transmission between servers and mobile client devices. In this paper, we propose an effective progressive mesh transmission framework that stores and divide scene objects into different resolutions. In this approach, each mobile device progressively receives and processes only the object’s details matching its display resolution which improves the overall system’s response time and the user’s perception. A fine grained cache mechanism is used to keep the most frequently requested objects’ details in the device memory and consequently reduce the network traffic. Experiments, in simulated and real world environment, are used to illustrate the effectiveness of the proposed framework under various settings of the virtual scene and mobile device configuration. Experimental results show that the proposed framework can improve the walkthrough system performance in mobile devices, with a relatively small overhead.     

具有隐私保护功能的移动云服务接入控制

针对移动云服务中的安全和隐私保护问题,提出一种匿名使用云存储服务的机制。在匿名身份注册部分,零知识验证和数字签名技术简化了移动云用户的密钥验证步骤,同时第三方使用户与自己的身份证书绑定,防止用户对移动云服务的恶意使用;在数据共享部分,系统通过提取共享者账号参数,用于解决因共享密钥丢失导致数据安全性降低的问题。结合理论分析的方法对所提出的机制进行安全性验证与评价,结果表明身份证书和共享密钥生成算法对用户隐私安全有很好的保护作用。     

Incremental proxy re-encryption scheme for mobile cloud computing environment

Due to the limited computational capability of mobile devices, the research organization and academia are working on computationally secure schemes that have capability for offloading the computational intensive data access operations on the cloud/trusted entity for execution. Most of the existing security schemes, such as proxy re-encryption, manager-based re-encryption, and cloud-based re-encryption, are based on El-Gamal cryptosystem for offloading the computational intensive data access operation on the cloud/trusted entity. However, the resource hungry pairing-based cryptographic operations, such as encryption and decryption, are executed using the limited computational power of mobile device. Similarly, if the data owner wants to modify the encrypted file uploaded on the cloud storage, after modification the data owner must encrypt and upload the entire file on the cloud storage without considering the altered portion(s) of the file. In this paper, we have proposed an incremental version of proxy re-encryption scheme for improving the file modification operation and compared with the original version of the proxy re-encryption scheme on the basis of turnaround time, energy consumption, CPU utilization, and memory consumption while executing the security operations on mobile device. The incremental version of proxy re-encryption scheme shows significant improvement in results while performing file modification operations using limited processing capability of mobile devices.     

移动云环境下的多授权机构属性基加密方案

针对移动云数据的访问控制进行了研究,提出一种高效的、无需CA的多授权机构密文策略属性基加密方案。通过借助外部资源,在数据加密和解密过程分别增加预加密操作和可验证外包解密操作,从而降低用户的加解密计算量,并采用双因子身份认证机制实现对用户的匿名认证。安全性分析表明,新方案基于判断性q-BDHE（decisional q-parallel Bilinear Diffie-Hellman Exponent）假设可证明是选择明文安全的,并且方案能够抵抗合谋攻击。仿真实验表明,新方案有效降低了数据加密、解密的计算开销以及对密文的通信开销。因此,新方案能够实现对移动云数据安全、高效的访问控制。     

基于LabWindows的云计算环境安全框架研究

为保证云计算环境下网络数据传输过程中数据的保密性、完整性以及流畅性,需要对云计算环境安全框架进行研究,目前的云计算环境安全框架系统设计方法主要是利用恩尼格码加密技术和分割二进制码技术实现当前云计算环境下网络数据的安全传输与通信。存在网络节点能量开销较大,且数据安全性判断平均准确率较低的问题。为提高云计算环境下网络数据的安全性判断准确率,避免网络节点的能量浪费,提出一种基于LabWindows的云计算环境安全框架系统设计方法,首先运用LabWindows对云计算环境下的数据进行采集,然后利用证据信任度求取算法对云计算环境下的网络数据安全性进行判断;其次将异常漂移检测器与恶意节点ID号过滤器有机结合,剔除云计算环境中的恶意攻击数据;再利用数字证书对云计算环境下的客户端与服务器进行身份认证;最后利用LabWindows平台创建云计算环境安全框架模型。实验结果证明,利用该方法能够节省云计算环境下网络节点的能量开销,对网络数据安全性判断准确率较高。     

移动云环境面向多重服务选择的计算卸载算法

移动云计算可以通过计算卸载改善移动设备的能效和应用的执行延时。然而面对云端的多重服务选择时,计算卸载决策是NP问题。为了解决这一问题,提出一种遗传算法寻找计算卸载的最优应用分割决策解。遗传种群初始化中,算法联立预定义和随机染色体方法进行初始种群的生成,减少了无效染色体的发生比例。同时,算法为预定义的预留种群设计一种特定的基于汉明距离函数的适应度函数,更好地衡量了染色体间的差异。种群交叉中分别利用近亲交配与杂交繁育丰富了种群个体。算法通过修正的遗传操作减少了无效解的产生,以更合理的时间代价获得了应用分割的最优可行解。应用现实的移动应用任务图进行仿真实验评估了算法效率。评估结论表明,所设计的遗传算法在应用执行能耗、执行时间以及综合权重代价方面均优于对比算法。     

A novel cloud management framework for trust establishment and evaluation in a federated cloud environment

The Journal of Supercomputing - Cloud Computing is being utilized by large-scale organizations for data storage and management. It provides advantages like reducing the cost of information...     

Matrix based proactive resource provisioning in mobile cloud environment

Mobile cloud computing is a dynamic, virtually scalable and network based computing environment where mobile device acts as a thin client and applications run on remote cloud servers. Mobile cloud computing resources required by different users depend on their respective personalized applications. Therefore, efficient resource provisioning in mobile clouds is an important aspect that needs special attention in order to make the mobile cloud computing a highly optimized entity. This paper proposes an adaptive model for efficient resource provisioning in mobile clouds by predicting and storing resource usages in a two dimensional matrix termed as resource provisioning matrix. These resource provisioning matrices are further used by an independent authority to predict future required resources using artificial neural network. Independent authority also checks and verifies resource usage bill computed by cloud service provider using resource provisioning matrices. It provides cost computation reliability for mobile customers in mobile cloud environment. Proposed model is implemented on Hadoop using three different applications. Results indicate that proposed model provides better mobile cloud resources utilization as well as maintains quality of service for mobile customer. Proposed model increases battery life of mobile device and decreases data usage cost for mobile customer.     

BSS: block-based sharing scheme for secure data storage services in mobile cloud environment

For the last few years, academia and research organizations are continuously investigating and resolving the security and privacy issues of mobile cloud computing environment. The additional consideration in designing security services for mobile cloud computing environment should be the resource-constrained mobile devices. The execution of computationally intensive security services on mobile device consumes battery’s charging quickly. In this regard, the study presents a novel energy-efficient block-based sharing scheme that provides confidentiality and integrity services for mobile users in the cloud environment. The block-based sharing scheme is compared with the existing schemes on the basis of energy consumption, CPU utilization, memory utilization, encryption time, decryption time, and turnaround time. The experimental results show that the block-based sharing scheme consumes less energy, reduces the resources utilization, improves response time, and provides better security services to the mobile users in the presence of fully untrusted cloud server(s) as compared to the existing security schemes.     

Mobile cloud computing framework for a pervasive and ubiquitous environment

The increasing use of wireless Internet and smartphone has accelerated the need for pervasive and ubiquitous computing (PUC). Smartphones stimulate growth of location-based service and mobile cloud computing. However, smartphone mobile computing poses challenges because of the limited battery capacity, constraints of wireless networks and the limitations of device. A fundamental challenge arises as a result of power-inefficiency of location awareness. The location awareness is one of smartphone’s killer applications; it runs steadily and consumes a large amount of power. Another fundamental challenge stems from the fact that smartphone mobile devices are generally less powerful than other devices. Therefore, it is necessary to offload the computation-intensive part by careful partitioning of application functions across a cloud. In this paper, we propose an energy-efficient location-based service (LBS) and mobile cloud convergence. This framework reduces the power dissipation of LBSs by substituting power-intensive sensors with the use of less-power-intensive sensors, when the smartphone is in a static state, for example, when lying idle on a table in an office. The substitution is controlled by a finite state machine with a user-movement detection strategy. We also propose a seamless connection handover mechanism between different access networks. For convenient on-site establishment, our approach is based on the end-to-end architecture between server and a smartphone that is independent of the internal architecture of current 3G cellular networks.     

移动云计算环境下多工作流任务调度的联合优化方法

传统移动云计算环境下的任务调度通过random算法来决定任务执行位置,通过动态电压调节技术来调节工作频率,通过任务间的差异性判别进行任务的整合,这往往带来了很多不合理的任务迁移,并导致CPU负载严重,造成了系统损害和大量能耗。针对多工作流任务提出了CCS算法,它包括consolidation算法与多任务并发算法,通过增加任务之间传输与执行的并发性,增加任务集整合的概率,提高任务的处理速率,减少任务的响应时间,增加CPU使用率的同时将主机和内核CPU使用率控制在阈值上限以下,避免CPU过载并根据多任务并发来优化local算法,调整任务执行位置,提高迁移效率的同时也避免了随机算法的局限性,实验结果表明该算法可以有效地提高系统性能,避免CPU过载问题,并且优化了能耗和工作流的完成时间。     

A lightweight active service migration framework for computational offloading in mobile cloud computing

Cloud computing enables access to the widespread services and resources in cloud datacenters for mitigating resource limitations in low-potential client devices. Computational cloud is an attractive platform for computational offloading due to the attributes of scalability and availability of resources. Therefore, mobile cloud computing (MCC) leverages the application processing services of computational clouds for enabling computational-intensive and ubiquitous mobile applications on smart mobile devices (SMDs). Computational offloading frameworks focus on offloading intensive mobile applications at different granularity levels which involve resource-intensive mechanism of application profiling and partitioning at runtime. As a result, the energy consumption cost (ECC) and turnaround time of the application is increased. This paper proposes an active service migration (ASM) framework for computational offloading to cloud datacenters, which employs lightweight procedure for the deployment of runtime distributed platform. The proposed framework employs coarse granularity level and simple developmental and deployment procedures for computational offloading in MCC. ASM is evaluated by benchmarking prototype application on the Android devices in the real MCC environment. It is found that the turnaround time of the application reduces up to 45 % and ECC of the application reduces up to 33 % in ASM-based computational offloading as compared to traditional offloading techniques which shows the lightweight nature of the proposed framework for computational offloading.     

An application framework for mobile,context-aware trails

In this paper we describe the design, implementation and evaluation of a software framework that supports the development of mobile, context-aware trails-based applications. A trail is a contextually scheduled collection of activities and represents a generic model that can be used to satisfy the activity management requirements of a wide range of context-based time management applications. Trails overcome limitations with traditional time management techniques based on static to-do lists by dynamically reordering activities based on emergent context.     

Fractal: A mobile code-based framework for dynamic application protocol adaptation

The rapid growth of heterogeneous devices and diverse networks in our daily life, makes it is very difficult, if not impossible, to build a one-size-fits-all application or protocol, which can run well in such a dynamic environment. Adaptation has been considered as a general approach to address the mismatch problem between clients and servers; however, we envision that the missing part, which is also a big challenge, is how to inject and deploy adaptation functionality into the environment. In this paper we propose a novel application level protocol adaptation framework, Fractal, which uses the mobile code technology for protocol adaptation and leverages existing content distribution networks (CDN) for protocol adaptors (mobile codes) deployment. To the best of our knowledge, Fractal is the first application level protocol adaptation framework that considers the real deployment problem using mobile code and CDN. To evaluate the proposed framework, we have implemented two case studies: an adaptive message encryption protocol and an adaptive communication optimization protocol. In the adaptive message encryption protocol, Fractal always chooses a proper encryption algorithm according to different application requirements and device characteristics. And the adaptive communication optimization protocol is capable of dynamically selecting the best one from four communication protocols, including Direct sending, Gzip, Bitmap, and Vary-sized blocking, for different hardware and network configurations. In comparison with other adaptation approaches, evaluation results show the proposed adaptive approach performs very well on both the client side and server side. For some clients, the total communication overhead reduces 41% compared with no protocol adaptation mechanism, and 14% compared with the static protocol adaptation approach.     

FlatVC:云环境下虚拟机集群的扁平化版本控制

IaaS的发展使得云服务能够快速地部署虚拟机集群。然而,在部署过程中虚拟机群的版本控制效率不高。目前的版本控制方法存在网络负载大、操作速度慢的问题。提出一种新颖的虚拟机集群版本控制方法,叫做FlatVC。FlatVC在计算节点增量地生成虚拟机版本,以避免将版本数据传输至存储节点,并在虚拟机版本恢复时按需传输版本数据,因此减小了网络传输负载并加速了版本控制过程。通过使用缓存树结构来共享网络传输数据,FlatVC减小了根节点数据传输压力。此外,我们针对增量版本所构成的版本链进行了I/O优化,避免了版本链导致的性能下降。实验结果显示,FlatVC能有效地实施虚拟机集群版本控制,加速版本生成以及恢复过程。     

私有云环境下基于加密体制的访问控制应用研究

随着云计算技术的广泛应用,云中的数据安全问题逐渐引起重视,尤其是在政务、银行、企业、军队等私有云领域内,对数据资源的安全、高效、准确应用要求极高。基于此背景,研究私有云环境下基于密文的访问控制技术,首先介绍了传统访问控制原理与典型模型,然后分析在私有云环境下的应用特点,在此基础上提出基于加密体制的访问控制应用方案,并对其应用流程进行分析。