International Journal of Web and Grid Services (10 papers in press)
Managing Workflows on top of a Cloud Computing Orchestrator for using heterogeneous environments on e-Science
by Abel Carrión, Miguel Caballer, Ignacio Blanquer, Nelson Kotowski
Abstract: Scientific Workflows (SWFs) are widely used to model processes in e-Science. SWFs are executed by means of Workflow Management Systems (WMSs), which orchestrate the workload on top of computing infrastructures. The advent of cloud computing infrastructures has opened the door of using on-demand infrastructures to complement or even replace local infrastructures. However, new issues have arisen, such as the integration of hybrid resources or the compromise between infrastructure reutilization and elasticity. In this article we present an ad-hoc solution for managing workflows exploiting the capabilities of cloud orchestrators to deploy resources on demand according to the workload and to combine heterogeneous cloud providers (such as on-premise clouds and public clouds) and traditional infrastructures (clusters) to minimize costs and response time. The work does not propose yet another WMS, but demonstrates the benefits of the integration of cloud orchestration when running complex workflows. The article shows several configuration experiments from a realistic comparative genomics workflow called Orthosearch, to migrate memory-intensive workload to public infrastructures while keeping other blocks of the experiment running locally. The article computes running time and cost suggesting best practices.
Keywords: Workflow; Workflow Management Systems; Cloud Orchestrator; Multi-platform; e-Science; Cloud Computing; Comparative genomics.
Clustering-based uncertain QoS prediction of Web services via collaborative filtering
by Guobing Zou, Zhimin Zhou, Sen Niu, Yanglan Gan, Bofeng Zhang
Abstract: Although collaborative filtering (CF) has been widely applied for QoS-aware Web service recommendation, most of these approaches mainly focus on certain QoS prediction of Web services. However, they failed to take the natural characteristic of Web services with QoS uncertainty into account in real-world service-oriented Web applications. To solve the problem, this paper proposes a novel approach for uncertain QoS prediction via collaborative filtering and service clustering. We first establish uncertain QoS model for a service user by a tree-layer tree, where each service is formalized as a QoS matrix. To mine the similar neighborhood users for an active user, we then extend Euclidean distance to calculate the similarity between two uncertain QoS models. Finally, we present two novel QoS prediction strategies of QoS prediction based on collaborative filtering and service clustering, called U-Rec and UC-Rec. Extensive experiments have been conducted on large-scale real-world dataset that has more than 1.5 million uncertain QoS transaction logs of Web services. The experimental results demonstrate the effectiveness of our proposed approach.
Keywords: Web service; uncertain QoS prediction; collaborative filtering; service clustering
Special Issue on: Massive Data Processing and Cloud Storage
A Novel Utilization-aware Energy Consumption Model
for Content Distribution Networks
by Saif ul Islam, Jean-Marc Pierson, Nadeem Javaid
Abstract: Rapid increase in Internet worldwide users is leading a trend towards
grand geographical distributed systems. Content Distribution Networks (CDNs)
are one of the popular large scale distributed systems managing around 40contribution
in CO2 footprint, it is very important to manage resources efficiently
and to control energy consumption in CDNs. Though different studies propose
solutions to reduce energy consumption but there is less concentration on analyzing
energy consumption and resource utilization. In this paper we have evaluated
resource utilization and ultimately energy consumption under different scenarios.
We have proposed utilization-aware energy consumption model.We have considered
one of the most popular request redirection policy i.e. load- balance. Quality
of Experience (QoE) metrics like overall delay in client requests completion and
dropped requests are also evaluated. Extensive simulation is performed by varying
CDN infrastructure size, client requests traffic volume and intensity of end
Keywords: Content Distribution Networks; Resource Utilization; Energy
Sensitivity-based Synchronization Protocol to Prevent
Illegal Information Flow among Objects
by Shigenari Nakamura, Tomoya Enokido, Makoto Takizawa
Abstract: In information systems, a transaction may illegally read data stored in
an object which the transaction is not allowed to read is stored in the object. A
transaction illegally writes data to an object after issuing illegal read. The write-
abortion (WA), read-write-abortion (RWA), and flexible RWA (FRWA) protocols
to prevent illegal information flow are proposed in our previous papers. In theWA
and RWA, a transaction is aborted once issuing an illegal write and illegal read,
respectively. In the WA, some reads are meaninglessly performed. In the RWA,
some reads are lost. In the FRWA, a transaction is aborted with some probability
once issuing illegal read. We newly introduce the object sensitivity concept to
decide on the abortion probability. In the evaluation, the execution time of each
transaction in the FRWA with object sensitivity is shorter than WA and more
number of reads can be performed than RWA.
Keywords: Flexible read-write-abortion (FRWA) protocol; Sensitivity;
Meaningless read operation; Lost read operation; Information flow control.
ATMSim: A Hadoop and Self-similarity-based
Simulator for Collecting, Detecting, Measuring and
Analysing Anomalous Traffic
by Hae-Duck J. Jeong, Myeong-Un Ryu, Min-Jun Ji, You-Been Cho, Sang-Kug Ye, Jong-Suk R. Lee
Abstract: Recent developments in information and communication networks as
well as the popularity of smartphones have been contributing to a geometrical
increase in Internet traffic. In relation to this, this study aims to collect, detect,
measure and analyse the DDoS attacks typical of increasing security incidents
on the Internet and network attacks. To this end, a large volume of normal
traffic, coming in through an internal LAN of a university, and anomalous traffic
including DDoS attacks using an ATMSim analysis package operating on the
basis of network flow information, was generated. The self-similarity estimation
techniques were used to analyse the behavior of the collected and generated
normal and anomalous traffic. This informationwas then used to prove graphically
and quantitatively that the analysis reveals a great difference between the normal
traffic and the anomalous traffic in terms of self-similarity.
Keywords: Anomalous traffic; Hadoop; Stochastic self-similar process,
ATMSim; DDoS attack; Big data.
TrDup: Enhancing Secure Data Deduplication with User Traceability in Cloud Computing
by Xiaofeng Chen
Abstract: Data deduplication is a special type of resource usage optimization. It leads to reduction of the used storage space and network bandwidth by eliminating duplicate copies of the same data file. Convergent encryption, as the state-of-art approach, has been widely adopted to perform secure deduplication in the cross- user scenario. However, all prior solutions do not support user traceability: there is no way to trace the identities of malicious users in case of duplicate faking attacks. To cope with this problem, we propose a deduplication scheme called TrDup. It realizes traceability of malicious user
Keywords: Secure deduplication; Message-locked encryption; Traceable signatures; Proof of ownership.
Stream-based Live Entity Resolution Approach with Adaptive Duplicate Count Strategy
by Kun Ma, Bo Yang
Abstract: Recently, researchers have been more concerned about large-scale news and tweet data generated by the social media. Some cloud service providers utilize the data to find public sentiments for the tenants. The challenge is how to clean the big data in the cloud before making further analysis. To address this issue, we propose a new live entity resolution approach at a time to find duplicates from the news and tweet data. We investigate possible solutions to address live entity resolution in the cloud, to make sliding window size adaptive using multi
Keywords: Cloud computing; Big Data; MapReduce; Entity resolution; Sorted Neighborhood; NoSQL.
Special Issue on: Security for Cloud Computing
Searchable Symmetric Encryption Based on the
Inner Product for Cloud Storage
by Jun Yang, Shujuan Li, Xiaodan Yan, Baihui Zhang, Baojiang Cui
Abstract: Searchable encryption enables the data owner to store their own data after
encrypting them in the cloud. Searchable encryption also allows the client to search over
the data without leaking any information about it. In this paper, we rst introduce a
searchable symmetric encryption scheme based on the inner product: it is more ecient
to compute the inner product of two vectors. In our construction, the parties can be Data
Owners, Clients or the Cloud Server. The three parties communicate with each other
through the inner product to achieve the goal that the client can search the data in the
cloud without leaking any information on the data the owner stored in the cloud. We then
perform a security analysis and performance evaluation, which show that our algorithm
and construction are secure and ecient.
Keywords: Searchable Encryption; Searchable Symmetric Encryption; Inner Product;
the Cloud Server; Security.
Lattice-based Searchable Public-key Encryption Scheme for Secure Cloud Storage
by Run Xie, Chunxiang Xu, Changlian He, Xiaojun Zhang
Abstract: With the popularity of cloud storage and the improvement of awareness of data privacy, the user's sensitive data is usually encrypted before uploading them to the cloud. Searchable encryption is a critical technique on promoting secure and efficient cloud storage. In particular, public key encryption with keyword search (PEKS) provides an elegant approach to achieve data retrieval in encrypted storage. However, all existing searchable public-key encryption schemes only provide the security based on classical cryptography hardness assumption. With the enhancement of cloud-computing power and the development of quantum computers, these schemes will be insecure. In this paper, we propose a new searchable public-key encryption scheme with a designated tester(dPEKS). Our scheme has notable advantages: Firstly, our scheme is the first searchable public-key encryption scheme based on lattice hardness assumptions. Currently, the lattice-based cryptography is considered to be secure even if quantum computers are ever developed. Therefore, our scheme is the promising candidate for traditional schemes. Secondly, our scheme achieves the trapdoor indistinguishability. The trapdoor indistinguishability implies the security against outside off-line keyword guessing attacks(KGAs). Until now, only few schemes can resist outside off-line KGA. In Boneh et als original framework, the inside keyword guessing attacks(KGAs) is considered inevitable. In this sense, our scheme provides the strongest security level. Lastly, our scheme can achieve the trapdoor anonymity for server.
Keywords: dPEKS ; searchable encryption; trapdoor indistinguishability; lattice; keyword-guessing attack; cloud storage.
Key-Aggregate Searchable Encryption under Multi-owner Setting for Group Data Sharing in the Cloud
by Tong Li, Zheli Liu, Chunfu Jia, Zhangjie Fu, Jin Li
Abstract: In recent years, the encryption with keyword search has been widely used
in cloud data sharing system to protect privacy and confidentiality
when the ciphertext is retrieving. However, selectively sharing encrypted
data and related searching abilities among different users via the
existing searchable encryption technology certainly will generate a
large number of searching trapdoors making the system inflexible and
impractical. In this paper, we propose the concept of ``multi-owner
key-aggregate searchable encryption'' scheme and its implementation,
in which a user can only submit a trapdoor for querying the documents
shared by multiple owners who only need to distribute an aggregate key for
sharing massive data. Thus, the scheme supports effective data sharing
for both multiple owners and users by reducing unnecessary trapdoors which
is hard for generating by mobile devices during the querying step.
Finally we conduct security analysis and performance evaluation
which can show that our system is practical and secure.
Keywords: cloud storage; searchable encryption; data sharing; key-aggregate.