IEEE Projects 2016-2017Updated Top list of Cloud Computing for ME/MTech,BE/BTech Final Year students

Cloud computing is an Internet-based computing pattern through which shared resources are provided

to devices ondemand. Its an emerging but promising paradigm to integrating mobile devices into cloud

computing, and the integration performs in the cloud based hierarchical multi-user data-shared

environment. With integrating into cloud computing, security issues such as data confidentiality and

user authority may arise in the mobile cloud computing system, and it is concerned as the main

constraints to the developments of mobile cloud computing. In order to provide safe and secure

operation, a hierarchical access control method using modified hierarchical attribute-based encryption

(M-HABE) and a modified three-layer structure is proposed in this paper. In a specific mobile cloud

computing model, enormous data which may be from all kinds of mobile devices, such as smart phones,

functioned phones and PDAs and so on can be controlled and monitored by the system, and the data

can be sensitive to unauthorized third party and constraint to legal users as well. The novel scheme

mainly focuses on the data processing, storing and accessing, which is designed to ensure the users

with legal authorities to get corresponding classified data and to restrict illegal users and unauthorized

legal users get access to the data, which makes it extremely suitable for the mobile cloud computing

paradigms.

ETPL

CLD - 001 A Modified Hierarchical Attribute-based Encryption Access Control

Method for Mobile Cloud Computing

Quality of cloud service (QoS) is one of the crucial factors for the success of cloud providers in mobile

cloud computing. Context-awareness is a popular method for automatic awareness of the mobile

environment and choosing the most suitable cloud provider. Lack of context information may harm the

users’ confidence in the application rendering it useless. Thus, mobile devices need to be constantly

aware of the environment and to test the performance of each cloud provider, which is inefficient and

wastes energy. Crowdsourcing is a considerable technology to discover and select cloud services in

order to provide intelligent, efficient, and stable discovering of services for mobile users based on

group choice. This article introduces a crowdsourcing-based QoS supported mobile cloud service

framework that fulfils mobile users’ satisfaction by sensing their context information and providing

appropriate services to each of the users. Based on user’s activity context, social context, service

context, and device context, our framework dynamically adapts cloud service for the requests in

different kinds of scenarios. The context-awareness based management approach efficiency achieves

a reliable cloud service supported platform to supply the Quality of Service on mobile device.

ETPL

CLD - 002 Using Crowdsourcing to Provide QoS for Mobile Cloud Computing

Offering real-time data security for petabytes of data is important for cloud computing. A recent survey

on cloud security states that the security of users' data has the highest priority as well as concern. We

believe this can only be able to achieve with an approach that is systematic, adoptable and well-

structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption

Framework (CCAF) which has been customized for securing cloud data. This paper explains the

overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the

system design based on the requirements and the implementation demonstrated by the CCAF multi-

layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-

time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how

data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances

before actual implementation. Results show that the time to take control of security breach can take

between 50 and 125 hours. This means that additional security is required to ensure all data is well-

protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security

can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity

management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has

undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000

trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can

be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show

although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43

percent of them can be quarantined. Our CCAF multi-layered security has an average of 20 percent b-

tter performance than the single-layered approach which could only block 7,438 viruses and trojans.

CCAF can be more effective when combined with BPMN simulation to evaluate security process and

penetrating testing results.

ETPL

CLD - 003 Towards Achieving Data Security with the Cloud Computing Adoption

Framework

Multiple resource procurement from several cloud vendors participating in bidding is addressed in this

paper. This is done by assigning dynamic pricing for these resources. Since we consider multiple

resources to be procured from several cloud vendors bidding in an auction, the problem turns out to be

one of a combinatorial auction. We pre-process the user requests, analyze the auction and declare a set

of vendors bidding for the auction as winners based on the Combinatorial Auction Branch on Bids

(CABOB) model. Simulations using our approach with prices procured from several cloud vendors'

datasets show its effectiveness in multiple resource procurement in the realm of cloud computing.

ETPL

CLD - 004 A Combinatorial Auction mechanism for multiple resource procurement

in cloud computing

With the booming cloud computing industry, computational resources are readily and elastically

available to the customers. In order to attract customers with various demands, most Infrastructure-as-

a-service (IaaS) cloud service providers offer several pricing strategies such as pay as you go, pay less

per unit when you use more (so called volume discount), and pay even less when you reserve. The

diverse pricing schemes among different IaaS service providers or even in the same provider form a

complex economic landscape that nurtures the market of cloud brokers. By strategically scheduling

multiple customers' resource requests, a cloud broker can fully take advantage of the discounts offered

by cloud service providers. In this paper, we focus on how a broker can help a group of customers to

fully utilize the volume discount pricing strategy offered by cloud service providers through cost-

efficient online resource scheduling. We present a randomized online stack-centric scheduling

algorithm (ROSA) and theoretically prove the lower bound of its competitive ratio. Three special cases

of the offline concave cost scheduling problem and the corresponding optimal algorithms are

introduced. Our simulation shows that ROSA achieves a competitive ratio close to the theoretical lower

bound under the special cases. Trace-driven simulation using Google cluster data demonstrates that

ROSA is superior to the conventional online scheduling algorithms in terms of cost saving.

ETPL

CLD - 005 Online Resource Scheduling Under Concave Pricing for Cloud

Computing

Never before have data sharing been more convenient with the rapid development and wide adoption

of cloud computing. However, how to ensure the cloud user’s data security is becoming the main

obstacles that hinder cloud computing from extensive adoption. Proxy re-encryption serves as a

promising solution to secure the data sharing in the cloud computing. It enables a data owner to encrypt

shared data in cloud under its own public key, which is further transformed by a semi trusted cloud

server into an encryption intended for the legitimate recipient for access control. This paper gives a

solid and inspiring survey of proxy re-encryption from different perspectives to offer a better

understanding of this primitive. In particular, we reviewed the state-of-the-art of the proxy re-

encryption by investigating the design philosophy, examining the security models and comparing the

efficiency and security proofs of existing schemes. Furthermore, the potential applications and

extensions of proxy re-encryption have also been discussed. Finally, this paper is concluded with a

summary of the possible future work.

ETPL

CLD - 006 A Survey of Proxy Re-Encryption for Secure Data Sharing in Cloud

Computing

With the popularity of cloud computing, there have been increasing concerns about its security and

privacy. Since the cloud computing environment is distributed and untrusted, data owners have to

encrypt outsourced data to enforce confidentiality. Therefore, how to achieve practicable access control

of encrypted data in an untrusted environment is an urgent issue that needs to be solved. Attribute-

Based Encryption (ABE) is a promising scheme suitable for access control in cloud storage systems.

This paper proposes a hierarchical attribute-based access control scheme with constant-size ciphertext.

The scheme is efficient because the length of ciphertext and the number of bilinear pairing evaluations

to a constant are fixed. Its computation cost in encryption and decryption algorithms is low. Moreover,

the hierarchical authorization structure of our scheme reduces the burden and risk of a single authority

scenario. We prove the scheme is of CCA2 security under the decisional q-Bilinear Diffie-Hellman

Exponent assumption. In addition, we implement our scheme and analyse its performance. The analysis

results show the proposed scheme is efficient, scalable, and fine-grained in dealing with access control

for outsourced data in cloud computing.

ETPL

CLD - 007 Attribute-based Access Control with Constant-size Ciphertext in Cloud

Computing

Mobile systems are gaining more and more importance, and new promising paradigms like Mobile

Cloud Computing are emerging. Mobile Cloud Computing provides an infrastructure where data

storage and processing could happen outside the mobile node. Specifically, there is a major interest in

the use of the services obtained by taking advantage of the distributed resource pooling provided by

nearby mobile nodes in a transparent way. This kind of systems is useful in application domains such

as emergencies, education and tourism. However, these systems are commonly based on dynamic

network topologies, in which disconnections and network partitions can occur frequently, and thus the

availability of the services is usually compromised. Techniques and methods from Autonomic

Computing can be applied to Mobile Cloud Computing to build dependable service models taking into

account changes in the context. In this work, a context-aware software architecture is proposed to

support the availability of the services deployed in mobile and dynamic network environments. The

proposal is based on a service replication scheme together with a self-configuration approach for the

activation/hibernation of the replicas of the service depending on relevant context information from

the mobile system. To that end, an election algorithm has been designed and implemented.

ETPL

CLD - 008 A Context-Aware Architecture Supporting Service Availability in

Mobile Cloud Computing

With the development of cloud computing, outsourcing data to cloud server attracts lots of attentions.

To guarantee the security and achieve flexibly fine-grained file access control, attribute based

encryption (ABE) was proposed and used in cloud storage system. However, user revocation is the

primary issue in ABE schemes. In this article, we provide a ciphertext-policy attribute based encryption

(CP-ABE) scheme with efficient user revocation for cloud storage system. The issue of user revocation

can be solved efficiently by introducing the concept of user group. When any user leaves, the group

manager will update users’ private keys except for those who have been revoked. Additionally, CP-

ABE scheme has heavy computation cost, as it grows linearly with the complexity for the access

structure. To reduce the computation cost, we outsource high computation load to cloud service

providers without leaking file content and secret keys. Notbaly, our scheme can withstand collusion

attack performed by revoked users cooperating with existing users. We prove the security of our

scheme under the divisible computation Diffie-Hellman (DCDH) assumption. The result of our

experiment shows computation cost for local devices is relatively low and can be constant. Our scheme

is suitable for resource constrained devices.

ETPL

CLD - 009 Flexible and Fine-Grained Attribute-Based Data Storage in Cloud

Computing

To address the computing challenge of ’big data’, a number of data-intensive computing frameworks

(e.g., MapReduce, Dryad, Storm and Spark) have emerged and become popular. YARN is a de facto

resource management platform that enables these frameworks running together in a shared system.

However, we observe that, in cloud computing environment, the fair resource allocation policy

implemented in YARN is not suitable because of its memoryless resource allocation fashion leading

to violations of a number of good properties in shared computing systems. This paper attempts to

address these problems for YARN. Both singlelevel and hierarchical resource allocations are

considered. For single-level resource allocation, we propose a novel fair resource allocation mechanism

called Long-Term Resource Fairness (LTRF) for such computing. For hierarchical resource allocation,

we propose Hierarchical Long-Term Resource Fairness (H-LTRF) by extending LTRF. We show that

both LTRF and H-LTRF can address these fairness problems of current resource allocation policy and

are thus suitable for cloud computing. Finally, we have developed LTYARN by implementing LTRF

and H-LTRF in YARN, and our experiments show that it leads to a better resource fairness than

existing fair schedulers of YARN.

ETPL

CLD - 010 Fair Resource Allocation for Data-Intensive Computing in the Cloud


to devices ondemand. Its an emerging but promising paradigm to integrating mobile devices into cloud













paradigms.

ETPL

CLD - 011 Secure Data Sharing in Cloud Computing Using Revocable-Storage

Identity-Based Encryption

Cloud computing technologies have enabled a new paradigm for advanced product development

powered by the provision and subscription of computational services in a multi-tenant distributed

simulation environment. The description of computational resources and their optimal allocation

among tenants with different requirements holds the key to implementing effective software systems

for such a paradigm. To address this issue, a systematic framework for monitoring, analyzing and

improving system performance is proposed in this research. Specifically, a radial basis function neural

network is established to transform simulation tasks with abstract descriptions into specific resource

requirements in terms of their quantities and qualities. Additionally, a novel mathematical model is

constructed to represent the complex resource allocation process in a multi-tenant computing

environment by considering priority-based tenant satisfaction, total computational cost and multi-level

load balance. To achieve optimal resource allocation, an improved multi-objective genetic algorithm

is proposed based on the elitist archive and the K-means approaches. As demonstrated in a case study,

the proposed framework and methods can effectively support the cloud simulation paradigm and

efficiently meet tenants’ computational requirements in a distributed environment.

ETPL

CLD - 012 Knowledge-Based Resource Allocation for Collaborative Simulation

Development in a Multi-tenant Cloud Computing Environment

Cloud computing becomes increasingly popular for data owners to outsource their data to public cloud

servers while allowing intended data users to retrieve these data stored in cloud. This kind of computing

model brings challenges to the security and privacy of data stored in cloud. Attribute-based encryption

(ABE) technology has been used to design fine-grained access control system, which provides one

good method to solve the security issues in cloud setting. However, the computation cost and cipher

text size in most ABE schemes grow with the complexity of the access policy. Outsourced ABE

(OABE) with fine-grained access control system can largely reduce the computation cost for users who

want to access encrypted data stored in cloud by outsourcing the heavy computation to cloud service

provider (CSP). However, as the amount of encrypted files stored in cloud is becoming very huge,

which will hinder efficient query processing? To deal with above problem, we present a new

cryptographic primitive called attribute-based encryption scheme with outsourcing key-issuing and

outsourcing decryption, which can implement keyword search function (KSF-OABE). The proposed

KSF-OABE scheme is proved secure against chosen-plaintext attack (CPA). CSP performs partial

decryption task delegated by data user without knowing anything about the plaintext. Moreover, the

CSP can perform encrypted keyword search without knowing anything about the keywords embedded

in trapdoor

ETPL

CLD - 013 KSF-OABE: Outsourced Attribute-Based Encryption with Keyword

Search Function for Cloud Storage

Cloud computing is rapidly changing the digital service landscape. A proliferation of Cloud providers

has emerged, increasing the difficulty of consumer decisions. Trust issues have been identified as a

factor holding back Cloud adoption. The risks and challenges inherent in the adoption of Cloud services

are well recognised in the computing literature. In conjunction with these risks, the relative novelty of

the online environment as a context for the provision of business services can increase consumer

perceptions of uncertainty. This uncertainty is worsened in a Cloud context due to the lack of

transparency, from the consumer perspective, into the service types, operational conditions and the

quality of service offered by the diverse providers. Previous approaches failed to provide an appropriate

medium for communicating trust and trustworthiness in Clouds. A new strategy is required to improve

consumer confidence and trust in Cloud providers. This paper presents the operationalisation of a trust

label system designed to communicate trust and trustworthiness in Cloud services. We describe the

technical details and implementation of the trust label components. Based on a use case scenario, an

initial evaluation was carried out to test its operations and its usefulness for increasing consumer trust

in Cloud services.

ETPL

CLD - 014 A Trust Label System for Communicating Trust in Cloud Services

The prominence of cloud computing led to unprecedented proliferation in the number of Web services

deployed in cloud data centres. In parallel, service communities have gained recently increasing

interest due to their ability to facilitate discovery, composition, and resource scaling in large-scale

services’ markets. The problem is that traditional community formation models may work well when

all services reside in a single cloud but cannot support a multi-cloud environment. Particularly, these

models overlook having malicious services that misbehave to illegally maximize their benefits and that

arises from grouping together services owned by different providers. Besides, they rely on a centralized

architecture whereby a central entity regulates the community formation; which contradicts with the

distributed nature of cloud-based services. In this paper, we propose a three-fold solution that includes:

trust establishment framework that is resilient to collusion attacks that occur to mislead trust results;

bootstrapping mechanism that capitalizes on the endorsement concept in online social networks to

assign initial trust values; and trust-based hedonic coalitional game that enables services to distributive

form trustworthy multi-cloud communities. Experiments conducted on a real-life dataset demonstrate

that our model minimizes the number of malicious services compared to three state-of-the-art cloud

federations and service communities’ models.

ETPL

CLD - 015 Towards Trustworthy Multi-Cloud Services Communities: A Trust-based

Hedonic Coalitional Game

The significant growth in cloud computing has led to increasing number of cloud providers, each

offering their service under different conditions – one might be more secure whilst another might be

less expensive or more reliable. At the same time user applications have become more and more

complex. Often, they consist of a diverse collection of software components, and need to handle

variable workloads, which poses different requirements on the infrastructure. Therefore, many

organisations are considering using a combination of different clouds to satisfy these needs. It raises,

however, a non-trivial issue of how to select the best combination of clouds to meet the application

requirements. This paper presents a novel algorithm to deploy workflow applications on federated

clouds. Firstly, we introduce an entropy-based method to quantify the most reliable workflow

deployments. Secondly, we apply an extension of the Bell-LaPadula Multi-Level security model to

address application security requirements. Finally, we optimise deployment in terms of its entropy and

also its monetary cost, taking into account the cost of computing power, data storage and inter-cloud

communication. We implemented our new approach and compared it against two existing scheduling

algorithms: Extended Dynamic Constraint Algorithm (EDCA) and Extended Biobjective dynamic

level scheduling (EBDLS). We show that our algorithm can find deployments that are of equivalent

reliability but are less expensive and meet security requirements. We have validated our solution

through a set of realistic scientific workflows, using well-known cloud simulation tools (WorkflowSim

and DynamicCloudSim) and a realistic cloud based data analysis system (e-Science Central).

ETPL

CLD - 016 Cost Effective, Reliable and Secure Workflow Deployment over Federated Clouds

Search over encrypted data is a critically important enabling technique in cloud computing, where

encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted

cloud server environment. Many secure search schemes have been focusing on the single-contributor

scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and

managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a

different yet more challenging scenario where the outsourced dataset can be contributed from multiple

owners and are searchable by multiple users, i.e., multi-user multi-contributor case. Inspired by

attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with

efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e., file-level) search

authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud

server independently. Users can generate their own search capabilities without relying on an always

online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced

access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-

encryption techniques, we are able to delegate heavy system update workload during user revocation

to the resourceful semi-trusted cloud server. We formalize the security definition and prove the

proposed ABKS-UR scheme selectively secure against chosen-keyword attack. To build confidence of

data user in the proposed secure search system, we also design a search result verification scheme.

Finally, performance evaluation shows the efficiency of our scheme.

ETPL

CLD - 017 Protecting Your Right: Verifiable Attribute-Based Keyword Search with

Fine-Grained Owner-Enforced Search Authorization in the Cloud

Allocating service capacities in cloud computing is based on the assumption that they are unlimited

and can be used at any time. However, available service capacities change with workload and cannot

satisfy users’ requests at any time from the cloud provider’s perspective because cloud services can be

shared by multiple tasks. Cloud service providers provide available time slots for new user’s requests

based on available capacities. In this paper, we consider workflow scheduling with deadline and time

slot availability in cloud computing. An iterated heuristic framework is presented for the problem under

study which mainly consists of initial solution construction, improvement, and perturbation. Three

initial solution construction strategies, two greedy- and fair-based improvement strategies and a

perturbation strategy are proposed. Different strategies in the three phases result in several heuristics.

Experimental results show that different initial solution and improvement strategies have different

effects on solution qualities.

ETPL

CLD - 018 Cloud workflow scheduling with deadlines and time slot availability

In the cloud, for achieving access control and keeping data confidential, the data owners could adopt

attribute-based encryption to encrypt the stored data. Users with limited computing power are however

more likely to delegate the mask of the decryption task to the cloud servers to reduce the computing

cost. As a result, attribute-based encryption with delegation emerges. Still, there are caveats and

questions remaining in the previous relevant works. For instance, during the delegation, the cloud

servers could tamper or replace the delegated ciphertext and respond a forged computing result with

malicious intent. They may also cheat the eligible users by responding them that they are ineligible for

the purpose of cost saving. Furthermore, during the encryption, the access policies may not be flexible

enough as well. Since policy for general circuits enables to achieve the strongest form of access control,

a construction for realizing circuit ciphertext-policy attribute-based hybrid encryption with verifiable

delegation has been considered in our work. In such a system, combined with verifiable computation

and encrypt-then-mac mechanism, the data confidentiality, the fine-grained access control and the

correctness of the delegated computing results are well guaranteed at the same time. Besides, our

scheme achieves security against chosen-plaintext attacks under the k-multilinear Decisional Diffie-

Hellman assumption. Moreover, an extensive simulation campaign confirms the feasibility and

efficiency of the proposed solution.

ETPL

CLD - 019 Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption with

Verifiable Delegation in Cloud Computing

Most current security solutions are based on perimeter security. However, Cloud computing breaks the

organization perimeters. When data resides in the Cloud, they reside outside the organizational bounds.

This leads users to a loos of control over their data and raises reasonable security concerns that slow

down the adoption of Cloud computing. Is the Cloud service provider accessing the data? Is it

legitimately applying the access control policy defined by the user? This paper presents a data-centric

access control solution with enriched role-based expressiveness in which security is focused on

protecting user data regardless the Cloud service provider that holds it. Novel identity-based and proxy

re-encryption techniques are used to protect the authorization model. Data is encrypted and

authorization rules are cryptographically protected to preserve user data against the service provider

access or misbehavior. The authorization model provides high expressiveness with role hierarchy and

resource hierarchy support. The solution takes advantage of the logic formalism provided by Semantic

Web technologies, which enables advanced rule management like semantic conflict detection. A proof

of concept implementation has been developed and a working prototypical deployment of the proposal

has been integrated within Google services.

ETPL

CLD - 020 SecRBAC: Secure data in the Clouds

Cloud radio access network (C-RAN) has emerged as a potential candidate of the next generation

access network technology to address the increasing mobile traffic, while mobile cloud computing

(MCC) offers a prospective solution to the resource-limited mobile user in executing computation

intensive tasks. Taking full advantages of above two cloud-based techniques, C-RAN with MCC are

presented in this paper to enhance both performance and energy efficiencies. In particular, this paper

studies the joint energy minimization and resource allocation in C-RAN with MCC under the time

constraints of the given tasks. We first review the energy and time model of the computation and

communication. Then, we formulate the joint energy minimization into a non-convex optimization

with the constraints of task executing time, transmitting power, computation capacity and fronthaul

data rates. This non-convex optimization is then reformulated into an equivalent convex problem based

on weighted minimum mean square error (WMMSE). The iterative algorithm is finally given to deal

with the joint resource allocation in C-RAN with mobile cloud. Simulation results confirm that the

proposed energy minimization and resource allocation solution can improve the system performance

and save energy.

ETPL

CLD - 021 Joint Energy Minimization and Resource Allocation in C-RAN with

Mobile Cloud

Due to the increasing popularity of cloud computing, more and more data owners are motivated to

outsource their data to cloud servers for great convenience and reduced cost in data management.

However, sensitive data should be encrypted before outsourcing for privacy requirements, which

obsoletes data utilization like keyword-based document retrieval. In this paper, we present a secure

multi-keyword ranked search scheme over encrypted cloud data, which simultaneously supports

dynamic update operations like deletion and insertion of documents. Specifically, the vector space

model and the widely-used TF x IDF model are combined in the index construction and query

generation. We construct a special tree-based index structure and propose a “Greedy Depth-first

Search” algorithm to provide efficient multi-keyword ranked search. The secure kNN algorithm is

utilized to encrypt the index and query vectors, and meanwhile ensure accurate relevance score

calculation between encrypted index and query vectors. In order to resist statistical attacks, phantom

terms are added to the index vector for blinding search results. Due to the use of our special tree-based

index structure, the proposed scheme can achieve sub-linear search time and deal with the deletion and

insertion of documents flexibly. Extensive experiments are conducted to demonstrate the efficiency of

the proposed scheme.

ETPL

CLD - 022 A Secure and Dynamic Multi-Keyword Ranked Search Scheme over

Encrypted Cloud Data

In this paper, we develop a decentralized probabilistic method for performance optimization of cloud

services. We focus on Infrastructure-as-a-Service where the user is provided with the ability of

configuring virtual resources on demand in order to satisfy specific computational requirements. This

novel approach is strongly supported by a theoretical framework based on tail probabilities and sample

complexity analysis. It allows not only the inclusion of performance metrics for the cloud but the

incorporation of security metrics based on cryptographic algorithms for data storage. To the best of the

authors’ knowledge this is the first unified approach to provision performance and security on demand

subject to the Service Level Agreement between the client and the cloud service provider. The quality

of the service is guaranteed given certain values of accuracy and confidence. We present some

experimental results using the Amazon Web Services, Amazon Elastic Compute Cloud service to

validate our probabilistic optimization method.

ETPL

CLD - 023 Probabilistic Optimization of Resource Distribution and Encryption for

Data Storage in the Cloud

Energy efficiency of data centers (DCs) has become a major concern as DCs continue to grow large

often hosting tens of thousands of servers or even hundreds of thousands of them. Clearly, such a

volume of DCs implies scale of data center network (DCN) with a huge number of network nodes and

links. The energy consumption of this communication network has skyrocketed and become the same

league as computing servers’costs. With the ever-increasing amount of data that need to be stored and

processed in DCs, DCN traffic continues to soar drawing increasingly more power. In particular, more

than one-third of the total energy in DCs is consumed by communication links, switching and

aggregation elements. In this paper, we concern the energy efficiency of data center explicitly taking

into account both servers and DCN. To this end, we present VPTCA, as a collective energy-efficiency

approach to data center network planning, which deals with virtual machine(VM) placement and

communication traffic configuration. VPTCA aims particularly to reduce the energy consumption of

DCN by assigning interrelated VMs into the same server or pod, which effectively helps reduce the

amount of transmission load. In the layer of traffic message, VPTCA optimally uses switch ports and

link bandwidth to balance the load and avoid congestions, enabling DCN to increase its transmission

capacity, and saving a significant amount of network energy. In our evaluation via NS-2 simulations,

the performance of VPTCA is measured and compared with two well-known DCN management

algorithms, Global First Fit and Elastic Tree. Based on our experimental results, VPTCA outperforms

existing algorithms in providing DCN more transmission capacity with less energy consumption.

ETPL

CLD - 024 Collective Energy-Efficiency Approach to Data Center Networks

Planning

Fully automated provisioning and deployment of applications is one of the most essential prerequisites

to make use of the benefits of Cloud computing in order to reduce the costs for managing applications.

A huge variety of approaches, tools, and providers are available to automate the involved processes.

The DevOps community, for instance, provides tooling and reusable artifacts to implement deployment

automation in an applicationoriented manner. Platform-as-a-Service frameworks are available for the

same purpose. In this work we systematically classify and characterize available deployment

approaches independently from the underlying technology used. For motivation and evaluation

purposes, we choose Web applications with different technology stacks and analyze their specific

deployment requirements. Afterwards, we provision these applications using each of the identified

types of deployment approaches in the Cloud to perform qualitative and quantitative measurements.

Finally, we discuss the evaluation results and derive recommendations to decide which deployment

approach to use based on the deployment requirements of an application. Our results show that

deployment approaches can also be efficiently combined if there is no ‘best fit’ for a particular

application.

ETPL

CLD - 025 Middleware-oriented Deployment Automation for Cloud Applications

Cloud computing is popularizing the computing paradigm in which data is outsourced to a third-party

service provider (server) for data mining. Outsourcing, however, raises a serious security issue: how

can the client of weak computational power verify that the server returned correct mining result? In

this paper, we focus on the specific task of frequent itemset mining. We consider the server that is

potentially untrusted and tries to escape from verification by using its prior knowledge of the

outsourced data. We propose efficient probabilistic and deterministic verification approaches to check

whether the server has returned correct and complete frequent itemsets. Our probabilistic approach can

catch incorrect results with high probability, while our deterministic approach measures the result

correctness with 100 percent certainty. We also design efficient verification methods for both cases

that the data and the mining setup are updated. We demonstrate the effectiveness and efficiency of our

methods using an extensive set of empirical results on real datasets.

ETPL

CLD - 026 Trust-but-Verify: Verifying Result Correctness of Outsourced Frequent

Itemset Mining in Data-Mining-As-a-Service Paradigm

The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability,

where tenants – insulated from the minutiae of hardware maintenance – rent computing resources to

deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the

viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating

operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data

and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and

domain-based storage protection. We continue with an extensive theoretical analysis with proofs about

protocol resistance against attacks in the defined threat model. The protocols allow trust to be

established by remotely attesting host platform configuration prior to launching guest virtual machines

and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the

IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed

protocols. The framework prototype was implemented on a test bed operating a public electronic health

record system, showing that the proposed protocols can be integrated into existing cloud environments.

ETPL

CLD - 027 Providing User Security Guarantees in Public Infrastructure Clouds

Providing real-time cloud services to Vehicular Clients (VCs) must cope with delay and delay-jitter

issues. Fog computing is an emerging paradigm that aims at distributing small-size self-powered data

centers (e.g., Fog nodes) between remote Clouds and VCs, in order to deliver data-dissemination real-

time services to the connected VCs. Motivated by these considerations, in this paper, we propose and

test an energy-efficient adaptive resource scheduler for Networked Fog Centers (NetFCs). They

operate at the edge of the vehicular network and are connected to the served VCs through

Infrastructure-to-Vehicular (I2V) TCP/IP-based single-hop mobile links. The goal is to exploit the

locally measured states of the TCP/IP connections, in order to maximize the overall communication-

plus-computing energy efficiency, while meeting the application-induced hard QoS requirements on

the minimum transmission rates, maximum delays and delay-jitters. The resulting energy-efficient

scheduler jointly performs: (i) admission control of the input traffic to be processed by the NetFCs; (ii)

minimum-energy dispatching of the admitted traffic; (iii) adaptive reconfiguration and consolidation

of the Virtual Machines (VMs) hosted by the NetFCs; and, (iv) adaptive control of the traffic injected

into the TCP/IP mobile connections. The salient features of the proposed scheduler are that: (i) it is

adaptive and admits distributed and scalable implementation; and, (ii) it is capable to provide hard QoS

guarantees, in terms of minimum/maximum instantaneous rates of the traffic delivered to the vehicular

clients, instantaneous rate-jitters and total processing delays. Actual performance of the proposed

scheduler in the presence of: (i) client mobility; (ii) wireless fading; and, (iii) reconfiguration and

consolidation costs of the underlying NetFCs, is numerically tested and compared against the

corresponding ones of some state-of-the-art schedulers, under both synthetically generated and

measured - eal-world workload traces.

ETPL

CLD - 028 Energy-efficient Adaptive Resource Management for Real-time

Vehicular Cloud Services

With rapid adoption of the cloud computing model, many enterprises have begun deploying cloud-

based services. Failures of virtual machines (VMs) in clouds have caused serious quality assurance

issues for those services. VM replication is a commonly used technique for enhancing the reliability of

cloud services. However, when determining the VM redundancy strategy for a specific service, many

state-of-the-art methods ignore the huge network resource consumption issue that could be experienced

when the service is in failure recovery mode. This paper proposes a redundant VM placement

optimization approach to enhancing the reliability of cloud services. The approach employs three

algorithms. The first algorithm selects an appropriate set of VM-hosting servers from a potentially

large set of candidate host servers based upon the network topology. The second algorithm determines

an optimal strategy to place the primary and backup VMs on the selected host servers with k-fault-

tolerance assurance. Lastly, a heuristic is used to address the task-to-VM reassignment optimization

problem, which is formulated as finding a maximum weight matching in bipartite graphs. The

evaluation results show that the proposed approach outperforms four other representative methods in

network resource consumption in the service recovery stage.

ETPL

CLD - 029 Cloud Service Reliability Enhancement via Virtual Machine Placement

Optimization

This work presents a novel statistical cost model for applications that can be offloaded to cloud

computing environments. The model constructs a tree structure, referred to as the execution

dependency tree (EDT), to accurately represent various execution relations, or dependencies (e.g.,

sequential, parallel and conditional branching) among the application modules, along its different

execution paths. Contrary to existing models that assume fixed average offloading costs, each module’s

cost is modelled as a random variable described by its Cumulative Distribution Function (CDF) that is

statistically estimated through application profiling. Using this model, we generalize the offloading

cost optimization functions to those that use more user tailored statistical measures such as cost

percentiles. We employ these functions to propose an efficient offloading algorithm based on a

dynamic programming formulation. We also show that the proposed model can be used as an efficient

tool for application analysis by developers to gain insights on the applications’ statistical performance

under varying network conditions and users behaviours. Performance evaluation results show that the

achieved mean absolute percentage error between the model-based estimated cost and the measured

one for the application execution time can be as small as 5% for applications with sequential and

branching module dependencies.

ETPL

CLD - 030 A Novel Statistical Cost Model and an Algorithm for Efficient

Application Offloading to Clouds

The Internet was designed with the end-to-end principle where the network layer provided merely the

best-effort forwarding service. This design makes it challenging to add new services into the Internet

infrastructure. However, as the Internet connectivity becomes a commodity, users and applications

increasingly demand new in-network services. This paper proposes PacketCloud, a cloudlet-based

open platform to host in-network services. Different from standalone, specialized middleboxes,

cloudlets can efficiently share a set of commodity servers among different services, and serve the

network traffic in an elastic way. PacketCloud can help both Internet Service Providers (ISPs) and

emerging application/content providers deploy their services at strategic network locations. We have

implemented a proof-of-concept prototype of PacketCloud. PacketCloud introduces a small additional

delay, and can scale well to handle high-throughput data traffic. We have evaluated PacketCloud in

both a fully functional emulated environment, and the real Internet.

ETPL

CLD - 031 Packet Cloud: A Cloudlet-Based Open Platform for In-Network Services

Load-balanced flow scheduling for big data centers in clouds, in which a large amount of data needs

to be transferred frequently among thousands of interconnected servers, is a key and challenging issue.

The Open Flow is a promising solution to balance data flows in a data center network through its

programmatic traffic controller. Existing Open Flow based scheduling schemes, however, statically set

up routes only at the initialization stage of data transmissions, which suffers from dynamical flow

distribution and changing network states in data centers and often results in poor system performance.

In this paper, we propose a novel dynamical load-balanced scheduling (DLBS) approach for

maximizing the network throughput while balancing workload dynamically. We firstly formulate the

DLBS problem, and then develop a set of efficient heuristic scheduling algorithms for the two typical

OpenFlow network models, which balance data flows time slot by time slot. Experimental results

demonstrate that our DLBS approach significantly outperforms other representative load-balanced

scheduling algorithms Round Robin and LOBUS; and the higher imbalance degree data flows in data

centers exhibit, the more improvement our DLBS approach will bring to the data centers.

ETPL

CLD - 032 A Dynamical and Load-Balanced Flow Scheduling Approach for Big

Data Centers in Clouds

Companies have a fast growing amounts of data to process and store, a data explosion is happening

next to us. Currently one of the most common approaches to treat these vast data quantities are based

on the MapReduce parallel programming paradigm. While its use is widespread in the industry,

ensuring performance constraints, while at the same time minimizing costs, still provides considerable

challenges. We propose a coarse grained control theoretical approach, based on techniques that have

already proved their usefulness in the control community. We introduce the first algorithm to create

dynamic models for Big Data MapReduce systems, running a concurrent workload. Furthermore, we

identify two important control use cases: relaxed performance - minimal resource and strict

performance. For the first case we develop two feedback control mechanism. A classical feedback

controller and an evenbased feedback, that minimises the number of cluster reconfigurations as well.

Moreover, to address strict performance requirements a feedforward predictive controller that

efficiently suppresses the effects of large workload size variations is developed. All the controllers are

validated online in a benchmark running in a real 60 node MapReduce cluster, using a data intensive

Business Intelligence workload. Our experiments demonstrate the success of the control strategies

employed in assuring service time constraints.

ETPL

CLD - 033 Feedback Autonomic Provisioning for Guaranteeing Performance in

MapReduce Systems

Heterogeneity prevails not only among physical machines but also among workloads in real IaaS Cloud

data centers (CDCs). The heterogeneity makes performance modelling of large and complex IaaS

CDCs even more challenging. This paper considers the scenario where the number of virtual CPUs

requested by each customer job may be different. We propose a hierarchical stochastic modelling

approach applicable to IaaS CDC performance analysis under such a heterogeneous workload.

Numerical results obtained from the proposed analytic model are verified through discrete-event

simulations under various system parameter settings.

ETPL

CLD - 034 Effective Modelling Approach for IaaS Data Center Performance

Analysis under Heterogeneous Workload

We propose an integrated, energy-efficient, resource allocation framework for overcommitted clouds.

The framework makes great energy savings by 1) minimizing Physical Machine (PM) overload

occurrences via VM resource usage monitoring and prediction, and 2) reducing the number of active

PMs via efficient VM migration and placement. Using real Google data consisting of a 29-day traces

collected from a cluster containing more than 12K PMs, we show that our proposed framework

outperforms existing overload avoidance techniques and prior VM migration strategies by reducing

the number of unpredicted overloads, minimizing migration overhead, increasing resource utilization,

and reducing cloud energy consumption.

ETPL

CLD - 035 An Energy-Efficient VM Prediction and Migration Framework for

Overcommitted Clouds

Identity-based encryption (IBE) is a public key cryptosystem and eliminates the demands of public key

infrastructure (PKI) and certificate administration in conventional public key settings. Due to the

absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE

schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing

computation technique into IBE, Li et al. proposed a revocable IBE scheme with a key-update cloud

service provider (KU-CSP). However, their scheme has two shortcomings. One is that the computation

and communication costs are higher than previous revocable IBE schemes. The other shortcoming is

lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article,

we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two

shortcomings, namely, the performance is significantly improved and the CRA holds only a system

secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically

secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally, we extend the

proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited

privileges for managing a large number of various cloud services.

ETPL

CLD - 036 Identity-Based Encryption with Cloud Revocation Authority and Its

Applications

Many believe the future of gaming lies in the cloud, namely Cloud Gaming, which renders an

interactive gaming application in the cloud and streams the scenes as a video sequence to the player

over Internet. This paper proposes GCloud, a GPU/CPU hybrid cluster for cloud gaming based on the

user-level virtualization technology. Specially, we present a performance model to analyze the server-

capacity and games' resource-consumptions, which categorizes games into two types: CPU-critical and

memory-of-critical. Consequently, several scheduling strategies have been proposed to improve the

resource-utilization and compared with others. Simulation tests show that both of the First-Fit-like and

the Best-Fit-like strategies outperform the other(s); especially they are near optimal in the batch

processing mode. Other test results indicate that GCloud is efficient: An off-the-shelf PC can support

five high-end video-games run at the same time. In addition, the average per-frame processing delay

is 8~19 ms under different image-resolutions, which outperforms other similar solutions.

ETPL

CLD - 037 A Cloud Gaming System Based on User-Level Virtualization and Its

Resource Scheduling

Cloud offloading is an indispensable solution to supporting computationally demanding applications

on resource constrained mobile devices. In this paper, we introduce the concept of wireless aware joint

scheduling and computation offloading (JSCO) for multicomponent applications, where an optimal

decision is made on which components need to be offloaded as well as the scheduling order of these

components. The JSCO approach allows for more degrees of freedom in the solution by moving away

from a compiler predetermined scheduling order for the components towards a more wireless aware

scheduling order. For some component dependency graph structures, the proposed algorithm can

shorten execution times by parallel processing appropriate components in the mobile and cloud. We

define a net utility that trades-off the energy saved by the mobile, subject to constraints on the

communication delay, overall application execution time, and component precedence ordering. The

linear optimization problem is solved using real data measurements obtained from running multi-

component applications on an HTC smartphone and the Amazon EC2, using WiFi for cloud offloading.

The performance is further analyzed using various component dependency graph topologies and sizes.

Results show that the energy saved increases with longer application runtime deadline, higher wireless

rates, and smaller offload data sizes.

ETPL

CLD - 038 Optimal Joint Scheduling and Cloud Offloading for Mobile Applications

Cloud data owners prefer to outsource documents in an encrypted form for the purpose of privacy

preserving. Therefore it is essential to develop efficient and reliable ciphertext search techniques. One

challenge is that the relationship between documents will be normally concealed in the process of

encryption, which will lead to significant search accuracy performance degradation. Also the volume

of data in data centers has experienced a dramatic growth. This will make it even more challenging to

design ciphertext search schemes that can provide efficient and reliable online information retrieval on

large volume of encrypted data. In this paper, a hierarchical clustering method is proposed to support

more search semantics and also to meet the demand for fast ciphertext search within a big data

environment. The proposed hierarchical approach clusters the documents based on the minimum

relevance threshold, and then partitions the resulting clusters into sub-clusters until the constraint on

the maximum size of cluster is reached. In the search phase, this approach can reach a linear

computational complexity against an exponential size increase of document collection. In order to

verify the authenticity of search results, a structure called minimum hash sub-tree is designed in this

paper. Experiments have been conducted using the collection set built from the IEEE Xplore. The

results show that with a sharp increase of documents in the dataset the search time of the proposed

method increases linearly whereas the search time of the traditional method increases exponentially.

Furthermore, the proposed method has an advantage over the traditional method in the rank privacy

and relevance of retrieved documents.

ETPL

CLD - 039 An Efficient Privacy-Preserving Ranked Keyword Search Method

Hundreds of papers on job scheduling for distributed systems are published every year and it becomes

increasingly difficult to classify them. Our analysis revealed that half of these papers are barely cited.

This paper presents a general taxonomy for scheduling problems and solutions in distributed systems.

This taxonomy was used to classify and make publicly available the classification of 109 scheduling

problems and their solutions. These 109 problems were further clustered into ten groups based on the

features of the taxonomy. The proposed taxonomy will facilitate researchers to build on prior art,

increase new research visibility, and minimize redundant effort.

ETPL

CLD - 040 A Taxonomy of Job Scheduling on Distributed Computing Systems

The advent of software defined networking enables flexible, reliable and feature-rich control planes

for data center networks. However, the tight coupling of centralized control and complete visibility

leads to a wide range of issues among which scalability has risen to prominence due to the excessive

workload on the central controller. By analyzing the traffic patterns from a couple of production data

centers, we observe that data center traffic is usually highly skewed and thus edge switches can be

clustered into a set of communicationintensive groups according to traffic locality. Motivated by this

observation, we present LazyCtrl, a novel hybrid control plane design for data center networks where

network control is carried out by distributed control mechanisms inside independent groups of switches

while complemented with a global controller. LazyCtrl aims at bringing laziness to the global controller

by dynamically devolving most of the control tasks to independent switch groups to process frequent

intra-group events near the datapath while handling rare inter-group or other specified events by the

controller. We implement LazyCtrl and build a prototype based on Open vSwitch and Floodlight.

Tracedriven experiments on our prototype show that an effective switch grouping is easy to maintain

in multi-tenant clouds and the central controller can be significantly shielded by staying “lazy”, with

its workload reduced by up to 82%.

ETPL

CLD - 041 LazyCtrl: A Scalable Hybrid Network Control Plane Design for Cloud

Data Centers

We introduce Ensemble, a runtime framework and associated tools for building application

performance models on-the-fly. These dynamic performance models can be used to support complex,

highly dimensional resource allocation, and/or what-if performance inquiry in modern heterogeneous

environments, such as data centers and Clouds. Ensemble combines simple, partially specified, and

lower-dimensionality models to provide good initial approximations for higher dimensionality

application performance models. We evaluated Ensemble on industry-standard and scientific

applications. The results show that Ensemble provides accurate, fast, and flexible performance models

even in the presence of significant environment variability.

ETPL

CLD - 042 Ensemble: A Tool for Performance Modeling of Applications in Cloud

Data Centers

Elasticity is undoubtedly one of the most striking characteristics of cloud computing. Especially in the

area of high performance computing (HPC), elasticity can be used to execute irregular and CPU-

intensive applications. However, the on- the-fly increase/decrease in resources is more widespread in

Web systems, which have their own IaaS-level load balancer. Considering the HPC area, current

approaches usually focus on batch jobs or assumptions such as previous knowledge of application

phases, source code rewriting or the stop-reconfigure-and-go approach for elasticity. In this context,

this article presents AutoElastic, a PaaS-level elasticity model for HPC in the cloud. Its differential

approach consists of providing elasticity for high performance applications without user intervention

or source code modification. The scientific contributions of AutoElastic are twofold: (i) an Aging-

based approach to resource allocation and deallocation actions to avoid unnecessary virtual machine

(VM) reconfigurations (thrashing) and (ii) asynchronism in creating and terminating VMs in such a

way that the application does not need to wait for completing these procedures. The prototype

evaluation using OpenNebula middleware showed performance gains of up to 26 percent in the

execution time of an application with the AutoElastic manager. Moreover, we obtained low

intrusiveness for AutoElastic when reconfigurations do not occur.

ETPL

CLD - 043 AutoElastic: Automatic Resource Elasticity for High Performance

Applications in the Cloud

The production of huge amount of data and the emergence of cloud computing have introduced new

requirements for data management. Many applications need to interact with several heterogeneous data

stores depending on the type of data they have to manage: traditional data types, documents, graph data

from social networks, simple key-value data, etc. Interacting with heterogeneous data models via

different APIs, and multiple data store applications imposes challenging tasks to their developers.

Indeed, programmers have to be familiar with different APIs. In addition, the execution of complex

queries over heterogeneous data models cannot, currently, be achieved in a declarative way as it is used

to be with mono-data store application, and therefore requires extra implementation efforts. Moreover,

developers need to master and deal with the complex processes of cloud discovery, and application

deployment and execution. In this paper we propose an integrated set of models, algorithms and tools

aiming at alleviating developers task for developing, deploying and migrating multiple data stores

applications in cloud environments. Our approach focuses mainly on three points. First, we provide a

unifying data model used by applications developers to interact with heterogeneous relational and

NoSQL data stores. Based on that, they express queries using OPEN-PaaS-DataBase API (ODBAPI),

a unique REST API allowing programmers to write their applications code independently of the target

data stores. Second, we propose virtual data stores, which act as a mediator and interact with integrated

data stores wrapped by ODBAPI. This run-time component supports the execution of single and

complex queries over heterogeneous data stores. Finally, we present a declarative approach that enables

to lighten the burden of the tedious and non-standard tasks of (1) discovering relevant cloud

environment and (2) deploying applications on them while letting developers to simply focus on

specifying th- ir storage and computing requirements. A prototype of the proposed solution has been

developed and is currently used to implement use cases from the OpenPaaS project.

ETPL

CLD - 044 Supporting Multi Data Stores Applications in Cloud Environments

With simple access interfaces and flexible billing models, cloud storage has become an attractive

solution to simplify the storage management for both enterprises and individual users. However,

traditional file systems with extensive optimizations for local disk-based storage backend can not fully

exploit the inherent features of the cloud to obtain desirable performance. In this paper, we present the

design, implementation, and evaluation of Coral, a cloud based file system that strikes a balance

between performance and monetary cost. Unlike previous studies that treat cloud storage as just a

normal backend of existing networked file systems, Coral is designed to address several key issues in

optimizing cloud-based file systems such as the data layout, block management, and billing model.

With carefully designed data structures and algorithms, such as identifying semantically correlated data

blocks, kd-tree based caching policy with self-adaptive thrashing prevention, effective data layout, and

optimal garbage collection, Coral achieves good performance and cost savings under various

workloads as demonstrated by extensive evaluations.

ETPL

CLD - 045 Coral: A Cloud-Backed Frugal File System

Cloud users no longer physically possess their data, so how to ensure the integrity of their outsourced

data becomes a challenging task. Recently proposed schemes such as “provable data possession” and

“proofs of retrievability” are designed to address this problem, but they are designed to audit static

archive data and therefore lack of data dynamics support. Moreover, threat models in these schemes

usually assume an honest data owner and focus on detecting a dishonest cloud service provider despite

the fact that clients may also misbehave. This paper proposes a public auditing scheme with data

dynamics support and fairness arbitration of potential disputes. In particular, we design an index

switcher to eliminate the limitation of index usage in tag computation in current schemes and achieve

efficient handling of data dynamics. To address the fairness problem so that no party can misbehave

without being detected, we further extend existing threat models and adopt signature exchange idea to

design fair arbitration protocols, so that any possible dispute can be fairly settled. The security analysis

shows our scheme is provably secure, and the performance evaluation demonstrates the overhead of

data dynamics and dispute arbitration are reasonable.

ETPL

CLD - 046 Dynamic and Public Auditing with Fair Arbitration for Cloud Data

The explosive growth of data brings new challenges to the data storage and management in cloud

environment. These data usually have to be processed in a timely fashion in the cloud. Thus, any

increased latency may cause a massive loss to the enterprises. Similarity detection plays a very

important role in data management. Many typical algorithms such as Shingle, Simhash, Traits and

Traditional Sampling Algorithm (TSA) are extensively used. The Shingle, Simhash and Traits

algorithms read entire source file to calculate the corresponding similarity characteristic value, thus

requiring lots of CPU cycles and memory space and incurring tremendous disk accesses. In addition,

the overhead increases with the growth of data set volume and results in a long delay. Instead of reading

entire file, TSA samples some data blocks to calculate the fingerprints as similarity characteristics

value. The overhead of TSA is fixed and negligible. However, a slight modification of source files will

trigger the bit positions of file content shifting. Therefore, a failure of similarity identification is

inevitable due to the slight modifications. This paper proposes an Enhanced Position-Aware Sampling

algorithm (EPAS) to identify file similarity for the cloud by modulo file length. EPAS concurrently

samples data blocks from the head and the tail of the modulated file to avoid the position shift incurred

by the modifications. Meanwhile, an improved metric is proposed to measure the similarity between

different files and make the possible detection probability close to the actual probability. Furthermore,

this paper describes a query algorithm to reduce the time overhead of similarity detection. Our

experimental results demonstrate that the EPAS significantly outperforms the existing well known

algorithms in terms of time overhead, CPU and memory occupation. Moreover, EPAS makes a more

preferable tradeoff between precision and recall than that of other similarity detection algorithms.

Theref- re, it is an effective approach of similarity identification for the cloud.

ETPL

CLD - 047 EPAS: A Sampling Based Similarity Identification Algorithm for the

Cloud

Attribute-based Encryption (ABE) is regarded as a promising cryptographic conducting tool to

guarantee data owners’ direct control over their data in public cloud storage. The earlier ABE schemes

involve only one authority to maintain the whole attribute set, which can bring a single-point bottleneck

on both security and performance. Subsequently, some multi-authority schemes are proposed, in which

multiple authorities separately maintain disjoint attribute subsets. However, the single-point bottleneck

problem remains unsolved. In this paper, from another perspective, we conduct a threshold multi-

authority CP-ABE access control scheme for public cloud storage, named TMACS, in which multiple

authorities jointly manage a uniform attribute set. In TMACS, taking advantage of threshold secret

sharing, the master key can be shared among multiple authorities, and a legal user can generate his/her

secret key by interacting with anyauthorities. Security and performance analysis results show that

TMACS is not only verifiable secure when less thanauthorities are compromised, but also robust when

no less than authorities are alive in the system. Furthermore, by efficiently combining the traditional

multi-authority scheme with TMACS, we construct a hybrid one, which satisf- es the scenario of

attributes coming from different authorities as well as achieving security and system-level robustness.

ETPL

CLD - 048 TMACS: A Robust and Verifiable Threshold Multi-Authority Access

Control System in Public Cloud Storage

Security enhancements to the emerging IaaS (Infrastructure as a Service) cloud computing systems

have become the focus of much research, but little of this targets the underlying infrastructure. Trusted

Cloud systems are proposed to integrate Trusted Computing infrastructure with cloud systems. With

remote attestations, cloud customers are able to determine the genuine behaviors of their applications’

hosts; and therefore they establish trust to the cloud. However, the current Trusted Clouds have

difficulties in effectively attesting to the cloud service dependency for customers’ applications, due to

the cloud’s complexity, heterogeneity and dynamism. In this paper, we present RepCloud, a

decentralized cloud trust management framework, inspired by the reputation systems from the research

in peerto- peer systems. With RepCloud, cloud customers are able to determine the properties of the

exact nodes that may affect the genuine functionalities of their applications, without obtaining much

internal information of the cloud. Experiments showed that besides achieving fine-grained cloud

service dependency attestation, RepCloud incurred lower trust management overhead than the existing

trusted cloud systems.

ETPL

CLD - 050 Rep Cloud: Attesting to Cloud Service Dependency

A sensor cloud consists of various heterogeneous wireless sensor networks (WSNs). These WSNs may

have different owners and run a wide variety of user applications on demand in a wireless

communication medium. Hence, they are susceptible to various security attacks. Thus, a need exists to

formulate effective and efficient security measures that safeguard these applications impacted from

attack in the sensor cloud. However, analyzing the impact of different attacks and their

causeconsequence relationship is a prerequisite before security measures can be either developed or

deployed. In this paper, we propose a risk assessment framework for WSNs in a sensor cloud that

utilizes attack graphs. We use Bayesian networks to not only assess but also to analyze attacks on

WSNs. The risk assessment framework will first review the impact of attacks on a WSN and estimate

reasonable time frames that predict the degradation of WSN security parameters like confidentiality,

integrity and availability. Using our proposed risk assessment framework allows the security

administrator to better understand the threats present and take necessary actions against them. The

framework is validated by comparing the assessment results with that of the results obtained from

different simulated attack scenarios.

ETPL

CLD - 049 Risk Assessment in a Sensor Cloud Framework Using Attack Graphs

Due to the increasing usage of cloud computing applications, it is important to minimize energy cost

consumed by a data center, and simultaneously, to improve quality of service via data center

management. One promising approach is to switch some servers in a data center to the idle mode for

saving energy while to keep a suitable number of servers in the active mode for providing timely

service. In this paper, we design both online and offline algorithms for this problem. For the offline

algorithm, we formulate data center management as a cost minimization problem by considering

energy cost, delay cost (to measure service quality), and switching cost (to change servers’s active/idle

mode). Then, we analyze certain properties of an optimal solution which lead to a dynamic

programming based algorithm. Moreover, by revising the solution procedure, we successfully

eliminate the recursive procedure and achieve an optimal offline algorithm with a polynomial

complexity. For the online algorithm, we design it by considering the worst case scenario for future

workload. In simulation, we show this online algorithm can always provide near-optimal solutions.

ETPL

CLD - 052 Cost Minimization Algorithms for Data Center Management

With the prevalence of cloud computing and virtualization, more and more cloud services including

parallel soft real-time applications (PSRT applications) are running in virtualized data centers.

However, current hypervisors do not provide adequate support for them because of soft real-time

constraints and synchronization problems, which result in frequent deadline misses and serious

performance degradation. CPU schedulers in underlying hypervisors are central to these issues. In this

paper, we identify and analyze CPU scheduling problems in hypervisors. Then, we design and

implement a parallel soft real-time scheduler according to the analysis, named Poris, based on Xen. It

addresses both soft real-time constraints and synchronization problems simultaneously. In our

proposed method, priority promotion and dynamic time slice mechanisms are introduced to determine

when to schedule virtual CPUs (VCPUs) according to the characteristics of soft real-time applications.

Besides, considering that PSRT applications may run in a virtual machine (VM) or multiple VMs, we

present parallel scheduling, group scheduling and communication-driven group scheduling to

accelerate synchronizations of these applications and make sure that tasks are finished before their

deadlines under different scenarios. Our evaluation shows Poris can significantly improve the

performance of PSRT applications no matter how they run in a VM or multiple VMs. For example,

compared to the Credit scheduler, Poris decreases the response time of web search benchmark by up

to 91.6 percent.

ETPL

CLD - 051 Poris: A Scheduler for Parallel Soft Real-Time Applications in

Virtualized Environments

Cloud computing has emerged as a very flexible service paradigm by allowing users to require virtual

machine (VM) resources on-demand and allowing cloud service providers (CSPs) to provide VM

resources via a pay-as-you-go model. This paper addresses the CSP's problem of efficiently allocating

VM resources to physical machines (PMs) with the aim of minimizing the energy consumption.

Traditional energy-aware VM allocations either allocate VMs to PMs in a centralized manner or

implement VM migrations for energy reduction without considering the migration cost in cloud

computing systems. We address these two issues by introducing a decentralized multiagent (MA)-

based VM allocation approach. The proposed MA works by first dispatching a cooperative agent to

each PM to assist the PM in managing VM resources. Then, an auction-based VM allocation

mechanism is designed for these agents to decide the allocations of VMs to PMs. Moreover, to tackle

system dynamics and avoid incurring prohibitive VM migration overhead, a local negotiation-based

VM consolidation mechanism is devised for the agents to exchange their assigned VMs for energy cost

saving. We evaluate the efficiency of the MA approach by using both static and dynamic simulations.

The static experimental results demonstrate that the MA can incur acceptable computation time to

reduce system energy cost compared with traditional bin packing and genetic algorithm-based

centralized approaches. In the dynamic setting, the energy cost of the MA is similar to that of

benchmark global-based VM consolidation approaches, but the MA largely reduces the migration cost.

ETPL

CLD - 054 Multiagent-Based Resource Allocation for Energy Minimization in

Cloud Computing Systems

Energy efficiency of data centers (DCs) has become a major concern as DCs continue to grow large

often hosting tens of thousands of servers or even hundreds of thousands of them. Clearly, such a

volume of DCs implies scale of data center network (DCN) with a huge number of network nodes and

links. The energy consumption of this communication network has skyrocketed and become the same

league as computing servers’costs. With the ever-increasing amount of data that need to be stored and

processed in DCs, DCN traffic continues to soar drawing increasingly more power. In particular, more

than one-third of the total energy in DCs is consumed by communication links, switching and

aggregation elements. In this paper, we concern the energy efficiency of data center explicitly taking

into account both servers and DCN. To this end, we present VPTCA, as a collective energy-efficiency

approach to data center network planning, which deals with virtual machine (VM) placement and

communication traffic configuration. VPTCA aims particularly to reduce the energy consumption of

DCN by assigning interrelated VMs into the same server or pod, which effectively helps reduce the

amount of transmission load. In the layer of traffic message, VPTCA optimally uses switch ports and

link bandwidth to balance the load and avoid congestions, enabling DCN to increase its transmission

capacity, and saving a significant amount of network energy. In our evaluation via NS-2 simulations,

the performance of VPTCA is measured and compared with two well-known DCN management

algorithms, Global First Fit and Elastic Tree. Based on our experimental results, VPTCA outperforms

existing algorithms in providing DCN more transmission capacity with less energy consumption.

ETPL

CLD - 053 Collective Energy-Efficiency Approach to Data Center Networks

Planning

Key-exposure resistance has always been an important issue for in-depth cyber defence in many

security applications. Recently, how to deal with the key exposure problem in the settings of cloud

storage auditing has been proposed and studied. To address the challenge, existing solutions all require

the client to update his secret keys in every time period, which may inevitably bring in new local

burdens to the client, especially those with limited computation resources, such as mobile phones. In

this paper, we focus on how to make the key updates as transparent as possible for the client and

propose a new paradigm called cloud storage auditing with verifiable outsourcing of key updates. In

this paradigm, key updates can be safely outsourced to some authorized party, and thus the key-update

burden on the client will be kept minimal. In particular, we leverage the third party auditor (TPA) in

many existing public auditing designs, let it play the role of authorized party in our case, and make it

in charge of both the storage auditing and the secure key updates for key-exposure resistance. In our

design, TPA only needs to hold an encrypted version of the client's secret key while doing all these

burdensome tasks on behalf of the client. The client only needs to download the encrypted secret key

from the TPA when uploading new files to cloud. Besides, our design also equips the client with

capability to further verify the validity of the encrypted secret keys provided by the TPA. All these

salient features are carefully designed to make the whole auditing procedure with key exposure

resistance as transparent as possible for the client. We formalize the definition and the security model

of this paradigm. The security proof and the performance simulation show that our detailed design

instantiations are secure and efficient.

ETPL

CLD - 056 Enabling Cloud Storage Auditing with Verifiable Outsourcing of Key

Updates

Ciphertext-policy attribute-based encryption (CP-ABE) has been a preferred encryption technology to

solve the challenging problem of secure data sharing in cloud computing. The shared data files

generally have the characteristic of multilevel hierarchy, particularly in the area of healthcare and the

military. However, the hierarchy structure of shared files has not been explored in CP-ABE. In this

paper, an efficient file hierarchy attribute-based encryption scheme is proposed in cloud computing.

The layered access structures are integrated into a single access structure, and then, the hierarchical

files are encrypted with the integrated access structure. The ciphertext components related to attributes

could be shared by the files. Therefore, both ciphertext storage and time cost of encryption are saved.

Moreover, the proposed scheme is proved to be secure under the standard assumption. Experimental

simulation shows that the proposed scheme is highly efficient in terms of encryption and decryption.

With the number of the files increasing, the advantages of our scheme become more and more

conspicuous.

ETPL

CLD - 055 An Efficient File Hierarchy Attribute-Based Encryption Scheme in

Cloud Computing


to devices ondemand. It’s an emerging but promising paradigm to integrating mobile devices into cloud













paradigms.

ETPL

CLD - 058 A Modified Hierarchical Attribute-based Encryption Access Control

Method for Mobile Cloud Computing

With the rapid increase of monitoring devices and controllable facilities in the demand side of

electricity networks, more solid information and communication technology (ICT) resources are

required to support the development of demand side management (DSM). Different from traditional

computation in power systems which customizes ICT resources for mapping applications separately,

DSM especially asks for scalability and economic efficiency, because there are more and more

stakeholders participating in the computation process. This paper proposes a novel cost-oriented

optimization model for a cloud-based ICT infrastructure to allocate cloud computing resources in a

flexible and cost-efficient way. Uncertain factors including imprecise computation load prediction and

unavailability of computing instances can also be considered in the proposed model. A modified

priority list algorithm is specially developed in order to efficiently solve the proposed optimization

model and compared with the mature simulating annealing based algorithm. Comprehensive numerical

studies are fulfilled to demonstrate the effectiveness of the proposed cost-oriented model on reducing

the operation cost of cloud platform in DSM.

ETPL

CLD - 057 Optimal Cloud Computing Resource Allocation for Demand Side

Management

Due to the increasing popularity of cloud computing, more and more data owners are motivated to

outsource their data to cloud servers for great convenience and reduced cost in data management.

However, sensitive data should be encrypted before outsourcing for privacy requirements, which

obsoletes data utilization like keyword-based document retrieval. In this paper, we present a secure

multi-keyword ranked search scheme over encrypted cloud data, which simultaneously supports

dynamic update operations like deletion and insertion of documents. Specifically, the vector space

model and the widely-used TF x IDF model are combined in the index construction and query

generation. We construct a special tree-based index structure and propose a “Greedy Depth-first

Search” algorithm to provide efficient multi-keyword ranked search. The secure kNN algorithm is

utilized to encrypt the index and query vectors, and meanwhile ensure accurate relevance score

calculation between encrypted index and query vectors. In order to resist statistical attacks, phantom

terms are added to the index vector for blinding search results. Due to the use of our special tree-based

index structure, the proposed scheme can achieve sub-linear search time and deal with the deletion and

insertion of documents flexibly. Extensive experiments are conducted to demonstrate the efficiency of

the proposed scheme.

ETPL

CLD - 060 A Secure and Dynamic Multi-Keyword Ranked Search Scheme over

Encrypted Cloud Data

Cloud service certifications (CSC) attempt to assure a high level of security and compliance. However,

considering that cloud services are part of an ever-changing environment, multi-year validity periods

may put in doubt reliability of such certifications. We argue that continuous auditing (CA) of selected

certification criteria is required to assure continuously reliable and secure cloud services, and thereby

increase trustworthiness of certifications. CA of cloud services is still in its infancy, thus, we conducted

a thorough literature review, interviews, and workshops with practitioners to conceptualize an

architecture for continuous cloud service auditing. Our study shows that various criteria should be

continuously audited. Yet, we reveal that most of existing methodologies are not applicable for third

party auditing purposes. Therefore, we propose a conceptual CA architecture, and highlight important

components and processes that have to be implemented. Finally, we discuss benefits and challenges

that have to be tackled to diffuse the concept of continuous cloud service auditing. We contribute to

knowledge and practice by providing applicable internal and third party auditing methodologies for

auditors and providers, linked together in a conceptual architecture. Further on, we provide groundings

for future research to implement CA in cloud service contexts.

ETPL

CLD - 059 Trust is Good, Control is better: Creating Secure Clouds by Continuous

Auditing

IEEE Projects 2016-2017Updated Top list of Cloud Computing for ME/MTech,BE/BTech Final Year students

Education