CLOUD COMPUTING PAPER TITLES AND ABSTRACT

IEEE PAPERS:
1. Compatibility-Aware Cloud Service Composition under Fuzzy Preferences of
Users January 2014
When a single Cloud service (i.e., a software image and a virtual machine), on its own,
cannot satisfy all the user requirements, a composition of Cloud services is required. Cloud
service composition, which includes several tasks such as discovery, compatibility checking,
selection, and deployment, is a complex process and users find it difficult to select the best
one among the hundreds, if not thousands, of possible compositions available. Service
composition in Cloud raises even new challenges caused by diversity of users with different
expertise requiring their applications to be deployed across difference geographical locations
with distinct legal constraints. The main difficulty lies in selecting a combination of virtual
appliances (software images) and infrastructure services that are compatible and satisfy a user
with vague preferences. Therefore, we present a framework and algorithms which simplify
Cloud service composition for unskilled users. We develop an ontology-based approach to
analyze Cloud service compatibility by applying reasoning on the expert knowledge. In
addition, to minimize effort of users in expressing their preferences, we apply combination of
evolutionary algorithms and fuzzy logic for composition optimization. This lets users express
their needs in linguistics terms which brings a great comfort to them compared to systems
that force users to assign exact weights for all preferences.
2. Dynamic Heterogeneity-Aware Resource Provisioning in the Cloud April 2014
Data centers consume tremendous amounts of energy in terms of power distribution and
cooling. Dynamic capacity provisioning is a promising approach for reducing energy
consumption by dynamically adjusting the number of active machines to match resource
demands. However, despite extensive studies of the problem, existing solutions have not fully
considered the heterogeneity of both workload and machine hardware found in production
environments. In particular, production data centers often comprise heterogeneous machines
with different capacities and energy consumption characteristics. Meanwhile, the production
cloud workloads typically consist of diverse applications with different priorities,
performance and resource requirements. Failure to consider the heterogeneity of both
machines and workloads will lead to both sub-optimal energy-savings and long scheduling
delays, due to incompatibility between workload requirements and the resources offered by
the provisioned machines. To address this limitation, we present Harmony, a HeterogeneityAware dynamic capacity provisioning scheme for cloud data centers. Specifically, we first use
the K-means clustering algorithm to divide workload into distinct task classes with similar
characteristics in terms of resource and performance requirements. Then we present a
technique that dynamically adjusting the number of machines to minimize total energy
consumption and scheduling delay. Simulations using traces from a Google's compute cluster
demonstrate Harmony can reduce energy by 28 percent compared to heterogeneity-oblivious
solutions.
3.

Multi-Objective Game Theoretic Scheduling of Bag-of-Tasks Workflows on

Hybrid Clouds March 2014

Scheduling multiple large-scale parallel workflow applications on heterogeneous computing

systems like hybrid clouds is a fundamental NP-complete problem that is critical to meeting
various types of QoS (Quality of Service) requirements. This paper addresses the scheduling
1

problem of large-scale applications inspired from real-world, characterized by a huge number

of homogeneous and concurrent bags-of-tasks that are the main sources of bottlenecks but
open great potential for optimization. The scheduling problem is formulated as a new
sequential cooperative game and propose a communication and storage-aware multi-objective
algorithm that optimizes two user objectives (execution time and economic cost) while
fulfilling two constraints (network bandwidth and storage requirements). We present
comprehensive experiments using both simulation and real-world applications that
demonstrate the efficiency and effectiveness of our approach in terms of algorithm
complexity, makespan, cost, system-level efficiency, fairness, and other aspects compared
with other related algorithms.
4. Oruta: Privacy-Preserving Public Auditing for Shared Data in the Cloud
March 2014
With cloud data services, it is commonplace for data to be not only stored in the cloud, but
also shared across multiple users. Unfortunately, the integrity of cloud data is subject to
skepticism due to the existence of hardware/software failures and human errors. Several
mechanisms have been designed to allow both data owners and public verifiers to efficiently
audit cloud data integrity without retrieving the entire data from the cloud server. However,
public auditing on the integrity of shared data with these existing mechanisms will inevitably
reveal confidential information-identity privacy-to public verifiers. In this paper, we propose
a novel privacy-preserving mechanism that supports public auditing on shared data stored in
the cloud. In particular, we exploit ring signatures to compute verification metadata needed to
audit the correctness of shared data. With our mechanism, the identity of the signer on each
block in shared data is kept private from public verifiers, who are able to efficiently verify
shared data integrity without retrieving the entire file. In addition, our mechanism is able to
perform multiple auditing tasks simultaneously instead of verifying them one by one. Our
experimental results demonstrate the effectiveness and efficiency of our mechanism when
auditing shared data integrity.
5. Scalable Analytics for IaaS Cloud Availability March 2014
In a large Infrastructure-as-a-Service (IaaS) cloud, component failures are quite common.
Such failures may lead to occasional system downtime and eventual violation of Service
Level Agreements (SLAs) on the cloud service availability. The availability analysis of the
underlying infrastructure is useful to the service provider to design a system capable of
providing a defined SLA, as well as to evaluate the capabilities of an existing one. This paper
presents a scalable, stochastic model-driven approach to quantify the availability of a largescale IaaS cloud, where failures are typically dealt with through migration of physical
machines among three pools: hot (running), warm (turned on, but not ready), and cold (turned
off). Since monolithic models do not scale for large systems, we use an interacting Markov
chain based approach to demonstrate the reduction in the complexity of analysis and the
solution time. The three pools are modeled by interacting sub-models. Dependencies among
them are resolved using fixed-point iteration, for which existence of a solution is proved. The
analytic-numeric solutions obtained from the proposed approach and from the monolithic
model are compared. We show that the errors introduced by interacting sub-models are
insignificant and that our approach can handle very large size IaaS clouds. The simulative
solution is also considered for the proposed model, and solution time of the methods are
compared.

6. Thermal-Aware Scheduling of Batch Jobs in Geographically Distributed Data

Centers January 2014
Decreasing the soaring energy cost is imperative in large data centers. Meanwhile, limited
computational resources need to be fairly allocated among different organizations. Latency is
another major concern for resource management. Nevertheless, energy cost, resource
allocation fairness, and latency are important but often contradicting metrics on scheduling
data center workloads. Moreover, with the ever-increasing power density, data center
operation must be judiciously optimized to prevent server overheating. In this paper, we
explore the benefit of electricity price variations across time and locations. We study the
problem of scheduling batch jobs to multiple geographically-distributed data centers. We
propose a provably-efficient online scheduling algorithm - GreFar - which optimizes the
energy cost and fairness among different organizations subject to queueing delay constraints,
while satisfying the maximum server inlet temperature constraints. GreFar does not require
any statistical information of workload arrivals or electricity prices. We prove that it can
minimize the cost arbitrarily close to that of the optimal offline algorithm with future
information. Moreover, we compare the performance of GreFar with ones of a similar
algorithm, referred to as T-unaware, that is not able to consider the server inlet temperature in
the scheduling process. We prove that GreFar is able to save up to 16 percent of energyfairness cost with respect to T-unaware.
7. Transformation-Based Monetary CostOptimizations for Workflows in the Cloud.
January 2014
Recently, performance and monetary cost optimizations for workflows from various
applications in the cloud have become a hot research topic. However, we find that most
existing studies adopt ad hoc optimization strategies, which fail to capture the key
optimization opportunities for different workloads and cloud offerings (e.g., virtual machines
with different prices). This paper proposes ToF, a general transformation-based optimization
framework for workflows in the cloud. Specifically, ToF formulates six basic workflow
transformation operations. An arbitrary performance and cost optimization process can be
represented as a transformation plan (i.e., a sequence of basic transformation operations). All
transformations form a huge optimization space. We further develop a cost model guided
planner to efficiently find the optimized transformation for a predefined goal (e.g.,
minimizing the monetary cost with a given performance requirement). We develop ToF on
real cloud environments including Amazon EC2 and Rackspace. Our experimental results
demonstrate the effectiveness of ToF in optimizing the performance and cost in comparison
with other existing approaches.
8. A Scientometric Analysis of Cloud Computing Literature April 2014
The popularity and rapid development of cloud computing in recent years has led to a huge
amount of publications containing the achieved knowledge of this area of research. Due to
the interdisciplinary nature and high relevance of cloud computing research, it becomes
increasingly difficult or even impossible to understand the overall structure and development
of this field without analytical approaches. While evaluating science has a long tradition in
many fields, we identify a lack of a comprehensive scientometric study in the area of cloud
computing. Based on a large bibliographic data base, this study applies scientometric means
to empirically study the evolution and state of cloud computing research with a view from
above the clouds. By this, we provide extensive insights into publication patterns, research
impact and research productivity. Furthermore, we explore the interplay of related subtopics
3

by analyzing keyword clusters. The results of this study provide a better understanding of
patterns, trends and other important factors as a basis for directing research activities, sharing
knowledge and collaborating in the area of cloud computing research
9. A Self-Scalable and Auto-Regulated Request Injection Benchmarking Tool for
Automatic Saturation Detection June 2014
Software applications providers have always been required to perform load testing prior to
launching new applications. This crucial test phase is expensive in human and hardware
terms, and the solutions generally used would benefit from further development. In particular,
designing an appropriate load profile to stress an application is difficult and must be done
carefully to avoid skewed testing. In addition, static testing platforms are exceedingly
complex to set up. New opportunities to ease load testing solutions are becoming available
thanks to cloud computing. This paper describes a Benchmark-as-a-Service platform based
on: (i) intelligent generation of traffic to the benched application without inducing thrashing
(avoiding predefined load profiles), (ii) a virtualized and self-scalable load injection system.
The platform developed was experimented using two use cases based on the reference JEE
benchmark RUBiS. This involved detecting bottleneck tiers, and tuning servers to improve
performance. This platform was found to reduce the cost of testing by 50 percent compared to
more commonly used solutions.
10. An Autonomic Approach to Risk-Aware Data Center Overbooking 2014
Elasticity is a key characteristic of cloud computing that increases the flexibility for cloud
consumers, allowing them to adapt the amount of physical resources associated to their
services over time in an on-demand basis. However, elasticity creates problems for cloud
providers as it may lead to poor resource utilization, specially in combination with other
factors, such as user overestimations and pre-defined VM sizes. Admission control
mechanisms are thus needed to increase the number of services accepted, raising the
utilization without affecting services performance. This work focuses on implementing an
autonomic risk-aware overbooking architecture capable of increasing the resource utilization
of cloud data centers by accepting more virtual machines than physical available resources.
Fuzzy logic functions are used to estimate the associated risk to each overbooking decision.
By using a distributed PID controller approach, the system is capable of self-adapting over
time-changing the acceptable level of risk-depending on the current status of the cloud data
center. The suggested approach is extensively evaluated using a combination of simulations
and experiments executing real cloud applications with real-life available workloads. Our
results show a 50 percent increment at both resource utilization and capacity allocated with
acceptable performance degradation and more stable resource utilization over time.
11. Performance and cost evaluation of an adaptive encryption architecture for
cloud database services July 2014
The cloud database as a service is a novel paradigm that can support several Internet-based
applications, but its adoption requires the solution of information confidentiality problems.
We propose a novel architecture for adaptive encryption of public cloud databases that offers
an interesting alternative to the tradeoff between the required data confidentiality level and
the flexibility of the cloud database structures at design time. We demonstrate the feasibility
and performance of the proposed solution through a software prototype. Moreover, we
propose an original cost model that is oriented to the evaluation of cloud database services in
plain and encrypted instances and that takes into account the variability of cloud prices and
tenant workloads during a medium-term period.
4

12. Budget-Driven Scheduling Algorithms for Batches of MapReduce Jobs in

Heterogeneous Clouds April 2014
In this paper, we consider task-level scheduling algorithms with respect to budget and
deadline constraints for a batch of MapReduce jobs on a set of provisioned heterogeneous
(virtual) machines in cloud platforms. The heterogeneity is manifested in the popular pay-asyou-go charging model where the service machines with different performance would have
different service rates. We organize the batch of jobs as a k-stage workflow and study two
related optimization problems, depending on whether the constraints are on monetary budget
or on scheduling length of the workflow. First, given a total monetary budget B, by
combining an in-stage local greedy algorithm (whose optimality is also proven) and dynamic
programming (DP) techniques, we propose a global optimal scheduling algorithm to achieve
minimum scheduling length of the workflow within O(kB2). Although the optimal algorithm
is efficient when B is polynomially bounded by the number of tasks in the MapReduce jobs,
the quadratic time complexity is still high. To improve the efficiency, we further develop two
greedy algorithms, called Global Greedy Budget (GGB) and Gradual Refinement (GR), each
adopting different greedy strategies. In GGB we extend the idea of the local greedy algorithm
to the efficient global distribution of the budget with minimum scheduling length as a goal
whilst in GR we iteratively apply the DP algorithm to the distribution of exponentially
reduced budget so that the solutions are gradually refined. Second, we consider the
optimization problem of minimizing cost when the (time) deadline of the computation D is
fixed. We convert this problem into the standard Multiple-Choice Knapsack Problem via a
parallel transformation. Our empirical studies verify the proposed optimal algorithms and
show the efficiencies of the greedy algorithms in cost-effectiveness to distribute the budget
for performance optimizations of the MapReduce workflows.
13. A Novel Model for Competition and Cooperation Among Cloud Providers May
2014
Having received significant attention in the industry, the cloud market is nowadays fiercely
competitive with many cloud providers. On one hand, cloud providers compete against each
other for both existing and new cloud users. To keep existing users and attract newcomers, it
is crucial for each provider to offer an optimal price policy which maximizes the final
revenue and improves the competitive advantage. The competition among providers leads to
the evolution of the market and dynamic resource prices over time. On the other hand, cloud
providers may cooperate with each other to improve their final revenue. Based on a service
level agreement, a provider can outsource its users' resource requests to its partner to reduce
the operation cost and thereby improve the final revenue. This leads to the problem of
determining the cooperating parties in a cooperative environment. This paper tackles these
two issues of the current cloud market. First, we solve the problem of competition among
providers and propose a dynamic price policy. We employ a discrete choice model to describe
the user's choice behavior based on his obtained benefit value. The choice model is used to
derive the probability of a user choosing to be served by a certain provider. The competition
among providers is formulated as a noncooperative stochastic game where the players are
providers who act by proposing the price policy simultaneously. The game is modelled as a
Markov Decision Process whose solution is a Markov Perfect Equilibrium. Then, we address
the cooperation among providers by presenting a novel algorithm for determining a
cooperation strategy that tells providers whether to satisfy users' resource requests locally or
outsource them to a certain provider. The algorithm yields the optimal cooperation structure
from which no provider unilaterally deviates to gain more revenue. Numerical simulations
are carried out to evaluate the performance of the proposed models.
5

14. A Hyper-Heuristic Scheduling Algorithm for Cloud April 2014

Rule-based scheduling algorithms have been widely used on many cloud computing systems
because they are simple and easy to implement. However, there is plenty of room to improve
the performance of these algorithms, especially by using heuristic scheduling. As such, this
paper presents a novel heuristic scheduling algorithm, called hyper-heuristic scheduling
algorithm (HHSA), to find better scheduling solutions for cloud computing systems. The
diversity detection and improvement detection operators are employed by the proposed
algorithm to dynamically determine which low-level heuristic is to be used in finding better
candidate solutions. To evaluate the performance of the proposed method, this study
compares the proposed method with several state-of-the-art scheduling algorithms, by having
all of them implemented on CloudSim (a simulator) and Hadoop (a real system). The results
show that HHSA can significantly reduce the makespan of task scheduling compared with the
other scheduling algorithms evaluated in this paper, on both CloudSim and Hadoop.
15. Real-Time Tasks Oriented Energy-Aware Scheduling in Virtualized CloudsApril 2014
Energy conservation is a major concern in cloud computing systems because it can bring
several important benefits such as reducing operating costs, increasing system reliability, and
prompting environmental protection. Meanwhile, power-aware scheduling approach is a
promising way to achieve that goal. At the same time, many real-time applications, e.g.,
signal processing, scientific computing have been deployed in clouds. Unfortunately, existing
energy-aware scheduling algorithms developed for clouds are not real-time task oriented, thus
lacking the ability of guaranteeing system schedulability. To address this issue, we first
propose in this paper a novel rolling-horizon scheduling architecture for real-time task
scheduling in virtualized clouds. Then a task-oriented energy consumption model is given
and analyzed. Based on our scheduling architecture, we develop a novel energy-aware
scheduling algorithm named EARH for real-time, aperiodic, independent tasks. The EARH
employs a rolling-horizon optimization policy and can also be extended to integrate other
energy-aware scheduling algorithms. Furthermore, we propose two strategies in terms of
resource scaling up and scaling down to make a good trade-off between task's schedulability
and energy conservation. Extensive simulation experiments injecting random synthetic tasks
as well as tasks following the last version of the Google cloud tracelogs are conducted to
validate the superiority of our EARH by comparing it with some baselines. The experimental
results show that EARH significantly improves the scheduling quality of others and it is
suitable for real-time task scheduling in virtualized clouds.
16. Analysis, Modeling and Simulation of Workload Patterns in a Large-Scale Utility
Cloud april 2014
Understanding the characteristics and patterns of workloads within a Cloud computing
environment is critical in order to improve resource management and operational conditions
while Quality of Service (QoS) guarantees are maintained. Simulation models based on
realistic parameters are also urgently needed for investigating the impact of these workload
characteristics on new system designs and operation policies. Unfortunately there is a lack of
analyses to support the development of workload models that capture the inherent diversity of
users and tasks, largely due to the limited availability of Cloud tracelogs as well as the
complexity in analyzing such systems. In this paper we present a comprehensive analysis of
the workload characteristics derived from a production Cloud data center that features over
900 users submitting approximately 25 million tasks over a time period of a month. Our
6

analysis focuses on exposing and quantifying the diversity of behavioral patterns for users
and tasks, as well as identifying model parameters and their values for the simulation of the
workload created by such components. Our derived model is implemented by extending the
capabilities of the CloudSim framework and is further validated through empirical
comparison and statistical hypothesis tests. We illustrate several examples of this work's
practical applicability in the domain of resource management and energy-efficiency.
17. Deadline based Resource Provisioning and Scheduling Algorithm for Scientific
Workflows on Clouds april 2014
Cloud computing is the latest distributed computing paradigm and it offers tremendous
opportunities to solve large-scale scientific problems. However, it presents various challenges
that need to be addressed in order to be efficiently utilized for workflow applications.
Although the workflow scheduling problem has been widely studied, there are very few
initiatives tailored for cloud environments. Furthermore, the existing works fail to either meet
the user's quality of service (QoS) requirements or to incorporate some basic principles of
cloud computing such as the elasticity and heterogeneity of the computing resources. This
paper proposes a resource provisioning and scheduling strategy for scientific workflows on
Infrastructure as a Service (IaaS) clouds. We present an algorithm based on the meta-heuristic
optimization technique, particle swarm optimization (PSO), which aims to minimize the
overall workflow execution cost while meeting deadline constraints. Our heuristic is
evaluated using CloudSim and various well-known scientific workflows of different sizes.
The results show that our approach performs better than the current state-of-the-art
algorithms
18. Extending MapReduce across Clouds with Bstream april 2014
Today, batch processing frameworks like Hadoop MapReduce are difficult to scale to
multiple clouds due to latencies involved in inter-cloud data transfer and synchronization
overheads during shuffle-phase. This inhibits the MapReduce framework from guaranteeing
performance at variable load surges without over-provisioning in the internal cloud (IC). We
propose BStream, a cloud bursting framework for MapReduce that couples stream-processing
in the external cloud (EC) with Hadoop in the internal cloud (IC). Stream processing in EC
enables pipelined uploading, processing and downloading of data to minimize network
latencies. We use this framework to meet job deadlines. BStream uses an analytical model to
minimize the usage of EC. We propose different checkpointing strategies that overlap output
transfer with input transfer/processing and simultaneously reduce the computation involved
in merging the results from EC and IC. Checkpointing further reduces job completion time.
We experimentally compare BStream with other related works and illustrate performance
benefits due to stream processing and checkpointing strategies in EC. Lastly, we characterize
the operational regime of BStream.
19. Virtualization Technology for TCP/IP Offload Engine February 2014
Network I/O virtualization plays an important role in cloud computing. This paper addresses
the system-wide virtualization issues of TCP/IP Offload Engine (TOE) and presents the
architectural designs. We identify three critical factors that affect the performance of a TOE:
I/O virtualization architectures, quality of service (QoS), and virtual machine monitor
(VMM) scheduler. In our device emulation based TOE, the VMM manages the socket
connections in the TOE directly and thus can eliminate packet copy and demultiplexing
overheads as appeared in the virtualization of a layer 2 network card. To further reduce
hypervisor intervention, the direct I/O access architecture provides the per VM-based
7

physical control interface that helps removing most of the VMM interventions. The direct I/O
access architecture out-performs the device emulation architecture as large as 30 percent, or
achieves 80 percent of the native 10 Gbit/s TOE system. To continue serving the TOE
commands for a VM, no matter the VM is idle or switched out by the VMM, we decouple the
TOE I/O command dispatcher from the VMM scheduler. We found that a VMM scheduler
with preemptive I/O scheduling and a programmable I/O command dispatcher with deficit
weighted round robin (DWRR) policy are able to ensure service fairness and at the same time
maximize the TOE utilization.
20. Workload-Aware Credit Scheduler for Improving Network I/O Performance in
Virtualization Environment April 2014
Single-root I/O virtualization (SR-IOV) has become the de facto standard of network
virtualization in cloud infrastructure. Owing to the high interrupt frequency and heavy cost
per interrupt in high-speed network virtualization, the performance of network virtualization
is closely correlated to the computing resource allocation policy in Virtual Machine Manager
(VMM). Therefore, more sophisticated methods are needed to process irregularity and the
high frequency of network interrupts in high-speed network virtualization environment.
However, the I/O-intensive and CPU-intensive applications in virtual machines are treated in
the same manner since application attributes are transparent to the scheduler in hypervisor,
and this unawareness of workload makes virtual systems unable to take full advantage of high
performance networks. In this paper, we discuss the SR-IOV networking solution and show
by experiment that the current credit scheduler in Xen does not utilize high performance
networks efficiently. Hence we propose a novel workload-aware scheduling model with two
optimizations to eliminate the bottleneck caused by scheduler. In this model, guest domains
are divided into I/O-intensive domains and CPU-intensive domains according to their
monitored behaviour. I/O-intensive domains can obtain extra credits that CPU-intensive
domains are willing to share. In addition, the total number of credits available is adjusted to
accelerate the I/O responsiveness. Our experimental evaluations show that the new
scheduling models improve bandwidth and reduce response time, by keeping the fairness
between I/O-intensive and CPU-intensive domains. This enables virtualization infrastructure
to provide cloud computing services more efficiently and predictably.
21. Decreasing Impact of SLA Violations: A Proactive Resource Allocation Approach
for Cloud Computing Environments February 2014
User satisfaction as a significant antecedent to user loyalty has been highlighted by many
researchers in market based literatures. SLA violation as an important factor can decrease
users' satisfaction level. The amount of this decrease depends on user's characteristics. Some
of these characteristics are related to QoS requirements and announced to service provider
through SLAs. But some of them are unknown for service provider and selfish users are not
interested to reveal them truly. Most the works in literature ignore considering such
characteristics and treat users just based on SLA parameters. So, two users with different
characteristics but similar SLAs have equal importance for the service provider. In this paper,
we use two user's hidden characteristics, named willingness to pay for service and
willingness to pay for certainty, to present a new proactive resource allocation approach with
aim of decreasing impact of SLA violations. New methods based on learning automaton for
estimation of these characteristics are provided as well. To validate our approach we
conducted some numerical simulations in critical situations. The results confirm that our
approach has ability to improve users' satisfaction level that cause to gain in profitability

22. Swiper: Exploiting Virtual Machine Vulnerability in Third-Party Clouds with

Competition for I/O Resources June 2014
The emerging paradigm of cloud computing, e.g., Amazon Elastic Compute Cloud (EC2),
promises a highly flexible yet robust environment for large-scale applications. Ideally, while
multiple virtual machines (VM) share the same physical resources (e.g., CPUs, caches,
DRAM, and I/O devices), each application should be allocated to an independently managed
VM and isolated from one another. Unfortunately, the absence of physical isolation inevitably
opens doors to a number of security threats. In this paper, we demonstrate in EC2 a new type
of security vulnerability caused by competition between virtual I/O workloads - i.e., by
leveraging the competition for shared resources, an adversary could intentionally slow down
the execution of a targeted application in a VM that shares the same hardware. In particular,
we focus on I/O resources such as hard-drive throughput and/or network bandwidth - which
are critical for data-intensive applications. We design and implement Swiper, a framework
which uses a carefully designed workload to incur significant delays on the targeted
application and VM with minimum cost (i.e., resource consumption). We conduct a
comprehensive set of experiments in EC2, which clearly demonstrates that Swiper is capable
of significantly slowing down various server applications while consuming a small amount of
resources
23. An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds
We propose a mediated certificateless encryption scheme without pairing operations for
securely sharing sensitive information in public clouds. Mediated certificateless public key
encryption (mCL-PKE) solves the key escrow problem in identity based encryption and
certificate revocation problem in public key cryptography. However, existing mCL-PKE
schemes are either inefficient because of the use of expensive pairing operations or
vulnerable against partial decryption attacks. In order to address the performance and security
issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations.
We apply ourmCL-PKE scheme to construct a practical solution to the problem of sharing
sensitive information in public clouds. The cloud isemployed as a secure storage as well as a
key generation center. In our system, the data owner encrypts the sensitive data using the
cloud generated users public keys based on its access control policies and uploads the
encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the
encrypted data for the users. The users subsequently fully decrypt the partially decrypted data
using their private keys. The confidentiality of the content and the keys is preserved with
respect to the cloud, because the cloud cannot fully decrypt the information. We also propose
an extension to the above approach to improve the efficiency of encryption at the data owner.
We implement our mCL-PKE scheme and the overall cloud based system, and evaluate its
security and performance. Our results show that our schemes are efficient and practical.An
Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds.
24. On the Security of an Efficient Dynamic Auditing Protocol in Cloud Storage
Using cloud storage, data owners can remotely store their data and enjoy the on-demand high
quality cloud services without the burden of local data storage and maintenance. However,
this new paradigm does trigger many security concerns. A major concern is how to ensure the
integrity of the outsourced data. To address this issue, recently, a highly efficient dynamic
auditing protocol for cloud storage was proposed which enjoys many desirable features.
Unfortunately, in this letter, we demonstrate that the protocol is insecure when an active
adversary is involved in the cloud environment. We show that the adversary is able to
9

arbitrarily modify the cloud data without being detected by the auditor in the auditing
process. We also suggest a solution to fix the problem while preserving all the properties of
the original protocol.
25. Panda: Public Auditing for Shared Data with Efficient User Revocation in the
Cloud
With data storage and sharing services in the cloud, users can easily modify and share data as
a group. To ensure shared data integrity can be verified publicly, users in the group need to
compute signatures on all the blocks in shared data. Different blocks in shared data are
generally signed by different users due to data modifications performed by different users.
For security reasons, once a user is revoked from the group, the blocks which were
previously signed by this revoked user must be re-signed by an existing user. The
straightforward method, which allows an existing user to download the corresponding part of
shared data and re-sign it during user revocation, is inefficient due to the large size of shared
data in the cloud. In this paper, we propose a novel public auditing mechanism for the
integrity of shared data with efficient user revocation in mind. By utilizing the idea of proxy
re-signatures, we allow the cloud to re-sign blocks on behalf of existing users during user
revocation, so that existing users do not need to download and re-sign blocks by themselves.
In addition, a public verifier is always able to audit the integrity of shared data without
retrieving the entire data from the cloud, even if some part of shared data has been re-signed
by the cloud. Moreover, our mechanism is able to support batch auditing by verifying
multiple auditing tasks simultaneously. Experimental results show that our mechanism can
significantly improve the efficiency of user revocation.
26. Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud
Computing
Cloud computing is an emerging data interactive paradigm to realize users' data remotely
stored in an online cloud server. Cloud services provide great conveniences for the users to
enjoy the on-demand cloud applications without considering the local infrastructure
limitations. During the data accessing, different users may be in a collaborative relationship,
and thus data sharing becomes significant to achieve productive benefits. The existing
security solutions mainly focus on the authentication to realize that a user's privative data
cannot be illegally accessed, but neglect a subtle privacy issue during a user challenging the
cloud server to request other users for data sharing. The challenged access request itself may
reveal the user's privacy no matter whether or not it can obtain the data access permissions. In
this paper, we propose a shared authority based privacy-preserving authentication protocol
(SAPA) to address above privacy issue for cloud storage. In the SAPA, 1) shared access
authority is achieved by anonymous access request matching mechanism with security and
privacy considerations (e.g., authentication, data anonymity, user privacy, and forward
security); 2) attribute based access control is adopted to realize that the user can only access
its own data fields; 3) proxy re-encryption is applied to provide data sharing among the
multiple users. Meanwhile, universal composability (UC) model is established to prove that
the SAPA theoretically has the design correctness. It indicates that the proposed protocol is
attractive for multi-user collaborative cloud applications.
27. Enabling Efficient Multi-Keyword Ranked Search Over Encrypted Mobile
Cloud Data Through Blind Storage
In mobile cloud computing, a fundamental application is to outsource the mobile data to
external cloud servers for scalable data storage. The outsourced data, however, need to be
10

encrypted due to the privacy and confidentiality concerns of their owner. This results in the
distinguished difficulties on the accurate search over the encrypted mobile cloud data. To
tackle this issue, in this paper, we develop the searchable encryption for multi-keyword
ranked search over the storage data. Specifically, by considering the large number of
outsourced documents (data) in the cloud, we utilize the relevance score and ${k}$ -nearest
neighbor techniques to develop an efficient multi-keyword search scheme that can return the
ranked search results based on the accuracy. Within this framework, we leverage an efficient
index to further improve the search efficiency, and adopt the blind storage system to conceal
access pattern of the search user. Security analysis demonstrates that our scheme can achieve
confidentiality of documents and index, trapdoor privacy, trapdoor unlinkability, and
concealing access pattern of the search user. Finally, using extensive simulations, we show
that our proposal can achieve much improved efficiency in terms of search functionality and
search time compared with the existing proposals.
28. Secure, Efficient and Fine-Grained Data Access Control Mechanism for P2P
Storage Cloud
By combining cloud computing and Peer-to-Peer computing, a P2P storage cloud can be
formed to offer highly available storage services, lowering the economic cost by exploiting
the storage space of participating users. However, since cloud severs and users are usually
outside the trusted domain of data owners, P2P storage cloud brings forth new challenges for
data security and access control when data owners store sensitive data for sharing in the
trusted domain. Moreover, there are no mechanisms for access control in P2P storage cloud.
To address this issue, we design a ciphertext-policy attribute-based encryption (ABE) scheme
and a proxy re-encryption scheme. Based on them, we further propose a secure, efficient and
fine-grained data Access Control mechanism for P2P storage Cloud named ACPC. We
enforce access policies based on user attributes, and integrate P2P reputation system in
ACPC. ACPC enables data owners to delegate most of the laborious user revocation tasks to
cloud servers and reputable system peers. Our security analysis demonstrates that ACPC is
provably secure. The performance evaluation shows that ACPC is highly efficient under
practical settings, and it significantly reduces the computation overheads brought to data
owners and cloud servers during user revocation, compared with other state-of-the-art
revocable ABE schemes.
29. SeDaSC: Secure Data Sharing in Clouds
Cloud storage is an application of clouds that liberates organizations from establishing inhouse data storage systems. However, cloud storage gives rise to security concerns. In case of
group-shared data, the data face both cloud-specific and conventional insider threats. Secure
data sharing among a group that counters insider threats of legitimate yet malicious users is
an important research issue. In this paper, we propose the Secure Data Sharing in Clouds
(SeDaSC) methodology that provides: 1) data confidentiality and integrity; 2) access control;
3) data sharing (forwarding) without using compute-intensive reencryption; 4) insider threat
security; and 5) forward and backward access control. The SeDaSC methodology encrypts a
file with a single encryption key. Two different key shares for each of the users are generated,
with the user only getting one share. The possession of a single share of a key allows the
SeDaSC methodology to counter the insider threats. The other key share is stored by a trusted
third party, which is called the cryptographic server. The SeDaSC methodology is applicable
to conventional and mobile cloud computing environments. We implement a working
prototype of the SeDaSC methodology and evaluate its performance based on the time
consumed during various operations. We formally verify the working of SeDaSC by using
11

high-level Petri nets, the Satisfiability Modulo Theories Library, and a Z3 solver. The results
proved to be encouraging and show that SeDaSC has the potential to be effectively used for
secure data sharing in the cloud.
30. Secure Auditing and Deduplicating Data in Cloud
As the cloud computing technology develops during the last decade, outsourcing data to
cloud service for storage becomes an attractive trend, which benefits in sparing efforts on
heavy data maintenance and management. Nevertheless, since the outsourced cloud storage is
not fully trustworthy, it raises security concerns on how to realize data deduplication in cloud
while achieving integrity auditing. In this work, we study the problem of integrity auditing
and secure deduplication on cloud data. Specifically, aiming at achieving both data integrity
and deduplication in cloud, we propose two secure systems, namely SecCloud and
SecCloud+. SecCloud introduces an auditing entity with a maintenance of a MapReduce
cloud, which helps clients generate data tags before uploading as well as audit the integrity of
data having been stored in cloud. Compared with previous work, the computation by user in
SecCloud is greatly reduced during the file uploading and auditing phases. SecCloud+ is
designed motivated by the fact that customers always want to encrypt their data before
uploading, and enables integrity auditing and secure deduplication on encrypted data.
31. DROPS: Division and Replication of Data in Cloud for Optimal Performance
and Security
Outsourcing data to a third-party administrative control, as is done in cloud computing, gives
rise to security concerns. The data compromise may occur due to attacks by other users and
nodes within the cloud. Therefore, high security measures are required to protect data within
the cloud. However, the employed security strategy must also take into account the
optimization of the data retrieval time. In this paper, we propose Division and Replication of
Data in the Cloud for Optimal Performance and Security (DROPS) that collectively
approaches the security and performance issues. In the DROPS methodology, we divide a file
into fragments, and replicate the fragmented data over the cloud nodes. Each of the nodes
stores only a single fragment of a particular data file that ensures that even in case of a
successful attack, no meaningful information is revealed to the attacker. Moreover, the nodes
storing the fragments, are separated with certain distance by means of graph T-coloring to
prohibit an attacker of guessing the locations of the fragments. Furthermore, the DROPS
methodology does not rely on the traditional cryptographic techniques for the data security;
thereby relieving the system of computationally expensive methodologies. We show that the
probability to locate and compromise all of the nodes storing the fragments of a single file is
extremely low. We also compare the performance of the DROPS methodology with ten other
schemes. The higher level of security with slight performance overhead was observed
32. Enabling Fine-grained Multi-keyword Search Supporting Classified Subdictionaries over Encrypted Cloud Data
Using cloud computing, individuals can store their data on remote servers and allow data
access to public users through the cloud servers. As the outsourced data are likely to contain
sensitive privacy information, they are typically encrypted before uploaded to the cloud. This,
however, significantly limits the usability of outsourced data due to the difficulty of searching
over the encrypted data. In this paper, we address this issue by developing the fine-grained
multi-keyword search schemes over encrypted cloud data. Our original contributions are
three-fold. First, we introduce the relevance scores and preference factors upon keywords
which enable the precise keyword search and personalized user experience. Second, we
12

develop a practical and very efficient multi-keyword search scheme. The proposed scheme
can support complicated logic search the mixed AND, OR and NO operations of
keywords. Third, we further employ the classified sub-dictionaries technique to achieve better
efficiency on index building, trapdoor generating and query. Lastly, we analyze the security
of the proposed schemes in terms of confidentiality of documents, privacy protection of index
and trapdoor, and unlinkability of trapdoor. Through extensive experiments using the realworld dataset, we validate the performance of the proposed schemes. Both the security
analysis and experimental results demonstrate that the proposed schemes can achieve the
same security level comparing to the existing ones and better performance in terms of
functionality, query complexity and efficiency.
33. CloudArmor: Supporting Reputation-based Trust Management for Cloud
Services
Trust management is one of the most challenging issues for the adoption and growth of cloud
computing. The highly dynamic, distributed, and non-transparent nature of cloud services
introduces several challenging issues such as privacy, security, and availability. Preserving
consumers privacy is not an easy task due to the sensitive information involved in the
interactions between consumers and the trust management service. Protecting cloud services
against their malicious users (e.g., such users might give misleading feedback to disadvantage
a particular cloud service) is a difficult problem. Guaranteeing the availability of the trust
management service is another significant challenge because of the dynamic nature of cloud
environments. In this article, we describe the design and implementation of CloudArmor, a
reputation-based trust management framework that provides a set of functionalities to deliver
Trust as a Service (TaaS), which includes i) a novel protocol to prove the credibility of trust
feedbacks and preserve users privacy, ii) an adaptive and robust credibility model for
measuring the credibility of trust feedbacks to protect cloud services from malicious users
and to compare the trustworthiness of cloud services, and iii) an availability model to manage
the availability of the decentralized implementation of the trust management service. The
feasibility and benefits of our approach have been validated by a prototype and experimental
studies using a collection of real-world trust feedbacks on cloud services.

SCIENCE DIRECT PAPERS

1. On the security of auditing mechanisms for secure cloud storage
Cloud computing is a novel computing model that enables convenient and on-demand access
to a shared pool of configurable computing resources. Auditing services are highly essential
to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the
active adversary attacks in three auditing mechanisms for shared data in the cloud, including
two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a
distributed storage integrity auditing mechanism. We show that these schemes become
insecure when active adversaries are involved in the cloud storage. Specifically, an active
adversary can arbitrarily alter the cloud data without being detected by the auditor in the
verification phase. We also propose a solution to remedy the weakness without sacrificing
any desirable features of these mechanisms.
2. A hybrid solution for privacy preserving medical data sharing in the cloud
environment
Storing and sharing of medical data in the cloud environment, where computing resources
including storage is provided by a third party service provider, raise serious concern of
13

individual privacy for the adoption of cloud computing technologies. Existing privacy
protection researches can be classified into three categories, i.e., privacy by policy, privacy by
statistics, and privacy by cryptography. However, the privacy concerns and data utilization
requirements on different parts of the medical data may be quite different. The solution for
medical dataset sharing in the cloud should support multiple data accessing paradigms with
different privacy strengths. The statistics or cryptography technology alone cannot enforce
the multiple privacy demands, which blocks their application in the real-world cloud. This
paper proposes a practical solution for privacy preserving medical record sharing for cloud
computing. Based on the classification of the attributes of medical records, we use vertical
partition of medical dataset to achieve the consideration of different parts of medical data
with different privacy concerns. It mainly includes four components, i.e., (1) vertical data
partition for medical data publishing, (2) data merging for medical dataset accessing, (3)
integrity checking, and (4) hybrid search across plaintext and ciphertext, where the statistical
analysis and cryptography are innovatively combined together to provide multiple paradigms
of balance between medical data utilization and privacy protection. A prototype system for
the large scale medical data access and sharing is implemented. Extensive experiments show
the effectiveness of our proposed solution.
3. Healing on the cloud: Secure cloud architecture for medical wireless sensor
networks
There has been a host of research works on wireless sensor networks (WSN) for medical
applications. However, the major shortcoming of these efforts is a lack of consideration of
data management. Indeed, the huge amount of high sensitive data generated and collected by
medical sensor networks introduces several challenges that existing architectures cannot
solve. These challenges include scalability, availability and security. Furthermore, WSNs for
medical applications provide useful and real information about patients health state. This
information should be available for healthcare providers to facilitate response and to improve
the rescue process of a patient during emergency. Hence, emergency management is another
challenge for medical wireless sensor networks. In this paper, we propose an innovative
architecture for collecting and accessing large amount of data generated by medical sensor
networks. Our architecture overcomes all the aforementioned challenges and makes easy
information sharing between healthcare professionals in normal and emergency situations.
Furthermore, we propose an effective and flexible security mechanism that guarantees
confidentiality, integrity as well as fine-grained access control to outsourced medical data.
This mechanism relies on Ciphertext Policy Attribute-based Encryption (CP-ABE) to achieve
high flexibility and performance. Finally, we carry out extensive simulations that allow
showing that our scheme provides an efficient, fine-grained and scalable access control in
normal and emergency situations.
4. A scalable and dynamic application-level secure communication framework for
inter-cloud services
Most of the current cloud computing platforms offer Infrastructure as a Service (IaaS) model,
which aims to provision basic virtualized computing resources as on-demand and dynamic
services. Nevertheless, a single cloud does not have limitless resources to offer to its users,
hence the notion of an Inter-Cloud environment where a cloud can use the infrastructure
resources of other clouds. However, there is no common framework in existence that allows
the service owners to seamlessly provision even some basic services across multiple cloud
service providers, albeit not due to any inherent incompatibility or proprietary nature of the
14

foundation technologies on which these cloud platforms is built. In this paper we present a
novel solution which aims to cover a gap in a subsection of this problem domain. Our
solution offers a security architecture that enables service owners to provision a dynamic and
service-oriented secure virtual private network on top of multiple cloud IaaS providers. It
does this by leveraging the scalability, robustness and flexibility of peer-to-peer overlay
techniques to eliminate the manual configuration, key management and peer churn problems
encountered in setting up the secure communication channels dynamically, between different
components of a typical service that is deployed on multiple clouds. We present the
implementation details of our solution as well as experimental results carried out on two
commercial clouds.
5. Achieving security, robust cheating resistance, and high-efficiency for
outsourcing large matrix multiplication computation to a malicious cloud
Computation outsourcing to the cloud has become a popular application in the age of cloud
computing. This computing paradigm brings in some new security concerns and challenges,
such as input/output privacy and result veriability. Given that matrix multiplication computation (MMC) is a ubiquitous scientic and engineering computational task, we are motivated
to design a protocol to enable secure, robust cheating resistant, and efcient outsourcing of
MMC to a malicious cloud in this paper. The main idea to protect the privacy is employing
some transformations on the original MMC problem to get an encrypted MMC problem
which is sent to the cloud; and then transforming the result returned from the cloud to get the
correct result to the original MMC problem. Next, a randomized Monte Carlo verication
algorithm with one-sided error is introduced to successfully handle result verication. We
analytically show that the proposed protocol is correct, secure, and robust cheating resistant.
Extensive theoretical analysis and experimental evaluation also show its high-efciency and
immediate practicability. Finally, comparisons between the proposed protocol and the
previous protocols are given to demonstrate the improvements of the proposed protocol.
6. Toward a secure and usable cloud-based password manager for web browsers
Web users are confronted with the daunting challenges of creating, remembering, and using
more and more strong passwords than ever before in order to protect their valuable assets on
different websites. Password manager, particularly Browser-based Password Manager (BPM),
is one of the most popular approaches designed to address these chal-lenges by saving users'
passwords and later automatically lling the login forms on behalf of users. Fortunately, all
the ve most popular Web browsers have provided password managers as a useful built-in
feature. In this paper, we uncover the vulnerabilities of existing BPMs and analyze how they
can be exploited by attackers to crack users' saved passwords. Moreover, we propose a novel
Cloud-based Storage-Free BPM (CSF-BPM) design to achieve a high level of security with
the desired condentiality, integrity, and availability properties. We have implemented a CSFBPM system into Firefox and evaluated its cor-rectness, performance, and usability. Our
evaluation results and analysis demonstrate that CSF-BPM can be efciently and
conveniently used. We believe CSF-BPM is a rational design that can also be integrated into
other popular browsers to make the online experience of Web users more secure, convenient,
and enjoyable.
7. SECO: Secure and scalable data collaboration services in cloud computing
Cloud storage services enable users to remotely store their data and eliminate excessive local
installation of software and hardware. There is an increasing trend of outsourcing enterprise
15

data to the cloud for efcient data storage and management. However, this introduces many
new challenges toward data security. One critical issue is how to enable a secure data
collaboration service including data access and update in cloud computing. A data
collaboration service is to support the availability and consistency of the shared data among
multi-users. In this paper, we propose a secure, efcient and scalable data collab-oration
scheme SECO. In SECO, we employ a multi-level hierarchical identity based encryption
(HIBE) to guarantee data condentiality against untrusted cloud. This paper is the rst
attempt to explore secure cloud data collaboration services that precludes infor-mation
leakage and enables a one-to-many encryption paradigm, data writing operation and negrained access control simultaneously. Security analysis indicates that the SECO is
semantically secure against adaptive chosen ciphertext attacks (IND-ID-CCA) in the random
oracle model, and enforces ne-grained access control, collusion resistance and backward
secrecy. Extensive performance analysis and experimental results show that SECO is highly
efcient and has only low overhead on computation, communication and storage.
8. The method to secure scalability and high density in cloud data-center
Recently IT infrastructures change to cloud computing, the demand of cloud data center
increased. Cloud computing is a model for enabling ubiquitous, convenient, on-demand
network access to a shared computing resources that can be rapidly provisioned and released
with minimal management effort, the interest on data centers to provide the cloud computing
services is increasing economically and variably. This study analyzes the factors to improve
the power efficiency while securing scalability of data centers and presents the considerations
for cloud data center construction in terms of power distribution method, power density per
rack and expansion unit separately. The result of this study may be used for making rational
decisions concerning the power input, voltage transformation and unit of expansion when
constructing a cloud data center or migrating an existing data center to a cloud data center.
9. SABA: A security-aware and budget-aware workflow scheduling strategy in
clouds
High quality of security service is increasingly critical for Cloud workflow applications.
However, existing scheduling strategies for Cloud systems disregard security requirements of
workflow applications and only consider CPU time neglecting other resources like memory,
storage capacities. These resource competition could noticeably affect the computation time
and monetary cost of both submitted tasks and their required security services. To address this
issue, in this paper, we introduce immoveable dataset concept which constrains the
movement of certain datasets due to security and cost considerations and propose a new
scheduling model in the context of Cloud systems. Based on the concept, we propose a
Security-Aware and Budget-Aware workflow scheduling strategy (SABA), which holds an
economical distribution of tasks among the available CSPs (Cloud Service Providers) in the
market, to provide customers with shorter makespan as well as security services. We
conducted extensive simulation studies using six different workflows from real world
applications as well as synthetic ones. Results indicate that the scheduling performance is
affected by immoveable datasets in Clouds and the proposed scheduling strategy is highly
effective under a wide spectrum of workflow applications.
10. Improved security of a dynamic remote data possession checking protocol for
cloud storage
Cloud storage offers the users with high quality and on-demand data storage services and
frees them from the burden of maintenance. However, the cloud servers are not fully trusted.
16

Whether the data stored on cloud are intact or not becomes a major concern of the users.
Recently, Chen et al. proposed a remote data possession checking protocol to address this
issue. One distinctive feature of their protocol support data dynamics, meaning that users are
allowed to modify, insert and delete their outsourced data without the need to re-run the
whole protocol. Unfortunately, in this paper, we nd that this protocol fails to achieve its
purpose since it is vulnerable to forgery attack and replace attack launched by a mali-cious
server. Specically, we show how a malicious cloud server can deceive the user to believe
that the entire le is well-maintained by using the meta-data related to the le alone, or with
only part of the le and its meta-data. Then, we propose an improved protocol to x the
security aws and formally proved that our proposal is secure under a well-known security
model. In addition, our improvement keeps all the desirable features of the original protocol.
11. A stochastic evolutionary coalition game model of secure and dependable virtual
service in Sensor-Cloud
Various intrusion detection systems (IDSs) have been proposed in recent years to provide safe
and reliable services in cloud computing. However, few of them have considered the
existence of service attackers who can adapt their attacking strategies to the topology-varying
environment and service providers strate-gies. In this paper, we investigate the security and
dependability mechanism when service providers are facing service attacks of software and
hardware, and propose a stochastic evolutionary coalition game (SECG) framework for
secure and reliable defenses in virtual sensor services. At each stage of the game, service
providers observe the resource availability, the quality of service (QoS), and the attackers
strate-gies from cloud monitoring systems (CMSs) and IDSs. According to these
observations, they will decide how evolutionary coalitions should be dynamically formed for
reliable virtual-sensor-service compos-ites to deliver data and how to adaptively defend in the
face of uncertain attack strategies. Using the evolutionary coalition game, virtual-sensorservice nodes can form a reliable service composite by a reli-ability update function. With the
Markov chain constructed, virtual-sensor-service nodes can gradually learn the optimal
strategy and evolutionary coalition structure through the minimax-Q learning, which
maximizes the expected sum of discounted payoffs dened as QoS for virtual-sensor-service
composites. The proposed SECG strategy in the virtual-sensor-service attack-defense game is
shown to achieve much better performance than strategies obtained from the evolutionary
coalition game or stochastic game, which only maximizes each stages payoff and optimizes a
defense strategy of stochastic evolutionary, since it successfully accommodates the
environment dynamics and the strategic behavior of the service attackers.
12. A cloud-based secure authentication (CSA) protocol suite for defense against
Denial of Service (DoS) attacks
Cloud-based services have become part of our day-to-day software solutions. The identity
authentication process is considered to be the main gateway to these services. As such, these
gates have become increasingly susceptible to aggressive attackers, who may use Denial of
Service (DoS) attacks to close these gates permanently. There are a number of authentication
protocols that are strong enough to verify identities and protect traditional networked
applications. However, these authentication protocols may themselves intro-duce DoS risks
when used in cloud-based applications. This risk introduction is due to the utilization of a
heavy verication process that may consume the cloud's resources and disable the application
service. In this work, we propose a novel cloud-based authentica-tion protocol suite that not
only is aware of the internal DoS threats but is also capable of defending against external
DoS attackers. The proposed solution uses a multilevel adaptive technique to dictate the
17

efforts of the protocol participants. This technique is capable of identifying a legitimate user's
requests and placing them at the front of the authentication process queue. The authentication
process was designed in such a way that the cloud-based servers become footprint-free and
completely aware of the risks of any DoS attack.
13. An integrated task computation and data management scheduling strategy for
work flow applications in cloud environments
Aworkow is a systematic computation or a data-intensive application that has a regular
computation and data access patterns. It is a key to design scalable scheduling algorithms in
Cloud environments to address these runtime regularities effectively. While existing
researches ignore to join the tasks scheduling and the optimization of data management for
workow, little attention has been paid so far to understand the combination between the two.
The proposed scheme indicates that the coordination between task computation and data
management can improve the scheduling performance. Our model considers data
management to obtain satisfactory makespan on multiple datacenters. At the same time, our
adaptive data-dependency analysis can reveal parallelization opportunities. In this paper, we
introduce an adaptive data-aware scheduling (ADAS) strategy for workow applications. It
consist of a set-up stage which builds the clusters for the workow tasks and datasets, and a
run-time stage which makes the overlapped execution for the workows. Through rigorous
performance evaluation studies, we demonstrate that our strategy can effectively improve the
workow completion time and utilization of resources in a Cloud environment.
14. A scalable and dynamic application-level secure communication framework for
inter-cloud services
Most of the current cloud computing platforms offer Infrastructure as a Service (IaaS) model,
which aims to provision basic virtualized computing resources as on-demand and dynamic
services. Nevertheless, a single cloud does not have limitless resources to offer to its users,
hence the notion of an Inter-Cloud environment where a cloud can use the infrastructure
resources of other clouds. However, there is no common framework in existence that allows
the service owners to seamlessly provision even some basic services across multiple cloud
service providers, albeit not due to any inherent incompatibility or proprietary nature of the
foundation technologies on which these cloud platforms is built. In this paper we present a
novel solution which aims to cover a gap in a subsection of this problem domain. Our
solution offers a security architecture that enables service owners to provision a dynamic and
service-oriented secure virtual private network on top of multiple cloud IaaS providers. It
does this by leveraging the scalability, robustness and flexibility of peer-to-peer overlay
techniques to eliminate the manual configuration, key management and peer churn problems
encountered in setting up the secure communication channels dynamically, between different
components of a typical service that is deployed on multiple clouds. We present the
implementation details of our solution as well as experimental results carried out on two
commercial clouds.
15. DynamicCloudSim: Simulating heterogeneity in computational clouds
Simulation has become a commonly employed first step in evaluating novel approaches
towards resource allocation and task scheduling on distributed architectures. However,
existing simulators fall short in their modeling of the instability common to shared
computational infrastructure, such as public clouds. In this work, we present
DynamicCloudSim which extends the popular simulation toolkit CloudSim with several
factors of instability, including inhomogeneity and dynamic changes of performance at
18

runtime as well as failures during task execution. As a validation of the introduced

functionality, we simulate the impact of instability on scientific workflow scheduling by
assessing and comparing the performance of four schedulers in the course of several
experiments both in simulation and on real cloud infrastructure. Results indicate that our
model seems to adequately capture the most important aspects of cloud performance
instability. The source code of DynamicCloudSim and the examined schedulers is available at
https://code.google.com/p/dynamiccloudsim/.
16. External integrity verification for outsourced big data in cloud and IoT: A big
picture
As cloud computing is being widely adopted for big data processing, data security is
becoming one of the major concerns of data owners. Data integrity is an important factor in
almost any data and computation related context. It is not only one of the qualities of service,
but also an important part of data security and privacy. With the proliferation of cloud
computing and the increasing needs in analytics for big data such as data generated by the
Internet of Things, verification of data integrity becomes increasingly important, especially
on outsourced data. Therefore, research topics on external data integrity verification have
attracted tremendous research interest in recent years. Among all the metrics, efficiency and
security are two of the most concerned measurements. In this paper, we will bring forth a big
picture through providing an analysis on authenticator-based data integrity verification
techniques on cloud and Internet of Things data. We will analyze multiple aspects of the
research problem. First, we illustrate the research problem by summarizing research
motivations and methodologies. Second, we summarize and compare current achievements of
several of the representative approaches. Finally, we introduce our view for possible future
developments.
17. SPARQL in the cloud using Rya
SPARQL is the standard query language for Resource Description Framework (RDF) data.
RDF was designed with the initial goal of developing metadata for the Internet. While the
number and the size of the generated RDF datasets are continually increasing, most of today's
best RDF storage solutions are confined to a single node. Working on a single node has
significant scalability issues, especially considering the magnitude of modern day data. In this
paper we introduce Rya, a scalable RDF data management system that efficiently supports
SPARQL queries. We introduce storage methods, indexing schemes, and query processing
techniques that scale to billions of triples across multiple nodes, while providing fast and easy
access to the data through conventional query mechanisms such as SPARQL. Our
performance evaluation shows that in most cases, our system outperforms existing distributed
RDF solutions, even systems much more complex than ours.
18. Stochastic modeling of dynamic right-sizing for energy-efficiency in cloud data
centers
Large data centers are usually built to support increasing computational and data storage
demand of growing global business and industry, which consume an enormous amount of
energy, at a huge cost to both business and the environment. However, much of that energy is
wasted to maintain excess service capacity during periods of low load. In this paper, we
investigate the problem of right-sizing data center for energy-efficiency through
virtualization which allows consolidation of workloads into smaller number of servers while
dynamically powering off the idle ones. In view of the dynamic nature of data centers, we
propose a stochastic model based on Queueing theory to capture the main characteristics.
19

Solving this model, we notice that there exists a tradeoff between the energy consumption
and performance. We hereby develop a BFGS based algorithm to optimize the tradeoff by
searching for the optimal system parameter values for the data center operators to rightsize the data centers. We implement our Stochastic Right-sizing Model (SRM) and deploy it
in the real-world cloud data center. Experiments with two real-world workload traces show
that SRM can significantly reduce the energy consumption while maintaining high
performance.

20