Pub Date : 2024-04-26DOI: 10.1109/TCC.2024.3393895
Dumitrel Loghin
Almost all major cloud providers offer virtual machines running on servers with 64-bit ARM CPUs. For example, Amazon Web Services (AWS) designed custom ARM-based CPUs named Graviton2 and Graviton3. Other cloud providers, such as Microsoft Azure and Google Cloud Platform (GCP), employ servers with Ampere Altra CPUs. In this context, we conduct a comprehensive experimental study covering in-memory key-value stores, relational databases, enterprise blockchains, and Machine Learning inference. We cover all the available types of ARM cloud processors, including Graviton2 (AWS), Graviton3 (AWS), Ampere Altra (Azure and GCP), Yitian 710 (Alibaba Cloud), and Kunpeng 920 (Huawei Cloud). Our analysis shows that Yitian and Graviton3 are serious competitors for servers with Intel Xeon CPUs, achieving similar or better results with in-memory workloads. However, the performance of OLAP, ML inference, and blockchain on ARM-based servers is below that of Xeon. The reasons are mainly threefold 1) un-optimized software, 2) lower clock frequency, and 3) lower performance at core level. Surprisingly, ARM servers spend 2X more time in Linux kernel system calls compared to Xeon servers. Nonetheless, ARM-based servers show great potential. Given their lower cloud computing price, ARM servers could be the ideal choice when the performance is not critical.
几乎所有主要的云计算提供商都提供在配备 64 位 ARM CPU 的服务器上运行的虚拟机。例如,亚马逊网络服务(AWS)设计了基于 ARM 的定制 CPU,命名为 Graviton2 和 Graviton3。其他云提供商,如微软 Azure 和谷歌云平台(GCP),则采用了配备 Ampere Altra CPU 的服务器。在此背景下,我们进行了一项全面的实验研究,涵盖内存键值存储、关系数据库、企业区块链和机器学习推理。我们涵盖了所有可用的 ARM 云处理器类型,包括 Graviton2(AWS)、Graviton3(AWS)、Ampere Altra(Azure 和 GCP)、倚天 710(阿里巴巴云)和鲲鹏 920(华为云)。我们的分析表明,倚天和 Graviton3 是英特尔至强 CPU 服务器的有力竞争者,在内存工作负载方面取得了相似或更好的结果。然而,在基于 ARM 的服务器上,OLAP、ML 推理和区块链的性能却低于至强。原因主要有三个方面:1)软件未优化;2)时钟频率较低;3)内核级性能较低。令人惊讶的是,与 Xeon 服务器相比,ARM 服务器在 Linux 内核系统调用上花费的时间多出 2 倍。不过,基于 ARM 的服务器显示出巨大的潜力。鉴于其较低的云计算价格,ARM 服务器可能是性能要求不高时的理想选择。
{"title":"Are ARM Cloud Servers Ready for Database Workloads? an Experimental Study","authors":"Dumitrel Loghin","doi":"10.1109/TCC.2024.3393895","DOIUrl":"10.1109/TCC.2024.3393895","url":null,"abstract":"Almost all major cloud providers offer virtual machines running on servers with 64-bit ARM CPUs. For example, Amazon Web Services (AWS) designed custom ARM-based CPUs named Graviton2 and Graviton3. Other cloud providers, such as Microsoft Azure and Google Cloud Platform (GCP), employ servers with Ampere Altra CPUs. In this context, we conduct a comprehensive experimental study covering in-memory key-value stores, relational databases, enterprise blockchains, and Machine Learning inference. We cover all the available types of ARM cloud processors, including Graviton2 (AWS), Graviton3 (AWS), Ampere Altra (Azure and GCP), Yitian 710 (Alibaba Cloud), and Kunpeng 920 (Huawei Cloud). Our analysis shows that Yitian and Graviton3 are serious competitors for servers with Intel Xeon CPUs, achieving similar or better results with in-memory workloads. However, the performance of OLAP, ML inference, and blockchain on ARM-based servers is below that of Xeon. The reasons are mainly threefold 1) un-optimized software, 2) lower clock frequency, and 3) lower performance at core level. Surprisingly, ARM servers spend 2X more time in Linux kernel system calls compared to Xeon servers. Nonetheless, ARM-based servers show great potential. Given their lower cloud computing price, ARM servers could be the ideal choice when the performance is not critical.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 3","pages":"818-829"},"PeriodicalIF":5.3,"publicationDate":"2024-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140799413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Workload characterization and subsequent prediction are significant steps in maintaining the elasticity and scalability of resources in Cloud Data Centers. Due to the high variance in cloud workloads, designing a prediction algorithm that models the variations in the workload is a non-trivial task. If the workload predictor is unable to handle the dynamism in the workloads, then the result of the predictor may lead to over-provisioning or under-provisioning of cloud resources. To address this problem, we have created a Super Markov Prediction Model (SMPM) whose behaviour changes as per the change in the workload patterns. As the time progresses, based on the workload pattern SMPM uses different sequence models to predict the future workload. To evaluate the proposed model, we have experimented with Alibaba trace 2018, Google Cluster Trace (GCT), Alibaba trace 2020 and TPC-W workload trace. We have compared SMPM's prediction results with existing state-of-the-art prediction models and empirically verified that the proposed prediction model achieves a better accuracy as quantified using Root Mean Square Error (RMSE) and Mean Absolute Error (MAE).
{"title":"Design and Evaluation of a Hierarchical Characterization and Adaptive Prediction Model for Cloud Workloads","authors":"Karthick Seshadri;Korrapati Sindhu;S. Nagesh Bhattu;Chidambaran Kollengode","doi":"10.1109/TCC.2024.3393114","DOIUrl":"10.1109/TCC.2024.3393114","url":null,"abstract":"Workload characterization and subsequent prediction are significant steps in maintaining the elasticity and scalability of resources in Cloud Data Centers. Due to the high variance in cloud workloads, designing a prediction algorithm that models the variations in the workload is a non-trivial task. If the workload predictor is unable to handle the dynamism in the workloads, then the result of the predictor may lead to over-provisioning or under-provisioning of cloud resources. To address this problem, we have created a Super Markov Prediction Model (SMPM) whose behaviour changes as per the change in the workload patterns. As the time progresses, based on the workload pattern SMPM uses different sequence models to predict the future workload. To evaluate the proposed model, we have experimented with Alibaba trace 2018, Google Cluster Trace (GCT), Alibaba trace 2020 and TPC-W workload trace. We have compared SMPM's prediction results with existing state-of-the-art prediction models and empirically verified that the proposed prediction model achieves a better accuracy as quantified using Root Mean Square Error (RMSE) and Mean Absolute Error (MAE).","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"712-724"},"PeriodicalIF":6.5,"publicationDate":"2024-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140806316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-04-19DOI: 10.1109/TCC.2024.3391390
Kevin Nguetchouang;Stella Bitchebe;Theophile Dubuc;Mar Callau-Zori;Christophe Hubert;Pierre Olivier;Alain Tchana
Contrary to CPU, memory, and network, disk virtualization is peculiar, for which virtualization through direct access is impossible. We study virtual disk utilization in a large-scale public cloud and observe the presence of long snapshot chains, sometimes composed of up to 1,000 files. We then demonstrate, through experimental measurements, that such long chains lead to virtualized storage performance and memory footprint scalability issues. To address these problems, we present �SVD�, a new virtual disk format. We implemented �SVD� by extending Qcow2, a popular format, and its Qemu driver. We evaluated our prototype, demonstrating that it brings significant performance enhancements and memory footprint reduction. For example, �SVD� improves the throughput of RocksDB by about 48% on a snapshot chain of length 500. �SVD� also reduces the memory footprint by 15×.
{"title":"SVD: A Scalable Virtual Machine Disk Format","authors":"Kevin Nguetchouang;Stella Bitchebe;Theophile Dubuc;Mar Callau-Zori;Christophe Hubert;Pierre Olivier;Alain Tchana","doi":"10.1109/TCC.2024.3391390","DOIUrl":"10.1109/TCC.2024.3391390","url":null,"abstract":"Contrary to CPU, memory, and network, disk virtualization is peculiar, for which virtualization through direct access is impossible. We study virtual disk utilization in a large-scale public cloud and observe the presence of long snapshot chains, sometimes composed of up to 1,000 files. We then demonstrate, through experimental measurements, that such long chains lead to virtualized storage performance and memory footprint scalability issues. To address these problems, we present \u0000<sc>SVD</small>\u0000, a new virtual disk format. We implemented \u0000<sc>SVD</small>\u0000 by extending Qcow2, a popular format, and its Qemu driver. We evaluated our prototype, demonstrating that it brings significant performance enhancements and memory footprint reduction. For example, \u0000<sc>SVD</small>\u0000 improves the throughput of RocksDB by about 48% on a snapshot chain of length 500. \u0000<sc>SVD</small>\u0000 also reduces the memory footprint by 15×.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"684-696"},"PeriodicalIF":6.5,"publicationDate":"2024-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140628877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Programmable accelerators enable the execution of applications intended for running in usual servers. However, inappropriately running applications on these devices can lead to load imbalance and performance degradation. An alternative to tackle this problem is load balancing, but existing in-network load balancers typically have no visibility of accelerators and often hard code policies in the switch source code. In this article, we present �P4Hauler�, an accelerator-aware in-network load balancer. In particular, our design discusses how to enforce load-balancing decisions in a programmable switch in a resource-aware manner, allowing different policies to handle traffic according to applications’ needs. We use monitoring and compression techniques to store application resources in a programmable switch for resource-aware decisions. In addition, we propose building blocks that operators can dynamically choose to realize different load balancing policies on-the-fly. We implemented and evaluated a prototype of �P4Hauler� on a testbed to show its efficiency and deployment feasibility. Our results indicate that �P4Hauler� can support 27% more load and decrease the flow completion time by around 13% using only a single accelerator. Also, extensive simulations confirm the performance gain of �P4Hauler� at scale compared to the state-of-the-art.
{"title":"P4Hauler: An Accelerator-Aware In-Network Load Balancer for Applications Performance Boosting","authors":"Hesam Tajbakhsh;Ricardo Parizotto;Alberto Schaeffer-Filho;Israat Haque","doi":"10.1109/TCC.2024.3389658","DOIUrl":"10.1109/TCC.2024.3389658","url":null,"abstract":"Programmable accelerators enable the execution of applications intended for running in usual servers. However, inappropriately running applications on these devices can lead to load imbalance and performance degradation. An alternative to tackle this problem is load balancing, but existing in-network load balancers typically have no visibility of accelerators and often hard code policies in the switch source code. In this article, we present \u0000<sc>P4Hauler</small>\u0000, an accelerator-aware in-network load balancer. In particular, our design discusses how to enforce load-balancing decisions in a programmable switch in a resource-aware manner, allowing different policies to handle traffic according to applications’ needs. We use monitoring and compression techniques to store application resources in a programmable switch for resource-aware decisions. In addition, we propose building blocks that operators can dynamically choose to realize different load balancing policies on-the-fly. We implemented and evaluated a prototype of \u0000<sc>P4Hauler</small>\u0000 on a testbed to show its efficiency and deployment feasibility. Our results indicate that \u0000<sc>P4Hauler</small>\u0000 can support 27% more load and decrease the flow completion time by around 13% using only a single accelerator. Also, extensive simulations confirm the performance gain of \u0000<sc>P4Hauler</small>\u0000 at scale compared to the state-of-the-art.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"697-711"},"PeriodicalIF":6.5,"publicationDate":"2024-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140628883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-04-18DOI: 10.1109/TCC.2024.3390933
Amit Biswas;Gaurav Baranwal;Abhinav Kumar
Cloud computing is one of the foundation technologies of Industry 4.0. Cloud 2.0 is the upcoming cloud technology that addresses several bottlenecks of Cloud 1.0. For instance, the presence of small service providers is threatened by the dominance of a few giant service providers in today’s cloud market in Cloud 1.0. Under this circumstance, the small service providers must work together to compete with the giant competitors to survive in the market. For that, small service providers require a transparent, fair, cost-effective, fault-tolerant, and easily scalable platform that can provide reliable and quality services to customers. This work introduces a blockchain-based framework to provide such a platform for cloud service providers and their customers. Here, a new consensus mechanism is proposed to maintain the system’s fairness, decentralization, and consistency. A consensus-based service monitoring concept is also introduced to assess the service quality. If a service provider does not deliver the committed quality of service (QoS), a penalty is imposed on the service provider. This framework is designed so that the service providers are always bound to provide committed QoS to the customers. Finally, we performed several experiments, and the experimental results corroborate our claims regarding the proposed framework.
{"title":"A Blockchain-Based Framework to Resolve the Oligopoly Issue in Cloud Computing","authors":"Amit Biswas;Gaurav Baranwal;Abhinav Kumar","doi":"10.1109/TCC.2024.3390933","DOIUrl":"10.1109/TCC.2024.3390933","url":null,"abstract":"Cloud computing is one of the foundation technologies of Industry 4.0. Cloud 2.0 is the upcoming cloud technology that addresses several bottlenecks of Cloud 1.0. For instance, the presence of small service providers is threatened by the dominance of a few giant service providers in today’s cloud market in Cloud 1.0. Under this circumstance, the small service providers must work together to compete with the giant competitors to survive in the market. For that, small service providers require a transparent, fair, cost-effective, fault-tolerant, and easily scalable platform that can provide reliable and quality services to customers. This work introduces a blockchain-based framework to provide such a platform for cloud service providers and their customers. Here, a new consensus mechanism is proposed to maintain the system’s fairness, decentralization, and consistency. A consensus-based service monitoring concept is also introduced to assess the service quality. If a service provider does not deliver the committed quality of service (QoS), a penalty is imposed on the service provider. This framework is designed so that the service providers are always bound to provide committed QoS to the customers. Finally, we performed several experiments, and the experimental results corroborate our claims regarding the proposed framework.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"671-683"},"PeriodicalIF":6.5,"publicationDate":"2024-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140629101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mobile cloud computing (MCC) integrates the advantages of mobile networks and cloud computing, enabling users to enjoy personalized services without constraints and restrictions of time and place. While this brings convenience, it also comes with risks such as privacy breaches and unauthorized access to outsourced data. Bilateral access control is a promising technique for addressing these issues. However, the current bilateral access control schemes cannot solve problems such as single point failure. To further enhance and enrich the existing schemes, we propose hierarchical bilateral access control. In the proposed scheme, the permission of generating encryption keys and decryption keys can be delegated to its child nodes, which alleviates the computation and communication overheads of the parent nodes and weaken the potential risks of single-point failure. Additionally, the ciphertext size remains constant, reducing the costs of transmitting and storing ciphertext and relieving resource limitations on devices. We then prove the privacy and authenticity of the scheme in the random oracle model. Finally, the comprehensive performance comparison and analysis demonstrate the efficiency of the proposed scheme.
{"title":"Hierarchal Bilateral Access Control With Constant Size Ciphertexts for Mobile Cloud Computing","authors":"Axin Wu;Yinghui Zhang;Jianhao Zhu;Qiuxia Zhao;Yu Zhang","doi":"10.1109/TCC.2024.3386126","DOIUrl":"10.1109/TCC.2024.3386126","url":null,"abstract":"Mobile cloud computing (MCC) integrates the advantages of mobile networks and cloud computing, enabling users to enjoy personalized services without constraints and restrictions of time and place. While this brings convenience, it also comes with risks such as privacy breaches and unauthorized access to outsourced data. Bilateral access control is a promising technique for addressing these issues. However, the current bilateral access control schemes cannot solve problems such as single point failure. To further enhance and enrich the existing schemes, we propose hierarchical bilateral access control. In the proposed scheme, the permission of generating encryption keys and decryption keys can be delegated to its child nodes, which alleviates the computation and communication overheads of the parent nodes and weaken the potential risks of single-point failure. Additionally, the ciphertext size remains constant, reducing the costs of transmitting and storing ciphertext and relieving resource limitations on devices. We then prove the privacy and authenticity of the scheme in the random oracle model. Finally, the comprehensive performance comparison and analysis demonstrate the efficiency of the proposed scheme.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"659-670"},"PeriodicalIF":6.5,"publicationDate":"2024-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573253","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-04-03DOI: 10.1109/TCC.2024.3384514
Olivier Brun;Rachid El-Azouzi;Quang-Trung Luu;Francesco De Pellegrini;Balakrishna J. Prabhu;Cédric Richier
Datacenter networks commonly facilitate the transmission of data in distributed computing frameworks through coflows, which are collections of parallel flows associated with a common task. Most of the existing research has concentrated on scheduling coflows to minimize the time required for their completion, i.e., to optimize the average dispatch rate of coflows in the network fabric. Nevertheless, modern applications often produce coflows that are specifically intended for online services and mission-crucial computational tasks, necessitating adherence to specific deadlines for their completion. In this paper, we introduce �$mathtt {WDCoflow}$�, a new algorithm to maximize the weighted number of coflows that complete before their deadline. By combining a dynamic programming algorithm along with parallel inequalities, our heuristic solution performs at once coflow admission control and coflow prioritization, imposing a �$sigma$�-order on the set of coflows. With extensive simulation, we demonstrate the effectiveness of our algorithm in improving up to �$3times$� more coflows that meet their deadline in comparison the best SoA solution, namely �$mathtt {CStext{-}MHA}$�. Furthermore, when weights are used to differentiate coflow classes, �$mathtt {WDCoflow}$� is able to improve the admission per class up to �$4times$�, while increasing the average weighted coflow admission rate.
{"title":"Weighted Scheduling of Time-Sensitive Coflows","authors":"Olivier Brun;Rachid El-Azouzi;Quang-Trung Luu;Francesco De Pellegrini;Balakrishna J. Prabhu;Cédric Richier","doi":"10.1109/TCC.2024.3384514","DOIUrl":"10.1109/TCC.2024.3384514","url":null,"abstract":"Datacenter networks commonly facilitate the transmission of data in distributed computing frameworks through coflows, which are collections of parallel flows associated with a common task. Most of the existing research has concentrated on scheduling coflows to minimize the time required for their completion, i.e., to optimize the average dispatch rate of coflows in the network fabric. Nevertheless, modern applications often produce coflows that are specifically intended for online services and mission-crucial computational tasks, necessitating adherence to specific deadlines for their completion. In this paper, we introduce \u0000<inline-formula><tex-math>$mathtt {WDCoflow}$</tex-math></inline-formula>\u0000, a new algorithm to maximize the weighted number of coflows that complete before their deadline. By combining a dynamic programming algorithm along with parallel inequalities, our heuristic solution performs at once coflow admission control and coflow prioritization, imposing a \u0000<inline-formula><tex-math>$sigma$</tex-math></inline-formula>\u0000-order on the set of coflows. With extensive simulation, we demonstrate the effectiveness of our algorithm in improving up to \u0000<inline-formula><tex-math>$3times$</tex-math></inline-formula>\u0000 more coflows that meet their deadline in comparison the best SoA solution, namely \u0000<inline-formula><tex-math>$mathtt {CStext{-}MHA}$</tex-math></inline-formula>\u0000. Furthermore, when weights are used to differentiate coflow classes, \u0000<inline-formula><tex-math>$mathtt {WDCoflow}$</tex-math></inline-formula>\u0000 is able to improve the admission per class up to \u0000<inline-formula><tex-math>$4times$</tex-math></inline-formula>\u0000, while increasing the average weighted coflow admission rate.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"644-658"},"PeriodicalIF":6.5,"publicationDate":"2024-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-04-01DOI: 10.1109/TCC.2024.3383661
Yang Shi;Yimin Li;Tianyuan Luo;Xiong Jiang;Bowen Du;Hongfei Fan
In cloud computing environments, virtual machines (VMs) running on cloud servers are vulnerable to shared cache attacks, such as Spectre and Foreshadow. By exploiting memory sharing among VMs, these attacks can compromise cryptographic keys in software modules. Program obfuscation serves as a promising countermeasure against key compromises by transforming a program into an unintelligent form while preserving its functionality. Unfortunately, for certain cryptographic algorithms such as the digital signature schemes, it is extremely difficult to construct provably secure obfuscators using traditional obfuscation approaches. To address such a challenge, this study proposes a novel approach to construct obfuscators for cryptographic algorithms named space-hard obfuscation, which can mitigate the threats from adversaries with the capability of acquiring a limited size of memory in shared cache attacks. Considering the extensive use of the Elliptic Curve Digital Signature Algorithm (ECDSA) in cloud-based Blockchain-as-a-Service (BaaS) and its potential vulnerability to shared cache attacks, we construct an exemplary scheme with provable security using space-hard obfuscation for ECDSA. Experimental results have demonstrated the scheme's high efficiency on cloud servers, as well as its successful integration with Hyperledger Fabric and Ethereum, two widely used blockchain systems.
{"title":"Space-Hard Obfuscation Against Shared Cache Attacks and its Application in Securing ECDSA for Cloud-Based Blockchains","authors":"Yang Shi;Yimin Li;Tianyuan Luo;Xiong Jiang;Bowen Du;Hongfei Fan","doi":"10.1109/TCC.2024.3383661","DOIUrl":"10.1109/TCC.2024.3383661","url":null,"abstract":"In cloud computing environments, virtual machines (VMs) running on cloud servers are vulnerable to shared cache attacks, such as Spectre and Foreshadow. By exploiting memory sharing among VMs, these attacks can compromise cryptographic keys in software modules. Program obfuscation serves as a promising countermeasure against key compromises by transforming a program into an unintelligent form while preserving its functionality. Unfortunately, for certain cryptographic algorithms such as the digital signature schemes, it is extremely difficult to construct provably secure obfuscators using traditional obfuscation approaches. To address such a challenge, this study proposes a novel approach to construct obfuscators for cryptographic algorithms named space-hard obfuscation, which can mitigate the threats from adversaries with the capability of acquiring a limited size of memory in shared cache attacks. Considering the extensive use of the Elliptic Curve Digital Signature Algorithm (ECDSA) in cloud-based Blockchain-as-a-Service (BaaS) and its potential vulnerability to shared cache attacks, we construct an exemplary scheme with provable security using space-hard obfuscation for ECDSA. Experimental results have demonstrated the scheme's high efficiency on cloud servers, as well as its successful integration with Hyperledger Fabric and Ethereum, two widely used blockchain systems.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"625-643"},"PeriodicalIF":6.5,"publicationDate":"2024-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-03-31DOI: 10.1109/TCC.2024.3408006
Kaige Zhu;Zhenjiang Zhang;Sherali Zeadally;Feng Sun
The widespread deployment of intelligent Internet of Things (IoT) devices brings tighter latency demands on complex workload patterns such as workflows. In such applications, tremendous dataflows are generated and processed in accordance with specific service chains. Edge computing has proven its feasibility in reducing the traffic in the core network and relieving cloud datacenters of fragmented computational demands. However, the efficient scheduling of workflows in hybrid edge–cloud networks is still challenging for the intelligent IoT paradigm. Existing works make dispatching decisions prior to real execution, making it difficult to cope with the dynamicity of the environment. Consequently, the schedulers are affected both by the scheduling strategy and by the mutual impact of dynamic workloads. We design an intelligent workflow scheduler for use in an edge–cloud network where workloads are generated with continuous steady arrivals. We develop new graph neural network (GNN)-based representations for task embedding and we design a proximal policy optimization (PPO)-based online learning scheduler. We further introduce an intrinsic reward to obtain an instantaneous evaluation of the dispatching decision and correct the scheduling policy on-the-fly. Numerical results validate the feasibility of our proposal as it outperforms existing works with an improved quality of service (QoS) level.
{"title":"Learning to Optimize Workflow Scheduling for an Edge–Cloud Computing Environment","authors":"Kaige Zhu;Zhenjiang Zhang;Sherali Zeadally;Feng Sun","doi":"10.1109/TCC.2024.3408006","DOIUrl":"10.1109/TCC.2024.3408006","url":null,"abstract":"The widespread deployment of intelligent Internet of Things (IoT) devices brings tighter latency demands on complex workload patterns such as workflows. In such applications, tremendous dataflows are generated and processed in accordance with specific service chains. Edge computing has proven its feasibility in reducing the traffic in the core network and relieving cloud datacenters of fragmented computational demands. However, the efficient scheduling of workflows in hybrid edge–cloud networks is still challenging for the intelligent IoT paradigm. Existing works make dispatching decisions prior to real execution, making it difficult to cope with the dynamicity of the environment. Consequently, the schedulers are affected both by the scheduling strategy and by the mutual impact of dynamic workloads. We design an intelligent workflow scheduler for use in an edge–cloud network where workloads are generated with continuous steady arrivals. We develop new graph neural network (GNN)-based representations for task embedding and we design a proximal policy optimization (PPO)-based online learning scheduler. We further introduce an intrinsic reward to obtain an instantaneous evaluation of the dispatching decision and correct the scheduling policy on-the-fly. Numerical results validate the feasibility of our proposal as it outperforms existing works with an improved quality of service (QoS) level.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 3","pages":"897-912"},"PeriodicalIF":5.3,"publicationDate":"2024-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141192519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-03-28DOI: 10.1109/TCC.2024.3406509
Changbo Ke;Fu Xiao;Yan Cao;Zhiqiu Huang
With the development of the smart traffic, the traditional vehicular Ad hoc Networks (VANETs) and Traffic Estimation and Prediction System (TrEPS) do not satisfy the growing safety requirement, due to the network delay, transmit price and privacy security. In this paper, we propose a group-vehicles oriented reputation assessment scheme for edge VANETs. Firstly, based on edge computing, we build a reputation assessment framework for Group-Vehicles, to validate the correctness of message for other vehicles rapidly. Secondly, through filtering the malicious feedback and faulty message, our scheme can effectively defend against the Bad-mouth attack and Zigzag attack to assure the security of VANETs. Thirdly, the message isolation is implemented by the group-vehicles management, to enhance the privacy security of scheme. In the end, we validate the effectiveness of our scheme through experiments. In other words, even though the proportion of Bad-mouth attack vehicles is about 40%, the precision is 92.12%, and the recall is 88.25%. Also, the proportion of Zigzag attack vehicles is about 40%, the precision is 88.52%, and the recall is 86.75%.
随着智能交通的发展,传统的车载 Ad hoc 网络(VANET)和交通估计与预测系统(TrEPS)由于网络延迟、传输价格和隐私安全等问题,已经不能满足日益增长的安全需求。本文提出了一种面向边缘 VANET 的群车信誉评估方案。首先,基于边缘计算,我们构建了一个群车信誉评估框架,以快速验证其他车辆信息的正确性。其次,通过过滤恶意反馈和错误信息,我们的方案可以有效抵御Bad-mouth攻击和Zigzag攻击,确保VANET的安全性。第三,通过群车管理实现信息隔离,增强方案的隐私安全性。最后,我们通过实验验证了方案的有效性。换句话说,即使坏口攻击车辆的比例约为 40%,精确度也达到了 92.12%,召回率为 88.25%。此外,"之 "字形攻击车辆的比例约为 40%,精确度为 88.52%,召回率为 86.75%。
{"title":"A Group-Vehicles Oriented Reputation Assessment Scheme for Edge VANETs","authors":"Changbo Ke;Fu Xiao;Yan Cao;Zhiqiu Huang","doi":"10.1109/TCC.2024.3406509","DOIUrl":"10.1109/TCC.2024.3406509","url":null,"abstract":"With the development of the smart traffic, the traditional vehicular Ad hoc Networks (VANETs) and Traffic Estimation and Prediction System (TrEPS) do not satisfy the growing safety requirement, due to the network delay, transmit price and privacy security. In this paper, we propose a group-vehicles oriented reputation assessment scheme for edge VANETs. Firstly, based on edge computing, we build a reputation assessment framework for Group-Vehicles, to validate the correctness of message for other vehicles rapidly. Secondly, through filtering the malicious feedback and faulty message, our scheme can effectively defend against the Bad-mouth attack and Zigzag attack to assure the security of VANETs. Thirdly, the message isolation is implemented by the group-vehicles management, to enhance the privacy security of scheme. In the end, we validate the effectiveness of our scheme through experiments. In other words, even though the proportion of Bad-mouth attack vehicles is about 40%, the precision is 92.12%, and the recall is 88.25%. Also, the proportion of Zigzag attack vehicles is about 40%, the precision is 88.52%, and the recall is 86.75%.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 3","pages":"859-875"},"PeriodicalIF":5.3,"publicationDate":"2024-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141192514","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: