Pub Date : 2024-03-02DOI: 10.1109/TCC.2024.3393735
Yuchao Zhang;Haoqiang Huang;Ahmed M. Abdelmoniem;Gaoxiong Zeng;Chenyue Zheng;Xirong Que;Wendong Wang;Ke Xu
Due to the fast developments of 5G and IoT technologies, Inter-Datacenter (Inter-DC) networks are facing unprecedented pressure to duplicate large volumes of geographically distributed user data in a real-time manner. Meanwhile, with the expansion of Inter-DC networks scale, link/node failures also become increasingly frequent, negatively affecting the data transmission efficiency. Therefore, link failure recovery methods become of utmost importance. Many works investigated fast failure recovery, yet none of them consider the deployment overhead of such recovery schemes. While in this article, we found that the side-effect of deploying recovery strategies and the future availability of the recovered transmissions are also crucial for fast recovery. So we propose a fast and low-redundancy failure recovery framework, FLAIR, which consists of a fast recovery strategy FRAVaR and a redundancy removal algorithm ROSE. FRAVaR takes full consideration of deployment overhead by minimizing shuffle traffic. On its base, ROSE regularly eliminates the cumulative rerouting redundancy by removing unnecessary routing updates. The experiment results on 4 realistic network topologies show that FLAIR successfully reduces up to 48.2% deployment overhead compared with the state-of-the-art solutions, and thus reduces up to 70.2% recovery speed and improves up to 36% network utilization.
{"title":"FLAIR: A Fast and Low-Redundancy Failure Recovery Framework for Inter Data Center Network","authors":"Yuchao Zhang;Haoqiang Huang;Ahmed M. Abdelmoniem;Gaoxiong Zeng;Chenyue Zheng;Xirong Que;Wendong Wang;Ke Xu","doi":"10.1109/TCC.2024.3393735","DOIUrl":"10.1109/TCC.2024.3393735","url":null,"abstract":"Due to the fast developments of 5G and IoT technologies, Inter-Datacenter (Inter-DC) networks are facing unprecedented pressure to duplicate large volumes of geographically distributed user data in a real-time manner. Meanwhile, with the expansion of Inter-DC networks scale, link/node failures also become increasingly frequent, negatively affecting the data transmission efficiency. Therefore, link failure recovery methods become of utmost importance. Many works investigated fast failure recovery, yet none of them consider the deployment overhead of such recovery schemes. While in this article, we found that the side-effect of deploying recovery strategies and the future availability of the recovered transmissions are also crucial for fast recovery. So we propose a fast and low-redundancy failure recovery framework, FLAIR, which consists of a fast recovery strategy FRAVaR and a redundancy removal algorithm ROSE. FRAVaR takes full consideration of deployment overhead by minimizing shuffle traffic. On its base, ROSE regularly eliminates the cumulative rerouting redundancy by removing unnecessary routing updates. The experiment results on 4 realistic network topologies show that FLAIR successfully reduces up to 48.2% deployment overhead compared with the state-of-the-art solutions, and thus reduces up to 70.2% recovery speed and improves up to 36% network utilization.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"737-749"},"PeriodicalIF":6.5,"publicationDate":"2024-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140836776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-03-01DOI: 10.1109/TCC.2024.3372370
Bishakh Chandra Ghosh;Sandip Chakraborty
Multi-cloud environments such as OnApp and Cloudflare have turned the cloud marketplace towards a new horizon where end-users can host applications transparently over different cloud service providers (CSPs) simultaneously by taking the best from each. Existing cloud federations are typically driven by a broker service which provides a trusted interface allowing the participant CSPs and end-users to coordinate. However, such a broker has the limitations of any centralized trusted authority like risk of manipulation, bias, censorship, single point of failure, etc. In this paper, we propose a decentralized trustless cloud federation architecture called �CollabCloud� which eliminates any central mediator while addressing the challenges introduced by byzantine participants. �CollabCloud� utilizes blockchain, and introduces a novel interoperability protocol bridging a permissionless blockchain as an open interface for the end-users, and a permissioned blockchain as a coordination platform for the CSPs. We have implemented �CollabCloud� with Ethereum, Hyperledger Fabric and Burrow platforms. Experiments with a proof-of-concept testbed emulating 3 CSPs show that �CollabCloud� can operate within an acceptable response latency for resource allocation, while scaling upto 64 parallel requests per second. Scalability analysis over Mininet emulation platform indicates that the platform can scale well with minimal impact on the response latency as the number of participating CSPs increases.
{"title":"Trustless Collaborative Cloud Federation","authors":"Bishakh Chandra Ghosh;Sandip Chakraborty","doi":"10.1109/TCC.2024.3372370","DOIUrl":"10.1109/TCC.2024.3372370","url":null,"abstract":"Multi-cloud environments such as OnApp and Cloudflare have turned the cloud marketplace towards a new horizon where end-users can host applications transparently over different cloud service providers (CSPs) simultaneously by taking the best from each. Existing cloud federations are typically driven by a broker service which provides a trusted interface allowing the participant CSPs and end-users to coordinate. However, such a broker has the limitations of any centralized trusted authority like risk of manipulation, bias, censorship, single point of failure, etc. In this paper, we propose a decentralized trustless cloud federation architecture called \u0000<italic>CollabCloud</i>\u0000 which eliminates any central mediator while addressing the challenges introduced by byzantine participants. \u0000<italic>CollabCloud</i>\u0000 utilizes blockchain, and introduces a novel interoperability protocol bridging a permissionless blockchain as an open interface for the end-users, and a permissioned blockchain as a coordination platform for the CSPs. We have implemented \u0000<italic>CollabCloud</i>\u0000 with Ethereum, Hyperledger Fabric and Burrow platforms. Experiments with a proof-of-concept testbed emulating 3 CSPs show that \u0000<italic>CollabCloud</i>\u0000 can operate within an acceptable response latency for resource allocation, while scaling upto 64 parallel requests per second. Scalability analysis over Mininet emulation platform indicates that the platform can scale well with minimal impact on the response latency as the number of participating CSPs increases.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"476-490"},"PeriodicalIF":6.5,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140018441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-02-28DOI: 10.1109/TCC.2024.3370909
Xinglin Zhang;Zhongling Wang;Fengsen Tian;Zheng Yang
Mobile edge computing (MEC) brings abundant computing resources to the edge networks, which supports users in offloading their tasks to the edge instead of the cloud, thereby reducing service delay and improving users’ quality of experience. In this article, we consider a three-tier multi-user multi-task offloading model, which contains multiple users with each user possessing multiple tasks, multiple base stations (BSs) with edge servers and a remote cloud. Taking into account the selfishness of individuals in the MEC system, we respectively formulate optimization problems for users, BSs and the cloud. Users aim to make their offloading strategies to minimize their respective costs, while BSs and the cloud aim to make their computation resource allocation decisions to minimize their respective task completion delays. We model the interaction among these selfish individuals based on Stackelberg game, where users act as leaders and BSs and the cloud act as followers. By using backward induction, we prove the existence of Stackelberg Equilibrium (SE). We further propose a distributed algorithm that enables the system to reach the SE, which includes three user selection strategies for the BSs. The numerical results demonstrate the superiority of the proposed scheme compared with several approaches.
{"title":"Stackelberg-Game-Based Multi-User Multi-Task Offloading in Mobile Edge Computing","authors":"Xinglin Zhang;Zhongling Wang;Fengsen Tian;Zheng Yang","doi":"10.1109/TCC.2024.3370909","DOIUrl":"10.1109/TCC.2024.3370909","url":null,"abstract":"Mobile edge computing (MEC) brings abundant computing resources to the edge networks, which supports users in offloading their tasks to the edge instead of the cloud, thereby reducing service delay and improving users’ quality of experience. In this article, we consider a three-tier multi-user multi-task offloading model, which contains multiple users with each user possessing multiple tasks, multiple base stations (BSs) with edge servers and a remote cloud. Taking into account the selfishness of individuals in the MEC system, we respectively formulate optimization problems for users, BSs and the cloud. Users aim to make their offloading strategies to minimize their respective costs, while BSs and the cloud aim to make their computation resource allocation decisions to minimize their respective task completion delays. We model the interaction among these selfish individuals based on Stackelberg game, where users act as leaders and BSs and the cloud act as followers. By using backward induction, we prove the existence of Stackelberg Equilibrium (SE). We further propose a distributed algorithm that enables the system to reach the SE, which includes three user selection strategies for the BSs. The numerical results demonstrate the superiority of the proposed scheme compared with several approaches.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"459-475"},"PeriodicalIF":6.5,"publicationDate":"2024-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140001458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-02-28DOI: 10.1109/TCC.2024.3370834
Jin Wang;Wei Jiang;Jingya Zhou;Zhaobo Lu;Kejie Lu;Jianping Wang
In recent years, �Coded Edge Computing� (CEC) has been greatly studied as a promising technology to effectively mitigate the impact of stragglers and provide confidentiality in edge collaborative computing. It is crucial to verify the correctness of both intermediate results and the final result especially in untrustable and unreliable edge computing scenarios. However, the existing works on verification in CEC always verify and directly discard the whole incorrect intermediate results. In this paper, we propose the �Partial Decode and Compare� (PDC) verification scheme, which can fully utilize the correct part in the incorrect intermediate results to reduce the complexity and tolerate more abnormal edge devices. The PDC verification scheme consists of two parts: �Final Result Verification� (FRV) and �Abnormal Edge Device Identification� (AEDI). By deeply analyzing the decoding impact of the intermediate results on the final result, the PDC verification scheme divides the intermediate results and final results into �subresult vectors�. It decodes, compares, and verifies the final result in units of subresult vectors. In this way, the obtained parts which verified to be correct do not need to participate in the following verification. Therefore, it can significantly reduce the verification overhead including both the number of required decoding rounds and the complexity of each decoding round. Based on the correct final result verified by the PDC verification scheme, we also propose an �Abnormal Edge Devices Identification� scheme to identify all abnormal edge devices that return incorrect intermediate results. We then present extensive theoretical analyses and simulation experiments of the PDC verification scheme, which demonstrates that the PDC verification scheme can tolerate a higher ratio of incorrect intermediate results and achieve lower verification overhead than the state-of-the-art verification works. Therefore, the proposed PDC verification scheme enables CEC to provide reliable services in unstable and unreliable edge computing scenarios.
{"title":"Partial Decode and Compare: An Efficient Verification Scheme for Coded Edge Computing","authors":"Jin Wang;Wei Jiang;Jingya Zhou;Zhaobo Lu;Kejie Lu;Jianping Wang","doi":"10.1109/TCC.2024.3370834","DOIUrl":"10.1109/TCC.2024.3370834","url":null,"abstract":"In recent years, \u0000<italic>Coded Edge Computing</i>\u0000 (CEC) has been greatly studied as a promising technology to effectively mitigate the impact of stragglers and provide confidentiality in edge collaborative computing. It is crucial to verify the correctness of both intermediate results and the final result especially in untrustable and unreliable edge computing scenarios. However, the existing works on verification in CEC always verify and directly discard the whole incorrect intermediate results. In this paper, we propose the \u0000<italic>Partial Decode and Compare</i>\u0000 (PDC) verification scheme, which can fully utilize the correct part in the incorrect intermediate results to reduce the complexity and tolerate more abnormal edge devices. The PDC verification scheme consists of two parts: \u0000<italic>Final Result Verification</i>\u0000 (FRV) and \u0000<italic>Abnormal Edge Device Identification</i>\u0000 (AEDI). By deeply analyzing the decoding impact of the intermediate results on the final result, the PDC verification scheme divides the intermediate results and final results into \u0000<italic>subresult vectors</i>\u0000. It decodes, compares, and verifies the final result in units of subresult vectors. In this way, the obtained parts which verified to be correct do not need to participate in the following verification. Therefore, it can significantly reduce the verification overhead including both the number of required decoding rounds and the complexity of each decoding round. Based on the correct final result verified by the PDC verification scheme, we also propose an \u0000<italic>Abnormal Edge Devices Identification</i>\u0000 scheme to identify all abnormal edge devices that return incorrect intermediate results. We then present extensive theoretical analyses and simulation experiments of the PDC verification scheme, which demonstrates that the PDC verification scheme can tolerate a higher ratio of incorrect intermediate results and achieve lower verification overhead than the state-of-the-art verification works. Therefore, the proposed PDC verification scheme enables CEC to provide reliable services in unstable and unreliable edge computing scenarios.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"431-445"},"PeriodicalIF":6.5,"publicationDate":"2024-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140001397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-02-28DOI: 10.1109/TCC.2024.3370688
Yufei Kang;Baochun Li
Federated learning has garnered significant research attention as a privacy-preserving learning paradigm. Asynchronous federated learning has been proposed to improve scalability by accommodating slower clients, commonly referred to as stragglers. However, asynchronous federated learning suffers from slow convergence with respect to wall-clock time, due to the existence of data heterogeneity and staleness. Existing strategies struggled to tackle both difficulties for a wide range of deep learning models. To address the problem, we propose �Polaris�, a theoretically sound design and a new take to client selection for asynchronous federated learning. With �Polaris�, we first theoretically investigated the design space of client sampling strategies from a geometric optimization perspective, taking both data heterogeneity and staleness into account. Our design is not only theoretically proven, but also thoroughly tested in our reproducible experimental open-source testbed. Our experimental results demonstrates overwhelming evidence that �Polaris� outperformed existing state-of-the-art client selection strategies by a substantial margin over a wide variety of tasks and datasets, as we train image classification models using �CIFAR-10�, �CIFAR-100�, �CINIC-10�, �Federated EMNIST�, and a language modeling model using the �Tiny Shakespeare� dataset. Further, our extensive array of ablation studies have also shown that �Polaris� is both scalable and robust as the size of datasets scale up and data heterogeneity vary.
{"title":"Polaris: Accelerating Asynchronous Federated Learning With Client Selection","authors":"Yufei Kang;Baochun Li","doi":"10.1109/TCC.2024.3370688","DOIUrl":"10.1109/TCC.2024.3370688","url":null,"abstract":"Federated learning has garnered significant research attention as a privacy-preserving learning paradigm. Asynchronous federated learning has been proposed to improve scalability by accommodating slower clients, commonly referred to as stragglers. However, asynchronous federated learning suffers from slow convergence with respect to wall-clock time, due to the existence of data heterogeneity and staleness. Existing strategies struggled to tackle both difficulties for a wide range of deep learning models. To address the problem, we propose \u0000<italic>Polaris</i>\u0000, a theoretically sound design and a new take to client selection for asynchronous federated learning. With \u0000<italic>Polaris</i>\u0000, we first theoretically investigated the design space of client sampling strategies from a geometric optimization perspective, taking both data heterogeneity and staleness into account. Our design is not only theoretically proven, but also thoroughly tested in our reproducible experimental open-source testbed. Our experimental results demonstrates overwhelming evidence that \u0000<italic>Polaris</i>\u0000 outperformed existing state-of-the-art client selection strategies by a substantial margin over a wide variety of tasks and datasets, as we train image classification models using \u0000<monospace>CIFAR-10</monospace>\u0000, \u0000<monospace>CIFAR-100</monospace>\u0000, \u0000<monospace>CINIC-10</monospace>\u0000, \u0000<monospace>Federated EMNIST</monospace>\u0000, and a language modeling model using the \u0000<monospace>Tiny Shakespeare</monospace>\u0000 dataset. Further, our extensive array of ablation studies have also shown that \u0000<italic>Polaris</i>\u0000 is both scalable and robust as the size of datasets scale up and data heterogeneity vary.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"446-458"},"PeriodicalIF":6.5,"publicationDate":"2024-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140001473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-02-22DOI: 10.1109/TCC.2024.3362355
Ping Zhao;Ziyi Yang;Guanglin Zhang
In Mobile Edge Computing (MEC), the collaboration between end devices and servers guarantees the low-latency and high-accuracy video stream analysis. However, such paradigm of video stream offloading poses a serious threat to the location privacy and the usage pattern privacy of end devices. The existing works offer strict privacy guarantee for users, but they do not take the features of video stream into consideration, thus leading to the relatively higher computation cost. To tackle this issue, we propose a personalized and differential privacy-aware video stream offloading scheme that supports users personalized and time-varying privacy requirements, provides corresponding differential privacy preservation, and generates minimal latency and energy cost. Specifically, we formulate an NP-hard optimization that jointly optimizes the video frame rate, frame resolution and offloading ratio to maximize the analysis accuracy of video stream and minimize the energy cost and the latency subject to the channel bandwidth, computing resources, and personalized and time-varying privacy requirements. Then, we design a online learning-based and personalized privacy-aware video stream offloading algorithm for the optimization problem and thereby obtain the optimal video stream offloading scheme. Last, the extensive experimental results validate the superior performance of the proposed scheme, compared to the three latest existing works.
{"title":"Personalized and Differential Privacy-Aware Video Stream Offloading in Mobile Edge Computing","authors":"Ping Zhao;Ziyi Yang;Guanglin Zhang","doi":"10.1109/TCC.2024.3362355","DOIUrl":"10.1109/TCC.2024.3362355","url":null,"abstract":"In Mobile Edge Computing (MEC), the collaboration between end devices and servers guarantees the low-latency and high-accuracy video stream analysis. However, such paradigm of video stream offloading poses a serious threat to the location privacy and the usage pattern privacy of end devices. The existing works offer strict privacy guarantee for users, but they do not take the features of video stream into consideration, thus leading to the relatively higher computation cost. To tackle this issue, we propose a personalized and differential privacy-aware video stream offloading scheme that supports users personalized and time-varying privacy requirements, provides corresponding differential privacy preservation, and generates minimal latency and energy cost. Specifically, we formulate an NP-hard optimization that jointly optimizes the video frame rate, frame resolution and offloading ratio to maximize the analysis accuracy of video stream and minimize the energy cost and the latency subject to the channel bandwidth, computing resources, and personalized and time-varying privacy requirements. Then, we design a online learning-based and personalized privacy-aware video stream offloading algorithm for the optimization problem and thereby obtain the optimal video stream offloading scheme. Last, the extensive experimental results validate the superior performance of the proposed scheme, compared to the three latest existing works.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 1","pages":"347-358"},"PeriodicalIF":6.5,"publicationDate":"2024-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139951365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-02-16DOI: 10.1109/TCC.2024.3366534
Zhaoyi Li;Jiawei Huang;Shiqi Wang;Wenjun Lyu;Jianxin Wang
Multi-path Transmission Control Protocol (MPTCP) has shown great potential in improving network bandwidth and robustness by utilizing multiple subflows in data center networks (DCNs). However, the delay and loss heterogeneities of multiple paths potentially cause packet reordering, resulting in the ACK blocking and increased latency. Recent coding-based solutions use forward error correction (FEC) to mitigate path heterogeneity with redundant encoded packets. However, current FEC-based solutions work at the subflow level, that is, each subflow independently generates redundant encoded packets. This intra-subflow coding, however, does not leverage the path diversity, easily suffering from long tail latency. In this article, we propose a new MPTCP based on cyclic matrix coding, called as CM-MPTCP, which encodes packets inter subflow to leverage the path diversity. Specifically, to let good paths help bad ones, the good paths deliver more redundant packets encoded based on cyclic matrix, which gives more coding opportunities to packets on bad paths, thus achieving high packet decoding ratio at the receiver side. The results of large-scale NS2 simulations show that CM-MPTCP effectively mitigates the ACK blocking and reduces the average flow completion time (AFCT) by about �$45% sim 70%$� under a wide variety of network conditions compared with the state-of-the-art coding-based MPTCPs.
{"title":"Cyclic Matrix Coding to Mitigate ACK Blocking of MPTCP in Data Center Networks","authors":"Zhaoyi Li;Jiawei Huang;Shiqi Wang;Wenjun Lyu;Jianxin Wang","doi":"10.1109/TCC.2024.3366534","DOIUrl":"10.1109/TCC.2024.3366534","url":null,"abstract":"Multi-path Transmission Control Protocol (MPTCP) has shown great potential in improving network bandwidth and robustness by utilizing multiple subflows in data center networks (DCNs). However, the delay and loss heterogeneities of multiple paths potentially cause packet reordering, resulting in the ACK blocking and increased latency. Recent coding-based solutions use forward error correction (FEC) to mitigate path heterogeneity with redundant encoded packets. However, current FEC-based solutions work at the subflow level, that is, each subflow independently generates redundant encoded packets. This intra-subflow coding, however, does not leverage the path diversity, easily suffering from long tail latency. In this article, we propose a new MPTCP based on cyclic matrix coding, called as CM-MPTCP, which encodes packets inter subflow to leverage the path diversity. Specifically, to let good paths help bad ones, the good paths deliver more redundant packets encoded based on cyclic matrix, which gives more coding opportunities to packets on bad paths, thus achieving high packet decoding ratio at the receiver side. The results of large-scale NS2 simulations show that CM-MPTCP effectively mitigates the ACK blocking and reduces the average flow completion time (AFCT) by about \u0000<inline-formula><tex-math>$45% sim 70%$</tex-math></inline-formula>\u0000 under a wide variety of network conditions compared with the state-of-the-art coding-based MPTCPs.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"419-430"},"PeriodicalIF":6.5,"publicationDate":"2024-02-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139951364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-02-15DOI: 10.1109/TCC.2024.3366435
Yang Ming;Hang Liu;Chenhao Wang;Yi Zhao
The Snowden incident illustrates that an adversary may launch an algorithm substitution attack (ASA) by tampering with the algorithms of protocol participants to obtain users’ secret information. A measure against ASA is to equip the protocol participants with cryptographic reverse firewalls (CRF). Public key encryption with keyword search (PEKS) as a cryptographic primitive allows users to search encrypted file in cloud servers while ensuring the security of the original file. The existing CRF constructions for PEKS does not consider the trust level of CRFs, leaving honest-but-curious CRF to deal with trapdoors that should be sent in the secure channels, which brings new security risks. This article first introduces the notion of malleable designated tester public key encryption with keyword search (M-DPEKS). Based on M-DPEKS, we propose the generic construction of public key encryption with keyword search with cryptographic reverse firewalls to overcome the privacy leakage issue in cloud storage. Security proof indicates the generic construction is secure against ASA. Lastly, we instantiate the generic construction with a concrete M-DPEKS scheme and analyze the computation cost and communication overhead to evaluate the efficiency.
{"title":"Generic Construction: Cryptographic Reverse Firewalls for Public Key Encryption With Keyword Search in Cloud Storage","authors":"Yang Ming;Hang Liu;Chenhao Wang;Yi Zhao","doi":"10.1109/TCC.2024.3366435","DOIUrl":"10.1109/TCC.2024.3366435","url":null,"abstract":"The Snowden incident illustrates that an adversary may launch an algorithm substitution attack (ASA) by tampering with the algorithms of protocol participants to obtain users’ secret information. A measure against ASA is to equip the protocol participants with cryptographic reverse firewalls (CRF). Public key encryption with keyword search (PEKS) as a cryptographic primitive allows users to search encrypted file in cloud servers while ensuring the security of the original file. The existing CRF constructions for PEKS does not consider the trust level of CRFs, leaving honest-but-curious CRF to deal with trapdoors that should be sent in the secure channels, which brings new security risks. This article first introduces the notion of malleable designated tester public key encryption with keyword search (M-DPEKS). Based on M-DPEKS, we propose the generic construction of public key encryption with keyword search with cryptographic reverse firewalls to overcome the privacy leakage issue in cloud storage. Security proof indicates the generic construction is secure against ASA. Lastly, we instantiate the generic construction with a concrete M-DPEKS scheme and analyze the computation cost and communication overhead to evaluate the efficiency.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"405-418"},"PeriodicalIF":6.5,"publicationDate":"2024-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139951358","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-02-13DOI: 10.1109/TCC.2024.3365075
Zhaoyi Li;Jiawei Huang;Shiqi Wang;Jianxin Wang
Remote Direct Memory Access (RDMA) achieves ultra-low latency, high throughput and low CPU overhead in data center by implementing the transport logic in hardware network interface card (NIC). However, RDMA faces new challenges in the heterogeneous multipath environment as it is very sensitive to packet reordering. When some packets are blocked in slow paths, the other packets delivered through fast paths have to be buffered at the receiver's NIC, consuming the limited on-chip memory resources. In this paper, we propose a new RDMA-based multipath transmission scheme with advanced fast retransmission called as AFR-MPRDMA. Specifically, once detecting congestion at the slow path, the sender will retransmit the blocked packets on other fast paths to speed up the transmission of blocked packets. Moreover, the receiver dynamically adjusts the buffer size for the out-of-order packets to avoid either unnecessary retransmission or long latency. The results of large-scale tests show that AFR-MPRDMA effectively mitigates packets blocking issue and reduces average flow completion time (AFCT) by up to 61% compared with the state-of-the-art RDMA-based schemes.
{"title":"Achieving Low Latency for Multipath Transmission in RDMA Based Data Center Network","authors":"Zhaoyi Li;Jiawei Huang;Shiqi Wang;Jianxin Wang","doi":"10.1109/TCC.2024.3365075","DOIUrl":"10.1109/TCC.2024.3365075","url":null,"abstract":"Remote Direct Memory Access (RDMA) achieves ultra-low latency, high throughput and low CPU overhead in data center by implementing the transport logic in hardware network interface card (NIC). However, RDMA faces new challenges in the heterogeneous multipath environment as it is very sensitive to packet reordering. When some packets are blocked in slow paths, the other packets delivered through fast paths have to be buffered at the receiver's NIC, consuming the limited on-chip memory resources. In this paper, we propose a new RDMA-based multipath transmission scheme with advanced fast retransmission called as AFR-MPRDMA. Specifically, once detecting congestion at the slow path, the sender will retransmit the blocked packets on other fast paths to speed up the transmission of blocked packets. Moreover, the receiver dynamically adjusts the buffer size for the out-of-order packets to avoid either unnecessary retransmission or long latency. The results of large-scale tests show that AFR-MPRDMA effectively mitigates packets blocking issue and reduces average flow completion time (AFCT) by up to 61% compared with the state-of-the-art RDMA-based schemes.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 1","pages":"337-346"},"PeriodicalIF":6.5,"publicationDate":"2024-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139951370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-02-13DOI: 10.1109/TCC.2024.3365736
Salman Manzoor;Antonios Gouglidis;Matthew Bradbury;Neeraj Suri
Most Threat Analysis (TA) techniques analyze threats to targeted assets (e.g., components, services) by considering static interconnections among them. However, in dynamic environments, e.g., the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to its users. Existing TA techniques are not capable of addressing such requirements. Moreover, complex multi-layer/multi-asset attacks on Cloud systems are increasing, e.g., the Equifax data breach; thus, TA approaches must be able to analyze them. This article proposes ThreatPro, which supports dynamic interconnections and analysis of multi-layer attacks in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, representing the Cloud's functionality through conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life cycle of a Virtual Machine. ThreatPro contributes to (1) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (2) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database, we validate ThreatPro's capabilities, i.e., identify and trace actual Cloud attacks and speculatively postulate alternate potential attack paths.
{"title":"Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments","authors":"Salman Manzoor;Antonios Gouglidis;Matthew Bradbury;Neeraj Suri","doi":"10.1109/TCC.2024.3365736","DOIUrl":"10.1109/TCC.2024.3365736","url":null,"abstract":"Most Threat Analysis (TA) techniques analyze threats to targeted assets (e.g., components, services) by considering static interconnections among them. However, in dynamic environments, e.g., the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to its users. Existing TA techniques are not capable of addressing such requirements. Moreover, complex multi-layer/multi-asset attacks on Cloud systems are increasing, e.g., the Equifax data breach; thus, TA approaches must be able to analyze them. This article proposes ThreatPro, which supports dynamic interconnections and analysis of multi-layer attacks in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, representing the Cloud's functionality through conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life cycle of a Virtual Machine. ThreatPro contributes to (1) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (2) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database, we validate ThreatPro's capabilities, i.e., identify and trace actual Cloud attacks and speculatively postulate alternate potential attack paths.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 1","pages":"319-336"},"PeriodicalIF":6.5,"publicationDate":"2024-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139951362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: