Cloud computing is very attractive for schools, research institutions and enterpri- ses which need reducing IT costs, improving computing platform sharing and meeting lice- nse constraints. Sharing, management and on-...Cloud computing is very attractive for schools, research institutions and enterpri- ses which need reducing IT costs, improving computing platform sharing and meeting lice- nse constraints. Sharing, management and on- demand allocation of network resources are particularly important in Cloud computing. Ho- wever, nearly all-current available cloud com- puting platforms are either proprietary or their software infrastructure is invisible to the rese- arch community except for a few open-source platforms. For universities and research insti- tutes, more open and testable experimental plat- forms are needed in a lab-level with PCs. In this paper, a platform of infrastructure resou- rce sharing system (Platform as a Service (PaaS)) is developed in virtual Cloud comput- hug environment. Its architecture, core modules, main functions, design and operational envir- onment and applications are introduced in de- tail. It has good expandability and can impr- ove resource sharing and utilization and is app- lied to regular computer science teaching and research process.展开更多
with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this...with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.展开更多
Cloud computing is the latest major evolution in computing technology. The convergence between cloud computing and tele- com networks could significantly reduce costs and bring new business opportunities for operators...Cloud computing is the latest major evolution in computing technology. The convergence between cloud computing and tele- com networks could significantly reduce costs and bring new business opportunities for operators. Currently, traditional teleeom operators are embarrassed by the fact that the increase in revenue cannot catch up with the quick growth of users and the expansion of networks. With the introduction of the cloud computing technology, operators can virtualize the network functions through low-cost COTS IT hardware All kinds of existing services can be cloudifled and thus obtain the benefits of statistical multiplexing among IT resources. With the Teleo Cloud architecture, operators can manage both IT infrastructures and network resources intelligently in order to adapt to the dynamic demands from the application and to establish open platforms for developing new services.展开更多
Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated ...Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.展开更多
Processors have been playing important roles in both communication infrastructure systems and terminals.In this paper,both application specific and general purpose processors for communications are discussed including...Processors have been playing important roles in both communication infrastructure systems and terminals.In this paper,both application specific and general purpose processors for communications are discussed including the roles,the history,the current situations,and the trends.One trend is that ASIPs(Application Specific Instruction-set Processors) are taking over ASICs(Application Specific Integrated Circuits) because of the increasing needs both on performance and compatibility of multi-modes.The trend opened opportunities for researchers crossing the boundary between communications and computer architecture.Another trend is the serverlization,i.e.,more infrastructure equipments are replaced by servers.The trend opened opportunities for researchers working towards high performance computing for communication,such as research on communication algorithm kernels and real time programming methods on servers.展开更多
基金supported by the Coalition for National Science Fundingunder Grant No.61150110486the Central University Funding under Grant No.ZYGX2013J073
文摘Cloud computing is very attractive for schools, research institutions and enterpri- ses which need reducing IT costs, improving computing platform sharing and meeting lice- nse constraints. Sharing, management and on- demand allocation of network resources are particularly important in Cloud computing. Ho- wever, nearly all-current available cloud com- puting platforms are either proprietary or their software infrastructure is invisible to the rese- arch community except for a few open-source platforms. For universities and research insti- tutes, more open and testable experimental plat- forms are needed in a lab-level with PCs. In this paper, a platform of infrastructure resou- rce sharing system (Platform as a Service (PaaS)) is developed in virtual Cloud comput- hug environment. Its architecture, core modules, main functions, design and operational envir- onment and applications are introduced in de- tail. It has good expandability and can impr- ove resource sharing and utilization and is app- lied to regular computer science teaching and research process.
基金Supported by the National Natural Science Foundation of China under Grant No. 61370068
文摘with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.
文摘Cloud computing is the latest major evolution in computing technology. The convergence between cloud computing and tele- com networks could significantly reduce costs and bring new business opportunities for operators. Currently, traditional teleeom operators are embarrassed by the fact that the increase in revenue cannot catch up with the quick growth of users and the expansion of networks. With the introduction of the cloud computing technology, operators can virtualize the network functions through low-cost COTS IT hardware All kinds of existing services can be cloudifled and thus obtain the benefits of statistical multiplexing among IT resources. With the Teleo Cloud architecture, operators can manage both IT infrastructures and network resources intelligently in order to adapt to the dynamic demands from the application and to establish open platforms for developing new services.
基金supported by the Fundamental Research funds for the central Universities of China (No. K15JB00190)the Ph.D. Programs Foundation of Ministry of Education of China (No. 20120009120010)the Program for Innovative Research Team in University of Ministry of Education of China (IRT201206)
文摘Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.
基金The National High-Tech Research and Development Program of China(863 Program)2014AA01A705
文摘Processors have been playing important roles in both communication infrastructure systems and terminals.In this paper,both application specific and general purpose processors for communications are discussed including the roles,the history,the current situations,and the trends.One trend is that ASIPs(Application Specific Instruction-set Processors) are taking over ASICs(Application Specific Integrated Circuits) because of the increasing needs both on performance and compatibility of multi-modes.The trend opened opportunities for researchers crossing the boundary between communications and computer architecture.Another trend is the serverlization,i.e.,more infrastructure equipments are replaced by servers.The trend opened opportunities for researchers working towards high performance computing for communication,such as research on communication algorithm kernels and real time programming methods on servers.
