Edge Computing for Extreme Reliability and Scalability

The massive number of Internet of Things (IoT) devices and their continuous data collection will lead to a rapid increase in the scale of collected data. Processing all these collected data at the central cloud server is inefficient, and even is unfeasible or unnecessary. Hence, the task of processing the data is pushed to the network edges introducing the concept of Edge Computing. Processing the information closer to the source of data (e.g., on gateways and on edge micro-servers) not only reduces the huge workload of central cloud, also decreases the latency for real-time applications by avoiding the unreliable and unpredictable network latency to communicate with the central cloud

Revisiting Isolation For System Security And Efficiency In The Era Of Internet Of Things

Isolation is a fundamental paradigm for secure and efficient resource sharing on a computer system. However, isolation mechanisms in traditional cloud computing platforms are heavy-weight or just not feasible to be applied onto the computing environment for Internet of Things(IoT). Most IoT devices have limited resources and their servers are less powerful than cloud servers but are widely distributed over the edge of the Internet. Revisions to the traditional isolation mechanisms are needed in order to improve the system security and efficiency in these computing environments. The first project explores container-based isolation for the emerging edge computing platforms. We show a performance issue of live migration between edge servers where the file system transmission becomes a bottleneck. Then we propose a solution that leverages a layered file system for synchronization before the migration starts, avoiding the usage of impractical networking shared file system as in the traditional solution. The evaluation shows that the migration time is reduced by 56% – 80%. In the second project, we propose a lightweight security monitoring service for edge computing platforms, base on the virtual machine isolation technique. Our framework is designed to monitor program activities from underneath of an operating system, which improves its transparency and avoids the cost of embedding different monitor modules into each layer inside the operating system. Furthermore, the monitor runs in a single process virtual machine which requires only ≤32MB of memory, reduces the scheduling overhead, and saves a significant amount of physical memory, while the performance overhead is an average of 2.7%. In the third project, we co-design the hardware and software system stack to achieve efficient fine-grained intra-address space isolation. We propose a systematic solution to partition a legacy program into multiple security compartments, which we call capsules, with isolation at byte granularity. Vulnerabilities in one capsule will not likely affect another capsule. The isolation is guaranteed by our hardware-based ownership types tagged to every byte in the memory. The ownership types are initialized, propagated, and checked by combining both static and dynamic analysis techniques. Finally, our co-design approach could remove most human refactoring efforts while avoiding the untrustworthiness as well as the cost of the pure software approaches. In brief, this proposal explores a spectrum of isolation techniques and their improvementsfor the IoT computing environment. With our explorations, we have shown the necessity to revise the traditional isolation mechanisms in order to improve the system efficiency and security for the edge and IoT platforms. We expect that many more opportunities will be discovered and various kinds of revised or new isolation mechanisms for the edge and IoT platforms will emerge soon

Coordinated Container Migration and Base Station Handover in Mobile Edge Computing

Offloading computationally intensive tasks from mobile users (MUs) to a virtualized environment such as containers on a nearby edge server, can significantly reduce processing time and hence end-to-end (E2E) delay. However, when users are mobile, such containers need to be migrated to other edge servers located closer to the MUs to keep the E2E delay low. Meanwhile, the mobility of MUs necessitates handover among base stations in order to keep the wireless connections between MUs and base stations uninterrupted. In this paper, we address the joint problem of container migration and base-station handover by proposing a coordinated migration-handover mechanism, with the objective of achieving low E2E delay and minimizing service interruption. The mechanism determines the optimal destinations and time for migration and handover in a coordinated manner, along with a delta checkpoint technique that we propose. We implement a testbed edge computing system with our proposed coordinated migration-handover mechanism, and evaluate the performance using real-world applications implemented with Docker container (an industry-standard). The results demonstrate that our mechanism achieves 30%-40% lower service downtime and 13%-22% lower E2E delay as compared to other mechanisms. Our work is instrumental in offering smooth user experience in mobile edge computing.Comment: 6 pages. Accepted for presentation at the IEEE Global Communications Conference (Globecom), Taipei, Taiwan, Dec. 202