Mobile Cloud Computing: A Comparison Study of Cuckoo and AIOLOS Offloading Frameworks

Currently, smart mobile devices are used for more than just calling and texting. They can run complex applications such as GPS, antivirus, and photo editor applications. Smart devices today offer mobility, flexibility, and portability, but they have limited resources and a relatively weak battery. As companies began creating mobile resource intensive and power intensive applications, they have realized that cloud computing was one of the solutions that they could utilize to overcome smart device constraints. Cloud computing helps decrease memory usage and improve battery life. Mobile cloud computing is a current and expanding research area focusing on methods that allow smart mobile devices to take full advantage of cloud computing. Code offloading is one of the techniques employed in cloud computing with mobile devices. This research compares two dynamic offloading frameworks to determine which one is better in terms of execution time and battery life improvement

Enhancing Usability, Security, and Performance in Mobile Computing

We have witnessed the prevalence of smart devices in every aspect of human life. However, the ever-growing smart devices present significant challenges in terms of usability, security, and performance. First, we need to design new interfaces to improve the device usability which has been neglected during the rapid shift from hand-held mobile devices to wearables. Second, we need to protect smart devices with abundant private data against unauthorized users. Last, new applications with compute-intensive tasks demand the integration of emerging mobile backend infrastructure. This dissertation focuses on addressing these challenges. First, we present GlassGesture, a system that improves the usability of Google Glass through a head gesture user interface with gesture recognition and authentication. We accelerate the recognition by employing a novel similarity search scheme, and improve the authentication performance by applying new features of head movements in an ensemble learning method. as a result, GlassGesture achieves 96% gesture recognition accuracy. Furthermore, GlassGesture accepts authorized users in nearly 92% of trials, and rejects attackers in nearly 99% of trials. Next, we investigate the authentication between a smartphone and a paired smartwatch. We design and implement WearLock, a system that utilizes one\u27s smartwatch to unlock one\u27s smartphone via acoustic tones. We build an acoustic modem with sub-channel selection and adaptive modulation, which generates modulated acoustic signals to maximize the unlocking success rate against ambient noise. We leverage the motion similarities of the devices to eliminate unnecessary unlocking. We also offload heavy computation tasks from the smartwatch to the smartphone to shorten response time and save energy. The acoustic modem achieves a low bit error rate (BER) of 8%. Compared to traditional manual personal identification numbers (PINs) entry, WearLock not only automates the unlocking but also speeds it up by at least 18%. Last, we consider low-latency video analytics on mobile devices, leveraging emerging mobile backend infrastructure. We design and implement LAVEA, a system which offloads computation from mobile clients to edge nodes, to accomplish tasks with intensive computation at places closer to users in a timely manner. We formulate an optimization problem for offloading task selection and prioritize offloading requests received at the edge node to minimize the response time. We design and compare various task placement schemes for inter-edge collaboration to further improve the overall response time. Our results show that the client-edge configuration has a speedup ranging from 1.3x to 4x against running solely by the client and 1.2x to 1.7x against the client-cloud configuration

Control over the Cloud : Offloading, Elastic Computing, and Predictive Control

The thesis studies the use of cloud native software and platforms to implement critical closed loop control. It considers technologies that provide low latency and reliable wireless communication, in terms of edge clouds and massive MIMO, but also approaches industrial IoT and the services of a distributed cloud, as an extension of commercial-of-the-shelf software and systems.First, the thesis defines the cloud control challenge, as control over the cloud and controller offloading. This is followed by a demonstration of closed loop control, using MPC, running on a testbed representing the distributed cloud.The testbed is implemented using an IoT device, clouds, next generation wireless technology, and a distributed execution platform. Platform details are provided and feasibility of the approach is shown. Evaluation includes relocating an on-line MPC to various locations in the distributed cloud. Offloaded control is examined next, through further evaluation of cloud native software and frameworks. This is followed by three controller designs, tailored for use with the cloud. The first controller solves MPC problems in parallel, to implement a variable horizon controller. The second is a hierarchical design, in which rate switching is used to implement constrained control, with a local and a remote mode. The third design focuses on reliability. Here, the MPC problem is extended to include recovery paths that represent a fallback mode. This is used by a control client if it experiences connectivity issues.An implementation is detailed and examined.In the final part of the thesis, the focus is on latency and congestion. A cloud control client can experience long and variable delays, from network and computations, and used services can become overloaded. These problems are approached by using predicted control inputs, dynamically adjusting the control frequency, and using horizontal scaling of the cloud service. Several examples are shown through simulation and on real clouds, including admitting control clients into a cluster that becomes temporarily overloaded

On three use cases of multi-connectivity paradigm in emerging wireless networks

As envisioned by global network operators, the increasing trend of data traffic demand is expected to continue with exponential growth in the coming years. To cope with this rapid increase, significant efforts from the research community, industry and even regulators have been focused towards improving two main aspects of the wireless spectrum: (i) spectrum capacity and (ii) spectral efficiency. Concerning the spectrum capacity enhancement, the multi-connectivity paradigm has been seen to be fundamentally important to solve the capacity problem in the next generation networks. Multi-connectivity is a feature that allows wireless devices to establish and maintain multiple simultaneous connections across homogeneous or heterogeneous technologies. In this thesis, we focus on identifying the core issues in applying the multi-connectivity paradigm for different use cases and propose novel solutions to address them. Specifically, this thesis studies three use cases of the multi-connectivity paradigm. First, we study the uplink/downlink decoupling problem in 4G networks. More specifically, we focus on the user association problem in the decoupling context, which is considered challenging due to the conflicting objectives of different entities (e.g., mobile users and base stations) in the system. We use a combination of matching theory and stochastic geometry to reconcile competing objectives between users in the uplink/downlink directions and also from the perspective of base stations. Second, we tackle the spectrum aggregation problem for wireless backhauling links in unlicensed opportunistic shared spectrum bands, specifically, TV White Space (TVWS) spectrum. In relation to this, we present a DIY mobile network deployment model to accelerate the roll-out of high-end mobile services in rural and developing regions. As part of this model, we highlight the importance of low-cost and high-capacity backhaul infrastructure for which TVWS spectrum can be exploited. Building on that, we conduct a thorough analytical study to identify the characteristics of TVWS in rural areas. Our study sheds light on the nature of TVWS spectrum fragmentation for the backhauling use case, which in turn poses requirements for the design of spectrum aggregation systems for TVWS backhaul. Motivated by these findings, we design and implement WhiteHaul, a flexible platform for spectrum aggregation in TVWS. Three challenges have been tackled in this work. First, TVWS spectrum is fragmented in that the spectrum is available in non-contiguous manner. To fully utilize the available spectrum, multiple radios should be enabled to work simultaneously. However, all the radios have to share only a single antenna. The key challenge is to design a system architecture that is capable of achieving different aggregation configurations while avoiding the interference. Second, the heterogeneous nature of the available spectrum (i.e., in terms of bandwidth and link characteristics) requires a design of efficient traffic distribution algorithm that takes into account these factors. Third, TVWS is unlicensed opportunistic shared spectrum. Thus, the coordination mechanism between the two nodes of backhauling link is essential to enable seamless channel switching. Third, we study the integration of multiple radio access technologies (RATs) in the context of 4G/5G networks. More specifically, we study the potential gain of enabling the Multi-RAT integration at the Packet Data Convergence Protocol (PDCP) layer compared with doing it at the transport layer. In this work, we consider ultra-reliable low-latency communication (URLLC) as one of the motivating services. This work tackles the different challenges that arise from enabling the Multi-RAT integration at the PDCP layer, including, packet reordering and traffic scheduling

Preventing Code Reuse Attacks On Modern Operating Systems

Modern operating systems are often the target of attacks that exploit vulnerabilities to escalate their privilege level. Recently introduced hardening features prevent attackers from using traditional kernel exploitation methodologies and force them to employ techniques that were originally designed for user space exploitation —such as code reuse— to execute arbitrary code with elevated privileges. In this dissertation, we present novel protection mechanisms that render such methodologies ineffective and improve the security of today’s operating systems. Specifically, we present solutions that prevent the leakage and corruption of kernel code pointers without employing entities that execute on super-privileged mode (e.g., hypervisors). The leakage of code pointers is an essential step for the construction of reliable code reuse exploits and their corruption is typically necessary for mounting the attack. More concretely, we present the design and implementation of two systems: kR^X and kSplitStack. kR^X is a system that diversifies the code layout to thwart attackers from constructing code reuse exploits statically. It also prevents the leakage of return addresses through XOR- based encryption or by hiding them among decoys (fake pointers to instructions that trap the kernel when executed). Finally, it couples the above with a self-protection mechanism that prevents attackers from leaking the diversified code layout, either by instrumenting every memory read instruction with range checks on x86-64 systems or by imposing limits through the segmentation unit on x86 systems. Evaluation results show that it imposes small runtime overhead on real-world applications when measured on legacy x86-64 systems (~3.63%) and significantly lower on x86 systems (~1.32%) and newer x86-64 CPUs that provide hardware assistance (~2.32%). kSplitStack, on the other hand, provides stronger protection against leaks of return addresses and guarantees both their secrecy and their integrity by augmenting the isolation mechanism of kR^X on x86-64 systems. This is achieved through a split stack scheme: functions use an unprotected stack for their local variables but switch to a protected one when pushing or poping return addresses. Moreover, kSplitStack protects the secrecy and integrity of control data (e.g., the value of the instruction pointer) in interrupt contexts by redirecting them to protected stacks, thus thwarting attackers from leaking or corrupting code pointers by inducing interrupts or other hardware events. Finally, the evaluation of kSplitStack shows that it imposes a small runtime overhead, comparable to the one of kR^X, both on legacy x86-64 systems (~3.66%) and on newer CPUs with hardware assistance (~2.50%)

Revisiting Isolation For System Security And Efficiency In The Era Of Internet Of Things

Isolation is a fundamental paradigm for secure and efficient resource sharing on a computer system. However, isolation mechanisms in traditional cloud computing platforms are heavy-weight or just not feasible to be applied onto the computing environment for Internet of Things(IoT). Most IoT devices have limited resources and their servers are less powerful than cloud servers but are widely distributed over the edge of the Internet. Revisions to the traditional isolation mechanisms are needed in order to improve the system security and efficiency in these computing environments. The first project explores container-based isolation for the emerging edge computing platforms. We show a performance issue of live migration between edge servers where the file system transmission becomes a bottleneck. Then we propose a solution that leverages a layered file system for synchronization before the migration starts, avoiding the usage of impractical networking shared file system as in the traditional solution. The evaluation shows that the migration time is reduced by 56% – 80%. In the second project, we propose a lightweight security monitoring service for edge computing platforms, base on the virtual machine isolation technique. Our framework is designed to monitor program activities from underneath of an operating system, which improves its transparency and avoids the cost of embedding different monitor modules into each layer inside the operating system. Furthermore, the monitor runs in a single process virtual machine which requires only ≤32MB of memory, reduces the scheduling overhead, and saves a significant amount of physical memory, while the performance overhead is an average of 2.7%. In the third project, we co-design the hardware and software system stack to achieve efficient fine-grained intra-address space isolation. We propose a systematic solution to partition a legacy program into multiple security compartments, which we call capsules, with isolation at byte granularity. Vulnerabilities in one capsule will not likely affect another capsule. The isolation is guaranteed by our hardware-based ownership types tagged to every byte in the memory. The ownership types are initialized, propagated, and checked by combining both static and dynamic analysis techniques. Finally, our co-design approach could remove most human refactoring efforts while avoiding the untrustworthiness as well as the cost of the pure software approaches. In brief, this proposal explores a spectrum of isolation techniques and their improvementsfor the IoT computing environment. With our explorations, we have shown the necessity to revise the traditional isolation mechanisms in order to improve the system efficiency and security for the edge and IoT platforms. We expect that many more opportunities will be discovered and various kinds of revised or new isolation mechanisms for the edge and IoT platforms will emerge soon

Pushing the Boundaries of Spacecraft Autonomy and Resilience with a Custom Software Framework and Onboard Digital Twin

This research addresses the high CubeSat mission failure rates caused by inadequate software and overreliance on ground control. By applying a reliable design methodology to flight software development and developing an onboard digital twin platform with fault prediction capabilities, this study provides a solution to increase satellite resilience and autonomy, thus reducing the risk of mission failure. These findings have implications for spacecraft of all sizes, paving the way for more resilient space missions

Inline and Sideline Approaches for Low-cost Memory Safety in C

System languages such as C or C++ are widely used for their high performance, however the allowance of arbitrary pointer arithmetic and type cast introduces a risk of memory corruptions. These memory errors cause unexpected termination of programs, or even worse, attackers can exploit them to alter the behavior of programs or leak crucial data. Despite advances in memory safety solutions, high and unpredictable overhead remains a major challenge. Accepting that it is extremely difficult to achieve complete memory safety with the performance level suitable for production deployment, researchers attempt to strike a balance between performance, detection coverage, interoperability, precision, and detection timing. Some properties are much more desirable, e.g. the interoperability with pre-compiled libraries. Comparatively less critical properties are sacrificed for performance, for example, tolerating longer detection delay or narrowing down detection coverage by performing approximate or probabilistic checking or detecting only certain errors. Modern solutions compete for performance. The performance matrix of memory safety solutions have two major assessment criteria – run-time and memory overheads. Researchers trade-off and balance performance metrics depending on its purpose or placement. Many of them tolerate the increase in memory use for better speed, since memory safety enforcement is more desirable for troubleshooting or testing during development, where a memory resource is not the main issue. Run-time overhead, considered more critical, is impacted by cache misses, dynamic instructions, DRAM row activations, branch predictions and other factors. This research proposes, implements, and evaluates MIU: Memory Integrity Utilities containing three solutions – MemPatrol, FRAMER and spaceMiu. MIU suggests new techniques for practical deployment of memory safety by exploiting free resources with the following focuses: (1) achieving memory safety with overhead < 1% by using concurrency and trading off prompt detection and coverage; but yet providing eventual detection by a monitor isolation design of an in-register monitor process and the use of AES instructions (2) complete memory safety with near-zero false negatives focusing on eliminating overhead, that hardware support cannot resolve, by using a new tagged-pointer representation utilising the top unused bits of a pointer.Research Foundation of Kore