ビッグデータからの代表的オブジェクト選別の安全なMapReduce計算法に関する研究

広島大学(Hiroshima University)博士(工学)Doctor of Engineeringdoctora

Preserving privacy in edge computing

Edge computing or fog computing enables realtime services to smart application users by storing data and services at the edge of the networks. Edge devices in the edge computing handle data storage and service provisioning. Therefore, edge computing has become a  new norm for several delay-sensitive smart applications such as automated vehicles, ambient-assisted living, emergency response services, precision agriculture, and smart electricity grids. Despite having great potential, privacy threats are the main barriers to the success of edge computing. Attackers can leak private or sensitive information of data owners and modify service-related data for hampering service provisioning in edge computing-based smart applications. This research takes privacy issues of heterogeneous smart application data into account that are stored in edge data centers. From there, this study focuses on the development of privacy-preserving models for user-generated smart application data in edge computing and edge service-related data, such as Quality-of-Service (QoS) data, for ensuring unbiased service provisioning. We begin with developing privacy-preserving techniques for user data generated by smart applications using steganography that is one of the data hiding techniques. In steganography, user sensitive information is hidden within nonsensitive information of data before outsourcing smart application data, and stego data are produced for storing in the edge data center. A steganography approach must be reversible or lossless to be useful in privacy-preserving techniques. In this research, we focus on numerical (sensor data) and textual (DNA sequence and text) data steganography. Existing steganography approaches for numerical data are irreversible. Hence, we introduce a lossless or reversible numerical data steganography approach using Error Correcting Codes (ECC). Modern lossless steganography approaches for text data steganography are mainly application-specific and lacks imperceptibility, and DNA steganography requires reference DNA sequence for the reconstruction of the original DNA sequence. Therefore, we present the first blind and lossless DNA sequence steganography approach based on the nucleotide substitution method in this study. In addition, a text steganography method is proposed that using invisible character and compression based encoding for ensuring reversibility and higher imperceptibility.  Different experiments are conducted to demonstrate the justification of our proposed methods in these studies. The searching capability of the stored stego data is challenged in the edge data center without disclosing sensitive information. We present a privacy-preserving search framework for stego data on the edge data center that includes two methods. In the first method, we present a keyword-based privacy-preserving search method that allows a user to send a search query as a hash string. However, this method does not support the range query. Therefore, we develop a range search method on stego data using an order-preserving encryption (OPE) scheme. In both cases, the search service provider retrieves corresponding stego data without revealing any sensitive information. Several experiments are conducted for evaluating the performance of the framework. Finally, we present a privacy-preserving service computation framework using Fully Homomorphic Encryption (FHE) based cryptosystem for ensuring the service provider's privacy during service selection and composition. Our contributions are two folds. First, we introduce a privacy-preserving service selection model based on encrypted Quality-of-Service (QoS) values of edge services for ensuring privacy. QoS values are encrypted using FHE. A distributed computation model for service selection using MapReduce is designed for improving efficiency. Second, we develop a composition model for edge services based on the functional relationship among edge services for optimizing the service selection process. Various experiments are performed in both centralized and distributed computing environments to evaluate the performance of the proposed framework using a synthetic QoS dataset

GA-Par: Dependable Microservice Orchestration Framework for Geo-Distributed Clouds

Recent advances in composing Cloud applications have been driven by deployments of inter-networking heterogeneous microservices across multiple Cloud datacenters. System dependability has been of the upmost importance and criticality to both service vendors and customers. Security, a measurable attribute, is increasingly regarded as the representative example of dependability. Literally, with the increment of microservice types and dynamicity, applications are exposed to aggravated internal security threats and externally environmental uncertainties. Existing work mainly focuses on the QoS-aware composition of native VM-based Cloud application components, while ignoring uncertainties and security risks among interactive and interdependent container-based microservices. Still, orchestrating a set of microservices across datacenters under those constraints remains computationally intractable. This paper describes a new dependable microservice orchestration framework GA-Par to effectively select and deploy microservices whilst reducing the discrepancy between user security requirements and actual service provision. We adopt a hybrid (both whitebox and blackbox based) approach to measure the satisfaction of security requirement and the environmental impact of network QoS on system dependability. Due to the exponential grow of solution space, we develop a parallel Genetic Algorithm framework based on Spark to accelerate the operations for calculating the optimal or near-optimal solution. Large-scale real world datasets are utilized to validate models and orchestration approach. Experiments show that our solution outperforms the greedy-based security aware method with 42.34 percent improvement. GA-Par is roughly 4× faster than a Hadoop-based genetic algorithm solver and the effectiveness can be constantly guaranteed under different application scales

Advances in knowledge discovery and data mining Part II

19th Pacific-Asia Conference, PAKDD 2015, Ho Chi Minh City, Vietnam, May 19-22, 2015, Proceedings, Part II</p

PIM-Enclave: Bringing Confidential Computation Inside Memory

Demand for data-intensive workloads and confidential computing are the prominent research directions shaping the future of cloud computing. Computer architectures are evolving to accommodate the computing of large data better. Protecting the computation of sensitive data is also an imperative yet challenging objective; processor-supported secure enclaves serve as the key element in confidential computing in the cloud. However, side-channel attacks are threatening their security boundaries. The current processor architectures consume a considerable portion of its cycles in moving data. Near data computation is a promising approach that minimizes redundant data movement by placing computation inside storage. In this paper, we present a novel design for Processing-In-Memory (PIM) as a data-intensive workload accelerator for confidential computing. Based on our observation that moving computation closer to memory can achieve efficiency of computation and confidentiality of the processed information simultaneously, we study the advantages of confidential computing \emph{inside} memory. We then explain our security model and programming model developed for PIM-based computation offloading. We construct our findings into a software-hardware co-design, which we call PIM-Enclave. Our design illustrates the advantages of PIM-based confidential computing acceleration. Our evaluation shows PIM-Enclave can provide a side-channel resistant secure computation offloading and run data-intensive applications with negligible performance overhead compared to baseline PIM model

Techniques intelligentes pour la gestion de la cohérence des Big data dans le cloud

Cette thèse aborde le problème de cohérence des données de Bigdata dans le cloud. En effet, nos recherches portent sur l’étude de différentes approches de cohérence adaptative dans le cloud et la proposition d’une nouvelle approche pour l’environnement Edge computing. La gestion de la cohérence a des conséquences majeures pour les systèmes de stockage distribués. Les modèles de cohérence forte nécessitent une synchronisation après chaque mise à jour, ce qui affecte considérablement les performances et la disponibilité du système. À l’inverse, les modèles à faible cohérence offrent de meilleures performances ainsi qu’une meilleure disponibilité des données. Cependant, ces derniers modèles peuvent tolérer trop d’incohérences temporaires sous certaines conditions. Par conséquent, une stratégie de cohérence adaptative est nécessaire pour ajuster, pendant l’exécution, le niveau de cohérence en fonction de la criticité des requêtes ou des données. Cette thèse apporte deux contributions. Dans la première contribution, une analyse comparative des approches de cohérence adaptative existantes est effectuée selon un ensemble de critères de comparaison définis. Ce type de synthèse fournit à l’utilisateur/chercheur une analyse comparative des performances des approches existantes. De plus, il clarifie la pertinence de ces approches pour les systèmes cloud candidats. Dans la seconde contribution, nous proposons MinidoteACE, un nouveau système adaptatif de cohérence qui est une version améliorée de Minidote, un système de cohérence causale pour les applications Edge. Contrairement à Minidote qui ne fournit que la cohérence causale, notre modèle permet aux applications d’exécuter également des requêtes avec des garanties de cohérence plus fortes. Des évaluations expérimentales montrent que le débit ne diminue que de 3,5 % à 10 % lors du remplacement d’une opération causale par une opération forte. Cependant, la latence de mise à jour augmente considérablement pour les opérations fortes jusqu’à trois fois pour une charge de travail où le taux des opérations de mise à jour est de 25 %

Design and Optimization of Mobile Cloud Computing Systems with Networked Virtual Platforms

A Mobile Cloud Computing (MCC) system is a cloud-based system that is accessed by the users through their own mobile devices. MCC systems are emerging as the product of two technology trends: 1) the migration of personal computing from desktop to mobile devices and 2) the growing integration of large-scale computing environments into cloud systems. Designers are developing a variety of new mobile cloud computing systems. Each of these systems is developed with different goals and under the influence of different design constraints, such as high network latency or limited energy supply. The current MCC systems rely heavily on Computation Offloading, which however incurs new problems such as scalability of the cloud, privacy concerns due to storing personal information on the cloud, and high energy consumption on the cloud data centers. In this dissertation, I address these problems by exploring different options in the distribution of computation across different computing nodes in MCC systems. My thesis is that "the use of design and simulation tools optimized for design space exploration of the MCC systems is the key to optimize the distribution of computation in MCC." For a quantitative analysis of mobile cloud computing systems through design space exploration, I have developed netShip, the first generation of an innovative design and simulation tool, that offers large scalability and heterogeneity support. With this tool system designers and software programmers can efficiently develop, optimize, and validate large-scale, heterogeneous MCC systems. I have enhanced netShip to support the development of ever-evolving MCC applications with a variety of emerging needs including the fast simulation of new devices, e.g., Internet-of-Things devices, and accelerators, e.g., mobile GPUs. Leveraging netShip, I developed three new MCC systems where I applied three variations of a new computation distributing technique, called Reverse Offloading. By more actively leveraging the computational power on mobile devices, the MCC systems can reduce the total execution times, the burden of concentrated computations on the cloud, and the privacy concerns about storing personal information available in the cloud. This approach also creates opportunities for new services by utilizing the information available on the mobile device instead of accessing the cloud. Throughout my research I have enabled the design optimization of mobile applications and cloud-computing platforms. In particular, my design tool for MCC systems becomes a vehicle to optimize not only the performance but also the energy dissipation, an aspect of critical importance for any computing system