83 research outputs found
SLA-Oriented Resource Provisioning for Cloud Computing: Challenges, Architecture, and Solutions
Cloud computing systems promise to offer subscription-oriented,
enterprise-quality computing services to users worldwide. With the increased
demand for delivering services to a large number of users, they need to offer
differentiated services to users and meet their quality expectations. Existing
resource management systems in data centers are yet to support Service Level
Agreement (SLA)-oriented resource allocation, and thus need to be enhanced to
realize cloud computing and utility computing. In addition, no work has been
done to collectively incorporate customer-driven service management,
computational risk management, and autonomic resource management into a
market-based resource management system to target the rapidly changing
enterprise requirements of Cloud computing. This paper presents vision,
challenges, and architectural elements of SLA-oriented resource management. The
proposed architecture supports integration of marketbased provisioning policies
and virtualisation technologies for flexible allocation of resources to
applications. The performance results obtained from our working prototype
system shows the feasibility and effectiveness of SLA-based resource
provisioning in Clouds.Comment: 10 pages, 7 figures, Conference Keynote Paper: 2011 IEEE
International Conference on Cloud and Service Computing (CSC 2011, IEEE
Press, USA), Hong Kong, China, December 12-14, 201
Understanding Concurrency Vulnerabilities in Linux Kernel
While there is a large body of work on analyzing concurrency related software
bugs and developing techniques for detecting and patching them, little
attention has been given to concurrency related security vulnerabilities. The
two are different in that not all bugs are vulnerabilities: for a bug to be
exploitable, there needs be a way for attackers to trigger its execution and
cause damage, e.g., by revealing sensitive data or running malicious code. To
fill the gap, we conduct the first empirical study of concurrency
vulnerabilities reported in the Linux operating system in the past ten years.
We focus on analyzing the confirmed vulnerabilities archived in the Common
Vulnerabilities and Exposures (CVE) database, which are then categorized into
different groups based on bug types, exploit patterns, and patch strategies
adopted by developers. We use code snippets to illustrate individual
vulnerability types and patch strategies. We also use statistics to illustrate
the entire landscape, including the percentage of each vulnerability type. We
hope to shed some light on the problem, e.g., concurrency vulnerabilities
continue to pose a serious threat to system security, and it is difficult even
for kernel developers to analyze and patch them. Therefore, more efforts are
needed to develop tools and techniques for analyzing and patching these
vulnerabilities.Comment: It was finished in Oct 201
Distributed Multi-writer Multi-reader Atomic Register with Optimistically Fast Read and Write
A distributed multi-writer multi-reader (MWMR) atomic register is an
important primitive that enables a wide range of distributed algorithms. Hence,
improving its performance can have large-scale consequences. Since the seminal
work of ABD emulation in the message-passing networks [JACM '95], many
researchers study fast implementations of atomic registers under various
conditions. "Fast" means that a read or a write can be completed with 1
round-trip time (RTT), by contacting a simple majority. In this work, we
explore an atomic register with optimal resilience and "optimistically fast"
read and write operations. That is, both operations can be fast if there is no
concurrent write.
This paper has three contributions: (i) We present Gus, the emulation of an
MWMR atomic register with optimal resilience and optimistically fast reads and
writes when there are up to 5 nodes; (ii) We show that when there are > 5
nodes, it is impossible to emulate an MWMR atomic register with both
properties; and (iii) We implement Gus in the framework of EPaxos and Gryff,
and show that Gus provides lower tail latency than state-of-the-art systems
such as EPaxos, Gryff, Giza, and Tempo under various workloads in the context
of geo-replicated object storage systems
e-EMV: Emulating EMV for Internet payments using Trusted Computing technology v-2
The introduction of EMV-compliant payment cards, with their
improved cardholder verification and card authentication capabilities,
has resulted in a dramatic reduction in the levels of fraud seen at
Point of Sale (PoS) terminals across Europe. However, this reduction
has been accompanied by an alarming increase in the level of fraud
associated with Internet-based Card Not Present (CNP) transactions.
This increase is largely attributable to the weaker authentication pro-
cedures involved in CNP transactions. This paper shows how the
functionality associated with EMV-compliant payment cards can be
securely emulated in software on platforms supporting Trusted Com-
puting technology. We describe a detailed system architecture encom-
passing user enrollment, card deployment (in the form of software),
card activation, and subsequent transaction processing. Our proposal
is compatible with the existing EMV transaction processing architec-
ture, and thus integrates fully and naturally with already deployed
EMV infrastructure. We show that our proposal, which effectively
makes available the full security of PoS transactions for Internet-based
CNP transactions, has the potential to significantly reduce the oppor-
tunity for fraudulent CNP transactions
Challenges for Trusted Computing
This article identifies and discusses some of the key challenges that need to
be addressed if the vision of Trusted Computing is to become reality. Topics
addressed include issues with setting up and maintaining the PKI required
to support the full set of Trusted Computing functionality, the practical
use and verification of attestation evidence, and backwards compatibility,
usability and compliance issues
Data locality in Hadoop
Current market tendencies show the need of storing and processing rapidly
growing amounts of data. Therefore, it implies the demand for distributed
storage and data processing systems. The Apache Hadoop is an open-source
framework for managing such computing clusters in an effective, fault-tolerant
way.
Dealing with large volumes of data, Hadoop, and its storage system HDFS
(Hadoop Distributed File System), face challenges to keep the high efficiency
with computing in a reasonable time. The typical Hadoop implementation
transfers computation to the data, rather than shipping data across the cluster.
Otherwise, moving the big quantities of data through the network could significantly
delay data processing tasks. However, while a task is already running,
Hadoop favours local data access and chooses blocks from the nearest nodes.
Next, the necessary blocks are moved just when they are needed in the given
ask.
For supporting the Hadoop’s data locality preferences, in this thesis, we propose
adding an innovative functionality to its distributed file system (HDFS), that
enables moving data blocks on request. In-advance shipping of data makes it
possible to forcedly redistribute data between nodes in order to easily adapt it to
the given processing tasks. New functionality enables the instructed movement
of data blocks within the cluster. Data can be shifted either by user running
the proper HDFS shell command or programmatically by other module like an
appropriate scheduler.
In order to develop such functionality, the detailed analysis of Apache Hadoop
source code and its components (specifically HDFS) was conducted. Research
resulted in a deep understanding of internal architecture, what made it possible
to compare the possible approaches to achieve the desired solution, and develop
the chosen one
- …