All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec
.5, 2012. Trusted Mobile and ... demand distributed cloud computing services.
Acknowledgements:
Trusted Mobile and Cloud Computing with Assured Big-Data Security and Privacy
New research findings presented here are based on collaborative work with several colleagues in the USA, China, Australia, and Norway. Relevant publications are cited at the end.
Prof. Kai Hwang
University of Southern California
Yogesh Simmhan, Viktor Prasanna, et al, University of Southern California [1, 4]
A. B.
Pervasive mobile and wireless applications demand distributed cloud computing services
Keqin Li, State University of New York [2]
Big-data integrity, security and privacy hinder the
Yongwei Wu, Junwei Cao, et al, Tsinghua Univ., China [ 2, 3 ]
Albert Zomaya, Sydney University, Australia [2, 3]
Chunming Rong, Stavanger University, Norway [4]
acceptance of clouds by users and business world
C.
Two Case studies at USC: Clouds for mobile gamming and secure bigdata repository design
D.
New Internet Architectures and Their Impact on future clouds and the Internet of Things (IoT)
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
Computing, Communications, and Entertainment
The big data is clearly a trend in commercial (Amazon, e-
commerce) , community (Facebook, Twitter), high-throughput
Crowd service computing is booming from widespread use of smartphones, tablets, sensors, GPS, 3G/4G, RFID, etc.
Exascale supercomputing initiative is driven by data-intensive
Tablet computers appears as tablet PCs, PDAs, booklet and mini tablet such as iPad, Galaxy Tab, Nokia N800, and ASUS e- Pad, etc.
Clouds provide cheaper and greener IT in many real-life
applications. New cloud service opportunities are emerging
The sale of tablet computers grows faster than traditional portable notebook computers. Tablets emphasize light weight, thin
every day rapidly.
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
In 2012 alone, smartphone and tablet sales exceede 150 millions of units, of which 31% US users access the Internet from a tablet.
applications in both scientific and business applications.
Mobile Devices are phone handsets or hand-held computers. They appear as smartphones, PDAs, tablet and notebook computers.
business and high-performance scientific applications.
2
A. Mobile Devices for Pervasive
Current Trends in IT Development :
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
1
computing, GPS, WiFi and 3G/4G access of the Internet. 3
3
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
4
Worldwide Sales of Smartphones
4G LTE and Mobile WiMAX
(in Thousands of Units)
(Source: http:/en-wikipedia.org/wiki/mobile_computing, read 10/11/2012) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
5
Case Study 1: Cloud for Video Gaming by massive number of players
The 4G LTE replaces 2G/3G gradually
Mobile WiMAX based on the IEEE 802.16m WiMAX merges with LTE in IP-based data networks Dynamic network bandwidth distributions All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
6
Cloud Gaming Advantages and Design Goals 1. Game cloud delivers both SaaS for game players and PaaS for game developers 2. Advantages : 1. Customers no longer need to purchase and update expensive game console 2. Customer can use smartphone to experience highquality graphics 3. Pay-as-you-go model applied 4. Game developer focus on uniform platform 5. Software piracy is prevented
3. Design goals : 1. Minimize response time or latency 2. Maximize frame rate. 3. Improve Quality of Experiences (QoE) 4. Taking advantage of client computing resources.
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
7
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
8
Latency Analysis and Frame Rate
Prototype Game Cloud
in Video Gaming Cloud
built at the USC GamePipe Lab
Frame rate increase 35% from local thin client to using cloud platform.
120 ms latency is acceptable in gamming cloud with only small delay due to cloud overhead (Courtesy Intel, Nvidia, and Microsoft in
(Courtesy of Z. Zhao, K. Hwang and J . Villeta, "GamePipe: Game Cloud Design with Virtualized CPU/GPU Cluster”, ACM ScienceCloud 2012, the Netherlands, June 2012.)
donating CPU/GPU and DB servers and Hypervisors) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
9
B. Security and Privacy with Trust
Ex ' = X
10
(B1). Shared BigData Protection and Trust Management in Clouds
Management in Cloud Computing
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
To secure cloud resources and uphold user privacy and data
integrity, we need to safeguard user authentication and tighten
the data access-control in public clouds.
Trust overlay networks are suggested by Zhou and Hwang (2007)
to build reputation systems for establishing the trust among
interactive datacenters or cloud providers.
Performance boosting techniques are in demand for grid and cloud
computing to achieve high performance with maximum profits in
scientific and business computing areas. [2].
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
11
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
12
(B2): PowerTrust built over A Trust Overlay Network
(B3:) Trusted Zones for VM Insulation
Global Reputation Scores V v1
v2
v3
...
...
...
...
Identity federation
vn
Initial Reputation Aggregation
Reputation Updating
Regular Random Walk
Look-ahead Random Walk
Federate identities with public clouds
Power Nodes Virtual network security
Distributed Ranking Module
Local Trust Scores
Access Mgmt
Trust Overlay Network
Source: R. Zhou and K. Hwang, “PowerTrust : A Scalable and Robust Reputation System for Structured P2P Networks”, IEEE-TPDS, May 2007 (cited 347 times as of Nov.21, 2012) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
APP
OS
OS
Tenant #2 Virtual Infrastructure
Control and isolate VM in the virtual infrastructu re
APP
APP
OS
OS
Tenant #1 Virtual Infrastructure
Segregate and control user access
Security Info. & Event Mgmt
APP
Insulate Anti-malware infrastructure from Malware, Cybercrime Trojans and intelligence cybercriminals Strong authentication
Cloud Provider Physical Infrastructure
Insulate information from other tenants
Insulate information from cloud providers’ employees
Data loss prevention
Encryption & key mgmt
Tokenization
GRC
Enable end to end view of security events and compliance across infrastructures (Courtesy of Dr. L. Nick, EMC 2008)
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
13
(B4:) Data Coloring for Preserving Data
14
(B5:) Big Data Management Issues in
Privacy in Cloud Services
Privacy, Security and Provenance [4]
New datacenter architecture that can preserve data privacy, enforce security policy, and scale well with future dataset growth
Trust management of time-varying datasets with intrusion and anomaly detection to assure data integrity
Securing access to data using innovative techniques to avoid excessive replication of data to external entities
Establishing community standards, provenance tracking, and communication strategies for public outreach and engagement.
(Source: K. Hwang and D. Li, “Trusted Cloud Computing with Secured Resources and Data Coloring”, IEEE Internet Computing, Sept. 2010.) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
15
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
16
A Cyber-Physical System at USC : built for
Case Study 2: A BigData
Campus-Wide Smart-Grid Data Governance and SecureAccess Control in Green Energy Informatics Studies
Repository Testbed for SmartGrid Informatics Research at USC [1]:
The table lists the access restrictions on each data class for different user groups at USC campus, involving 60,000 consumers (students and staff, workers). All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
17
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
18
Secure Key Management using Broadcast Encryption and StrongBox
(Source: A. Kumbhare, Y. Simmhan, and V. Prasanna, “ Cryptonite: A Secure and performance Data Repository for Public Cloud”, IEEE CLOUD 2012.) [1]
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
StrongBox for storing shared encryption/decryption keys for any access control list shared by a set of files. 19
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
20
C: Cloud Roles in Internet of Things Application Layer
Merchandise Tracking
Environment Protection
Intelligent Search
Telemedicine
Intelligent Traffic
Smart Home
Mobile Telecom Network
RFID Sensing Layer
The Internet
Sensors (“Things”) appear pervasively In the thin client era, smart phones, Kindles, tablets, Kinects, web-cams are sensors
Cloud Service Platforms (iCloud, Dropbox, AWS, SmartCloud, HPCloud, etc.) Network Layer
Sensor Grid supported by Cloud
Robots, distributed instruments such as environmental measures are sensors
Information Network
Web pages, Googledocs, Office 365, WebEx are sensors Sensor Network
Ubiquitous Cities/Homes are full of IP-addressed sensors
GPS
Use clouds to consolidate, control and collaborate RFID Label
Sensor Nodes
Road Mapper
with small and massively distributed sensors.
(Source: Hwang, Fox and Dongarra, Distributed and Cloud Computing : from Parallel Processing to The Internet of Things, Morgan Kaufmann Publisher, Oct. 2011) [3] All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
21
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
22
Cloudlets- A trusted, VM-based portal for mobile
Sensors as a Service (SaaS) Output Sensor
devices to access remote cloud for location-sensitive apps in opportunity discovery, fast information processing, and intelligent decision making on the move
Sensors as a Service
A larger sensor ………
Sensor Processing as a Service (MapReduce) (Source: Satyanarayanan, et al, “The Case of VM-based Cloudlets in Mobile Computing”, IEEE Pervasive Computing, Vol.8, No. 4, April 2009)
(Courtesy of Geoffrey Fox, 2011) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
23
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
24
Future Internet Architectures
D. Frontier Research for Developing the Future Internet
OpenFlow for Programmable Virtual Networking (Stanford, Princeton, etc., 2008)
Programmable Networking Architecture Fusion of The Internet, Mobile and TV Networks
Content-Centric Networking (CCN) : Named Data Networking, (HP Lab, etc. 2009)
Named Data Networking beyond the TCP/IP Federated Intercloud Computing Applications
Service-Oriented Future Internet Architecture
New Ideas for Security and Privacy Protection
(SOFIA) : Chinese Academy of Sciences,
Service Migration and Disaster Recovery
Institute of Computing Technology (2011)
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
25
OpenFlow Architecture and Protocol
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
26
Conventional TCP/IP Internet Protocols
enable virtual networking, advanced Forwarding and Programmability
The CCN Approach in Named Data Networking
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
27
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
28
Service Migration for Distributed Cloud Services in Future Internet
Distributed and Cloud Computing Kai Hwang, Geoffrey Fox, Jack Dongarra, published by Morgan Kaufmann, Oct. 2011, (648 pages)
(Courtesy of G. Xie, et al, Institute of Computing Technology, Chinese Academy of Sciences, 2011) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
29
Conclusions :
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
30
Relevant Publications:
Cloud industralization demands a major overhaul
1. A. Kumbhare, Y. Simmhan, and V. Prasanna, “ Cryptonite: A Secure and
of our educational programs in computer science,
Performance Data Repository for Public Cloud”, IEEE CLOUD 2012.
mobile communication, and networking engineering.
2. J. Cao, K. Hwang, K. Li, and A. Zomaya, "Optimal Multiserver Configuration
Mobile and pervasive computing applications must
for Profit Maximization in Cloud Computing", IEEE Trans. Parallel and Distributed Systems (TPDS), special issue on Cloud Computing, accepted
leverage the clouds to store and process big data,
June 2012 in press to appear.
which are changing rapidly in time and space.
3. K. Hwang, G. Fox, and J. Dongarra, Distributed and Cloud Computing : from
Clouds, IoT and social networks are changing our
Parallel Processing to the Internet of Things, Kaufmann Pub., Oct. 2011.
world, reshaping all human relations, upgrading
4. K. Hwang, C. Rong, Simmehan, et al, “Ensuring Security and Privacy for
the global economy, and even causing political
Trusted Big Data Sharing on The Cloud”, in preparation of pub. 2013.
system reforms or revolutions. All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
31
All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012
32