Kai Hwang

Acknowledgements:

Trusted Mobile and Cloud Computing with Assured Big-Data Security and Privacy

New research findings presented here are based on collaborative work with several colleagues in the USA, China, Australia, and Norway. Relevant publications are cited at the end.

Prof. Kai Hwang

University of Southern California

Yogesh Simmhan, Viktor Prasanna, et al, University of Southern California [1, 4]

A. B.

Pervasive mobile and wireless applications demand distributed cloud computing services

Keqin Li, State University of New York [2]

Big-data integrity, security and privacy hinder the

Yongwei Wu, Junwei Cao, et al, Tsinghua Univ., China [ 2, 3 ]

Albert Zomaya, Sydney University, Australia [2, 3]

Chunming Rong, Stavanger University, Norway [4]

acceptance of clouds by users and business world

C.

Two Case studies at USC: Clouds for mobile gamming and secure bigdata repository design

D.

New Internet Architectures and Their Impact on future clouds and the Internet of Things (IoT)

All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

Computing, Communications, and Entertainment

The big data is clearly a trend in commercial (Amazon, e-

commerce) , community (Facebook, Twitter), high-throughput

Crowd service computing is booming from widespread use of smartphones, tablets, sensors, GPS, 3G/4G, RFID, etc.

Exascale supercomputing initiative is driven by data-intensive

Tablet computers appears as tablet PCs, PDAs, booklet and mini tablet such as iPad, Galaxy Tab, Nokia N800, and ASUS e- Pad, etc.

Clouds provide cheaper and greener IT in many real-life

applications. New cloud service opportunities are emerging

The sale of tablet computers grows faster than traditional portable notebook computers. Tablets emphasize light weight, thin

every day rapidly.


In 2012 alone, smartphone and tablet sales exceede 150 millions of units, of which 31% US users access the Internet from a tablet.

applications in both scientific and business applications.

Mobile Devices are phone handsets or hand-held computers. They appear as smartphones, PDAs, tablet and notebook computers.

business and high-performance scientific applications.

2

A. Mobile Devices for Pervasive

Current Trends in IT Development :


1

computing, GPS, WiFi and 3G/4G access of the Internet. 3

3


4

Worldwide Sales of Smartphones

4G LTE and Mobile WiMAX

(in Thousands of Units)

(Source: http:/en-wikipedia.org/wiki/mobile_computing, read 10/11/2012) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

5

Case Study 1: Cloud for Video Gaming by massive number of players

The 4G LTE replaces 2G/3G gradually

Mobile WiMAX based on the IEEE 802.16m WiMAX merges with LTE in IP-based data networks Dynamic network bandwidth distributions All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

6

Cloud Gaming Advantages and Design Goals 1. Game cloud delivers both SaaS for game players and PaaS for game developers 2. Advantages : 1. Customers no longer need to purchase and update expensive game console 2. Customer can use smartphone to experience highquality graphics 3. Pay-as-you-go model applied 4. Game developer focus on uniform platform 5. Software piracy is prevented

3. Design goals : 1. Minimize response time or latency 2. Maximize frame rate. 3. Improve Quality of Experiences (QoE) 4. Taking advantage of client computing resources.


7


8

Latency Analysis and Frame Rate

Prototype Game Cloud

in Video Gaming Cloud

built at the USC GamePipe Lab

Frame rate increase 35% from local thin client to using cloud platform.

120 ms latency is acceptable in gamming cloud with only small delay due to cloud overhead (Courtesy Intel, Nvidia, and Microsoft in

(Courtesy of Z. Zhao, K. Hwang and J . Villeta, "GamePipe: Game Cloud Design with Virtualized CPU/GPU Cluster”, ACM ScienceCloud 2012, the Netherlands, June 2012.)

donating CPU/GPU and DB servers and Hypervisors) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

9

B. Security and Privacy with Trust

Ex ' = X

10

(B1). Shared BigData Protection and Trust Management in Clouds

Management in Cloud Computing


To secure cloud resources and uphold user privacy and data

integrity, we need to safeguard user authentication and tighten

the data access-control in public clouds.

Trust overlay networks are suggested by Zhou and Hwang (2007)

to build reputation systems for establishing the trust among

interactive datacenters or cloud providers.

Performance boosting techniques are in demand for grid and cloud

computing to achieve high performance with maximum profits in

scientific and business computing areas. [2].


11


12

(B2): PowerTrust built over A Trust Overlay Network

(B3:) Trusted Zones for VM Insulation

Global Reputation Scores V v1

v2

v3

...

...

...

...

Identity federation

vn

Initial Reputation Aggregation

Reputation Updating

Regular Random Walk

Look-ahead Random Walk

Federate identities with public clouds

Power Nodes Virtual network security

Distributed Ranking Module

Local Trust Scores

Access Mgmt

Trust Overlay Network

Source: R. Zhou and K. Hwang, “PowerTrust : A Scalable and Robust Reputation System for Structured P2P Networks”, IEEE-TPDS, May 2007 (cited 347 times as of Nov.21, 2012) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

APP

OS

OS

Tenant #2 Virtual Infrastructure

Control and isolate VM in the virtual infrastructu re

APP

APP

OS

OS

Tenant #1 Virtual Infrastructure

Segregate and control user access

Security Info. & Event Mgmt

APP

Insulate Anti-malware infrastructure from Malware, Cybercrime Trojans and intelligence cybercriminals Strong authentication

Cloud Provider Physical Infrastructure

Insulate information from other tenants

Insulate information from cloud providers’ employees

Data loss prevention

Encryption & key mgmt

Tokenization

GRC

Enable end to end view of security events and compliance across infrastructures (Courtesy of Dr. L. Nick, EMC 2008)


13

(B4:) Data Coloring for Preserving Data

14

(B5:) Big Data Management Issues in

Privacy in Cloud Services

Privacy, Security and Provenance [4]

New datacenter architecture that can preserve data privacy, enforce security policy, and scale well with future dataset growth

Trust management of time-varying datasets with intrusion and anomaly detection to assure data integrity

Securing access to data using innovative techniques to avoid excessive replication of data to external entities

Establishing community standards, provenance tracking, and communication strategies for public outreach and engagement.

(Source: K. Hwang and D. Li, “Trusted Cloud Computing with Secured Resources and Data Coloring”, IEEE Internet Computing, Sept. 2010.) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

15


16

A Cyber-Physical System at USC : built for

Case Study 2: A BigData

Campus-Wide Smart-Grid Data Governance and SecureAccess Control in Green Energy Informatics Studies

Repository Testbed for SmartGrid Informatics Research at USC [1]:

The table lists the access restrictions on each data class for different user groups at USC campus, involving 60,000 consumers (students and staff, workers). All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

17


18

Secure Key Management using Broadcast Encryption and StrongBox

(Source: A. Kumbhare, Y. Simmhan, and V. Prasanna, “ Cryptonite: A Secure and performance Data Repository for Public Cloud”, IEEE CLOUD 2012.) [1]


StrongBox for storing shared encryption/decryption keys for any access control list shared by a set of files. 19


20

C: Cloud Roles in Internet of Things Application Layer

Merchandise Tracking

Environment Protection

Intelligent Search

Telemedicine

Intelligent Traffic

Smart Home

Mobile Telecom Network

RFID Sensing Layer

The Internet

Sensors (“Things”) appear pervasively In the thin client era, smart phones, Kindles, tablets, Kinects, web-cams are sensors

Cloud Service Platforms (iCloud, Dropbox, AWS, SmartCloud, HPCloud, etc.) Network Layer

Sensor Grid supported by Cloud

Robots, distributed instruments such as environmental measures are sensors

Information Network

Web pages, Googledocs, Office 365, WebEx are sensors Sensor Network

Ubiquitous Cities/Homes are full of IP-addressed sensors

GPS

Use clouds to consolidate, control and collaborate RFID Label

Sensor Nodes

Road Mapper

with small and massively distributed sensors.

(Source: Hwang, Fox and Dongarra, Distributed and Cloud Computing : from Parallel Processing to The Internet of Things, Morgan Kaufmann Publisher, Oct. 2011) [3] All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

21


22

Cloudlets- A trusted, VM-based portal for mobile

Sensors as a Service (SaaS) Output Sensor

devices to access remote cloud for location-sensitive apps in opportunity discovery, fast information processing, and intelligent decision making on the move

Sensors as a Service

A larger sensor ………

Sensor Processing as a Service (MapReduce) (Source: Satyanarayanan, et al, “The Case of VM-based Cloudlets in Mobile Computing”, IEEE Pervasive Computing, Vol.8, No. 4, April 2009)

(Courtesy of Geoffrey Fox, 2011) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

23


24

Future Internet Architectures

D. Frontier Research for Developing the Future Internet

OpenFlow for Programmable Virtual Networking (Stanford, Princeton, etc., 2008)

Programmable Networking Architecture Fusion of The Internet, Mobile and TV Networks

Content-Centric Networking (CCN) : Named Data Networking, (HP Lab, etc. 2009)

Named Data Networking beyond the TCP/IP Federated Intercloud Computing Applications

Service-Oriented Future Internet Architecture

New Ideas for Security and Privacy Protection

(SOFIA) : Chinese Academy of Sciences,

Service Migration and Disaster Recovery

Institute of Computing Technology (2011)


25

OpenFlow Architecture and Protocol


26

Conventional TCP/IP Internet Protocols

enable virtual networking, advanced Forwarding and Programmability

The CCN Approach in Named Data Networking


27


28

Service Migration for Distributed Cloud Services in Future Internet

Distributed and Cloud Computing Kai Hwang, Geoffrey Fox, Jack Dongarra, published by Morgan Kaufmann, Oct. 2011, (648 pages)

(Courtesy of G. Xie, et al, Institute of Computing Technology, Chinese Academy of Sciences, 2011) All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

29

Conclusions :


30

Relevant Publications:

Cloud industralization demands a major overhaul

1. A. Kumbhare, Y. Simmhan, and V. Prasanna, “ Cryptonite: A Secure and

of our educational programs in computer science,

Performance Data Repository for Public Cloud”, IEEE CLOUD 2012.

mobile communication, and networking engineering.

2. J. Cao, K. Hwang, K. Li, and A. Zomaya, "Optimal Multiserver Configuration

Mobile and pervasive computing applications must

for Profit Maximization in Cloud Computing", IEEE Trans. Parallel and Distributed Systems (TPDS), special issue on Cloud Computing, accepted

leverage the clouds to store and process big data,

June 2012 in press to appear.

which are changing rapidly in time and space.

3. K. Hwang, G. Fox, and J. Dongarra, Distributed and Cloud Computing : from

Clouds, IoT and social networks are changing our

Parallel Processing to the Internet of Things, Kaufmann Pub., Oct. 2011.

world, reshaping all human relations, upgrading

4. K. Hwang, C. Rong, Simmehan, et al, “Ensuring Security and Privacy for

the global economy, and even causing political

Trusted Big Data Sharing on The Cloud”, in preparation of pub. 2013.

system reforms or revolutions. All rights reserved, Kai Hwang, Presentation at IEEE CloudCom2012, Taipei, Dec.5, 2012

31


32