Security-Aware Resource Allocation for Mobile Cloud ... - IEEE Xplore

Security-Aware Resource Allocation for Mobile Cloud Computing Systems Yanchen Liu and Myung J. Lee Department of Electrical Engineering, City College, the City University of New York 160 Convent Avenue, New York, NY, USA, 10031 Email: {yliu2, mlee}@ccny.cuny.edu Abstract—In this paper, a novel resource allocation algorithm is proposed for secure mobile cloud computing systems. The mobile request for using cloud resource is classified according to its level of security requirement and the amount of required resource for remote computing. We formulate the resource allocation problem as a semi-Markov decision process under the average reward criterion, where the average reward of states is expected to be optimized. Through maximizing the long-term reward while meeting the system requirements of the blocking probability and the amount of resource requested with a security guarantee, the optimal resource allocation policy is calculated by using the linear programming. Simulation results demonstrate that the system adaptively modifies the resource allocation policy for cloud computing, and determines whether to utilize extra resource for security implementation according to the mobile request type, the current traffic, and the cloud resource availability. Keywords—Mobile cloud computing. semi-Markov Decision Processing, security, admission control

I.

I NTRODUCTION

Mobile Cloud Computing (MCC) has been introduced as a powerful system for resource-intensive and latency-sensitive mobile applications. Based on the mobile users’ requests, one or more custom virtual machines (VMs) [1] can be instantiated immediately on the cloud for remote execution of applications in a thin client fashion. Through deploying the heavy computing services on the third party’s cloud rather than the own infrastructure, application performances can be improved [2] [3], and the energy consumption of mobile devices can be greatly reduced [4] [5]. Although the power and scale of cloud datacenter are increasing remarkably even today, the efficient use of the cloud resource is still significant due to the exponential growth of mobile users. The method to allocate the cloud resource for the mobile requests can directly affect the system capacity of MCC. In order to improve the system capacity, we have proposed an optimal resource allocation approach for offloaded applications of multiple classes in MCC systems [6]. There are many factors that should be considered in the resource allocation problem of MCC, such as latency, priority, resource demand, etc. For example, it is important to guarantee that the requests from the latency-sensitive and high priority mobile applications are fulfilled first. In this paper, we consider the MCC resource allocation problem from the security perspective, since outsourcing/offloading computation tasks to mobile cloud raises mobile user’s security concerns, which might hinder the adoption of mobile cloud computing.

To be specific, these security concerns can be classified into two catalogs, both of which inevitably increase the complexity of the resource allocation problem. • Mobile users are worried about that mobile cloud (e.g., mobile cloud vendors) might compromise their privacy, since mobile cloud might monitor, penetrate or manipulate the outsourced computation tasks. In order to mitigate this threat, some cryptographic primitives and security mechanisms were proposed [7] [8]. Their solutions, however, impose heavy computation complexity on the mobile cloud, and require extra resource in order to satisfy the performance criteria. Therefore, allocating resource for requests from mobile users should take into account the security guarantee. • Mobile cloud itself suffers from many possible attacks [9] due to various vulnerabilities and threats [10], including session riding, virtual machine escape, insecure APIs, shared technology issues and data breach and so on. To prevent these possible attacks, one solution is to detect the potential attack which can be interrupted in time. The basic idea of the solution is to allocate extra cloud resource (virtual machine) to monitor the behavior of VM [11]. Another possible countermeasure of protection from attacks is to assign extra resource to build a more isolated environment (e.g. sandbox [12]) for executions of the offloaded program. Both approaches require additional cloud resource for the security purpose. It is impractical for mobile cloud to allocate extra resource for every request from mobile users, due to the cost and the limitation of cloud resource. Therefore, how to allocate resource while complying with the security requirement should be considered carefully in MCC systems. While many researches work on resource allocation and provide various solutions [13]–[17] for efficient cloud resource management in MCC systems, the majority of them fail to provide the security guarantee against possible attacks. The authors of [18] propose a resource allocation for security services in MCC system, in which they consider the cloud services composed of two security categories: Critical Security (CS) service and Normal Security (NS) service at a coarse-grained model. However, the various requirements of resource from mobile users are not considered in their strategy. Moreover, their approach cannot adjust their security policy according to the request traffic and resource availability. In the present paper, an adaptive security-aware resource

978-1-4799-9964-4/15/$31.00 ©2015 IEEE

allocation approach is proposed. The basic idea is to classify the requests from mobile users into multiple risk degrees and then consider the resource allocation in order to maximize the throughput while maintain the blocking probability and security guarantee. Here, the risk degree is used to somehow model the security guarantee. For example, a request of low risk degree (meaning low security requirement, e.g., communication can be over public channel and computation can be done without considering privacy) may only need little or none extra resource, while a request of high risk degree (meaning high security requirement, e.g., communication should be over authenticated and confidential channel) demands much extra resource. How to manage the resource allocation is modeled as a semi-Markov Decision Process (SMDP) under average reward criterion [19] with the consideration of the request’s risk degree and required VM amount, the current traffic, and the availability of cloud resource. Through solving the linear programming problem, our approach provides an optimal policy which can adaptively modify the resource allocation strategy with the objective of resource protection and throughput maximizing. This paper is organized as follows: Section II describes our system model for security-aware resource allocation in MCC, and an SMDP-based resource allocation model for secure MCC is described in Section III. The performance evaluation is introduced in Section IV, and finally our conclusions are presented in Section V. II.

S YSTEM M ODEL

We consider Mobile Cloud Computing environments where multiple mobile users can connect to the cloud through the wireless station access or other wireless access point. The cloud provides cloud resource (e.g., memory, CPU, and storage of a server) to mobile users for application executions and security implementations. Each mobile application or its subprogram can run locally on the mobile device or send its request to the cloud for offloading and remote computing. As computing resource, one or more light-weight virtual machines (VM) will be instantiated and assigned for executing the mobile application at the cloud, once a request of a mobile application is accepted for offloading. Extra VMs can be allocated for security implementation, which can help secure the cloud computing of applications. The arrival of mobile request for cloud resource using is classified within two dimensions. One is the minimum number of cloud VMs required for application execution of mobile user, and the other is about its risk degree standing for the security requirement level. For the request with high risk degree, the system should allocate extra VMs for security implementation. The request arrival is assumed to follow a Poisson process. For the request being at integer risk degree r (1 ≤ r ≤ R) and asking for v (1 ≤ v ≤ W ) minimum number of cloud VMs, the mean arrival rate is denoted as λr,v . Here, R stands for the total number of risk degrees, while W is the maximum number of VMs allowed to be allocated for one mobile request. If a mobile request is accepted by the cloud, i or (i + f ) number of cloud VMs are allocated for the request, where i (v ≤ i ≤ W ) stands for the number of assigned VMs for mobile task computing at the cloud server, and f stands for the number of VMs needed for the extra

TABLE I. Name r

N OTATIONS Description

The risk degree of a mobile request

R

The total number of risk degrees

v

The minimum number of VMs required by a mobile request

W

The maximum number of VMs allowed to be allocated for one mobile request

f

The number of VMs needed for the extra security implementations of cloud service

xi

The number of ongoing services occupying i cloud computing VMs

xfi

The number of ongoing services occupying i computing VMs and extra f VMs for security implementation

λr,v

The arrival rate of mobile request being at integer risk degree r and asking for v number of cloud VMs

μ

The departure rate of service occupying one cloud VM

Ar,v

A new arrival event of a request being at risk degree r and asking for v number of cloud computing VMs

Di

A departure event of the service occupying i cloud computing VMs

Dif

A departure event of the service occupying i cloud computing VMs and f extra VMs for security implementation

ai

The action to accept the request by allocating i cloud computing VMs

afi

The action to accept the request by allocating i cloud computing VMs and f extra VMs for security implementation

τ (s, a)

The average time duration from the current state s to others after selecting action a

p(k|s, a)

The state transition probability from state s to state k, when action a is selected

r(s, a)

The reward for selecting action a at state s

Ea

The income to accept a mobile service request

Es

The income by using extra resource for security functionality for a basic request

Er

The penalty to reject a mobile service request with lowest risk degree

Et

The risk penalty by using normal VMs for computing without security implementation

Ct

The cost of the time unit in service time

cvm Pb

The cost rate of occupying cloud VM resource The blocking probability requirement of mobile requests

security implementations such as VM isolation, VM monitor, stronger encryption algorithms, and so on. Here, i should be larger than or equal to v, in order to meet the computing requirement of mobile users. Assuming the service departure occupying one cloud VM follows exponential distribution with rate μ, the departure rate running i VMs is assumed to be iμ; thus, the mean service time at the cloud for this mobile request 1 is iμ . The larger the number of allocated VMs i is, the faster the relative cloud computing will be. The notations used in this paper are summarized in Table I. The decision making procedure of security-aware resource allocation is described in Fig. 1. When a new request arrives, the system determines whether to accept it or not according to the type of request, the current request traffic, and the utilization of computing resources at the cloud. If the request is acceptable, the system will assign this new service request to the cloud with a certain number of cloud VMs with or without extra VMs for security implementation. The objective of our resource allocation system for secure MCC is to make an optimal decision about whether to accept the mobile service request, how much computing resource should be allocated, and whether extra VMs should be allocated for security issue if the request is accepted, in order to maximize the system benefits (throughput) and to guarantee the security of MCC systems.

Service request

resources (x1 , ..., xW , xf1 , ...xfW ) and the current arriving event in the system (e(s)).

Check the number of required VMs and risk degree of the request, rate of requests, and availability of cloud VMs

At each state s (transition epoch), action a can be chosen from As (the set of allowable actions at state s) . Let action space A = s∈S As : {−1, 0, ai , afi } (1 ≤ i ≤ W ), where −1 represents a service departure, 0 represents a rejection of new service request, ai represents an action to accept the request by allocating i VMs for mobile application computing, and afi represents to accept the request by allocating i VMs for computing and f extra VMs for cloud security implementation.

Accepted?

No

Yes No

Extra VMs for security? Yes

Allocate a number of cloud VMs for computing

Fig. 1. System

III.

Allocate a number of cloud VMs for computing and security

Blocked

Security-Aware Resource Allocation in Mobile Cloud Computing

SMDP-BASED M ULTI -R ESOURCE A LLOCATION

Semi-Markov Decision Process (SMDP) is a generalization of the Markov Decision Process, where the transition time between decision epochs is a continuous time random variable with the same probability distribution, which depends on: 1) the current system state, 2) the taken action, and 3) the potential next state [19]. In this model, resource allocation problem in secure MCC system is formulated as an infinite horizon optimal control of a finite-state SMDP under the average cost criterion. At each state of the request arrival, the resource allocation decision is about whether to accept the request and how to allocate the cloud resources if the request is accepted. Different allocation decisions result in different next potential states, and thus the different system rewards. Among all possible decisions, the optimal policy is obtained by maximizing the long-term expected average system reward (system throughput) under the QoS requirements (low blocking probability) and security guarantee.

B. State Transition Probability

A. State and Action In the secure MCC model, the total number of ongoing services occupying i cloud computing VMs is denoted as xi , while the one occupying i computing VMs and extra f VMs at the same time for security purpose is xfi . The sum of the system cloud VMs being used by all the ongoing services should be less than or equal to the total number of cloud VMs (M ) that the system can provide: W i=1

The cumulative event rate γ(s, a) is the sum of rates of all constituent processes from state s to others after selecting action a [19], and the expected sojourn time τ (s, a) is the average time duration from the current state s to others after selecting action a. For each possible combination of event e(s) and selected action a, γ(s, a) and τ (s, a) can be calculated as follows: ⎧ R M W e(s) = Ar,v ⎪ ⎪ λi,j + i(xi + xfi )μ, ⎪ ⎪ a=0 ⎪ i=1 j=1 i=1 ⎪ ⎪ ⎨ R W M e(s) = Ar,v f λi,j + i(xi + xi )μ + wμ, γ(s, a) = ⎪ a = aw or afw i=1 j=1 i=1 ⎪ ⎪ ⎪ R W M e(s) = Dw ⎪ ⎪ ⎪ λi,j + i(xi + xfi )μ − wμ, ⎩ f or Dw i=1 j=1 i=1 (2) and 1 (3) τ (s, a) = γ(s, a) R M where i=1 j=1 λi,j is the request arrival rates of classified W service requests, and i=1 i(xi +xfi )μ represents the departure rates of the ongoing services utilizing the cloud resource. With event Ar,v , if action aw or afw is selected, one more cloud service with w allocated computing VMs is admitted, which f increases γ(s, a) by rate wμ. In case of event Dw or Dw , one service is completed and the corresponding resource is released, which decreases γ(s, a) by departure rate wμ.

ixi +

W i=1

(i + f )xfi ≤ M

(1)

Ar,v represents a new arrival event of a request being at risk degree r and asking for v minimum number of cloud VMs, while Di and Dif stand for departure events of two types of service (using or not using security module). An event in state s is thus defined as e(s) ∈ {Ar,v , Di , Dif } (1 ≤ i ≤ W ). The decision process is on a state space S, where each state s (s ∈ S), denoted by s = [x1 , ..., xW , xf1 , ...xfW , e(s)], describes the number of ongoing services occupying various

The state transition probability p(k|s, a) is defined as the probability that the system will be in state k at the next decision epoch, if action a is chosen at the current state s. There are three cases to consider depending on the event type Ar,v (a new request arrival), Dw (a departure of service without security f resource using), and Dw (a departure of service with security resource using) at the current state s, respectively. 1) If the current state s = [x1 , ..., xW , xf1 , ..., xfW , Ar,v ]: For the current state with event Ar,v , the candidate action can be to reject the request or to allocate a certain number of system resources with/without security concern. According to the selected action and the next state, the transition probability p(k|s, a) to the next state k can be given as: ⎧ λ r,v ⎪ e(k) = Ar,v ⎪ γ(s,a) , ⎪ ⎪ i(xi +1)μ ⎪ ⎪ , e(k) = Di , a = ai ⎪ ⎨ γ(s,a) ixi μ e(k) = Di , a = ai p(k|s, a) = (4) γ(s,a) , f ⎪ i(x +1)μ ⎪ f f i ⎪ , e(k) = D , a = a ⎪ i i γ(s,a) ⎪ ⎪ ⎪ f ⎩ ixfi μ , e(k) = D , a = af γ(s,a)

i

i

i) For the next event e(k) being a new request arrival Ar,v , the transition probability p(k|s, a) equals the corresponding arrival rate λr,v over the total cumulative event rate γ(s, a). ii) For the next event e(k) being a service departure Di only using cloud computing functionality, p(k|s, a) equals the relative departure rate over γ(s, a). For the service that just accepted one more request by allocating i cloud VMs at the current state s (i.e. a = ai ), the corresponding departure rate is iμ multiplied by the number of this type of ongoing service (xi +1) accounting the acceptance of one more this type request, which gives rise to the expression given in the second line of (4). For the other actions, p(k|s, a) equals the total departure rate ixi μ over γ(s, a). iii) Similar to the case in ii), the remaining two cases in (4) can be obtained when we consider the extra VMs using for security implementation in the cloud. 2) If the current state s = [x1 , ..., xW , xf1 , ..., xfW , Dw ]: For the state with the event Dw , the action can only be −1, meaning a service departure. The transition probability is calculated as: ⎧ λr,v e(k) = Ar,v ⎪ ⎪ γ(s,a) , ⎪ ⎪ ⎨ i(xi −1)μ , e(k) = Di , (i = w) γ(s,a) p(k|s, a) = (5) ixi μ e(k) = Di , (i = w) ⎪ γ(s,a) , ⎪ ⎪ f ⎪ ⎩ ixi μ , e(k) = Df i

γ(s,a)

Since the current event is a service departure Dw , the number of service occupying w cloud VMs decreases by 1 in the next state k. For the next state with event Ar,v , p(k|s, a) equals the corresponding service arrival rate λr,v over γ(s, a). For the next state with event Di or Dif , p(k|s, a) equals the departure rate of related service multiplied by the number of such type of ongoing services in new state k over γ(s, a). Note that, for the service that just completed one task, the number of this type of ongoing services in k should be (xi − 1). f ]: For 3) If the current state s = [x1 , ..., xW , xf1 , ..., xfW , Dw f , a departure of the service occupying the state with event Dw w computing VMs and f security purpose VMs, the action can only be chosen as −1, too. The transition probability is calculated as: ⎧ λ r,v ⎪ e(k) = Ar,v ⎪ γ(s,a) , ⎪ f ⎪ ⎪ ix μ i ⎨ e(k) = Di γ(s,a) , p(k|s, a) = i(xf −1)μ (6) i ⎪ , e(k) = Dif , (i = w) ⎪ γ(s,a) ⎪ ⎪ ⎪ ⎩ ixfi μ , e(k) = Df , (i = w) γ(s,a)

i

Based on the transition probabilities calculated above, an SMDP chain can be built up for security-aware resource allocation problem. Here, an example is given in order to display the details of the state transitions. In the example, the maximum number of required VMs (M ) and the maximum number of allocated computing VMs (W ) is set to 2 and 3, respectively, while the number of the extra VMs for security implementation (f ) is one. Therefore, the state s is expressed as [x1 , x2 , x3 , x11 , x12 , x13 , e(s)]. Fig. 2 presents the state transitions along with the selected actions and the state transition probabilities starting from the state [0, 1, 0, 0, 1, 0, Ar,2 ] to [0, 2, 0, 0, 1, 0, e(s)], [0, 1, 0, 0, 1, 0, e(s)], and [0, 1, 0, 0, 1, 1, e(s)].

[0,2,0, 0,1,0,

]

[0,1,0, 0,1,0,

]

[0,1,0, 0,1,1,

Fig. 2.

]

[0,2,0, 0,1,0,

]

[0,1,0, 0,1,0,

]

[0,1,0, 0,1,1,

]

[0,2,0 0,1,0,

[0,1,0, 0,1,0,

[0,1,0, 0,1,1,

]

]

]

[0,1,0, 0,1,1,

]

State transition diagram for state [0, 1, 0, 0, 1, 0, Am,2 ]

C. System Reward In order to find the optimal resource allocation policy that maximizes the secure MCC system benefits, we define a realvalued function r(s, a) as the system reward for selecting action a at state s. Following the definition of system reward in [20], r(s, a) can be calculated as the sum of the lump income of decision making and the continuous cost of resource usage in our model: r(s, a) = k(s, a) − τ (s, a) × o(s, a)

(7)

where k(s, a) is the lump reward portion and o(s, a) is the system cost per unit time for selecting action a at state s. In the definitions of k(s, a) and o(s, a), we consider the information including the mobile service request traffic, the number of required VMs and risk degree of the request, the current usage of cloud computing resource, and the significance of accepting/rejecting one single request. The detailed definitions of k(s, a) and o(s, a) are described next. k(s, a) is defined as, ⎧ t Ea − rE ⎪ R − ⎪ ⎨ rEs k(s, a) = Ea + RE − ⎪ − rr , ⎪ ⎩ 0,

Ct iμ , Ct iμ ,

e(s) = Ar,v e(s) = Ar,v e(s) = Ar,v a = −1

and and and

a = ai a = afi a=0

(8) where Ea represents the income of accepting a mobile service request, while Er represents the penalty of rejecting a service request with lowest risk degree, and therefore, Err is defined as the penalty of rejecting a service request with risk degree r, which value decreases as the risk degree grows. Since to reject a higher risk degree request will protect and benefit MCC system potentially, the penalty value to reject a higher risk degree request should be less than the value to reject the one with lower degree. Ct denotes the cost per unit service t time. Therefore, C iμ represents the cost of the mean service time incurred by accepting a new request with i cloud VMs. Es represents the income by using extra resource for security functionality for a basic request, while Et represents the risk

penalty by using normal VMs for computing without security implementation. Therefore, for the request of higher risk degree r, it will bring down the system reward to utilize the cloud without extra VM for security implementation (lower value t of − rE R ), and vice versa. Considering the risk of accepting a request with high risk degree, not utilizing extra security protection for event Ar,v brings down the action lump reward. Thus, the system prefers to run the mobile tasks of higher risk degree with extra cloud VMs for security implementation, when cloud VMs are sufficient, and to run the one of lower risk degree without extra VMs in order to save the cloud resource. o(s, a) describes the cost of occupying the computing resource per unit time, which is defined as, W

W f o(s, a) = cvm × ixi + (i + f )xi (9) i=1

i=1

where cvm denotes the cost rate of occupying cloud VM resource, which is set as 1 by default in the model, and it is possible to make adjustments according to the prices of cloud computational resource in reality. o(s, a) is determined by the rate of occupying resources and the number of being utilized resources after taking action a at s, and can be seen as the price of occupying the system resources given the current resource usage. The computing resources will become more expensive as there are more mobile service requests coming. D. Calculation of Optimal Resource Allocation Policy The objective of the optimal resource allocation is to maximize the average reward of the formulated SMDP model. According to [20], the proposed SMDP model belongs to the unichain case, and the optimization problem of maximizing the average reward can be formulated as below: maximize (r(s, a)z(s, a)) (10) s∈S a∈As

subject to the constraints: (τ (s, a)z(s, a)) = 1 a∈Ak

(11)

s∈S a∈As

z(k, a) −

s∈S a∈As

(p(k|s, a)z(s, a)) = 0, k ∈ S (12)

an optimal feasible solution of z(s, a) exists for each s and a (a ∈ As ), then the probability of selecting action a at state s, denoted by p(s, a), can be calculated as: p(s, a) =

z(s, a) a ∈As z(s, a )

(15)

An optimal policy is composed of all the probabilities of randomly selecting the actions, which can be calculated through (15) at every state of our SMDP model. The policy calculation can be executed and recorded offline, whose results can be quickly searched online with the real-time system inputs, such as the request traffics, the resource availability, and the blocking probability requirements of the request traffic. IV.

P ERFORMANCE E VALUATION

In this section, we evaluate the efficiency of the proposed SMDP-based Resource Allocation for Secure MCC system (SMDP-RAS) by investigating the obtained optimal policy (i.e. the set of action selecting decisions), throughput performance, and system reward under various conditions of resource availability, system QoS requirements, and mobile service request traffics. The simulations are built and calculated using MATLAB [21], in which a free API of lp solve 5.5.2.0 [22] is embedded for solving linear programming problem in (10) and (11)−(14) . In order to verify the efficiency of our SMDP-RAS, we choose the following model parameters as our default scenario of simulation1 : the risk degrees of requests are classified into three levels: h (high), m (medium) and l (low), and thus the total number of request risk degrees (R) is three. The maximum number of VMs that the cloud can provide to one mobile service request (W ) is set at three, while the number of VMs being used for security implementation (f ) is one. Thus, the model state s is in the format of [x1 , x2 , x3 , x11 , x12 , x13 , e(s)]. Reward parameters Ea (acceptance reward) is set to two, and other parameters in reward model (Es , Et , Er and cvm ) are all simply set to one. The total request arrival rate (λ) and departure rate (μ) is set to the value of 16.0 and 8.0, respectively. The requirement of system maximum blocking probability (Pb ) is set as 4.0 × 10−3 .

where z(s, a) represents the optimal basic solution at each state s. In the SMDP problem, τ (s, a)z(s, a) represents the longrun fraction of decision epochs at which the system is in state s and action a is selected [19]. Therefore, (11) requires that the sum of all the fractions must be equal to 1. (12) represents the balance equations requiring that for any state the long-run average number of transitions out of the state per time unit must be equal to the one into the state per time unit. (13) restricts the optimal basic solution z(s, a) is non-negative, and (14) corresponds to the QoS requirement that the blocking probability of mobile service requests must be less than or equal to a constant Pb .

Here, the values of Ea , Er , and cvm with direct impact on the system reward are selected with the purpose of mimicking the ratio values that could be used in the real system. And if the weights of the parameters are considered differently by the system, the values should be adjusted accordingly. For example, if the system considers the event of rejecting a mobile service request impacting the system more negatively, the value of Er could be set higher (such as 10.0). In that way, SDMP-RAS can try to reject less requests through allocating less VMs (but still meeting the computing requirement) to the accepted requests to save and reserve the resource for other potential arriving requests. From our experiments we notice that, when λ is low (e.g., less than 6.0), the blocking probability result approaches 0 (since the resource is too ample to refuse any service request). The heavy service request traffic helps investigate and verify the efficiency of our approach under a simulation environment with insufficient resource. It

The optimization problem of (10) and (11)−(14) can be solved as a linear programming problem of z(s, a). Suppose

1 The simulations of this paper are executed with the values of these default parameters unless there is a reassignment on a specific parameter.

z(s, a) ≥ 0, s ∈ S and a ∈ As (τ (s, a)z(s, a)) ≤ Pb

(13) (14)

s∈S a=0

TABLE II. x1 \e(s)

SMDP-RAS ALLOCATION POLICY FOR ARRIVAL REQUESTS ON STATE [x1 , 0, 0, 0, 0, 0, e(s)]

Al,1

Al,2

TABLE III.

SMDP-RAS ALLOCATION POLICY FOR ARRIVAL [x1 , 0, 0, 0, 0, 0, e(s)] (Pb = 5.0 × 10−3 )

REQUESTS ON STATE

Al,3

Am,1

Am,2

Am,3

a13 a13 a13 a12 a12 a12

a13 a13 a13 a13 a13

Ah,v

x1 \e(s)

Al,1

0

0

a3

0

2

a3

0

4

a3

a3

0

0

a3

a3

a3

2

a3

a3

a3

4

a3

a3

a3

6

a2

a2

a3

8

a2

a2

a3

10

a2

a2

a3

12

a1

a2

0

a13 a13 a13 a12 a11 a11 a11

a2

0

0

10

a2

14

a1

0

0

a1

0

0

0

12

a2

16

0

0

0

0

0

0

0

14 16

0 0

is assumed that all types of mobile requests randomly arrive during the simulation. Since it is assumed that the system always rejects the request of high risk degree for its high possibility to be an attacker of systems, Pb is defined as the blocking probability requirement only for requests of the low and medium risk degrees.

Al,2

Al,3

Am,1

Am,2

Am,3

Ah,v

a3

a3 a3

a3

a3

a13 a13 a13

a13 a13 a13

0

a3

a13 a13 a13

1 a3

a13

0

0 0

6

a3

a3

a3

1 a3

8

a2

a2

a3

a2

1

a12

a13

0

a2

a3

1 a2

a12

a3

0

a2

0

a11

a2

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

TABLE IV.

SMDP-RAS ALLOCATION POLICY FOR ARRIVAL [x1 , 0, 0, 0, 0, 0, e(s)] ( ARRIVAL RATE = 18)

REQUESTS ON STATE

x1 \e(s)

Al,1

Al,2

Al,3

Am,1

Am,2

Am,3

Ah,v

0

a3

a3

a3

a13

a13

0

2

a3

a3

a3

a13

a13

a13

0

4

a2

a2

a3

a2

1

a2

1

a13

0

a12 a12 a12

a13 a13

0

a3

0

a2

0

0

a13

A. Optimal Policies

6

a2

a2

a3

The optimal resource allocation policy of SMDP-RAS is presented for MCC systems, where the number of the total available VMs in cloud cluster is set to 16. The optimal policy comprises of all the optimal actions chosen at their corresponding states, which are calculated according to (10) using linear programming. In Table II, we present the selected action of the largest choosing probability in the proposed SMDP-RAS for state [x1 , 0, 0, 0, 0, 0, e(s)] with various number of ongoing services using one VM (x1 ) and the arrival request event (e(s)).

8

a2

a2

a3

10

a1

a2

a3

12

a1

a2

0

a12 a11 a11 a11

14

a1

0

0

a1

0

0

0

16

0

0

0

0

0

0

0

From Table II, it can be inferred that the action is always 0 for event Ah,v , meaning the rejection of the request with high risk degree. For requests of the low and medium risk degree: i) when the resource is sufficient (such as the state where x1 < 6, meaning the number of ongoing service using one cloud VM is less than 6), SMDP-RAS allocates the maximum number of allowable VMs to all types of mobile requests. Besides, one more VM is allocated specifically for requests in the medium risk level. ii) when the resource becomes less sufficient (i.e., more resource competitions among new service requests), SMDP-RAS decreases the number of allocated VMs to new requests to maximize the system reward, while the requirements on the minimum number of VMs by mobile users are still met. iii) as the number of available VMs decreases to be less than 6 (x1 > 10), the system will not allocate extra VMs to some medium risk level request for security implementation, such as when x1 = 12, and request event is Am,2 . iv) the system rejects some requests when the resource is extremely insufficient, even though the available VMs can meet the request requirement, such as when x1 = 12, and the request event is A1,3 or Am,3 . Through this way, the cloud resource is reserved for the potential incoming requests with low requirement on VMs. Table III and Table IV describe the optimal resource allocation actions of SMDP-RAS on various states respectively with low QoS requirement (meaning larger maximum blocking probability) and heavy request traffic. As highlighted in Table III, the system allocates more cloud VMs in some cases when the usage of VMs at the cloud center is low (e.g.,

0

x1 ≤ 12), while more requests to be rejected when the resource is insufficient (e.g., x1 = 14). Compared with the previous scenario described in Table II, more services are executed faster with more VMs allocated when the blocking probability is set higher. As shown in Table IV, when the current traffic becomes heavier (arrival rate = 18), less computing VMs will be allocated to some accepted requests (highlighted in Table IV) in order to reserve VMs for potential coming requests. B. Impact of Reward Model Parameters Different optimal policies of SMDP-RAS are calculated under various reward model parameters (Es , Et and Er ), and the related actions are listed in Table V accordingly. Only the actions for the medium risk degree requests are listed, as more notable changes are observed for these requests. It is indicated that the system prefers to allocate extra VMs to more requests for security implementation, when Es and Et are set as large as 10. In addition, rejection actions are taken for more requests when the usage of cloud VMs is high (e.g., x1 ≤ 12), compared to the scenario in Table II. The reason of these adjustments is that, through setting larger Es (the income of using security VMs) and larger Et (the penalty of using normal cloud computing without extra security VMs), the system tends to utilize the extra VMs for security protection of requests with higher risk degree, in order to obtain larger total system reward. However, the QoS performance of system (blocking probability) will be hurt since more requests are rejected due to the extra using of VMs for security issue. Instead, when Er (the penalty of rejecting a service request) is set as large as 10, less requests are accepted with extra

TABLE V. SMDP-RAS ALLOCATION POLICY ON STATE [x1 , 0, 0, 0, 0, 0, e(s)] UNDER VARIOUS REWARD MODEL PARAMETERS Er = 10

x1 \e(s)

Am,1

Am,2

Am,3

Am,1

Am,2

Am,3

0

a13 a13 a13 a12 a12 a12

a13 a13 a13 a13 a13 a13

a13 a13 a12 a12 a11

a13 a13 a12

a13

a2

a3

a2

a3

a1

a2

a3

12

a13 a13 a12 a11 a11 a11 a11

0

0

a1

a2

a3

14

0

0

0

a1

a2

0

16

0

0

0

0

0

0

2 4 6 8 10

60

55

10vm 12vm 14vm 16vm

a13 a3

System reward

Es = 10, Et = 10

65

50

45

40

35

30 −2

Blocking probability of the system

10

25 10

10vm 12vm 14vm 16vm

14

16

18

20

22

Arrival rate of mobile requests

Fig. 4.

The system reward under various request arrival rates

−3

10

of system VMs is only 10, our approach can still guarantee Pb less than 4.0 × 10−3 , which is maximum blocking probability required by the system. SMDP-RAS adaptively modify the resource allocation strategy, such as to allocate less VMs for users with low requirement on the number of VMs, or to limit the usage of security module, which ensures the blocking probability requirements to be met even when the request traffic is high.

−4

10

−5

10

10

12

14

16

18

20

22

Arrival rate of mobile requests

Fig. 3.

12

The blocking probability under various request arrival rates

VMs allocated for security implementation. Through limiting the usage of extra VMs for security, more potential requests can be accepted with the VMs being saved. The performance of system QoS (blocking probability) can be improved by increasing Er value. For instance, we can notice that the blocking probability decreases by 5% when Er changes from 1 to 10. However, as analyzed above, the expense of improving QoS is the loss of security protection on those services without extra VMs allocated for security purposes.

Fig. 4 shows that, the system reward increases when the traffic becomes heavier for the system with 12, 14 and 16 total VMs, since the cloud services can be provided to more mobile users. More system VMs being provided, more reward the system can achieve. For the system with 10 VMs, system reward increases when the request rate is less than 18, and starts to decrease when the traffic becomes heavier. The increasing trend of system reward is weaker for the system with 12 VMs, when the request rate is larger than 20 requests per minute. Limited by the system capacity, some requests have to be rejected once the system VMs are insufficient for incoming requests, which is the main reason why the reward is affected under heavy request traffic for those systems with less VM resource. V.

C. System Performance The performance of our SMDP-RAS strategy is verified through the analysis of request blocking probability and system reward respectively shown in Fig. 3 and 4. The simulation results are measured for the scenarios with the various number of the total VMs which are being provided in the cloud cluster (10, 12, 14, and 16). Fig. 3 indicates that, as the traffic (arrival rate of mobile requests) increases, the system blocking probability becomes higher. For scenarios under the same request arrival rate, the larger the number of VMs being provided by the system, the less blocking probability the system can achieve. Even though the traffic is as high as 22 requests per minute and the number

C ONCLUSION

In this paper, we present a novel resource allocation policy for secure mobile cloud computing systems. In deriving the optimal allocation policy we consider cloud resource and the risk degree of mobile requests, the current status of request traffic, and the availability of the cloud resource. Our SMDPRAS algorithm adaptively determines whether to accept a mobile request and whether to allocate an extra computing resource for the security implementation, and consequently calculates the amount of allocated cloud resource for each accepted request. The optimal allocation decision can help MCC system maximize the throughput while meeting user requirements of security and cloud resource . The simulation results manifest the feasibility and usefulness of the proposed SMDP-RAS.

R EFERENCES [1] Y. Li, W. Li, and C. Jiang, “A survey of virtual machine system: Current technology and future trends,” in ISECS, 2010, pp. 332–336. [2] K. Yang, S. Ou, and H.-H. Chen, “On effective offloading services for resource-constrained mobile devices running heavier mobile internet applications,” Comm. Mag., vol. 46, no. 1, pp. 56–63, Jan. 2008. [3] A. Ellouze, M. Gagnaire, and A. Haddad, “A mobile application offloading algorithm for mobile cloud computing,” in Third IEEE Mobile Cloud Computing, Services and Engineering, Mobile Cloud 2015, San Francisco, CA, Mar. 2015. [4] Y. Liu and M. J. Lee, “An effective dynamic programming offloading algorithm in mobile cloud computing system,” in IEEE Wireless Communications and Networking Conference, WCNC 2014, Istanbul, Turkey, Apr. 6–9 2014, pp. 1868–1873. [5] K. Kumar and Y.-H. Lu, “Cloud computing for mobile users: Can offloading computation save energy?” Computer, vol. 43, no. 4, pp. 51–56, Apr. 2010. [6] Y. Liu and M. J. Lee, “An adaptive resource allocation algorithm for partitioned services in mobile cloud computing,” in Ninth IEEE International Symposium on Service-Oriented System Engineering, SOSE 2015, San Francisco, CA, Mar. 2015, pp. 209–215. [7] Z. Zhou and D. Huang, “Efficient and secure data storage operations for mobile cloud computing,” in 8th International Conference on Network and Service Management, CNSM 2012, Las Vegas, NV, USA, Oct.22– 26, 2012, pp. 37–45. [8] L. Xu, L. Li, V. Nagarajan, D. Huang, and W. Tsai, “Secure web referral services for mobile cloud computing,” in Seventh IEEE International Symposium on Service-Oriented System Engineering, SOSE 2013, San Francisco, CA, Mar. 2013, pp. 584–593. [9] I. M. Khalil, A. Khreishah, and M. Azeem, “A cloud computing security: A survey.” Computer, pp. 1–35, 2014. [10] D. Lukan, “Top cloud computing threat in enterprise environment,” Sep. 2014. [Online]. Available: http://resources.infosecinstitute.com/topcloud-computing-threats-enterprise-environments/ [11] N. Gruschka and M. Jensen, “Attack surfaces: A taxonomy for attacks on cloud services,” in IEEE International Conference on Cloud Computing, CLOUD 2010, Miami, FL, USA, Jul. 5–10 2010, pp. 276–279. [12] T. Bl¨asing, A.-D. Schmidt, L. Batyuk, S. A. Camtepe, and S. Albayrak, “An android application sandbox system for suspicious software detection,” in 5th International Conference on Malicious and Unwanted Software, Malware 2010, Nancy, France, Oct. 2010. [13] H. Liang, T. Xing, L. X. Cai, D. Huang, D. Peng, and Y. Liu, “Adaptive computing resource allocation for mobile cloud computing.” IJDSN, vol. 2013, 2013. [14] R. Kaewpuang, D. Niyato, P. Wang, and E. Hossain, “A cloud computing security: A survey.” IEEE Trans. Select. Area, vol. 31, no. 12, pp. 2685–2700, 2013. [15] P. D. Lorenzo, S. Barbarossa, and S. Sardellitti, “Joint optimization of radio resources and code partitioning in mobile cloud computing,” CoRR, vol. abs/1307.3835, 2013. [16] D. T. Hoang, D. Niyato, and P. Wang, “Optimal admission control policy for mobile cloud computing hotspot with cloudlet.” in IEEE Wireless Communications and Networking Conference, WCNC 2012, Paris, France, Apr. 1–4 2012, pp. 3145–3149. [17] Q. Xia, W. Liang, and W. Xu, “Throughput maximization for online request admissions in mobile cloudlets,” in 38th Annual IEEE Conference on Local Computer Networks, Sydney, Australia,, Oct. 21–24, 2013, pp. 589–596. [18] H. Liang, D. Huang, L. X. Cai, X. Shen, and D. Peng, “Resource allocation for security services in mobile cloud computing,” in INFOCOM WKSHPS, Shanghai, China, Apr. 2011, pp. 191–195. [19] H. C. Tijms, A first course in stochastic models. New York: Wiley, 2003. [20] M. L. Puterman, Markov Decision Processes: Discrete Stochastic Dynamic Programming, 1st ed. New York, NY, USA: John Wiley & Sons, Inc., 1994. [21] MATLAB, version 7.10.0 (R2010a). Natick, Massachusetts: The MathWorks Inc., 2010. [22] “lpsolve.” [Online]. Available: http://lpsolve.sourceforge.net/5.5/