scalable distributed service integrity attestation for software-as-a-service ...swathi78
This document proposes IntTest, a scalable and effective service integrity attestation framework for software-as-a-service clouds. IntTest provides stronger attacker pinpointing than previous schemes through an integrated attestation graph analysis. It can also automatically enhance result quality by replacing results from malicious attackers with results from benign providers. The authors implemented IntTest on a production cloud computing infrastructure and found it achieved higher attacker pinpointing accuracy than existing approaches with little performance impact.
An Analysis Of Cloud ReliabilityApproaches Based on Cloud Components And Reli...ijafrc
This document discusses several techniques for improving reliability in cloud computing systems. It analyzes approaches based on cloud components and reliability techniques, including adaptive fault tolerance, cloud service reliability modeling, fault-tolerant and reliable computation, fault tolerance and resilience, fault tolerance middleware, and a system-level approach. The key components of cloud reliability are discussed, such as virtual machines, cloud managers, and fault tolerance methods. Comparisons are made between the techniques based on their methodology for measuring and ensuring reliability.
The document provides a report on proposing a decentralized information accountability framework to track how user data is used in the cloud. It analyzes existing cloud service models and outlines the objectives, scope, system analysis, design and feasibility of the proposed framework. The system analysis section describes challenges with current single-server systems and outlines modules for data integrity, security, and distributed storage across multiple servers. A feasibility study examines the technical, social, and economic viability of the project. The system design section provides diagrams to model the data flow, entity relationships, system workflows and use cases of the proposed accountability framework.
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...cscpconf
In this paper we propose a new cloud computing environment where we approach a trusted
cloud environment which is controlled by both the client and the cloud environment. Our
approach is mainly divided into two parts. First part is controlled by the normal user which gets
permission by the cloud environment for performing operation and for loading data. Second
part shows a secure trusted computing for the cloud, if the admin of the cloud want to see the
data then it take permission from the client environment. This provides a way to hide the data
and normal user can protect their data from the cloud provider. This provides a two way
security which helps both the cloud and the normal user. For the above concept we propose a
java based algorithm. In this paper we also provide a comparative study between our novel and the traditional approach. It also proof that our method shows good result in comparison to the previous one
SURVEY ON DYNAMIC DATA SHARING IN PUBLIC CLOUD USING MULTI-AUTHORITY SYSTEMijiert bestjournal
The continuous development of cloud computing,seve ral trends are opening up to new forms of outsourci ng. Public data integrity auditing is not secure and efficient for shared dynamic data. In existing scheme figure out the collusion attack and provide an efficient public integrity au diting scheme,with the help of secure group user r evocation based on vector commitment and verifier�local revocation group signature. It provides secure and efficient s cheme which support public checking and efficient user revocati on. Problem of existing work they used TPA (Third p arty auditor) for key generation and key agreement. Use of TPA as central system if it fails then whole system gets failed. If we are working with cloud,user identity is major conc ern because user doesn�t want to reveal his persona l information to public. This concept not included in it. In this paper,based these con�s we proposed a dynamic dat a sharing in public cloud using multi-authority system. The prop osed scheme is able to protect user�s privacy again st each single authority. .
Project book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUDNAWAZ KHAN
The document discusses the shift from vendor locking to the meta cloud. It describes how vendor locking is problematic as businesses locked into a cloud have no guarantees of quality of service or cost control. This leads to a need for businesses to be able to rapidly migrate between clouds. The meta cloud allows businesses to permanently monitor clouds and migrate between them if needed, avoiding the issues of vendor locking.
This document discusses ensuring data integrity for data stored in the cloud. It proposes using a combination of the Station-to-Station key exchange protocol, XOR encryption, and SHA-2 hashing to verify integrity. Specifically, it involves:
1) Generating a secret key using Station-to-Station protocol shared between user and auditor
2) XOR encryption of data with the key before storing in cloud
3) Hashing the original data and comparing the hash to the auditor's hash after decrypting the cloud data with the shared key.
If the hashes match, then the data integrity is verified. Otherwise, the data has been tampered with. This approach aims to allow a third party auditor to
scalable distributed service integrity attestation for software-as-a-service ...swathi78
This document proposes IntTest, a scalable and effective service integrity attestation framework for software-as-a-service clouds. IntTest provides stronger attacker pinpointing than previous schemes through an integrated attestation graph analysis. It can also automatically enhance result quality by replacing results from malicious attackers with results from benign providers. The authors implemented IntTest on a production cloud computing infrastructure and found it achieved higher attacker pinpointing accuracy than existing approaches with little performance impact.
An Analysis Of Cloud ReliabilityApproaches Based on Cloud Components And Reli...ijafrc
This document discusses several techniques for improving reliability in cloud computing systems. It analyzes approaches based on cloud components and reliability techniques, including adaptive fault tolerance, cloud service reliability modeling, fault-tolerant and reliable computation, fault tolerance and resilience, fault tolerance middleware, and a system-level approach. The key components of cloud reliability are discussed, such as virtual machines, cloud managers, and fault tolerance methods. Comparisons are made between the techniques based on their methodology for measuring and ensuring reliability.
The document provides a report on proposing a decentralized information accountability framework to track how user data is used in the cloud. It analyzes existing cloud service models and outlines the objectives, scope, system analysis, design and feasibility of the proposed framework. The system analysis section describes challenges with current single-server systems and outlines modules for data integrity, security, and distributed storage across multiple servers. A feasibility study examines the technical, social, and economic viability of the project. The system design section provides diagrams to model the data flow, entity relationships, system workflows and use cases of the proposed accountability framework.
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...cscpconf
In this paper we propose a new cloud computing environment where we approach a trusted
cloud environment which is controlled by both the client and the cloud environment. Our
approach is mainly divided into two parts. First part is controlled by the normal user which gets
permission by the cloud environment for performing operation and for loading data. Second
part shows a secure trusted computing for the cloud, if the admin of the cloud want to see the
data then it take permission from the client environment. This provides a way to hide the data
and normal user can protect their data from the cloud provider. This provides a two way
security which helps both the cloud and the normal user. For the above concept we propose a
java based algorithm. In this paper we also provide a comparative study between our novel and the traditional approach. It also proof that our method shows good result in comparison to the previous one
SURVEY ON DYNAMIC DATA SHARING IN PUBLIC CLOUD USING MULTI-AUTHORITY SYSTEMijiert bestjournal
The continuous development of cloud computing,seve ral trends are opening up to new forms of outsourci ng. Public data integrity auditing is not secure and efficient for shared dynamic data. In existing scheme figure out the collusion attack and provide an efficient public integrity au diting scheme,with the help of secure group user r evocation based on vector commitment and verifier�local revocation group signature. It provides secure and efficient s cheme which support public checking and efficient user revocati on. Problem of existing work they used TPA (Third p arty auditor) for key generation and key agreement. Use of TPA as central system if it fails then whole system gets failed. If we are working with cloud,user identity is major conc ern because user doesn�t want to reveal his persona l information to public. This concept not included in it. In this paper,based these con�s we proposed a dynamic dat a sharing in public cloud using multi-authority system. The prop osed scheme is able to protect user�s privacy again st each single authority. .
Project book on WINDS OF CHANGE:FROM VENDOR LOCK-IN TO THE META CLOUDNAWAZ KHAN
The document discusses the shift from vendor locking to the meta cloud. It describes how vendor locking is problematic as businesses locked into a cloud have no guarantees of quality of service or cost control. This leads to a need for businesses to be able to rapidly migrate between clouds. The meta cloud allows businesses to permanently monitor clouds and migrate between them if needed, avoiding the issues of vendor locking.
This document discusses ensuring data integrity for data stored in the cloud. It proposes using a combination of the Station-to-Station key exchange protocol, XOR encryption, and SHA-2 hashing to verify integrity. Specifically, it involves:
1) Generating a secret key using Station-to-Station protocol shared between user and auditor
2) XOR encryption of data with the key before storing in cloud
3) Hashing the original data and comparing the hash to the auditor's hash after decrypting the cloud data with the shared key.
If the hashes match, then the data integrity is verified. Otherwise, the data has been tampered with. This approach aims to allow a third party auditor to
IRJET- Trust Value Calculation for Cloud ResourcesIRJET Journal
The document proposes a methodology for calculating trust values for cloud resources using the naive Bayesian mining technique. The methodology uses formulas to calculate values for accessibility, reliability, ability, turnaround efficiency, and reputation of each resource. These values are then used in a naive Bayesian algorithm to predict trust values and visualize the results. The goal is to provide users with a means to evaluate trustworthiness and choose highly trustworthy cloud resources.
Trust Based Management with User Feedback Service in Cloud EnvironmentIRJET Journal
The document proposes a trust-based management system using user feedback in cloud environments. It introduces challenges with trust and security in cloud computing due to the dynamic and distributed nature of clouds. The proposed system uses an RSA algorithm to encrypt data and build trust between clouds and users based on customer feedback. It aims to detect misleading feedback through collusion detection and identify Sybil attacks by verifying user identities. The system evaluates feedback through data analysis to determine the credibility of trust information and protect cloud services from malicious users.
Oruta is a privacy-preserving public auditing mechanism for shared data in the cloud that:
1) Utilizes ring signatures to construct homomorphic authenticators, allowing a third party auditor to verify the integrity of shared data without retrieving the entire data while keeping the identity of the signer private.
2) Extends the mechanism to support batch auditing, enabling the verification of multiple shared data simultaneously in a single auditing task.
3) Continues to use random masking to support data privacy during public auditing and leverages index hash tables to support fully dynamic operations on shared data.
This document discusses and compares various load balancing techniques in cloud computing. It begins by introducing load balancing as an important issue in cloud computing for efficiently scheduling user requests and resources. Several load balancing algorithms are then described, including honeybee foraging algorithm, biased random sampling, active clustering, OLB+LBMM, and Min-Min. Metrics for evaluating and comparing load balancing techniques are defined, such as throughput, overhead, fault tolerance, migration time, response time, resource utilization, scalability, and performance. The algorithms are then analyzed based on these metrics.
secure data transfer and deletion from counting bloom filter in cloud computing.Venkat Projects
The document discusses a proposed system for secure data transfer and deletion from one cloud to another. It aims to achieve verifiable data transfer and reliable data deletion without a trusted third party. The system uses a counting Bloom filter scheme to allow a data owner, original cloud, and target cloud to verify that data was completely and accurately transferred or deleted. The scheme ensures data confidentiality, integrity, and public verifiability during the transfer and deletion processes.
Dependability assessments of reliable services in a private cloud environmentKPOST
Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture. It promises significant cost savings by making it possible to consolidate workloads and share infrastructure resources among multiple applications resulting in higher cost and energy-efficiency. However, these benefits come at the cost of increased system complexity and dynamicity posing new challenges in providing service dependability and resilience for applications running in a private Cloud environment. This paper discusses about implementing a private cloud using open source software and operating system. This private cloud is capable of providing the infrastructure and platform as a service. Infrastructure includes the storage, servers, virtualization, compute and network services and platform as a service includes the operating system, middleware and runtime environment.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
Winds of change from vendor lock-in to meta cloud review 1NAWAZ KHAN
The document proposes a "meta cloud" that would abstract away technical incompatibilities between existing cloud offerings and mitigate vendor lock-in. It would help users find the right cloud services for their use case and support initial deployment and runtime migration between clouds. The meta cloud incorporates design-time and runtime components like a unified API, resource templates, migration recipes, and a knowledge base to store provider/service data. It was presented by four students and describes the existing system, proposed meta cloud architecture and its advantages, hardware/software requirements, modules, UML diagrams, and execution slides.
Towards secure and dependable storage service in cloudsibidlegend
The document proposes a distributed storage integrity auditing mechanism for cloud data storage that allows for lightweight communication and computation during audits. The proposed design ensures strong correctness guarantees for stored data and enables fast error localization to identify misbehaving servers. It also supports secure and efficient dynamic operations like modifying, deleting, and appending blocks of outsourced data. Analysis shows the scheme is efficient and resilient against various attacks.
Centralized Data Verification Scheme for Encrypted Cloud Data ServicesEditor IJMTER
Cloud environment supports data sharing between multiple users. Data integrity is violated
due to hardware / software failures and human errors. Data owners and public verifiers are involved to
efficiently audit cloud data integrity without retrieving the entire data from the cloud server. File and
block signatures are used in the integrity verification process.
“One Ring to RUle Them All” (Oruta) scheme is used for privacy-preserving public auditing process. In
oruta homomorphic authenticators are constructed using Ring Signatures. Ring signatures are used to
compute verification metadata needed to audit the correctness of shared data. The identity of the signer
on each block in shared data is kept private from public verifiers. Homomorphic authenticable ring
signature (HARS) scheme is applied to provide identity privacy with blockless verification. Batch
auditing mechanism supports to perform multiple auditing tasks simultaneously. Oruta is compatible
with random masking to preserve data privacy from public verifiers. Dynamic data management process
is handled with index hash tables. Traceability is not supported in oruta scheme. Data dynamism
sequence is not managed by the system. The system obtains high computational overhead
The proposed system is designed to perform public data verification with privacy. Traceability features
are provided with identity privacy. Group manager or data owner can be allowed to reveal the identity of
the signer based on verification metadata. Data version management mechanism is integrated with the
system.
Public integrity auditing for shared dynamic cloud data with group user revoc...Pvrtechnologies Nellore
This document describes a public integrity auditing scheme for shared dynamic cloud data that supports secure group user revocation. It identifies limitations in existing schemes, such as lack of consideration for data secrecy during updates and potential collusion attacks during revocation. The proposed scheme uses vector commitment, asymmetric group key agreement, and group signatures to enable encrypted data updates among group users and efficient yet secure user revocation. It aims to provide public auditing of data integrity, as well as properties like traceability and accountability. The security and performance of the scheme are analyzed and shown to improve upon relevant existing works.
Anonymous Data Sharing in Cloud using Pack AlgorithmIRJET Journal
This document discusses an algorithm called PACK that aims to anonymously share data in the cloud while reducing network redundancy. It does this by having a middleware layer between senders and receivers that routes data through queues, keeping the two parties anonymous. The algorithm chunks data into packets with start and end markers. It determines whether requests are unique or redundant to cache frequently requested data and reduce server load. Evaluations show the receiver-dominated system with the middleware offloads computation from servers, while synchronization eliminates overhead from authentication between senders and receivers. Implementing this traffic redundancy elimination in cloud systems could reduce data costs for cloud service providers.
RESILIENT VOTING MECHANISMS FOR MISSION SURVIVABILITY IN CYBERSPACE: COMBININ...IJNSA Journal
While information systems became ever more complex and the interdependence of these systems increased, mission-critical services should be survivable even in the presence of cyber attacks or internal failures. Node replication can be used to protect a mission-critical system against faults that may occur
naturally or be caused by malicious attackers. The overall reliability increases by the number of replicas. However, when the replicas are a perfect copy of each other, a successful attack or failure in any node can be instantaneously repeated in all the other nodes. Eventually, the service of those nodes will
discontinue, which may affect the system’s mission. Therefore, it becomes evident that there must be more survivable approach with diversity among the replicas in mission-critical systems. In particular, this research investigates the best binary voting mechanism among replicas. Furthermore, with experimental
results, we compare the simple majority mechanism with hierarchical decision process and discuss their trade-offs.
This document summarizes a research paper that proposes a secure cloud-based mobile health monitoring system called CAM. The system aims to protect patient privacy and the intellectual property of healthcare service providers. It incorporates techniques like anonymous identity-based encryption and outsourced decryption to encrypt health data and shift decryption tasks to the cloud. The system also randomizes diagnostic programs and decision thresholds stored in the cloud to protect provider content. The goal is to allow resource-constrained providers to participate in mobile healthcare via cloud support while preserving security and privacy.
This curriculum vitae summarizes the professional experience and qualifications of Lynda Jennifer Walder. It outlines her education including degrees in health care practice and emergency care, as well as certifications in areas like safeguarding children and advanced life support. The CV also details Walder's employment history working as a paramedic, emergency care practitioner, clinical manager, and safeguarding professional for the London Ambulance Service and other organizations. It lists her roles, responsibilities, and accomplishments in each position. Additional information includes hobbies, volunteer work, and publications.
This document provides information on Acu-Power and Acu-Comms conduit products from Acu-Tech Piping Systems. It describes the conduits as providing superior mechanical and environmental protection for electrical and fiber optic cables. Key features include color coding for identification, flexibility allowing for bending, lightweight materials, and trenchless installation options. Specification tables provide the technical details on nominal sizes, wall thicknesses, lengths and dimensions of standard conduit coil configurations. Contact information is provided for assistance.
Rasulullah SAW mengutus Mu'adz RA ke Yaman untuk mengajak kaum Ahli Kitab di sana mengakui bahwa tidak ada Tuhan selain Allah dan bahwa beliau adalah Rasulullah. Jika mereka taat, ajarkanlah mereka shalat lima waktu dan membayar zakat. Hindari harta mereka yang paling berharga dan jauhilah doa orang yang dizalimi.
The document summarizes Bangladesh's national budget for 2016-17. It shows that the majority (59.7%) of the budget's Taka 3,406.05 billion in resources comes from tax revenue collected by the National Board of Revenue. The largest portions of the budget are allocated to education and technology (15.6%), public administration (13.9%), and interest payments (11.7%). Graphs break down revenue sources and expenditure allocations by sector.
IRJET- Trust Value Calculation for Cloud ResourcesIRJET Journal
The document proposes a methodology for calculating trust values for cloud resources using the naive Bayesian mining technique. The methodology uses formulas to calculate values for accessibility, reliability, ability, turnaround efficiency, and reputation of each resource. These values are then used in a naive Bayesian algorithm to predict trust values and visualize the results. The goal is to provide users with a means to evaluate trustworthiness and choose highly trustworthy cloud resources.
Trust Based Management with User Feedback Service in Cloud EnvironmentIRJET Journal
The document proposes a trust-based management system using user feedback in cloud environments. It introduces challenges with trust and security in cloud computing due to the dynamic and distributed nature of clouds. The proposed system uses an RSA algorithm to encrypt data and build trust between clouds and users based on customer feedback. It aims to detect misleading feedback through collusion detection and identify Sybil attacks by verifying user identities. The system evaluates feedback through data analysis to determine the credibility of trust information and protect cloud services from malicious users.
Oruta is a privacy-preserving public auditing mechanism for shared data in the cloud that:
1) Utilizes ring signatures to construct homomorphic authenticators, allowing a third party auditor to verify the integrity of shared data without retrieving the entire data while keeping the identity of the signer private.
2) Extends the mechanism to support batch auditing, enabling the verification of multiple shared data simultaneously in a single auditing task.
3) Continues to use random masking to support data privacy during public auditing and leverages index hash tables to support fully dynamic operations on shared data.
This document discusses and compares various load balancing techniques in cloud computing. It begins by introducing load balancing as an important issue in cloud computing for efficiently scheduling user requests and resources. Several load balancing algorithms are then described, including honeybee foraging algorithm, biased random sampling, active clustering, OLB+LBMM, and Min-Min. Metrics for evaluating and comparing load balancing techniques are defined, such as throughput, overhead, fault tolerance, migration time, response time, resource utilization, scalability, and performance. The algorithms are then analyzed based on these metrics.
secure data transfer and deletion from counting bloom filter in cloud computing.Venkat Projects
The document discusses a proposed system for secure data transfer and deletion from one cloud to another. It aims to achieve verifiable data transfer and reliable data deletion without a trusted third party. The system uses a counting Bloom filter scheme to allow a data owner, original cloud, and target cloud to verify that data was completely and accurately transferred or deleted. The scheme ensures data confidentiality, integrity, and public verifiability during the transfer and deletion processes.
Dependability assessments of reliable services in a private cloud environmentKPOST
Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture. It promises significant cost savings by making it possible to consolidate workloads and share infrastructure resources among multiple applications resulting in higher cost and energy-efficiency. However, these benefits come at the cost of increased system complexity and dynamicity posing new challenges in providing service dependability and resilience for applications running in a private Cloud environment. This paper discusses about implementing a private cloud using open source software and operating system. This private cloud is capable of providing the infrastructure and platform as a service. Infrastructure includes the storage, servers, virtualization, compute and network services and platform as a service includes the operating system, middleware and runtime environment.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
Winds of change from vendor lock-in to meta cloud review 1NAWAZ KHAN
The document proposes a "meta cloud" that would abstract away technical incompatibilities between existing cloud offerings and mitigate vendor lock-in. It would help users find the right cloud services for their use case and support initial deployment and runtime migration between clouds. The meta cloud incorporates design-time and runtime components like a unified API, resource templates, migration recipes, and a knowledge base to store provider/service data. It was presented by four students and describes the existing system, proposed meta cloud architecture and its advantages, hardware/software requirements, modules, UML diagrams, and execution slides.
Towards secure and dependable storage service in cloudsibidlegend
The document proposes a distributed storage integrity auditing mechanism for cloud data storage that allows for lightweight communication and computation during audits. The proposed design ensures strong correctness guarantees for stored data and enables fast error localization to identify misbehaving servers. It also supports secure and efficient dynamic operations like modifying, deleting, and appending blocks of outsourced data. Analysis shows the scheme is efficient and resilient against various attacks.
Centralized Data Verification Scheme for Encrypted Cloud Data ServicesEditor IJMTER
Cloud environment supports data sharing between multiple users. Data integrity is violated
due to hardware / software failures and human errors. Data owners and public verifiers are involved to
efficiently audit cloud data integrity without retrieving the entire data from the cloud server. File and
block signatures are used in the integrity verification process.
“One Ring to RUle Them All” (Oruta) scheme is used for privacy-preserving public auditing process. In
oruta homomorphic authenticators are constructed using Ring Signatures. Ring signatures are used to
compute verification metadata needed to audit the correctness of shared data. The identity of the signer
on each block in shared data is kept private from public verifiers. Homomorphic authenticable ring
signature (HARS) scheme is applied to provide identity privacy with blockless verification. Batch
auditing mechanism supports to perform multiple auditing tasks simultaneously. Oruta is compatible
with random masking to preserve data privacy from public verifiers. Dynamic data management process
is handled with index hash tables. Traceability is not supported in oruta scheme. Data dynamism
sequence is not managed by the system. The system obtains high computational overhead
The proposed system is designed to perform public data verification with privacy. Traceability features
are provided with identity privacy. Group manager or data owner can be allowed to reveal the identity of
the signer based on verification metadata. Data version management mechanism is integrated with the
system.
Public integrity auditing for shared dynamic cloud data with group user revoc...Pvrtechnologies Nellore
This document describes a public integrity auditing scheme for shared dynamic cloud data that supports secure group user revocation. It identifies limitations in existing schemes, such as lack of consideration for data secrecy during updates and potential collusion attacks during revocation. The proposed scheme uses vector commitment, asymmetric group key agreement, and group signatures to enable encrypted data updates among group users and efficient yet secure user revocation. It aims to provide public auditing of data integrity, as well as properties like traceability and accountability. The security and performance of the scheme are analyzed and shown to improve upon relevant existing works.
Anonymous Data Sharing in Cloud using Pack AlgorithmIRJET Journal
This document discusses an algorithm called PACK that aims to anonymously share data in the cloud while reducing network redundancy. It does this by having a middleware layer between senders and receivers that routes data through queues, keeping the two parties anonymous. The algorithm chunks data into packets with start and end markers. It determines whether requests are unique or redundant to cache frequently requested data and reduce server load. Evaluations show the receiver-dominated system with the middleware offloads computation from servers, while synchronization eliminates overhead from authentication between senders and receivers. Implementing this traffic redundancy elimination in cloud systems could reduce data costs for cloud service providers.
RESILIENT VOTING MECHANISMS FOR MISSION SURVIVABILITY IN CYBERSPACE: COMBININ...IJNSA Journal
While information systems became ever more complex and the interdependence of these systems increased, mission-critical services should be survivable even in the presence of cyber attacks or internal failures. Node replication can be used to protect a mission-critical system against faults that may occur
naturally or be caused by malicious attackers. The overall reliability increases by the number of replicas. However, when the replicas are a perfect copy of each other, a successful attack or failure in any node can be instantaneously repeated in all the other nodes. Eventually, the service of those nodes will
discontinue, which may affect the system’s mission. Therefore, it becomes evident that there must be more survivable approach with diversity among the replicas in mission-critical systems. In particular, this research investigates the best binary voting mechanism among replicas. Furthermore, with experimental
results, we compare the simple majority mechanism with hierarchical decision process and discuss their trade-offs.
This document summarizes a research paper that proposes a secure cloud-based mobile health monitoring system called CAM. The system aims to protect patient privacy and the intellectual property of healthcare service providers. It incorporates techniques like anonymous identity-based encryption and outsourced decryption to encrypt health data and shift decryption tasks to the cloud. The system also randomizes diagnostic programs and decision thresholds stored in the cloud to protect provider content. The goal is to allow resource-constrained providers to participate in mobile healthcare via cloud support while preserving security and privacy.
This curriculum vitae summarizes the professional experience and qualifications of Lynda Jennifer Walder. It outlines her education including degrees in health care practice and emergency care, as well as certifications in areas like safeguarding children and advanced life support. The CV also details Walder's employment history working as a paramedic, emergency care practitioner, clinical manager, and safeguarding professional for the London Ambulance Service and other organizations. It lists her roles, responsibilities, and accomplishments in each position. Additional information includes hobbies, volunteer work, and publications.
This document provides information on Acu-Power and Acu-Comms conduit products from Acu-Tech Piping Systems. It describes the conduits as providing superior mechanical and environmental protection for electrical and fiber optic cables. Key features include color coding for identification, flexibility allowing for bending, lightweight materials, and trenchless installation options. Specification tables provide the technical details on nominal sizes, wall thicknesses, lengths and dimensions of standard conduit coil configurations. Contact information is provided for assistance.
Rasulullah SAW mengutus Mu'adz RA ke Yaman untuk mengajak kaum Ahli Kitab di sana mengakui bahwa tidak ada Tuhan selain Allah dan bahwa beliau adalah Rasulullah. Jika mereka taat, ajarkanlah mereka shalat lima waktu dan membayar zakat. Hindari harta mereka yang paling berharga dan jauhilah doa orang yang dizalimi.
The document summarizes Bangladesh's national budget for 2016-17. It shows that the majority (59.7%) of the budget's Taka 3,406.05 billion in resources comes from tax revenue collected by the National Board of Revenue. The largest portions of the budget are allocated to education and technology (15.6%), public administration (13.9%), and interest payments (11.7%). Graphs break down revenue sources and expenditure allocations by sector.
The document provides information about federal budgets. It defines what a budget is and discusses different types of budgets including government budgets. It explains that a federal budget forecasts spending for the upcoming year in a country. The budget process involves preparation, approval, implementation, and auditing. Budgets can be executive, legislative, capital, operating, line-item, performance-based, or zero-based. It also discusses budget surpluses, deficits, and discretionary vs entitlement spending. The document concludes by summarizing highlights and criticisms of Pakistan's 2015-2016 federal budget, which aimed to strengthen industry and agriculture through incentives but faced challenges including poor governance and an imbalance of spending priorities.
Highlights of Changes in Direct & Indirect Taxes in 2016-2017 budget
Direct Tax include Income tax,CHANGES IN INDIRECT TAXES - (CUSTOMS ACT, 1962 ,CENTRAL EXCISE ACT, 1944 ,AMENDMENTS IN SERVICE TAX )
Elasticity measures the extent to which demand changes in response to a change in price. There are different degrees of price elasticity including perfectly elastic, perfectly inelastic, unitary elastic, relatively elastic, and relatively inelastic demand. Cross elasticity and income elasticity also measure responsiveness of demand but to other factors like substitute goods and consumer income levels respectively. Methods for measuring price elasticity include the total expenditure method, percentage method, point method, arc elasticity, and revenue method.
This document provides financial information for First Commonwealth Financial Corp for 2010-2018. It includes income statements, balance sheets, and cash flow statements. Some key highlights are:
- Revenues declined from 2010 to 2011 due to decreases in loans/leases and securities income. Noninterest revenue grew 18% from 2011 to 2012.
- Interest expenses declined 32% from 2010 to 2011 as deposit and borrowing costs fell.
- Net income declined from $23 million in 2010 to $15 million in 2011, a decrease of 40%. Earnings per share also fell 40% over this period.
- Total assets grew slightly from 2010 to 2011 but have increased each year since, reaching $7.1 billion by
The document discusses several topics related to changes in the Catholic Church between the 14th and 15th centuries:
1) The removal of popes to Avignon signaled a change in their status and relationship to Rome. It disturbed people and the popes demanded increasingly high taxes.
2) Moscow became considered the "third Rome" after the fall of Constantinople to the Ottoman Turks, with rulers seeing themselves as the successors to the Byzantine Empire.
3) A revival of spiritual works and meditation emerged despite corruption in parts of the Church, including famous works like the Imitation of Christ. However, the selling of indulgences also became widespread, distorting the original purpose of pardoning sins
IntTest is a scalable distributed service integrity attestation framework for software-as-a-service clouds. It provides a novel integrated attestation graph analysis scheme that can pinpoint malicious attackers more accurately than previous schemes. IntTest examines both per-function consistency graphs and a global inconsistency graph to identify attackers even if they control some service functions. It also performs result autocorrection to replace corrupted results with good results from benign providers. Experimental results on a production cloud show IntTest achieves higher attacker pinpointing accuracy than existing approaches with low performance overhead.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
This document discusses improving fault tolerance in virtual machine-based cloud infrastructures. It proposes a model to analyze how systems tolerate faults by making decisions based on the reliability of processing nodes (virtual machines). If a virtual machine produces the correct result within the time limit, its reliability increases, and if it fails or is incorrect, reliability decreases. If reliability does not meet a minimum threshold, the system performs recovery actions. The technique executes diverse variants on multiple VMs and assigns reliability scores to results. Related work on fault tolerance techniques for clouds is also reviewed.
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
Cloud computing is a model for enabling convenient, on-demand network access
to a shared pool of configurable computing resources. Reliability in compute cloud is an
important aspect in Quality of Service which needs to be addressed in order to foster the
adoption of compute cloud. In today’s integrated environment the distributed systems is
employed to carry out computational intensive task at a faster rate without much
investment. The Cloud is a multitenant architecture which allows faster computation with
high scalability at a lower cost thereby the users can share the same physical infrastructure.
Individual customers deploy their applications in such environment will occupy the virtual
partitions on the platform. This paper describes a straightforward procedure to analyze the
reliability of the application from the view point of the resource provider. A trust
component is implemented to provide preventive control and to mitigate the occurrence of
any non-permissible action by using the detective mechanism. Such mechanisms are used to
identify the privacy risk and it further prevents from utilization. Hence, in this paper trust
assessment is performed before the user is allowed to share the multitenant infrastructure.
The cloud can provide scalable and reliable service for the legitimate users. The proposed
work is tested using tools Aneka and Globus Toolkit.
scalable distributed service integrity attestation for software as a service ...MANOJ H S
This document proposes the IntTest framework, which provides a scalable and effective service integrity attestation for software-as-a-service clouds. The framework automatically enhances result quality and pinpointing accuracy without requiring special hardware. It works by analyzing consistency and inconsistency graphs between service providers to check relationships and identify corrupted data, which it then replaces with results from benign providers. The goal is to provide a solution to security vulnerabilities in shared cloud environments.
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET Journal
This document discusses developing an algorithm to detect malware in the cloud. It begins by reviewing existing malware detection methods and their limitations for cloud environments. It then presents a new algorithm that uses one-class support vector machines (SVMs) to detect anomalies at the hypervisor level through features collected from the system and network levels of cloud nodes. The algorithm is able to achieve over 90% detection accuracy for different types of malware and denial-of-service attacks. It assesses the benefits of using both system-level and network-level information depending on the attack type. The approach of using dedicated monitoring agents per virtual machine makes it well-suited for cloud environments and able to detect new malware strains without prior knowledge of their functionality.
Profit Maximization for Service Providers using Hybrid Pricing in Cloud Compu...Editor IJCATR
Cloud computing has recently emerged as one of the buzzwords in the IT industry. Several IT vendors are promising to offer computation, data/storage, and application hosting services, offering Service-Level Agreements (SLA) backed performance and uptime promises for their services. While these „clouds‟ are the natural evolution of traditional clusters and data centers, they are distinguished by following a pricing model where customers are charged based on their utilization of computational resources, storage and transfer of data. They offer subscription-based access to infrastructure, platforms, and applications that are popularly termed as IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). In order to improve the profit of service providers we implement a technique called hybrid pricing , where this hybrid pricing model is a pooled with fixed and spot pricing techniques.
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...Migrant Systems
The document proposes NICE, a network intrusion detection and countermeasure selection framework for virtual network systems. NICE uses attack graph models to detect multi-step attacks. It deploys lightweight agents on cloud servers to capture traffic and analyze vulnerabilities. Suspicious VMs are put in inspection state, where deep packet inspection and virtual network changes are applied to detect attacks without interrupting services. NICE uses software switching and programmable networking to dynamically configure intrusion detection and isolate compromised VMs. Evaluations show NICE efficiently detects attacks while minimizing overhead on cloud resources.
An approach of software engineering through middlewareIAEME Publication
The document discusses middleware and its role in facilitating the construction of distributed systems. It outlines some of the key challenges in building distributed systems, such as network communication, coordination between distributed components, reliability, scalability, and heterogeneity. Middleware aims to address these challenges by providing high-level abstractions and services that conceal low-level complexities related to distribution from application developers. The document argues that middleware is important for simplifying distributed system construction and should be a key consideration in software engineering research on distributed systems.
ESTIMATING CLOUD COMPUTING ROUND-TRIP TIME (RTT) USING FUZZY LOGIC FOR INTERR...IJCI JOURNAL
Cloud computing is widely considered a transformative force in the computing world and is poised to
replace the traditional office setup as an industry standard. However, given the relative novelty of these
services and challenges such as the impact of physical distance on round-trip time (rtt), questions have
arisen regarding system performance and associated billing structures. The primary objective of this study
is to address these concerns. We aim to alleviate doubts by leveraging a fuzzy logic system to classify
distances between regions that support computing services and compare them with the conventional web
hosting format. To achieve this, we analyse the responses of one of these services, like amazon web
services, across different distance categories (near, medium, and far) between regions and strive to
conclude overall system performance. Our tests reveal that significant data is consistently lost during
customer transmission despite exhibiting superior round-trip times. We delve into this issue and present
our findings, which may illuminate the observed anomalous behaviour.
Multicloud Deployment of Computing Clusters for Loosely Coupled Multi Task C...IOSR Journals
This document discusses deploying a computing cluster across multiple cloud providers (Amazon EC2, Elastic Hosts) for loosely coupled multi-task computing applications. It presents an experimental framework using a local data center and three cloud sites. Nine cluster configurations with varying numbers of nodes from each site are evaluated. Performance is analyzed by measuring throughput as jobs/second. Results show hybrid configurations scale linearly and have similar performance to single-site configurations. Cost is also analyzed per job, showing hybrid and local-only configurations have lower cost than cloud-only configurations. A performance-cost analysis indicates for large organizations, a local data center with cloud supplementation can be more cost effective than cloud-only configurations.
A Simplified Cost Efficient Distributed System architecture which relies on replication and recovery techniques using monitoring service, proxy service to handle service calls and a specialized server architecture which serves as both backup and standby service provider.
OpenStack is open-source software for building private and public clouds. It provides services for compute, storage, and networking (networking projects allow resources to be shared across clouds). Using OpenStack can help enterprises reduce costs compared to vendor lock-in agreements and manage large server clusters, storage, and networks more efficiently.
A New And Efficient Hybrid Technique For The Automatic...Amber Wheeler
The three articles proposed different approaches to improve elasticity and resource scaling in cloud computing. Islam et al. defined metrics to quantify elasticity for cloud consumers. Nguyen et al. designed an elastic resource scaling system using prediction to allocate resources proactively based on future needs. Han et al. developed an approach to detect and analyze bottlenecks in multi-tier cloud applications to enable elastic scaling. The articles aim to enhance cloud elasticity through metrics, predictive allocation, and bottleneck analysis for improved resource utilization and user experience.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Continuous Testing of Service-Oriented Applications Using Service Virtualizationiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document discusses continuous testing of service-oriented applications using service virtualization. It begins with an introduction to service-oriented architecture and discusses how service virtualization can address challenges in testing SOA applications by virtualizing dependencies and unavailable components. The document then discusses how service virtualization enables simultaneous development and testing, handles out-of-scope data dependencies, and supports heterogeneous technologies and platforms. It also provides an overview of the service virtualization lifecycle and some popular service virtualization tools.
This article describes a semantic matching method called Thing to Service Matching (TSMatch) for industrial Internet of Things environments. TSMatch is an open-source software that enables fine-grained semantic matching between IoT data sources and platform services. The article discusses related work, provides an overview of the TSMatch architecture and implementation, and assesses TSMatch's performance in a testbed setting and two aerospace production use cases. Evaluation results indicate TSMatch was able to successfully integrate with other IoT systems and deploy in real-world manufacturing scenarios.
The International Journal of Engineering Research and Science & Technology (IJERST) is a peer-reviewed online journal that focuses on publishing research articles, short communications, and review articles in the fields of Information Technology and Computer Engineering
IJERST is described as a publication dedicated to presenting the results of scientific and technical research in the fields of Engineering, Science, and Technology.
Similar to Ieeepro techno solutions ieee dotnet project -scalable distributed service integrity (20)
This document proposes and defines the problem of privacy-preserving multi-keyword ranked search over encrypted cloud data (MRSE). It establishes strict privacy requirements for such a system, including data privacy, index privacy, keyword privacy and trapdoor privacy. It presents the MRSE framework with four algorithms: Setup, BuildIndex, Trapdoor and Query. The Query algorithm allows cloud servers to perform a ranked search on encrypted indexes and return similarity-ranked results, while preserving privacy.
This document summarizes a research paper that assesses collaboration frameworks in multi-cloud environments. It explores the viability of cloud service providers collaborating to offer diverse services without heavy infrastructure spending. The paper reviews several proposed collaboration models and frameworks, including a proxy-based framework using different types of proxies, a unified multi-cloud infrastructure using open service models and configurable federations, and a proxy-as-cloud-broker model using dynamic scheduling algorithms. The paper concludes that multi-cloud environments can eliminate vendor lock-in for consumers and allow services to be accessed based on preference and need rather than a single provider. Key challenges to collaboration include standardization and security across provider platforms and services.
International Conference on NLP, Artificial Intelligence, Machine Learning an...gerogepatton
International Conference on NLP, Artificial Intelligence, Machine Learning and Applications (NLAIM 2024) offers a premier global platform for exchanging insights and findings in the theory, methodology, and applications of NLP, Artificial Intelligence, Machine Learning, and their applications. The conference seeks substantial contributions across all key domains of NLP, Artificial Intelligence, Machine Learning, and their practical applications, aiming to foster both theoretical advancements and real-world implementations. With a focus on facilitating collaboration between researchers and practitioners from academia and industry, the conference serves as a nexus for sharing the latest developments in the field.
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMHODECEDSIET
Time Division Multiplexing (TDM) is a method of transmitting multiple signals over a single communication channel by dividing the signal into many segments, each having a very short duration of time. These time slots are then allocated to different data streams, allowing multiple signals to share the same transmission medium efficiently. TDM is widely used in telecommunications and data communication systems.
### How TDM Works
1. **Time Slots Allocation**: The core principle of TDM is to assign distinct time slots to each signal. During each time slot, the respective signal is transmitted, and then the process repeats cyclically. For example, if there are four signals to be transmitted, the TDM cycle will divide time into four slots, each assigned to one signal.
2. **Synchronization**: Synchronization is crucial in TDM systems to ensure that the signals are correctly aligned with their respective time slots. Both the transmitter and receiver must be synchronized to avoid any overlap or loss of data. This synchronization is typically maintained by a clock signal that ensures time slots are accurately aligned.
3. **Frame Structure**: TDM data is organized into frames, where each frame consists of a set of time slots. Each frame is repeated at regular intervals, ensuring continuous transmission of data streams. The frame structure helps in managing the data streams and maintaining the synchronization between the transmitter and receiver.
4. **Multiplexer and Demultiplexer**: At the transmitting end, a multiplexer combines multiple input signals into a single composite signal by assigning each signal to a specific time slot. At the receiving end, a demultiplexer separates the composite signal back into individual signals based on their respective time slots.
### Types of TDM
1. **Synchronous TDM**: In synchronous TDM, time slots are pre-assigned to each signal, regardless of whether the signal has data to transmit or not. This can lead to inefficiencies if some time slots remain empty due to the absence of data.
2. **Asynchronous TDM (or Statistical TDM)**: Asynchronous TDM addresses the inefficiencies of synchronous TDM by allocating time slots dynamically based on the presence of data. Time slots are assigned only when there is data to transmit, which optimizes the use of the communication channel.
### Applications of TDM
- **Telecommunications**: TDM is extensively used in telecommunication systems, such as in T1 and E1 lines, where multiple telephone calls are transmitted over a single line by assigning each call to a specific time slot.
- **Digital Audio and Video Broadcasting**: TDM is used in broadcasting systems to transmit multiple audio or video streams over a single channel, ensuring efficient use of bandwidth.
- **Computer Networks**: TDM is used in network protocols and systems to manage the transmission of data from multiple sources over a single network medium.
### Advantages of TDM
- **Efficient Use of Bandwidth**: TDM all
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Ieeepro techno solutions ieee dotnet project -scalable distributed service integrity
1. 1
Scalable Distributed Service Integrity
Attestation for Software-as-a-Service Clouds
Juan Du, Member, IEEE, Daniel J. Dean, Student Member, IEEE Yongmin Tan, Member, IEEE,
Xiaohui Gu, Senior Member, IEEE, Ting Yu, Member, IEEE
Abstract—Software-as-a-Service (SaaS) cloud systems enable application service providers to deliver their applications via
massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks.
In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides
a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes.
Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good
results produced by benign service providers. We have implemented a prototype of the IntTest system and tested it on a
production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show
that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special
hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-
scale cloud systems.
Index Terms—Distributed Service Integrity Attestation, Cloud Computing, Secure Distributed Data Processing
3
1 INTRODUCTION
Cloud computing has emerged as a cost-effective re-
source leasing paradigm, which obviates the need for
users maintain complex physical computing infrastructures
by themselves. Software-as-a-Service (SaaS) clouds (e.g,
Amazon Web Service [1], Google AppEngine [2]) builds
upon the concepts of Software as a Service (SaaS) [3]
and Service Oriented Architecture (SOA) [4], [5], which
enable application service providers (ASPs) to deliver their
applications via the massive cloud computing infrastructure.
In particular, our work focuses on data stream processing
services [6]–[8] that are considered to be one class of killer
applications for clouds with many real world applications
in security surveillance, scientific computing, and business
intelligence.
However, cloud computing infrastructures are often
shared by ASPs from different security domains, which
make them vulnerable to malicious attacks [9], [10]. For
example, attackers can pretend to be legitimate service
providers to provide fake service components and the
service components provided by benign service providers
may include security holes that can be exploited by at-
tackers. Our work focuses on service integrity attacks that
cause the user to receive untruthful data processing results,
illustrated by Figure 1. Although confidentiality and pri-
vacy protection problems have been extensively studied by
previous research [11]–[16], the service integrity attestation
• Juan Du is with Amazon. Yongmin Tan is with MathWorks. The
work was done when they were PhD students at the North Carolina
State University. Daniel J. Dean, Xiaohui Gu, and Ting Yu are with
Department of Computer Science, North Carolina State University.
Their email addresses are duju@amazon.com, djdean2@ncsu.edu,
yongmin.tan@mathworks.com, gu@csc.ncsu.edu, yu@csc.ncsu.edu
s1
VM VM
s4
VM VM
VM VM
VM VM
VM VM
s6
s3 s7s5
Sensor Networks
User
Data Storage
s2
Fig. 1. Service integrity attack in cloud-based data
processing. Si denotes different service component
and V M denotes virtual machines.
problem has not been properly addressed. Moreover, service
integrity is the most prevalent problem, which needs to
be addressed no matter whether public or private data are
processed by the cloud system.
Although previous work has provided various software
integrity attestation solutions [9], [17]–[19], [19]–[23],
those techniques often require special trusted hardware or
secure kernel support, which makes them difficult to be de-
ployed on large-scale cloud computing infrastructures. Tra-
ditional Byzantine fault tolerance (BFT) techniques [24],
[25] can detect arbitrary misbehaviors using full time
majority voting over all replicas, which however incur high
overhead to the cloud system. A detailed discussion of
the related work can be found in section 5 of the online
supplementary material.
In this paper, we present IntTest, a new integrated
service integrity attestation framework for multi-tenant
cloud systems. IntTest provides a practical service integrity
attestation scheme that does not assume trusted entities
on third-party service provisioning sites or require ap-
2. 2
plication modifications. IntTest builds upon our previous
work RunTest [26] and AdapTest [27] but can provide
stronger malicious attacker pinpointing power than RunTest
and AdapTest. Specifically, both RunText and AdapTest
as well as traditional majority voting schemes need to
assume that benign service providers take majority in
every service function. However, in large-scale multi-tenant
cloud systems, multiple malicious attackers may launch
colluding attacks on certain targeted service functions to
invalidate the assumption. To address the challenge, IntTest
takes a holistic approach by systematically examining both
consistency and inconsistency relationships among different
service providers within the entire cloud system. IntTest ex-
amines both per-function consistency graphs and the global
inconsistency graph. The per-function consistency graph
analysis can limit the scope of damage caused by colluding
attackers while the global inconsistency graph analysis can
effectively expose those attackers that try to compromise
many service functions. Hence, IntTest can still pinpoint
malicious attackers even if they become majority for some
service functions.
By taking an integrated approach, IntTest can not only
pinpoint attackers more efficiently but also can suppress ag-
gressive attackers and limit the scope of the damage caused
by colluding attacks. Moreover, IntTest provides result
auto-correction that can automatically replace corrupted
data processing results produced by malicious attackers
with good results produced by benign service providers.
Specifically, this paper makes the following contribu-
tions:
• We provide a scalable and efficient distributed service
integrity attestation framework for large-scale cloud
computing infrastructures.
• We present a novel integrated service integrity at-
testation scheme that can achieve higher pinpointing
accuracy than previous techniques.
• We describe a result auto-correction technique that can
automatically correct the corrupted results produced by
malicious attackers.
• We conduct both analytical study and experimental
evaluation to quantify the accuracy and overhead of
the integrated service integrity attestation scheme.
We have implemented a prototype of the IntTest system
and tested it on NCSU’s virtual computing lab (VCL) [28],
a production cloud computing infrastructure that operates
in a similar way as the Amazon elastic compute cloud
(EC2) [29]. The benchmark applications we use to evaluate
IntTest are distributed data stream processing services pro-
vided by the IBM System S stream processing platform [8],
[30], an industry strength data stream processing system.
Experimental results show that IntTest can achieve more
accurate pinpointing than existing schemes (e.g. RunTest,
AdapTest, full time majority voting) under strategically
colluding attacks. IntTest is scalable, and can reduce the
attestation overhead by more than one order of magni-
tude compared to the traditional full time majority voting
scheme.
The rest of the paper is organized as follows. Section 2
notation meaning
pi service provider
fi service function
ci service component
di application data tuple
Pu attestation probability
r number of copies for a tuple
K Max number of malicious service providers
CG minimum vertex cover of graph G
Np the neighbor set of node p
G′
p the residual graph of G
Ω the set of malicious service providers identified
by the global inconsistency graph
Mi the set of malicious service providers identified
by consistency graph in service function fi
TABLE 1
Notations.
presents our system model. Section 3 presents the design
details. Section 4 provides an analytical study about the
IntTest system. Section 5 presents the experimental results.
Section 6 sumarizes the limitations of our approach. Finally,
the paper concludes in Section 7.
2 PRELIMINARY
In this section, we first introduce the software-as-a-
service (SaaS) cloud system model. We then describe our
problem formulation including the service integrity attack
model and our key assumptions. Table 1 summarizes all the
notations used in this paper.
2.1 SaaS Cloud System Model
SaaS cloud builds upon the concepts of Software as
a Service (SaaS) [3] and Service Oriented Architecture
(SOA) [4], [5], which allows application service providers
(ASPs) to deliver their applications via large-scale cloud
computing infrastructures. For example, both Amazon Web
Service (AWS) and Google AppEngine provide a set of
application services supporting enterprise applications and
big data processing. A distributed application service can
be dynamically composed from individual service com-
ponents provided by different ASPs (pi) [31], [32]. For
example, a disaster assistance claim processing applica-
tion [33] consists of voice-over-IP (VoIP) analysis com-
ponent, email analysis component, community discovery
component, clustering and join components. Our work
focuses on data processing services [6], [8], [34], [35]
which have become increasingly popular with applications
in many real world usage domains such as business in-
telligence, security surveillance, and scientific computing.
Each service component, denoted by ci, provides a specific
data processing function, denoted by fi, such as sorting,
filtering, correlation, or data mining utilities. Each service
component can have one or more input ports for receiving
input data tuples, denoted by di, and one or more output
ports to emit output tuples.
3. 3
In a large-scale SaaS cloud, the same service function
can be provided by different ASPs. Those functionally-
equivalent service components exist because: i) service
providers may create replicated service components for
load balancing and fault tolerance purposes; and ii) popular
services may attract different service providers for profit.
To support automatic service composition, we can deploy
a set of portal nodes [31], [32] that serve as the gateway
for the user to access the composed services in the SaaS
cloud. The portal node can aggregate different service
components into composite services based on the user’s
requirements. For security protection, the portal node can
perform authentication on users to prevent malicious users
from disturbing normal service provisioning.
Different from other open distributed systems such as
peer-to-peer networks and volunteer computing environ-
ments, SaaS cloud systems possess a set of unique features.
First, third-party ASPs typically do not want to reveal the
internal implementation details of their software services
for intellectual property protection. Thus, it is difficult
to only rely on challenge-based attestation schemes [20],
[36], [37] where the verifier is assumed to have certain
knowledge about the software implementation or have
access to the software source code. Second, both the cloud
infrastructure provider and third-party service providers
are autonomous entities. It is impractical to impose any
special hardware or secure kernel support on individual
service provisioning sites. Third, for privacy protection,
only portal nodes have global information about which
service functions are provided by which service providers
in the SaaS cloud. Neither cloud users nor individual ASPs
have the global knowledge about the SaaS cloud such as
the number of ASPs and the identifiers of the ASPs offering
a specific service function.
2.2 Problem Formulation
Given an SaaS cloud system, the goal of IntTest is
to pinpoint any malicious service provider that offers an
untruthful service function. IntTest treats all service com-
ponents as black-boxes, which does not require any special
hardware or secure kernel support on the cloud platform.
We now describe our attack model and our key assumptions
as follows.
Attack model. A malicious attacker can pretend to be
a legitimate service provider or take control of vulnerable
service providers to provide untruthful service functions.
Malicious attackers can be stealthy, which means they can
misbehave on a selective subset of input data or service
functions while pretending to be benign service providers
on other input data or functions. The stealthy behavior
makes detection more challenging due to the following
reasons: 1) the detection scheme needs to be hidden from
the attackers to prevent attackers from gaining knowledge
on the set of data processing results that will be verified
and therefore easily escaping detection; 2) the detection
scheme needs to be scalable while being able to capture
misbehavior that may be both unpredictable and occasional.
p1
p2
p3
portal
1. send d1
2. receive f(d1)
f
3. send d1'
4. receive f(d1')
5. f(d1) == f(d1')?
benign service
provider
malicious service
provider
Fig. 2. Replay-based consistency check.
In a large-scale cloud system, we need to consider
colluding attack scenarios where multiple malicious attack-
ers collude or multiple service sites are simultaneously
compromised and controlled by a single malicious attacker.
Attackers could sporadically collude, which means an
attacker can collude with an arbitrary subset of its colluders
at any time. We assume that malicious nodes have no
knowledge of other nodes except those they interact with
directly. However, attackers can communicate with their
colluders in an arbitrary way. Attackers can also change
their attacking and colluding strategies arbitrarily.
Assumptions. We first assume that the total number of
malicious service components is less than the total number
of benign ones in the entire cloud system. Without this
assumption, it would be very hard, if not totally impossible,
for any attack detection scheme to work when comparable
ground truth processing results are not available. However,
different from RunTest, AdapTest, or any previous majority
voting schemes, IntTest does not assume benign service
components have to be the majority for every service
function, which will greatly enhance our pinpointing power
and limit the scope of service functions that can be com-
promised by malicious attackers.
Second, we assume that the data processing services are
input-deterministic, that is, given the same input, a benign
service component always produces the same or similar
output (based on a user defined similarity function). Many
data stream processing functions fall into this category [8].
We can also easily extend our attestation framework to sup-
port stateful data processing services [38], which however
is outside the scope of this paper.
Third, we also assume that the result inconsistency
caused by hardware or software faults can be marked by
fault detection schemes [39] and are excluded from our
malicious attack detection.
3 DESIGN AND ALGORITHMS
In this section, we first present the basis of the IntTest
system: probabilistic replay-based consistency check and
the integrity attestation graph model. We then describe
the integrated service integrity attestation scheme in detail.
Next, we present the result auto-correction scheme.
3.1 Baseline Attestation Scheme
In order to detect service integrity attack and pin-
point malicious service providers, our algorithm re-
lies on replay-based consistency check to derive the
4. 4
consistency/inconsistency relationships between service
providers. For example, Figure 2 shows the consistency
check scheme for attesting three service providers p1, p2,
and p3 that offer the same service function f. The portal
sends the original input data d1 to p1 and gets back the
result f(d1). Next, the portal sends d′
1, a duplicate of d1 to
p3 and gets back the result f(d′
1). The portal then compares
f(d1) and f(d′
1) to see whether p1 and p3 are consistent.
The intuition behind our approach is that if two service
providers disagree with each other on the processing result
of the same input, at least one of them should be malicious.
Note that we do not send an input data item and its
duplicates (i.e., attestation data) concurrently. Instead, we
replay the attestation data on different service providers
after receiving the processing result of the original data.
Thus, the malicious attackers cannot avoid the risk of being
detected when they produce false results on the original
data. Although the replay scheme may cause delay in a
single tuple processing, we can overlap the attestation and
normal processing of consecutive tuples in the data stream
to hide the attestation delay from the user.
If two service providers always give consistent output re-
sults on all input data, there exists consistency relationship
between them. Otherwise, if they give different outputs on
at least one input data, there is inconsistency relationship
between them. We do not limit the consistency relationship
to equality function since two benign service providers
may produce similar but not exactly the same results. For
example, the credit scores for the same person may vary
by a small difference when obtained from different credit
bureaus. We allow the user to define a distance function to
quantify the biggest tolerable result difference.
Definition 1: For two output results, r1 and r2, which come
from two functionally equivalent service providers respec-
tively, Result Consistency is defined as either r1 = r2, or
the distance between r1 and r2 according to user-defined
distance function D(r1, r2) falls within a threshold δ.
For scalability, we propose randomized probabilistic at-
testation, an attestation technique that randomly replays a
subset of input data for attestation. For composite dataflow
processing services consisting of multiple service hops,
each service hop is composed of a set of functionally
equivalent service providers. Specifically, for an incom-
ing tuple di, the portal may decide to perform integrity
attestation with probability pu. If the portal decides to
perform attestation on di, the portal first sends di to a pre-
defined service path p1 → p2... → pl providing functions
f1 → f2... → fl. After receiving the processing result for
di, the portal replays the duplicate(s) of di on alternative
service path(s) such as p′
1 → p′
2... → p′
l, where p′
j provides
the same function fj as pj. The portal may perform data
replay on multiple service providers to perform concurrent
attestation.
After receiving the attestation results, the portal com-
pares each intermediate result between pairs of functionally
equivalent service providers pi and p′
i. If pi and p′
i receive
the same input data but produce different output results,
we say that pi and p′
i are inconsistent. Otherwise, we say
that pi and p′
i are consistent with regard to function fi.
For example, let us consider two different credit score
service providers p1 and p′
1. Suppose the distance function
is defined as two credit score difference is no more than
10. If p1 outputs 500 and p′
1 outputs 505 for the same
person, we say p1 and p′
1 are consistent. However, if
p1 outputs 500 and p′
1 outputs 550 for the same person,
we would consider p1 and p′
1 to be inconsistent. We
evaluate both intermediate and final data processing results
between functionally equivalent service providers to derive
the consistency/inconsistency relationships. For example,
if data processing involves a sub-query to a database, we
evaluate both the final data processing result along with
the intermediate sub-query result. Note that although we do
not attest all service providers at the same time, all service
providers will be covered by the randomized probabilistic
attestation over a period of time.
With replay-based consistency check, we can test func-
tionally equivalent service providers and obtain their con-
sistency and inconsistency relationships. We employ both
the consistency graph and inconsistency graph to aggre-
gate pair-wise attestation results for further analysis. The
graphs reflect the consistency/inconsistency relationships
across multiple service providers over a period of time.
Before introducing the attestation graphs, we first define
consistency links and inconsistency links.
Definition 2: A consistency link exists between two
service providers who always give consistent output for
the same input data during attestation. An inconsistency
link exists between two service providers who give at least
one inconsistent output for the same input data during
attestation.
We then construct consistency graphs for each function
to capture consistency relationships among the service
providers provisioning the same function. Figure 3(a) shows
the consistency graphs for two functions. Note that two
service providers that are consistent for one function are
not necessarily consistent for another function. This is the
reason why we confine consistency graphs within individual
functions.
Definition 3: A per-function consistency graph is an undi-
rected graph, with all the attested service providers that
provide the same service function as the vertices and
consistency links as the edges.
We use a global inconsistency graph to capture incon-
sistency relationships among all service providers. Two
service providers are said to be inconsistent as long as
they disagree in any function. Thus, we can derive more
comprehensive inconsistency relationships by integrating
inconsistency links across functions. Figure 3(b) shows
an example of the global inconsistency graph. Note that
service provider p5 provides both functions f1 and f2. In
the inconsistency graph, there is a single node p5 with its
links reflecting inconsistency relationships in both functions
6. 6
where |Np| is the neighbor size of p, and |CG′
p
| is the size
of the minimum vertex cover of the residual inconsistency
graph after removing p and its neighbors from G.
For example, in Figure 3(b), suppose we know the
number of malicious service providers is no more than 2.
Let us examine the malicious node p2 first. After we remove
p2 and its neighbors p1, p3, and p4 from the inconsistency
graph, the residual inconsistency graph will be a graph
without any link. Thus, its minimum vertex cover is 0.
Since p2 has three neighbors, we have 3 + 0 2. Thus,
p2 is malicious. Let us now check out the benign node p1.
After removing p1 and its two neighbors p2 and p5, the
residual inconsistency graph will be a graph without any
link and its minimum vertex cover should be 0. Since p1
has two neighbors, Equation 1 does not hold. We will not
pinpoint p1 as malicious in this step.
Note that benign service providers that do not serve same
functions with malicious ones will be isolated nodes in
the inconsistency graph, since they will not be involved
in any inconsistency links. For example, in Figure 5,
nodes p4, p5, p6 and p7 are isolated nodes since they are
not associated with any inconsistency links in the global
inconsistency graph. Thus, we can remove these nodes from
the inconsistency graph without affecting the computation
of the minimum vertex cover.
We now describe how to estimate the upper bound of the
number of malicious service providers K. Let N denote
the total number of service providers in the system. Since
we assume that the total number of malicious service
providers is less than that of benign ones, the number of
malicious service providers should be no more than ⌊N/2⌋.
According proposition 1, the number of malicious service
providers should be no less than the size of the minimum
vertex cover |CG| of the global inconsistency graph. Thus,
K is first bounded by its lower bound |CG| and upper
bound ⌊N/2⌋. We then use an iterative algorithm to tighten
the bound of K. We start from the lower bound of K,
and compute the set of malicious nodes, as described by
Proposition 2, denoted by Ω. Then we gradually increase
K by one each time. For each specific value of K, we
can get a set of malicious nodes. With a larger K, the
number of nodes that can satisfy |Ns|+|CG′
s
| K becomes
less, which causes the set Ω to be reduced. When Ω = ∅,
we stop increasing K, since any larger K cannot give
more malicious nodes. Intuitively, when K is large, fewer
nodes may satisfy Equation 1. Thus, we may only identify
a small subset of malicious nodes. In contrast, when K
is small, more nodes may satisfy Equation 1, which may
mistakenly pinpoint benign nodes as malicious. To avoid
false positives, we want to pick a large enough K, which
can pinpoint a set of true malicious service providers.
Step 3: Combining consistency and inconsistency
graph analysis results. Let Gi be the consistency graph
generated for service function fi, and G be the global
inconsistency graph. Let Mi denote the list of suspicious
nodes by analyzing per function consistency graph Gi (i.e.,
nodes belonging to minority cliques), and Ω denotes the list
of suspicious nodes by analyzing the global inconsistency
f1
p1
p3
p8
p2
p9
f2
p4
p6 p7
p5
benign service provider
malicious service provider
consistency link
(a) Consistency graphs.
p1
p2
p3
p4
p5
p6
p7
p8
p9
benign service provider
malicious service provider
inconsistency link
(b) Inconsistency graph.
Fig. 5. Isolated benign service providers in the global
inconsistency graph.
f1
p1
p3
p8
p2
p9
f2
p4
p6 p7
p5
p9
consistency graphs inconsistency graph
p1
p2
p3
p4
p5
p6
p7
p8
p9
benign service provider
malicious service provider
consistency link
inconsistency link
Fig. 6. An example for integrated graph analysis with
two malicious nodes.
graph G, given a particular upper bound of the number of
malicious nodes K. We examine per-function consistency
graphs one by one. Let Ωi denote the subset of Ω that
serves function fi. If Ωi ∩ Mi = ∅, we add nodes in Mi
to the identified malicious node set. The idea is that since
the majority of nodes serving function fi have successfully
excluded malicious nodes in Ωi, we could trust their
decision on proposing Mi as malicious nodes. Pseudo-code
of our algorithm can be found in section 1 of the online
supplemental material.
For example, Figure 6 shows both the per-function
consistency graphs and the global inconsistency graph. If
the upper bound of the malicious nodes K is set to 4,
the inconsistency graph analysis will capture the malicious
node p9 but will miss the malicious node p8. The reason is
that p8 only has three neighbors and the minimum vertex
cover for the residual inconsistency graph after removing p8
and its three neighbors is 1. Note that we will not pinpoint
any benign node as malicious according to Proposition
2. For example, the benign node p1 has two neighbors
and the minimum vertex cover for the residual graph after
removing p1 and its two neighbors p8 and p9 will be 0
since the residual graph does not include any link. However,
by checking the consistency graph of function f1, we
find Ω1 = {p9} has overlap with the minority clique
M1 = {p8, p9}. We then infer p8 should be malicious too.
Note that even if we have an accurate estimation of the
number of malicious nodes, the inconsistency graph analy-
sis scheme may not identify all malicious nodes. However,
our integrated algorithm can pinpoint more malicious nodes
than the inconsistency graph only algorithm. An example
7. 7
p1
p2
p3portal
Send d to
original path
f1
Send d’ toattestation path 1
p4
p5
p6
p7
p8
f2
p9
p10
p11
p12
p13
f3
p14
p15
Benign node Suspicious node
Send d” to
attestation path 2
f3(f2(f1(d)))f3(f2(f1(d’)))
f3(f2(f1(d”)))
Fig. 7. Automatic data correction using attestation data
processing results.
showing how our algorithm can pinpoint more malicious
nodes than the inconsistency graph only algorithm can be
found in section 1 of the online supplemental material.
3.3 Result Auto-Correction
IntTest can not only pinpoint malicious service providers
but also automatically correct corrupted data processing
results to improve the result quality of the cloud data
processing service, illustrated by Figure 7. Without our
attestation scheme, once an original data item is manip-
ulated by any malicious node, the processing result of this
data item can be corrupted, which will result in degraded
result quality. IntTest leverages the attestation data and the
malicious node pinpointing results to detect and correct
compromised data processing results.
Specifically, after the portal node receives the result f(d)
of the original data d, the portal node checks whether the
data d has been processed by any malicious node that
has been pinpointed by our algorithm. We label the result
f(d) as “suspicious result” if d has been processed by any
pinpointed malicious node. Next, the portal node checks
whether d has been chosen for attestation. If d is selected
for attestation, we check whether the attestation copy of
d only traverses good nodes. If it is true, we will use the
result of the attestation data to replace f(d). For example, in
Figure 7, the original data d is processed by the pinpointed
malicious node s6 while one of its attestation data d′′
is
only processed by benign nodes. The portal node will use
the attestation data result f(d′′
) to replace the original result
that can be corrupted if s6 cheated on d.
4 SECURITY ANALYSIS
We now present a summary of the results of our ana-
lytical study about IntTest. Additional details along with a
proof of the proposition presented in this section can be
found in section 2 of the online supplemental material.
Proposition 3: Given an accurate upper bound of the
number of malicious service providers K, if malicious
service providers always collude together, IntTest has zero
false positive.
Although our algorithm cannot guarantee zero false posi-
tives when there are multiple independent colluding groups,
it will be difficult for attackers to escape our detection with
multiple independent colluding groups since attackers will
have inconsistency links not only with benign nodes but
also with other groups of malicious nodes. Additionally, our
approach limits the damage colluding attackers can cause if
they can evade detection in two ways. First, our algorithm
limits the number of functions which can be simultaneously
attacked. Second, our approach ensures a single attacker
cannot participate in compromising an unlimited number
of service functions without being detected.
5 EXPERIMENTAL EVALUATION
In this section, we present the experimental evaluation of
the IntTest system. We first describe our experimental setup.
We then present and analyze the experimental results.
5.1 Experiment Setup
We have implemented a prototype of the IntTest system
and tested it using the NCSU’s virtual computing lab
(VCL) [28], a production cloud infrastructure operating in
a similar way as Amazon EC2 [29]. We add portal nodes
into VCL and deploy IBM System S stream processing
middleware [8], [30] to provide distributed data stream
processing service. System S is an industry-strength high
performance stream processing platform that can analyze
massive volumes of continuous data streams and scale to
hundreds of processing elements (PEs) for each application.
In our experiments, we used 10 VCL nodes which run
64bit CentOS 5.2. Each node runs multiple virtual machines
(VMs) on top of Xen 3.0.3.
The dataflow processing application we use in our ex-
periments is adapted from the sample applications provided
by System S. This application takes stock information as
input, performs windowed aggregation on the input stream
according to the specified company name and then performs
calculations on the stock data. We use a trusted portal node
to accept the input stream, perform comprehensive integrity
attestation on the PEs and analyze the attestation results.
The portal node constructs one consistency graph for each
service function and one global inconsistency graph across
all service providers in the system.
For comparison, we have also implemented three alterna-
tive integrity attestation schemes: 1) the Full-Time Majority
Voting (FTMV) scheme, which employs all functionally-
equivalent service providers at all time for attestation and
determines malicious service providers through majority
voting on the processing results; 2) the Part-Time Majority
Voting (PTMV) scheme, which employs all functionally-
equivalent service providers over a subset of input data
for attestation and determines malicious service providers
using majority voting; and 3) the RunTest scheme [26],
which pinpoints malicious service providers by analyzing
only per-function consistency graphs, labeling those service
providers that are outside of all cliques of size larger than
⌊k/2⌋ as malicious, where k is the number of service
8. 8
10 20 30 40 50 60 70 80 90 100
0
0.2
0.4
0.6
0.8
1
1.2
1.4
1.6
Percentage of attacked service functions (%)
Averageaccuracy
AD
-IntTest
AF
-IntTest
AD
-Majority Voting/RunTest
AF
-Majority Voting/RunTest
(a) Aggressive attackers
10 20 30 40 50 60 70 80 90 100
0
0.2
0.4
0.6
0.8
1
1.2
1.4
1.6
Percentage of attacked service functions (%)
Averageaccuracy
AD
-IntTest
AF
-IntTest
AD
-Majority Voting/RunTest
AF
-Majority Voting/RunTest
(b) Conservative attackers
Fig. 8. Malicious attackers pinpointing accuracy com-
parison with 20% service providers being malicious.
providers that take participate in this service function. Note
that AdapTest [27] uses the same attacker pinpointing algo-
rithm as RunTest. Thus, AdapTest has the same detection
accuracy as RunTest but with less attestation overhead.
Three major metrics for evaluating our scheme are de-
tection rate, false alarm rate, and attestation overhead.
We calculate the detection rate, denoted by AD, as the
number of pinpointed malicious service providers over
the total number of malicious service providers that have
misbehaved at least once during the experiment. During
runtime, the detection rate should start from zero and
increase as more malicious service providers are detected.
false alarm rate AF is defined as Nfp/(Nfp +Ntn), where
Nfp denotes false alarms corresponding to the number
of benign service providers that are incorrectly identified
as malicious; Ntn denotes true negatives corresponding to
the number of benign service providers that are correctly
identified as benign. The attestation overhead is evaluated
by both the number of duplicated data tuples that are
redundantly processed for service integrity attestation and
the extra dataflow processing time incurred by the integrity
attestation.
We assume that the colluding attackers know our attes-
tation scheme and take the best strategy while evaluating
the IntTest system. According to the security analysis in
Section 4, in order to escape detection, the best practice
for attackers is to attack as a colluding group. Colluding
attackers can take different strategies. They may conser-
vatively attack by first attacking those service functions
with less number of service providers where they can
easily take majority, assuming they know the number of
participating service providers for each service function.
Alternatively, they may aggressively attack by attacking
service functions randomly, assuming they do not know the
number of participating service providers. We investigate
the impact of these attack strategies on our scheme in terms
of both detection rate and false alarm rate.
5.2 Results and Analysis
We first investigate the accuracy of our scheme in pin-
pointing malicious service providers. Figure 8(a) compares
our scheme with the other alternative schemes (i.e., FTMV,
PTMV, RunTest) when malicious service providers aggres-
sively attack different number of service functions. In this
0 50 100 150 200 250 300
0
0.2
0.4
0.6
0.8
1
Time (ms)
DetectionRate
IntTest
FTMV
PTMV
RunTest
Fig. 9. Detection rate timeline results.
set of experiments, we have 10 service functions and 30
service providers. The number of service providers in each
service function randomly ranges in [1,8]. Each benign
service provider provides two randomly selected service
functions. The data rate of the input stream is 300 tuples
per second. We set 20% of service providers as malicious.
After the portal receives the processing result of a new
data tuple, it randomly decides whether to perform data
attestation. Each tuple has 0.2 probability of getting attested
(i.e., attestation probability Pu = 0.2), and two attestation
data replicas are used (i.e., number of total data copies
including the original data r = 3). Each experiment is re-
peated three times. We report the average detection rate and
false alarm rate achieved by different schemes. Note that
RunTest can achieve the same detection accuracy results
as the majority voting based schemes after the randomized
probabilistic attestation covers all attested service providers
and discovers the majority clique [26]. In contrast, IntTest
comprehensively examines both per-function consistency
graphs and the global inconsistency graph to make the
final pinpointing decision. We observe that IntTest can
achieve much higher detection rate and lower false alarm
rate than other alternatives. Moreover, IntTest can achieve
better detection accuracy when malicious service providers
attack more functions. We also observe that when malicious
service providers attack aggressively, our scheme can detect
them even though they attack a low percentage of service
functions.
Figure 8(b) shows the malicious service provider de-
tection accuracy results under the conservative attack sce-
narios. All the other experiment parameters are kept the
same as the previous experiments. The results show that
IntTest can consistently achieve higher detection rate and
lower false alarm rate than the other alternatives. In the
conservative attack scenario, as shown by Figure 8(b), the
false alarm rate of IntTest first increases when a small
percentage of service functions are attacked and then drops
to zero quickly with more service functions are attacked.
This is because when attackers only attack a few service
functions where they can take majority, they can hide
themselves from our detection scheme while tricking our
algorithm into labeling benign service providers as mali-
cious. However, if they attack more service functions, they
can be detected since they incur more inconsistency links
with benign service providers in the global inconsistency
graph. Note that majority voting based schemes can also
detect malicious attackers if attackers fail to take majority
9. 9
0.2 0.4 0.6 0.8
0
0.2
0.4
0.6
0.8
1
Misbehaving probability
Resultquality
without auto-correction
with auto-correction, Pu=0.2
with auto-correction, Pu=0.4
(a) 20% non-colluding attack-
ers
0.2 0.4 0.6 0.8
0
0.2
0.4
0.6
0.8
1
Misbehaving probability
Resultquality
without auto-correction
with auto-correction, Pu=0.2
with auto-correction, Pu=0.4
(b) 40% colluding attackers
Fig. 10. Result quality detection and auto-correction
performance under non-colluding attacks.
0
20
40
60
80
100
IntTest/RunTest
(Pu=0.2, r=3)
PTMV (Pu=0.2) FTMV
Ratioofduplicated
tuplestooriginal
tuples(%)
400
Fig. 11. Attestation overhead comparison.
in the attacked service function. However, majority voting
based schemes have high false alarms since attacks can
always trick the schemes to label benign service providers
as malicious as long as attackers can take majority in each
individual service function.
The results of increasing the percentage of malicious
service providers to 40% can be found in section 3 of the
online supplemental material.
We now show one example of detection time comparison
results during the above experiments, shown by Figure 9.
In this case, malicious service providers use a small prob-
ability (0.2) to misbehave on an incoming data tuple. For
probabilistic attestation schemes such as IntTest, PTMV,
and RunTest, the attestation probability is set at a small
number (0.2) too. For IntTest and RunTest, two attestation
data replicas are used (r = 3). Here, the attackers may
attack different service functions with different subset of
their colluders. As expected, the FTMV scheme needs the
least time to detect malicious service providers because
it attests all service components all the time. Although
PTMV has the same attestation probability with IntTest
and RunTest, it has shorter detection time since it uses
all service components for each attestation data. IntTest
can achieve shorter detection time than RunTest. Similar to
previous experiments, IntTest achieves the highest detection
rate among all algorithms. RunTest, FTMV and PTMV
cannot achieve 100% detection rate since they cannot detect
those attackers that only misbehave in service functions
where they can take the majority.
We also conducted sensitivity study to evaluate the
impact of various system parameters on the effectiveness
of our algorithm. Those results can be found in Section 3
of the online supplementary material.
We now evaluate the effectiveness of our result auto-
correction scheme. We compare the result quality without
auto-correction and with auto-correction, and also investi-
gate the impact of the attestation probability. Figure 10(a)
and Figure 10 show the result quality under non-colluding
attacks with 20% malicious nodes and colluding attacks
with 40% malicious nodes respectively. We vary the attes-
tation probability from 0.2 to 0.4. In both scenarios, IntTest
can achieve significant result quality improvement without
incurring any extra overhead other than the attestation over-
head. IntTest can achieve higher result quality improvement
under higher node misbehaving probability. This is because
IntTest can detect the malicious nodes earlier so that it can
correct more compromised data using the attestation data.
Figure 11 compares the overhead of the four schemes in
terms of the percentage of attestation traffic compared to
the original data traffic (i.e., the total number of duplicated
data tuples used for attestation over the number of original
data tuples). The data rate is 300 tuples per second. Each
experiment run processes 20,000 data tuples. IntTest and
RunTest save more than half attestation traffic than PTMV,
and incur an order of magnitude less attestation overhead
than FTMV. Additional overhead analysis details are avail-
able in section 3 of the online supplemental material.
6 LIMITATION DISCUSSION
Although we have shown that IntTest can achieve better
scalability and higher detection accuracy than existing
schemes, IntTest still has a set of limitations that require
further study. A detailed limitation discussion can be found
in Section 4 of the online supplementary material. We now
provide a summary of the limitations of our approach. First,
malicious attackers can still escape the detection if they
only attack a few service functions, take majority in all the
compromised service functions, and have less inconsistency
links than benign service providers. However, IntTest can
effectively limit the attack scope and make it difficult to
attack popular service functions. Second, IntTest needs to
assume the attested services are input deterministic where
benign services will return the same or similar results
defined by a distance function for the same input. Thus,
IntTest cannot support those service functions whose results
vary significantly based on some random numbers or time-
stamps.
7 CONCLUSION
In this paper, we have presented the design and imple-
mentation of IntTest, a novel integrated service integrity
attestation framework for multi-tenant software-as-a-service
cloud systems. IntTest employs randomized replay-based
consistency check to verify the integrity of distributed
service components without imposing high overhead to the
cloud infrastructure. IntTest performs integrated analysis
over both consistency and inconsistency attestation graphs
to pinpoint colluding attackers more efficiently than exist-
ing techniques. Furthermore, IntTest provides result auto-
correction to automatically correct compromised results to
improve the result quality. We have implemented IntTest
10. 10
and tested it on a commercial data stream processing
platform running inside a production virtualized cloud
computing infrastructure. Our experimental results show
that IntTest can achieve higher pinpointing accuracy than
existing alternative schemes. IntTest is light-weight, which
imposes low performance impact to the data processing
processing services running inside the cloud computing
infrastructure.
ACKNOWLEDGMENTS
This work was sponsored in part by U.S. Army Research
Office (ARO) under grant W911NF-08-1-0105 managed by
NCSU Secure Open Systems Initiative (SOSI), NSF CNS-
0915567, and NSF IIS-0430166. Any opinions expressed in
this paper are those of the authors and do not necessarily
reflect the views of the ARO, NSF or U.S. Government.
REFERENCES
[1] “Amazon Web Services,” http://aws.amazon.com/.
[2] “Google App Engine,” http://code.google.com/appengine/.
[3] “Software as a Service,” http://en.wikipedia.org/wiki/Software as a
Service.
[4] G. A. amd F. Casati, H. Kuno, and V. Machiraju, “Web Services
Concepts, Architectures and Applications Series: Data-Centric Sys-
tems and Applications,” Addison-Wesley Professional, 2002.
[5] T. Erl, “Service-Oriented Architecture (SOA): Concepts, Technology,
and Design,” Prentice Hall, 2005.
[6] T. S. Group, “STREAM: The Stanford Stream Data Manager,” IEEE
Data Engineering Bulletin, 26(1):19-26, Mar. 2003.
[7] D. J. Abadi and et al, “The Design of the Borealis Stream Processing
Engine,” Proc. of CIDR, 2005.
[8] B. Gedik, H. Andrade, and et. al., “SPADE: the System S Declarative
Stream Processing Engine,” Proc. of SIGMOD, Apr. 2008.
[9] S. Berger, R. Caceres, and et. al., “TVDc: Managing security in the
trusted virtual datacenter,” ACM SIGOPS Operating Systems Review,
vol. 42, no. 1, pp. 40–47, 2008.
[10] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get
off my cloud! exploring information leakage in third- party compute
clouds,” in Proceedings of the 16th ACM Conference on Computer
and Communications Security (CCS), 2009.
[11] W. Xu, V. N. Venkatakrishnan, R. Sekar, and I. V. Ramakrishnan, “A
framework for building privacy-conscious composite web services,”
in IEEE International Conference on Web Services, Chicago, IL,
Sep. 2006, pp. 655–662.
[12] P. C. K. Hung, E. Ferrari, and B. Carminati, “Towards standardized
web services privacy technologies,” in IEEE International Confer-
ence on Web Services, San Diego, CA, Jun. 2004, pp. 174–183.
[13] L. Alchaal, V. Roca, and M. Habert, “Managing and securing web
services with vpns,” in IEEE International Conference on Web
Services, San Diego, CA, Jun. 2004, pp. 236–243.
[14] H. Zhang, M. Savoie, S. Campbell, S. Figuerola, G. von Bochmann,
and B. S. Arnaud, “Service-oriented virtual private networks for grid
applications,” in IEEE International Conference on Web Services,
Salt Lake City, UT, Jul. 2007, pp. 944–951.
[15] M. Burnside and A. D. Keromytis, “F3ildcrypt: End-to-end protec-
tion of sensitive information in web services,” in ISC, 2009, pp.
491–506.
[16] I. Roy, S. Setty, and et. al., “Airavat: Security and privacy for
MapReduce,” in NSDI, April 2010.
[17] J. Garay and L. Huelsbergen, “Software integrity protection using
timed executable agents,” in Proceedings of ACM Symposium on
Information, Computer and Communications Security (ASIACCS),
Taiwan, Mar. 2006.
[18] T. Garfinkel, B. Pfaff, and et. al., “Terra: A virtual machine-based
platform for trusted computing,” in Proceedings of the 19th ACM
Symposium on Operating Systems Principles (SOSP), Oct. 2003.
[19] A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla,
“Pioneer: Verifying code integrity and enforcing untampered code
execution on legacy systems,” in Proceedings of the 20th ACM
Symposium on Operating Systems Principles (SOSP), Oct. 2005.
[20] E. Shi, A. Perrig, and L. V. Doorn, “Bind: A fine-grained attestation
service for secure distributed systems,” in Proceedings of the IEEE
Symposium on Security and Privacy, 2005.
[21] “Trusted computing group,” Trusted Computing Group,
https://www.trustedcomputinggroup.org/home.
[22] “TPM Specifications Version 1.2,” TPM,
https://www.trustedcomputinggroup.org/downloads/specifications/tpm/tpm.
[23] J. L. Griffin, T. Jaeger, R. Perez, and R. Sailer, “Trusted virtual
domains: Toward secure distributed services,” in Proceedings of First
Workshop on Hot Topics in System Dependability, Jun. 2005.
[24] L. Lamport, R. Shostak, and M. Pease, “The byzantine generals prob-
lem,” ACM Transactions on Programming Languages and Systems,
4(3), 1982.
[25] T. Ho, B. Leong, R. Koetter, and et. al., “Byzantine modification
detection in multicast networks using randomized network coding,”
in IEEE ISIT, 2004.
[26] J. Du, W. Wei, X. Gu, and T. Yu, “Runtest: Assuring integrity of
dataflow processing in cloud computing infrastructures,” in ACM
Symposium on Information, Computer and Communications Security
(ASIACCS), 2010.
[27] J. Du, N. Shah, and X. Gu, “Adaptive data-driven service integrity at-
testation for multi-tenant cloud systems,” in International Workshop
on Quality of Service (IWQoS), San Jose, CA, 2011.
[28] “Virtual Computing Lab,” http://vcl.ncsu.edu/.
[29] “Amazon Elastic Compute Cloud,” http://aws.amazon.com/ec2/.
[30] N. Jain and et al., “Design, Implementation, and Evaluation of the
Linear Road Benchmark on the Stream Processing Core,” Proc. of
SIGMOD, 2006.
[31] B. Raman, S. Agarwal, and et. al., “The SAHARA Model for Service
Composition Across Multiple Providers,” Proceedings of the First
International Conference on Pervasive Computing, August 2002.
[32] X. Gu, K. Nahrstedt, and et. al., “ QoS-Assured Service Composition
in Managed Service Overlay Networks,” Proc. of ICDCS, 194-202,
2003.
[33] K.-L.Wu, P. S. Yu, B. Gedik, K. Hildrum, C. C. Aggarwal, E. Bouil-
let, W. Fan, D. George, X. Gu, G. Luo, and H. Wang, “Challenges
and Experience in Prototyping a Multi-Modal Stream Analytic and
Monitoring Application on System S,” Proc. of VLDB, 1185-1196,
2007.
[34] J. Dean and S. Ghemawat, “MapReduce: Simplified Data Processing
on Large Clusters,” Proc. of USENIX Symposium on Operating
System Design and Implementation, 2004.
[35] M. Isard, M. Budiu, Y. Yu, A. Birrell, and D. Fetterly, “Dryad:
Distributed data-parallel programs from sequential building blocks,”
Proc. of European Conference on Computer Systems (EuroSys),
Lisbon, Portugal, 2007.
[36] A. Seshadri, A. Perrig, L. V. Doorn, and P. Khosla, “Swatt: Software-
based attestation for embedded devices,” in IEEE Symposium on
Security and Privacy, May 2004.
[37] A. Haeberlen, P. Kuznetsov, and P. Druschel, “Peerreview: Practical
accountability for distributed systems,” in ACM Symposium on
Operating Systems Principles, 2007.
[38] J. Du, X. Gu, and T. Yu, “On verifying stateful dataflow processing
services in large-scale cloud systems,” in ACM Conference on
Computer and Communications Security (CCS), Chicago, IL, 2010,
pp. 672–674.
[39] I. Hwang, “A survey of fault detection, isolation, and reconfiguration
methods,” IEEE Transactions on Control System Technology, 2010.
Juan Du is a software engineer at Amazon.
She received her PhD degree from the De-
partment of Computer Science, North Car-
olina State University in 2011, and her BS
and MS degrees from the Department of
Computer Science, Tianjin University, China,
in 2001 and 2004 respectively. She has in-
terned at Ericsson, Cisco Systems, and IBM
T. J. Watson Research center when she was
a PhD student.
11. 11
Daniel J. Dean is a PhD student in the
Department of Computer Science at North
Carolina State University. He received a BS
and MS in computer science from Stony
Brook University, New York in 2007 and 2009
respectively. He has interned with NEC Labs
America in the summer of 2012 and is a
student member of the IEEE.
Yongmin Tan is a software engineer in Math-
Works. He currently focuses on modeling
distributed systems for Simulink. His general
research interests include reliable distributed
systems and cloud computing. He received
his PhD degree in 2012 from the Department
of Computer Science, North Carolina State
University. He received his BE degree and
ME degree, both in Electrical Engineering
from Shanghai Jiaotong University in 2005
and 2008 respectively. He has interned with
NEC Labs America in 2010. He is a recipient of the best paper award
from ICDCS 2012.
Xiaohui Gu is an assistant professor in
the Department of Computer Science at the
North Carolina State University. She received
her PhD degree in 2004 and MS degree
in 2001 from the Department of Computer
Science, University of Illinois at Urbana-
Champaign. She received her BS degree
in computer science from Peking University,
Beijing, China in 1999. She was a research
staff member at IBM T. J. Watson Research
Center, Hawthorne, New York, between 2004
and 2007. She received ILLIAC fellowship, David J. Kuck Best Master
Thesis Award, and Saburo Muroga Fellowship from University of
Illinois at Urbana-Champaign. She also received the IBM Invention
Achievement Awards in 2004, 2006, and 2007. She has filed eight
patents, and has published more than 50 research papers in inter-
national journals and major peer-reviewed conference proceedings.
She is a recipient of NSF Career Award, four IBM Faculty Awards
2008, 2009, 2010, 2011, and two Google Research Awards 2009,
2011, a best paper award from IEEE CNSM 2010, and NCSU Faculty
Research and Professional Development Award. She is a Senior
Member of IEEE.
Ting Yu is an Associate Professor in the De-
partment of Computer Science, North Car-
olina State University. He obtained his PhD
from the University of Illinois at Urbana-
Champaign in 2003, MS from the University
of Minnesota in1998, and BS from Peking
University in 1997, all in computer science.
His research is in security, with a focus on
data security and privacy, trust management
and security policies. He is a recipient of the
NSF CAREER Award.