Junzhou Luo

BAR: An Efficient Data Locality Driven Task Scheduling Algorithm for Cloud Computing

Large scale data processing is increasingly common in cloud computing systems like MapReduce, Hadoop, and Dryad in recent years. In these systems, files are split into many small blocks and all blocks are replicated over several servers. To process files efficiently, each job is divided into many tasks and each task is allocated to a server to deals with a file block. Because network bandwidth is a scarce resource in these systems, enhancing task data locality(placing tasks on servers that contain their input blocks) is crucial for the job completion time. Although there have been many approaches on improving data locality, most of them either are greedy and ignore global optimization, or suffer from high computation complexity. To address these problems, we propose a heuristic task scheduling algorithm called Balance-Reduce(BAR), in which an initial task allocation will be produced at first, then the job completion time can be reduced gradually by tuning the initial task allocation. By taking a global view, BAR can adjust data locality dynamically according to network state and cluster workload. The simulation results show that BAR is able to deal with large problem instances in a few seconds and outperforms previous related algorithms in term of the job completion time.

A new cell counter based attack against tor

Various low-latency anonymous communication systems such as Tor and Anoymizer have been designed to provide anonymity service for users. In order to hide the communication of users, many anonymity systems pack the application data into equal-sized cells (e.g., 512 bytes for Tor, a known real-world, circuit-based low-latency anonymous communication network). In this paper, we investigate a new cell counter based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the counter of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then an accomplice of the attacker at the malicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect (e.g. using our hopping-based signal embedding).

Fingerprint attack against touch-enabled devices

Oily residues left by tapping fingers on a touch screen may breach user privacy. In this paper, we introduce the fingerprint attack against touch-enabled devices. We dust the touch screen surface to reveal fingerprints, and use an iPhone camera to carefully photograph fingerprints while striving to remove the virtual image of the phone from the fingerprint image. We then sharpen the fingerprints in an image via various image processing techniques and design effective algorithms to automatically map fingerprints to a keypad in order to infer tapped passwords. Extensive experiments were conducted on iPad, iPhone and Android phone and the results show that the fingerprint attack is effective and efficient in inferring passwords from fingerprint images. To the best of our knowledge, we are the first using fingerprint powder on touch screen and inferring passwords from fingerprints. Video at http://www.youtube.com/watch?v=vRUbJIcV9vg shows the dusting process on iPhone and video at http://www.youtube.com/watch?v=6jS6KroER3Y shows the dusting process on iPad. After dusting, password characters for login are clearly disclosed.

A segmentation method for web page analysis using shrinking and dividing

On the basis of image processing technology and characteristics of web pages, a new web segmentation method – iterated shrinking and dividing is proposed in this paper. Dividing conditions and concept of dividing zone are introduced, based on which web page image is divided into visually consentaneous sub-images by shrinking and splitting iteratively. First, the web page is saved as image that is preprocessed by edge detection algorithm such as Canny. Then dividing zones are detected and the web image is segmented repeatedly until all blocks are indivisible. This method can be used to analyse the web pages such as detecting similar visual layout. Experiments show that the algorithm is suitable for web page segmentation, and does well in expansibility and performance.

A Grid Task Scheduling Algorithm Based on QoS Priority Grouping

As the research of grid goes on, users demand increasingly high quality of task completion and high-quality scientific computing tasks continue to increase. This renders QoS a new problem that is to be considered in the grid scheduling algorithm. In this paper, a grid tasks scheduling strategy based on QoS priority grouping is proposed. In this algorithm, the deadline property of task, acceptation rate of tasks and makespan of systems are comprehensively considered. And QD-Sufferage, a grid task scheduling based on task priority grouping and deadline, is presented subsequently. The experiments show that the algorithm overweighs traditional algorithms a lot in makespan, throughout parameters

Extensive analysis and large-scale empirical evaluation of tor bridge discovery

Tor is a well-known low-latency anonymous communication system that is able to bypass Internet censorship. However, publicly announced Tor routers are being blocked by various parties. To counter the censorship blocking, Tor introduced nonpublic bridges as the first-hop relay into its core network. In this paper, we analyzed the effectiveness of two categories of bridge-discovery approaches: (i) enumerating bridges from bridge https and email servers, and (ii) inferring bridges by malicious Tor middle routers. Large-scale experiments were conducted and validated our theoretic findings. We discovered 2365 Tor bridges through the two enumeration approaches and 2369 bridges by only one Tor middle router in 14 days. Our study shows that the bridge discovery based on malicious middle routers is simple, efficient and effective to discover bridges with little overhead. We also discussed the mechanisms to counter the malicious bridge discovery.

A trust degree based access control in grid environments

The purpose of grid computing is to enable coordinated resource sharing and support cooperative work between different domains in dynamic grid environments. In order to protect each participants privilege and security, a secure and efficient access control is essential. This paper presents a new approach of access mechanism based on trust relationships across domains. A new calculation method of trust in grid is proposed and the difference between intro-domain trust and inter-domain trust is analyzed. In addition, a novel access control framework combined with trust degree is given from this proposal. It is shown to be adaptive for both intro-domain and inter-domain conditions. Hence, a prototype system based on the proposed model is introduced; furthermore, it has been shown as a dynamic and fine-granularity access control method through performance analyses and has also been demonstrated as a suitable system for grid environments.

A context-aware personalized resource recommendation for pervasive learning

As it is difficult for learners to discover and obtain the most appropriate resources from massive education resources according to traditional keyword searching method, the context-aware based resource recommendation service becomes a significant part of pervasive learning environments. At present, recommendation mechanisms are widely used in e-commerce field, where content-based or collaborative-based filter strategies are usually considered separately. However, in these existing recommendation mechanisms, the dynamic interests and preference of learners, the access pattern and the other attributes of pervasive learning environments (such as multi-modes connecting and resources distribution) are always neglected. Thus, these mechanisms can not effectively reflect learners’ actual preference and can not adapt to pervasive learning environments perfectly. To address these problems, a context-aware resource recommendation model and relevant recommendation algorithm for pervasive learning environments are proposed. Therein, with taking into account the relevant contextual information, the calculation of relevant degree between learners and resources can be divided into two main parts: logic-based RRD (resource relevant degree) and situation-based RRD. In the first part, content-based and collaborative-based recommendation mechanisms are combined together, where the individual preference tree (IPT) is introduced to take into account the multi-dimensional attributes of resources, learners’ rating matrix and the energy of access preference. Meanwhile, the learners’ historical sequential patterns of resource accessing are also considered to further improve the accuracy of recommendation. In the second part, in order to enhance the validation of recommendation, the connecting type relevance and time satisfaction degree are calculated according to other relevant contexts. Then, the candidate resources can be filtered and sorted via combining these two parts to generate (Top-N) recommendation results. The simulations show that our newly proposed method outperforms other state of-the-art algorithms on traditional and newly presented metrics and it may also be more suitable for pervasive learning environments. Finally, a prototype system is implemented based on SEU-ESP to demonstrate the relevant recommendation process further.

A new cell-counting-based attack against Tor

Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-sized cells (e.g., 512 B for Tor, a known real-world, circuit-based, low-latency anonymous communication network). Via extensive experiments on Tor, we found that the size of IP packets in the Tor network can be very dynamic because a cell is an application concept and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the number of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then, an accomplice of the attacker at the malicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor, and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective, and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect (e.g., using our hopping-based signal embedding).

TorWard: Discovery of malicious traffic over Tor

Tor is a popular low-latency anonymous communication system. However, it is currently abused in various ways. Tor exit routers are frequently troubled by administrative and legal complaints. To gain an insight into such abuse, we design and implement a novel system, TorWard, for the discovery and systematic study of malicious traffic over Tor. The system can avoid legal and administrative complaints and allows the investigation to be performed in a sensitive environment such as a university campus. An IDS (Intrusion Detection System) is used to discover and classify malicious traffic. We performed comprehensive analysis and extensive real-world experiments to validate the feasibility and effectiveness of TorWard. Our data shows that around 10% Tor traffic can trigger IDS alerts. Malicious traffic includes P2P traffic, malware traffic (e.g., botnet traffic), DoS (Denial-of-Service) attack traffic, spam, and others. Around 200 known malware have been identified. To the best of our knowledge, we are the first to perform malicious traffic categorization over Tor.