Yuezhi Zhou

Transparent computing: a new paradigm for pervasive computing

Due to the research and technological advances, ubiquitous or pervasive computing is emerging rapidly as an exciting new discipline to provide computing and communication services all the time and everywhere. While with many ongoing initiatives, it is too far to achieve the vision that Mark Weiser described. After a comprehensive analysis on traditional paradigms, we argue that, not users-friendly, i.e., users can not get services from computer easily, is one of the main reasons. In this paper, a new computing paradigm, i.e., Transparent Computing will be presented to solve this problem partially. Accordingly, we propose and develop a pilot system, which runs in a network environment and operates at the assembler instruction level. This system lets users demand heterogeneous OSes and applications upon them from centered simple servers, similar to choose different TV channels in daily life. We also present some primitive real and experimental results to show that it is a feasible and efficient solution for future computing infrastructure.

Provably secure three-party authenticated key agreement protocol using smart cards

Authenticated key agreement protocol is a useful cryptographic primitive, which can be used to protect the confidentiality, integrity and authenticity for transmitted data over insecure networks. From the point of view of the management of pre-shared secrets, one of the advantages of three-party authenticated key agreement (3PAKA) protocols is that they are more suitable for use in a network with large numbers of users compared with two-party authenticated key agreement protocols. Using smart cards is a practical, secure measure to protect the secret private keys of a user. Recently, some 3PAKA protocols using smart cards have been proposed. However, up to now, it is still a challenging problem to propose a 3PAKA protocol using smart cards with fewer rounds of messages and without using timestamp technique. Another important fact to be mentioned is that existing 3PAKA protocols using smart cards all lack provable-security guarantees. In this paper, we propose a new 3PAKA protocol using smart cards. The proposed protocol gains several advantages over existing related protocols: (1) The protocol is provably secure under the computational Diffie-Hellman assumption in the random oracle model, and hence can resist strong adversaries in network scenarios; (2) The protocol needs fewer rounds of messages, and can enable short communication latency and rapid response; and (3) The protocol is not based on timestamp technique, and does not need the complicated clock synchronization.

TailTheft: leveraging the wasted time for saving energy in cellular communications

A notion in cellular communications (e.g., GSM, 3G) is called Tail Time, namely the period of high power state after the completion of a transmission. This Tail Time can alleviate the overhead of switching from the low to the high power state, in case there is another transmission in the near future. However, it also results in large energy waste. In this paper, we propose TailTheft, a scheme that steals the wasted Tail Time for data prefetching and delayed transfer, thus significantly reducing energy consumption. In order to achieve this, TailTheft schedules a number of transmissions to the Tail Time of other transmissions. A Virtual Tail mechanism is employed to steal the Tail Time and a Dual Queue Scheduling algorithm is proposed for the scheduling of transmissions. We evaluate TailTheft through a trace-driven simulation using both per-application and real life traces. Experimental results show that TailTheft can reduce energy consumption by 20% to 34% in different cases.

A Bare-Metal and Asymmetric Partitioning Approach to Client Virtualization

Advancements in cloud computing enable the easy deployment of numerous services. However, the analysis of cloud service access platforms from a client perspective shows that maintaining and managing clients remain a challenge for end users. In this paper, we present the design, implementation, and evaluation of an asymmetric virtual machine monitor (AVMM), which is an asymmetric partitioning-based bare-metal approach that achieves near-native performance while supporting a new out-of-operating system mechanism for value-added services. To achieve these goals, AVMM divides underlying platforms into two asymmetric partitions: a user partition and a service partition. The user partition runs a commodity user OS, which is assigned to most of the underlying resources, maintaining end-user experience. The service partition runs a specialized OS, which consumes only the needed resources for its tasks and provides enhanced features to the user OS. AVMM considerably reduces virtualization overhead through two approaches: 1) Peripheral devices, such as graphics equipment, are assigned to be monopolized by a single user OS. 2) Efficient resource management mechanisms are leveraged to alleviate complicated resource sharing in existing virtualization technologies. We implement a prototype that supports Windows and Linux systems. Experimental results show that AVMM is a feasible and efficient approach to client virtualization.

ZSBT: a novel algorithm for tracing DoS attackers in MANETs

Denial of service (DoS) attack is a major class of security threats today. They consume resources of remote hosts or network and make them deny or degrade services for legitimate users. Compared with traditional Internet, the resources, such as bandwidth, memory, and battery power, of each node are more limited in mobile ad hoc networks (MANETs). Therefore, nodes in MANETs are more vulnerable to DoS attacks. Moreover, attackers in MANETs cannot only use IP spoofing to conceal their real identities but also move arbitrarily, which makes it a challenging task to trace a remote attacker in MANETs. In this paper, we proposed a zone sampling-based traceback (ZSBT) algorithm for tracing DoS attackers in MANETs. In our algorithm, when a node forwards a packet, the node writes its zone ID into the packet with a probability. After receiving these packets, the victim can reconstruct the path between the attacker and itself. Simulations were carried out to illustrate the validity of the algorithm; even with a little communication overhead.

TransOS: a transparent computing-based operating system for the cloud

Cloud computing has become a hot topic recently. Among these research issues, cloud operating systems have attracted extensive attention. However, to date, there is no answer to such issues as what a cloud operating system is and how to develop one. This paper proposes a cloud operating system, TransOS, from the viewpoint of transparent computing, in which all traditional operating system codes and applications are centrally stored on network servers, and an almost bare terminal dynamically schedules the necessary codes selected by users from the network server, and runs them mostly with the terminal’s local resources. The TransOS manages all the resources to provide integrated services for users, including traditional operating systems. This paper first introduces the concept of transparent computing as a background and presents TransOS and its main characteristics. It then gives a layered structure-based designation of TransOS and finally illustrates one example of its implementation.

Aggressive Resource Provisioning for Ensuring QoS in Virtualized Environments

Elasticity has now become the elemental feature of cloud computing as it enables the ability to dynamically add or remove virtual machine instances when workload changes. However, effective virtualized resource management is still one of the most challenging tasks. When the workload of a service increases rapidly, existing approaches cannot respond to the growing performance requirement efficiently because of either inaccuracy of adaptation decisions or the slow process of adjustments, both of which may result in insufficient resource provisioning. As a consequence, the Quality of Service (QoS) of the hosted applications may degrade and the Service Level Objective (SLO) will be thus violated. In this paper, we introduce SPRNT, a novel resource management framework, to ensure high-level QoS in the cloud computing system. SPRNT utilizes an aggressive resource provisioning strategy which encourages SPRNT to substantially increase the resource allocation in each adaptation cycle when workload increases. This strategy first provisions resources which are possibly more than actual demands, and then reduces the over-provisioned resources if needed. By applying the aggressive strategy, SPRNT can satisfy the increasing performance requirement in the first place so that the QoS can be kept at a high level. The experimental results show that SPRNT achieves up to 7.7× speedup in adaptation time, compared with existing efforts. By enabling quick adaptation, SPRNT limits the SLO violation rate up to 1.3 percent even when dealing with rapidly increasing workload.

Mining checkins from location-sharing services for client-independent IP geolocation

Accurately determining the geographic location of an Internet host is important for location-aware applications such as location-based advertising and network diagnostics. Despite their fast response time, widely used database-driven geolocation approaches provide only inaccurate locations. Delay measurement based approaches improve the estimation accuracy but still suffer from a limited precision (about 10 km) and a long response time (tens of seconds) to localize a single PC, which cannot meet the demand of precise and real-time geolocation for location-aware applications. In this paper, we propose a new geolocation approach, Checkin-Geo, which exploits geolocation resources fundamentally different from existing database-driven (using DNS, Whois, etc.) or network delay measurement based approaches. In particular, we leverage the location data that users are willing to share in location-sharing services and logs of user logins from PCs for real-time and accurate geolocation. Experimental results show that compared to existing geolocation techniques, Checkin-Geo achieves 1) a median estimation error of 799 meters (an order of magnitude smaller than existing approaches), and 2) a negligible response time, which are promising for accurate location-aware applications.

TransCom: A Virtual Disk-Based Cloud Computing Platform for Heterogeneous Services

This paper presents the design, implementation, and evaluation of TransCom, a virtual disk (Vdisk) based cloud computing platform that supports heterogeneous services of operating systems (OSes) and their applications in enterprise environments. In TransCom, clients store all data and software, including OS and application software, on Vdisks that correspond to disk images located on centralized servers, while computing tasks are carried out by the clients. Users can choose to boot any client for using the desired OS, including Windows, and access software and data services from Vdisks as usual without consideration of any other tasks, such as installation, maintenance, and management. By centralizing storage yet distributing computing tasks, TransCom can greatly reduce the potential system maintenance and management costs. We have implemented a multi-platform TransCom prototype that supports both Windows and Linux services. The extensive evaluation based on both test-bed experiments and real-usage experiments has demonstrated that TransCom is a feasible, scalable, and efficient solution for successful real-world use.

Query by document via a decomposition-based two-level retrieval approach

Retrieving similar documents from a large-scale text corpus according to a given document is a fundamental technique for many applications. However, most of existing indexing techniques have difficulties to address this problem due to special properties of a document query, e.g. high dimensionality, sparse representation and semantic concern. Towards addressing this problem, we propose a two-level retrieval solution based on a document decomposition idea. A document is decomposed to a compact vector and a few document specific keywords by a dimension reduction approach. The compact vector embodies the major semantics of a document, and the document specific keywords complement the discriminative power lost in dimension reduction process. We adopt locality sensitive hashing (LSH) to index the compact vectors, which guarantees to quickly find a set of related documents according to the vector of a query document. Then we re-rank documents in this set by their document specific keywords. In experiments, we obtained promising results on various datasets in terms of both accuracy and performance. We demonstrated that this solution is able to index large-scale corpus for efficient similarity-based document retrieval.