Your search keyword '"Gansen, A"' showing total 80 results

1. Cloud Computing: A Statistics Aspect of Users

Author

Zhao, Gansen, Liu, Jiale, Tang, Yong, Sun, Wei, Zhang, Feng, Ye, Xiaoping, Tang, Na, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

2. Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography

Author

Yan, Liang, Rong, Chunming, Zhao, Gansen, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

3. Designing cloud-based electronic health record system with attribute-based encryption

Author

Xhafa, Fatos, Li, Jingwei, Zhao, Gansen, Li, Jin, Chen, Xiaofeng, and Wong, Duncan S.

Published

2015

4. Reference deployment models for eliminating user concerns on cloud security

Author

Zhao, Gansen, Rong, Chunming, Jaatun, Martin Gilje, and Sandnes, Frode Eika

Published

2012

5. A Garbage Image Classification Framework Based on Deep Learning

Author

Chengchuang Lin, Lei Zhao, Chen Bingchuan, and Gansen Zhao

Subjects

Contextual image classification, Computer science, business.industry, Deep learning, Cloud computing, Machine learning, computer.software_genre, Convolutional neural network, Task (project management), Header, Artificial intelligence, business, Mobile device, computer, Garbage

Abstract

In this paper, we present a garbage image classification framework to tackle the waste sorting problem which besets residents around the world every day. The proposed framework consists of two modules, a convolutional neural network backbone transferred from the ImageNet classification task and a customized network header designed for the garbage image classification task. To friendly deploy into mobile devices, the proposed method makes an artful tradeoff between classification accuracy and running efficiency. The proposed framework yields 95.62% online classification accuracy on the test dataset provided by Huawei cloud with 95 ms per image inference time occupying 897 Megabytes GPU memory.

Published

2020

6. Research on Strategy Optimization of OpenFlow Switch Flow Table Based on 'Bus Route' Idea

Author

Haoyu Luo, Wu Qinglan, Chunyun Deng, Zanbo Zhang, Gansen Zhao, Zefeng Mo, Chengchuang Lin, Shuangyin Li, and Zhaohui Ma

Subjects

OpenFlow, Network security, business.industry, Computer science, Big data, Network virtualization, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Betweenness centrality, 0202 electrical engineering, electronic engineering, information engineering, Table (database), business, Software-defined networking, Computer network

Abstract

With the gradual progress of cloud computing, big data, network virtualization and other network technology, exponential growth of data makes traditional network show its weakness completely. Such as inefficiency of data forwarding, poor agility of network deployment and so on. SDN(Software Defined Networking) separates data forwarding from logic control and makes network programmable to improve utilization of network resources, and then, there are efficiency of data forwarding and agility of network deployment. Compared to traditional network, SDN network is more in line with the future network for its characteristic. However, SDN is facing some severe problems too. Like flow table congestion and network security problems. In SDN network, OpenFlow switches can only contain 3000 flow entries which means flow table resources are really rare. Thus, we come out with a strategy of flow table optimizing. We choose a number of switches based on betweenness centrality as the station on "bus route" and issue the least flow entry to realize the whole network working.

Published

2019

7. Secure Access Control of E-Health System with Attribute-Based Encryption

Author

Jian Shen, Jin Li, Xuan Li, Sun-Young Lee, Hongyang Yan, and Gansen Zhao

Subjects

021110 strategic, defence & security studies, Database, Computer science, business.industry, 0211 other engineering and technologies, Client-side encryption, Cloud computing, Access control, 02 engineering and technology, computer.software_genre, Computer security, Encryption, Theoretical Computer Science, Computational Theory and Mathematics, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, 40-bit encryption, 020201 artificial intelligence & image processing, Attribute-based encryption, On-the-fly encryption, business, computer, Cloud storage, Software

Abstract

Cloud computing is a new paradigm, which provides low-cost and effective outsourced data storage service. People are used to storing personal data in cloud server. E-Health system (EHS) privacy should be protected, because it is national security for citizen privacy. Personal Health Record (PHR) is the core of EHS that should be protected. Thus, how to efficiently store, access and share these data is critical. Attribute-based encryption (ABE) is a new public key encryption based on users’ attributes. In this paper, we present a new method to realize a secure fine-grained access control to PHRs, which is based on emerging ABE primitives. In more details, PHR owners divide the PHR data in terms of the privacy levels. A key-policy ABE (KP-ABE) is utilized to provide a fine-grained access control storage system for outsourced sensitive data. It can also provide efficient user revocation by using the timestamp in the private key. Security analysis shows that our construction achieves the data confiden...

Published

2016

8. Triple-L: Improving CPS Disk I/O Performance in a Virtualized NAS Environment

Author

Laurence T. Yang, Kaoru Ota, Yong Tang, Dingding Li, Gansen Zhao, and Mianxiong Dong

Subjects

Cyberphysical systems (CPS), Computer Networks and Communications, Computer science, Cloud computing, 02 engineering and technology, disk I/O, computer.software_genre, 007.65, network-attached storage (NAS), image file, Server, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Electrical and Electronic Engineering, business.industry, 020206 networking & telecommunications, 020207 software engineering, virtualization, Computer Science Applications, Control and Systems Engineering, Virtual machine, Scalability, Operating system, business, computer, Host (network), Virtual desktop, Information Systems, Computer network, Live migration

Abstract

Network-attached storage (NAS) provides cyberphysical systems (CPS) with the scalable, efficient, and reliable backing storage, such as the mobile virtual desktop based on cloud infrastructure. Within this storage architecture, virtual machine (VM) instances running in the NAS client usually receive data from the complex physical world and then persist them in the neat cyberspace in the NAS server. In this paper, we propose Triple-L to improve VM disk I/O performance in the NAS architecture. According to the specific storage semantic, Triple-L decouples the VM image file into several subfiles at the host layer and then selectively moves them into the NAS clients. In such a way, a VM disk I/O request may be proceeded locally in the NAS client, instead of walking the external networking path repetitively between NAS server and client. We have implemented Triple-L in a Xen-based NAS system. An accessory solution for dealing with storage failure and VM live migration on Triple-L is also discussed and evaluated. The experimental result shows that our work can effectively improve the disk I/O performance of VMs. Meanwhile, it brings moderate overhead for VM live migration.

Published

2015

9. Writeback throttling in a virtualized system with SCM

Author

Yong Tang, Xiaofei Liao, Gansen Zhao, Hai Jin, and Dingding Li

Subjects

General Computer Science, Computer science, business.industry, Reliability (computer networking), 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Bandwidth throttling, Storage virtualization, computer.software_genre, Virtualization, Interference (wave propagation), Theoretical Computer Science, 020204 information systems, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Architecture, Storage class memory, business, computer

Abstract

Storage class memory (SCM) has the potential to revolutionize the memory landscape by its non-volatile and byte-addressable properties. However, there is little published work about exploring its usage for modern virtualized cloud infrastructure. We propose SCM-vWrite, a novel architecture designed around SCM, to ease the performance interference of virtualized storage subsystem. Through a case study on a typical virtualized cloud system, we first describe why current writeback manners are not suitable for a virtualized environment, then design and implement SCM-vWrite to improve this problem. We also use typical benchmarks and realistic workloads to evaluate its performance. Compared with the traditional method on a conventional architecture, the experimental result shows that SCM-vWrite can coordinate the writeback flows more effectively among multiple co-located guest operating systems, achieving a better disk I/O performance without any loss of reliability.

Published

2015

10. Constructing authentication web in cloud computing

Author

Yong Tang, Gansen Zhao, Xinming Wang, Zhongjie Ba, Changqin Huang, and Feng Zhang

Subjects

Challenge-Handshake Authentication Protocol, 021110 strategic, defence & security studies, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Multi-factor authentication, Service provider, Computer security, computer.software_genre, Generic Bootstrapping Architecture, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Single sign-on, business, computer, Information Systems, Computer network

Abstract

Cloud computing offers a cheap and efficient solution for the deployment of web applications. It results in a big increase of the number of service provider. Users hold multiple identities for using services from different domains. The openness of public clouds requires the authentication system to accept user identities from various domains and to support hybrid authentication protocols. This work proposes a cross-domain single sign-on mechanism to address the preceding issues and makes a formal mathematical model to analyze the security issues of the proposed mechanism's authentication architecture; furthermore, an algorithm is proposed to detect the authentication architecture's weak vertex whose failure would lead to a partial failure in the architecture. The proposed mechanism allows service providers to verify user identities in a decentralized way and allows users to unify their identities from various domains in a safe way. The verification process used in this mechanism is able to support hybrid authentication protocols as well as to accelerate the verification of credentials by eliminating single point of failure and single-point bottleneck. Copyright © 2015John Wiley & Sons, Ltd.

Published

2015

11. Semantic description of scholar-oriented social network cloud

Author

Yong Tang, Gansen Zhao, Chunming Rong, and Jianguo Li

Subjects

Social network, Computer science, business.industry, Friend of a friend, Cloud computing, computer.file_format, Social relation, Theoretical Computer Science, World Wide Web, Hardware and Architecture, FOAF, The Internet, RDF, business, Semantic Web, computer, Software, Information Systems

Abstract

Social networks have experienced exponential growth in membership and have become a hotspot for research in recent years. It helps users manage relations by establishing new relations and maintaining existing relations. On the basis of social networks' research, to encourage communication between scholars and facilitate management of academic information and academic relations, we built the Scholar-Oriented Social Network Cloud (SOSN) that is an academic information-centric social network. SOSN extracts academic information from various web sources on the Internet, and provides an application model for the social interaction and the semantic description of all related information. SOSN works as follows. Firstly, an academic search cloud is created that can provides academic search services according to users' web context. Then SOSN extracts public academic information from various literature databases and search engines on the web using the academic extracting services; secondly, SOSN devises an application model in the domain of scholar social network, which is used to represent the complex relations of entities in the Scholar-Oriented Social Network Cloud; thirdly, based on FOAF (Friend of a Friend), MarcOnt ontology, FRBR (Functional Requirements for Bibliographic Records) and SWAP (Scholarly Works Application Profile) academic semantic project, SOSN defines Scholar, AcademicWork, AcademicTeam ontology, etc. using RDF language according to semantic web technology and implements the semantic description of Scholar-Oriented Social Network Cloud.

Published

2011

12. Reference deployment models for eliminating user concerns on cloud security

Author

Chunming Rong, Gansen Zhao, Martin Gilje Jaatun, and Frode Eika Sandnes

Subjects

Service (systems architecture), Cloud computing security, business.industry, Computer science, Cloud computing, Security concerns, Computer security model, Computer security, computer.software_genre, Theoretical Computer Science, Reference deployment model, Security service, Teknologi: 500::Informasjons- og kommunikasjonsteknologi: 550 [VDP], Hardware and Architecture, Software deployment, Cloud security, Cloud testing, business, VDP::Teknologi: 500::Informasjons- og kommunikasjonsteknologi: 550, computer, Reference model, Software, Information Systems

Abstract

Cloud computing has become a hot topic both in research and in industry, and when making decisions on deploying/adopting cloud computing related solutions, security has always been a major concern. This article summarizes security related issues in cloud computing and proposes five service deployment models to address these issues. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment.

Published

2010

13. Designing cloud-based electronic health record system with attribute-based encryption

Author

Jin Li, Jingwei Li, Gansen Zhao, Duncan S. Wong, Xiaofeng Chen, Fatos Xhafa, and Universitat Politècnica de Catalunya. Departament de Ciències de la Computació

Subjects

Computació en núvol, Computer Networks and Communications, Computer science, Cloud computing, security, Computer security, computer.software_genre, keyword search, Domain (software engineering), attribute-based encryption, Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], Electronic health record, Media Technology, Medical records--Data processing, Històries clíniques -- Informàtica, Cloud computing security, Cryptographic primitive, Revocation, business.industry, cloud computing, electronic health record, Hardware and Architecture, Encriptació de dades (Informàtica), Attribute-based encryption, business, computer, Software, Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors::Internet [Àrees temàtiques de la UPC]

Abstract

This is a copy of the author 's final draft version of an article published in the journal Multimedia tools and applications. The final publication is available at Springer via http://dx.doi.org/10.1007/s11042-013-1829-6 With the development of cloud computing, electronic health record (EHR) system has appeared in the form of patient-centric, in which patients store their personal health records (PHRs) at a remote cloud server and selectively share them with physicians for convenient medical care. Although the newly emerged form has many advantages over traditional client-server model, it inevitably introduces patients' concerns on the privacy of their PHRs due to the fact that cloud servers are very likely to be in a different trusted domain from that of the patients. In this paper, aiming at allowing for efficient storing and sharing PHRs and also eliminating patients' worries about PHR privacy, we design a secure cloud-based EHR system, which guarantees security and privacy of medical data stored in the cloud, relying on cryptographic primitive but not the full trust over cloud servers. Based on our proposed basic EHR system, we provide several extensions including adding searchability, supporting revocation functionality and enabling efficient local decryption, which fills the gap between theoretical proposal and practical application.

Published

2015

14. On the Construction of Trusted Resource Pool in Clouds

Author

Yangyang Wu, Zhongjie Ba, Gansen Zhao, Jianguo Li, Yong Tang, Haiyu Wang, and Qi Chen

Subjects

Computer science, business.industry, Distributed computing, Data_MISCELLANEOUS, Cloud computing, Trusted Computing, Group signature, Computer security, computer.software_genre, Trusted Network Connect, Resource (project management), Direct Anonymous Attestation, Trust management (information system), Resource management, business, computer

Abstract

IaaS cloud converts physical resources into resource pools. The pool oriented resource management model requires transparency of the underlying physical resources, as well as the on-demand consumption of IT services and the trust verification of the resources from cloud users. A viable way is by creating trusted clusters that consist of trusted physical machines, with strict membership management of these trusted clusters, confining IT services to be hosted within trusted clusters. This paper proposes a trusted cluster scheme which is based on a dynamic group signature scheme. The scheme fits into the pool oriented trust management for cloud computing.

Published

2013

15. Trust Management for IaaS with Group Signature

Author

Yong Tang, Qi Chen, Gansen Zhao, and Haiyu Wang

Subjects

Service (business), Computer science, business.industry, Data_MISCELLANEOUS, Internet privacy, Cloud computing, Trusted Computing, Computer security, computer.software_genre, Trusted Network Connect, Resource (project management), Direct Anonymous Attestation, Trust management (information system), Resource management, business, computer

Abstract

IaaS encourages pooled resource management model, which provides transparency on the management and provision of IT resources. The transparency, hiding physical details of the underlying resources, makes it difficult for cloud users/services to identify trusted resources for service deployment, resulting in potential risks of deploying critical services on untrusted resources. This paper proposes a pool oriented trust management mechanism for cloud infrastructures, allowing the construction and identification of trusted clusters consisted of trusted resources, with strict membership management to accept only trusted physical resources. Resources of a trusted cluster expose identical trust properties/attributes to cloud users, enabling users to verify the trust on the resources without the need of identifying individual physical resource. Hence, service deployment and migration can be augmented with the above trust verification to ensure that services are always deployed on trusted resources.

Published

2013

16. Resource Pool Oriented Trust Management for Cloud Infrastructure

Author

Haiyu Wang, Chunming Rong, Yong Tang, and Gansen Zhao

Subjects

Service (business), Computer science, business.industry, Data_MISCELLANEOUS, Cloud computing, Trusted Computing, Computer security, computer.software_genre, Trusted Network Connect, Resource (project management), Resource allocation, Trust management (information system), Resource management, business, computer

Abstract

IaaS encourages pooled resource management model, which provides transparency on the management and provision of IT resources. The transparency, hiding physical details of the underlying resources, makes it difficult for cloud users/services to identify trusted resources for service deployment, resulting in potential risks of deploying critical services on untrusted resources. This paper proposes a pool oriented trust management mechanism for cloud infrastructures, allowing the construction and identification of trusted clusters consisted of trusted resources, with strict membership management to accept only trusted physical resources. Resources of a trusted cluster expose identical trust properties/attributes to cloud users, enabling users to verify the trust on the resources without the need of identifying individual physical resource. Hence, service deployment and migration can be augmented with the above trust verification to ensure that services are always deployed on trusted resources.

Published

2013

17. Privacy Enhancing Framework on PaaS

Author

Hao Zhang, Ziliu Li, Wenjun Li, Gansen Zhao, and Yong Tang

Subjects

Information privacy, Cloud computing security, Privacy by Design, business.industry, Privacy software, Computer science, Platform as a service, Cloud computing, computer.software_genre, Computer security, Security policy, World Wide Web, Server, Web service, business, computer

Abstract

Platform as a service (PaaS) is a cloud computing service model that provides a computing platform and a solution stack as an on-demand service, allowing users to create, deploy and control their own cloud services without building and managing their own computing platforms. PaaS providers provide the networks, servers and storages alongside with the PaaS platform. Though cloud computing is getting prevalence in IT, security, in particular privacy, has incurred the most concerns from users. Using a cloud service, a user has no privilege in managing the underlying computing platform nor the underlying resource and infrastructure, leading to the situation that a user has no way to monitor cloud services' behavior to protect the user's privacy. This paper proposes a privacy enhancing framework on PaaS for detecting the privacy violating behavior and protecting user's information instantly by enforcing related protection actions. The proposed framework allows customized security policies and behavior analysis models, enabling users to impose application oriented privacy monitoring mechanisms.

Published

2012

18. A Cryptographic Protocol for Communication in a Redundant Array of Independent Net-storages

Author

Stian Alapnes, Martin Gilje Jaatun, and Gansen Zhao

Subjects

Authentication, business.industry, RAID, Computer science, Distributed computing, Data_MISCELLANEOUS, Cloud computing, Cryptographic protocol, law.invention, Public-key cryptography, law, business, Cloud storage, Anonymity, Computer network

Abstract

This paper describes a cryptographic protocol for storing and processing data in a Cloud Computing setting, where users need not place absolute trust in the various Cloud Processing providers. This is achieved by distributing data among various Cloud Storage providers in such a manner that an individual data item does not divulge useful information about its owner, and only re-assembling data when it needs to be processed or returned to the user.

Published

2011

19. A Farewell to Trust: An Approach to Confidentiality Control in the Cloud

Author

Åsmund Ahlmann Nyre, Martin Gilje Jaatun, Gansen Zhao, and Stian Alapnes

Subjects

Cloud computing security, business.industry, Computer science, Control (management), Cloud computing, Computer security, computer.software_genre, Storage management, Sketch, Original data, Confidentiality, business, computer, Computer network

Abstract

This paper applies a divide-and-conquer approach to achieve confidentiality control in Cloud Computing. We sketch how a Redundant Array of Independent Net-storages (RAIN) for Cloud Computing can be designed using techniques originally intended for other purposes. The RAIN approach splits data into segments and distributes segments onto multiple providers. By keeping the relationships between the distributed segments private, the original data cannot be re-assembled. Further, with each segment small enough, each segment discloses no meaningful information to others. Hence RAIN is able to ensure the confidentiality of data stored on clouds.

Published

2011

20. Deliverance from Trust through a Redundant Array of Independent Net-storages in Cloud Computing

Author

Gansen Zhao, Yong Tang, Stian Alapnesy, Athanasios V. Vasilakos, Martin Gilje Jaatun, Åsmund Ahlmann Nyre, and Qiang Yue

Subjects

Security analysis, Cloud computing security, Computer science, business.industry, Cloud computing, Cryptography, Computer security, computer.software_genre, Electronic mail, Data modeling, Confidentiality, business, Cloud storage, computer, Computer network

Abstract

Cloud storage services are gaining more and more attention. Surveys suggest that the confidentiality issue is one of the major obstacles for users to use cloud storage services to keep sensitive data. This paper proposes to deploy a Redundant Array of Independent Net-storages (RAIN) for confidentiality control in Cloud Computing. The RAIN approach splits data into segments and distributes segments onto multiple storage providers, without having to trust each provider. By keeping the distribution of segments and the relationships between the distributed segments private, the original data cannot be reassembled. When the segments are small enough, each segment discloses no meaningful information to others. Hence RAIN is able to ensure the confidentiality of data stored on clouds. A formal model of the proposed approach has been developed to articulate the process. Security analysis has been performed, indicating that the proposed approach can implement confidentiality protection without the need of encrypting the data.

Published

2011

21. Fine-Grained Data Access Control Systems with User Accountability in Cloud Computing

Author

Lianzhang Tang, Dongqing Xie, Xiaofeng Chen, Yong Tang, Chunming Rong, Gansen Zhao, Jin Li, and Wenjun Li

Subjects

Computer access control, Revocation, business.industry, Computer science, Data management, Key distribution, Data security, Cloud computing, Access control, Cryptography, Computer security model, Encryption, Computer security, computer.software_genre, Server, Accountability, Scalability, The Internet, Attribute-based encryption, Web service, business, Broadcast encryption, computer

Abstract

Cloud computing is an emerging computing paradigm in which IT resources and capacities are provided as services over the Internet. Promising as it is, this paradigm also brings forth new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are likely outside of the same trust domain of data owners. To maintain the confidentiality of, sensitive user data against untrusted servers, existing work usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. In this paper, we present a way to implement, scalable and fine-grained access control systems based on attribute-based encryption (ABE). For the purpose of secure access control in cloud computing, the prevention of illegal key sharing among colluding users is missing from the existing access control systems based on ABE. This paper addresses this challenging open issue by defining and enforcing access policies based on data attributes and implementing user accountability by using traitor tracing. Furthermore, both the user grant and revocation are efficiently supported by using the broadcast encryption technique. Extensive analysis shows that the proposed scheme is highly efficient and provably secure under existing security models.

Published

2010

22. Trusted Data Sharing over Untrusted Cloud Storage Providers

Author

Jin Li, Gansen Zhao, Chunming Rong, Yong Tang, and Feng Zhang

Subjects

Information privacy, Cloud computing security, business.industry, Computer science, Internet privacy, Authorization, Cloud computing, Access control, Service provider, Computer security, computer.software_genre, Data sharing, Data integrity, business, computer, Cloud storage

Abstract

Cloud computing has been acknowledged as one of the prevaling models for providing IT capacities. The off-premises computing paradigm that comes with cloud computing has incurred great concerns on the security of data, especially the integrity and confidentiality of data, as cloud service providers may have complete control on the computing infrastructure that underpins the services. This makes it difficult to share data via cloud providers where data should be confidential to the providers and only authorized users should be allowed to access the data. This work aims to construct a system for trusted data sharing through untrusted cloud providers, to address the above mentioned issue. The constructed system can imperatively impose the access control policies of data owners, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data.

Published

2010

23. Deployment Models: Towards Eliminating Security Concerns From Cloud Computing

Author

Martin Gilje Jaatun, Chunming Rong, Gansen Zhao, and Frode Eika Sandnes

Subjects

VDP::Teknologi: 500::Informasjons- og kommunikasjonsteknologi: 550::Datateknologi: 551, Service (systems architecture), Cloud computing security, Computer science, business.industry, Information technology, Cloud computing, Security concerns, Computer security model, Computer security, computer.software_genre, Teknologi: 500::Informasjons- og kommunikasjonsteknologi: 550::Datateknologi: 551 [VDP], Deployment models, Software deployment, Cloud security, The Internet, business, Reference model, computer

Abstract

Cloud computing has become a popular choice as an alternative to investing new IT systems. When making decisions on adopting cloud computing related solutions, security has always been a major concern. This article summarizes security concerns in cloud computing and proposes five service deployment models to ease these concerns. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment. Deployment models: Towards eliminating security concerns from cloud computing

Published

2010

24. Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography

Author

Liang Yan, Gansen Zhao, and Chunming Rong

Subjects

Cloud computing security, business.industry, Computer science, Key distribution, Data security, Cryptography, Cloud computing, Mutual authentication, Computer security, computer.software_genre, Identity management, Digital identity, Public-key cryptography, ID-based cryptography, Financial cryptography, business, computer

Abstract

More and more companies begin to provide different kinds of cloud computing services for Internet users at the same time these services also bring some security problems. Currently the majority of cloud computing systems provide digital identity for users to access their services, this will bring some inconvenience for a hybrid cloud that includes multiple private clouds and/or public clouds. Today most cloud computing system use asymmetric and traditional public key cryptography to provide data security and mutual authentication. Identity-based cryptography has some attraction characteristics that seem to fit well the requirements of cloud computing. In this paper, by adopting federated identity management together with hierarchical identity-based cryptography (HIBC), not only the key distribution but also the mutual authentication can be simplified in the cloud.

Published

2009

25. Cloud Computing: A Statistics Aspect of Users

Author

Gansen Zhao, Na Tang, Feng Zhang, Xiao-Ping Ye, Jia-Le Liu, Wei Sun, and Yong Tang

Subjects

Service (business), Cloud computing security, Computer science, business.industry, Distributed computing, Cloud computing, Service provider, Computer security, computer.software_genre, Utility computing, Software deployment, End-user computing, Cloud testing, Data as a service, business, computer

Abstract

Users see that cloud computing delivers elastic computing services to users based on their needs. Cloud computing service providers must make sure enough resources are provided to meet users' demand, by either the provision of more than enough resource, or the provision of just-enough resource. This paper investigates the growth of the user set of a cloud computing service from statistic's point of view. The investigation leads to a simply model on the growth of the system in terms of users. This model provides a simple way to compute the scale of a system at a given time, thus allowing a cloud computing service provider to predict the system's scale based on the number of users and plan for the infrastructure deployment.

Published

2009

26. Triple-L: Improving CPS Disk I/O Performance in a Virtualized NAS Environment.

Author

Li, Dingding, Dong, Mianxiong, Tang, Yong, Yang, Laurence T., Ota, Kaoru, and Zhao, Gansen

Abstract

Network-attached storage (NAS) provides cyberphysical systems (CPS) with the scalable, efficient, and reliable backing storage, such as the mobile virtual desktop based on cloud infrastructure. Within this storage architecture, virtual machine (VM) instances running in the NAS client usually receive data from the complex physical world and then persist them in the neat cyberspace in the NAS server. In this paper, we propose Triple-L to improve VM disk I/O performance in the NAS architecture. According to the specific storage semantic, Triple-L decouples the VM image file into several subfiles at the host layer and then selectively moves them into the NAS clients. In such a way, a VM disk I/O request may be proceeded locally in the NAS client, instead of walking the external networking path repetitively between NAS server and client. We have implemented Triple-L in a Xen-based NAS system. An accessory solution for dealing with storage failure and VM live migration on Triple-L is also discussed and evaluated. The experimental result shows that our work can effectively improve the disk I/O performance of VMs. Meanwhile, it brings moderate overhead for VM live migration. [ABSTRACT FROM PUBLISHER]

Published

2017

27. Constructing authentication web in cloud computing.

Author

Zhao, Gansen, Ba, Zhongjie, Wang, Xinming, Zhang, Feng, Huang, Changqin, and Tang, Yong

Subjects

CLOUD computing, COMPUTER access control, MULTIUSER channels, CRYPTOGRAPHY, INFORMATION technology security

Abstract

Cloud computing offers a cheap and efficient solution for the deployment of web applications. It results in a big increase of the number of service provider. Users hold multiple identities for using services from different domains. The openness of public clouds requires the authentication system to accept user identities from various domains and to support hybrid authentication protocols. This work proposes a cross-domain single sign-on mechanism to address the preceding issues and makes a formal mathematical model to analyze the security issues of the proposed mechanism's authentication architecture; furthermore, an algorithm is proposed to detect the authentication architecture's weak vertex whose failure would lead to a partial failure in the architecture. The proposed mechanism allows service providers to verify user identities in a decentralized way and allows users to unify their identities from various domains in a safe way. The verification process used in this mechanism is able to support hybrid authentication protocols as well as to accelerate the verification of credentials by eliminating single point of failure and single-point bottleneck. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

28. Secure Access Control of E-Health System with Attribute-Based Encryption.

Author

Yan, Hongyang, Li, Jin, Li, Xuan, Zhao, Gansen, Lee, Sun-Young, and Shen, Jian

Subjects

ACCESS control, ELECTRONIC health records, DATA encryption, CLOUD computing, PRIVACY

Abstract

Cloud computing is a new paradigm, which provides low-cost and effective outsourced data storage service. People are used to storing personal data in cloud server. E-Health system (EHS) privacy should be protected, because it is national security for citizen privacy. Personal Health Record (PHR) is the core of EHS that should be protected. Thus, how to efficiently store, access and share these data is critical. Attribute-based encryption (ABE) is a new public key encryption based on users’ attributes. In this paper, we present a new method to realize a secure fine-grained access control to PHRs, which is based on emerging ABE primitives. In more details, PHR owners divide the PHR data in terms of the privacy levels. A key-policy ABE (KP-ABE) is utilized to provide a fine-grained access control storage system for outsourced sensitive data. It can also provide efficient user revocation by using the timestamp in the private key. Security analysis shows that our construction achieves the data confidentiality. That is, any unauthorized user is not allowed to access the data outsourced in the cloud. [ABSTRACT FROM AUTHOR]

Published

2016

29. Contructing Authentication Web in Cloud Computing.

Author

Zhao, Gansen, Ba, Zhongjie, Zhang, Feng, Chen, Qi, Li, Jianguo, and Tang, Yong

Abstract

Cloud computing enables rapid deployment of services on an on-demand basis in large scale. Public clouds are open to all users with identities from various domains, requiring the support of multiple identity providers and hybrid authentication protocols. The complexity of the authentication scenario brings a great burden to service providers. Service providers and users know only a small part of the complicated authentication network. This work explores a system view on the authentication network in cloud, allowing the authentication interaction and the trust relations to be explicitly described and analyzed. A cross-domain single sign-on model is proposed and the implementation details of the authentication architecture and protocol is presented. [ABSTRACT FROM PUBLISHER]

Published

2013

30. Semantic description of scholar-oriented social network cloud.

Author

Li, Jianguo, Zhao, Gansen, Rong, Chunming, and Tang, Yong

Subjects

*CLOUD computing, *ONLINE social networks, *SOCIAL media, *DISTRIBUTED computing, *SCHOLARLY method

Abstract

Social networks have experienced exponential growth in membership and have become a hotspot for research in recent years. It helps users manage relations by establishing new relations and maintaining existing relations. On the basis of social networks' research, to encourage communication between scholars and facilitate management of academic information and academic relations, we built the Scholar-Oriented Social Network Cloud (SOSN) that is an academic information-centric social network. SOSN extracts academic information from various web sources on the Internet, and provides an application model for the social interaction and the semantic description of all related information. SOSN works as follows. Firstly, an academic search cloud is created that can provides academic search services according to users' web context. Then SOSN extracts public academic information from various literature databases and search engines on the web using the academic extracting services; secondly, SOSN devises an application model in the domain of scholar social network, which is used to represent the complex relations of entities in the Scholar-Oriented Social Network Cloud; thirdly, based on FOAF (Friend of a Friend), MarcOnt ontology, FRBR (Functional Requirements for Bibliographic Records) and SWAP (Scholarly Works Application Profile) academic semantic project, SOSN defines Scholar, AcademicWork, AcademicTeam ontology, etc. using RDF language according to semantic web technology and implements the semantic description of Scholar-Oriented Social Network Cloud. [ABSTRACT FROM AUTHOR]

Published

2013

31. The design of a redundant array of independent net-storages for improved confidentiality in cloud computing

Author

Gansen Zhao, Åsmund Ahlmann Nyre, Athanasios V. Vasilakos, Yong Tang, Stian Alapnes, and Martin Gilje Jaatun

Subjects

Security analysis, Computer Networks and Communications, business.industry, Computer science, Distributed computing, Cloud computing, Confidentiality, business, Communications protocol, Computer communication networks, Software, Original data

Abstract

This article describes how a Redundant Array of Independent Net-storages (RAIN) can be deployed for confidentiality control in Cloud Computing. The RAIN approach splits data into segments and distributes segments between multiple storage providers; by keeping the distribution of segments and the relationships between the distributed segments private, the original data cannot be re-assembled by an observer. As long as each segment is small enough, an individual segment discloses no meaningful information to others, and hence RAIN is able to ensure the confidentiality of data stored in the clouds. We describe the inter-cloud communication protocol, and present a formal model, security analysis, and simulation results.

32. Fast Homomorphic Encryption Based on CPU-4GPUs Hybrid System in Cloud

Author

Xia, Jing, Ma, Zhong, Dai, Xinfa, Xu, Jianping, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Meng, Xiaofeng, editor, Li, Ruixuan, editor, Wang, Kanliang, editor, Niu, Baoning, editor, Wang, Xin, editor, and Zhao, Gansen, editor

Published

2018

33. Big Data Storage Architecture Design in Cloud Computing

Author

Chen, Xuebin, Wang, Shi, Dong, Yanyan, Wang, Xu, Diniz Junqueira Barbosa, Simone, Series editor, Chen, Phoebe, Series editor, Du, Xiaoyong, Series editor, Filipe, Joaquim, Series editor, Kara, Orhun, Series editor, Liu, Ting, Series editor, Kotenko, Igor, Series editor, Sivalingam, Krishna M., Series editor, Washio, Takashi, Series editor, Chen, Wenguang, editor, Yin, Guisheng, editor, Zhao, Gansen, editor, Han, Qilong, editor, Jing, Weipeng, editor, Sun, Guanglu, editor, and Lu, Zeguang, editor

Published

2016

34. Design and Implementation of a Project Management System Based on Product Data Management on the Baidu Cloud Computing Platform

Author

Qiu, Shenghai, Wang, Yunxia, Jin, Wenwu, Liu, Jiannan, Diniz Junqueira Barbosa, Simone, Series editor, Chen, Phoebe, Series editor, Du, Xiaoyong, Series editor, Filipe, Joaquim, Series editor, Kara, Orhun, Series editor, Liu, Ting, Series editor, Kotenko, Igor, Series editor, Sivalingam, Krishna M., Series editor, Washio, Takashi, Series editor, Chen, Wenguang, editor, Yin, Guisheng, editor, Zhao, Gansen, editor, Han, Qilong, editor, Jing, Weipeng, editor, Sun, Guanglu, editor, and Lu, Zeguang, editor

Published

2016

35. On Implementation of a KVM IaaS with Monitoring System on Cloud Environments

Author

Yang, Chao-Tung, Chen, Bo-Han, Chen, Wei-Sheng, Kim, Tai-hoon, editor, Adeli, Hojjat, editor, Fang, Wai-chi, editor, Vasilakos, Thanos, editor, Stoica, Adrian, editor, Patrikakis, Charalampos Z., editor, Zhao, Gansen, editor, Villalba, Javier García, editor, and Xiao, Yang, editor

Published

2012

36. A Management of Resource Ontology for Cloud Computing

Author

Jeong, Hwa-Young, Hong, Bong-Hwa, Kim, Tai-hoon, editor, Adeli, Hojjat, editor, Fang, Wai-chi, editor, Vasilakos, Thanos, editor, Stoica, Adrian, editor, Patrikakis, Charalampos Z., editor, Zhao, Gansen, editor, Villalba, Javier García, editor, and Xiao, Yang, editor

Published

2011

37. Challenges and Security in Cloud Computing

Author

Chang, Hyokyung, Choi, Euiin, Kim, Tai-hoon, editor, Vasilakos, Thanos, editor, Sakurai, Kouichi, editor, Xiao, Yang, editor, Zhao, Gansen, editor, and Ślęzak, Dominik, editor

Published

2010

38. Towards a Theory of Universally Composable Cloud Computing

Author

Zhu, Huafei, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

39. Cloud Computing Based Internet Data Center

Author

Zheng, Jianping, Sun, Yue, Zhou, Wenhui, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

40. Extending YML to Be a Middleware for Scientific Cloud Computing

Author

Shang, Ling, Petiton, Serge G., Emad, Nahid, Yang, Xiaolin, Wang, Zhijian, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

41. Integrating Cloud-Computing-Specific Model into Aircraft Design

Author

Zhimin, Tian, Qi, Lin, Guangwen, Yang, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

42. A Service-Oriented Qos-Assured and Multi-Agent Cloud Computing Architecture

Author

Cao, Bu-Qing, Li, Bing, Xia, Qi-Ming, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

43. Cloud Infrastructure & Applications – CloudIA

Author

Sulistio, Anthony, Reich, Christoph, Doelitzscher, Frank, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

44. Cloud Computing: An Overview

Author

Qian, Ling, Luo, Zhiguo, Du, Yujian, Guo, Leitao, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

45. IBM Cloud Computing Powering a Smarter Planet

Author

Zhu, Jinzy, Fang, Xing, Guo, Zhe, Niu, Meng Hua, Cao, Fan, Yue, Shuang, Liu, Qin Yu, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

46. An Idea of Special Cloud Computing in Forest Pests’ Control

Author

Jiang, Shaocan, Fang, Luming, Huang, Xiaoying, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

47. Research on Cloud Computing Based on Deep Analysis to Typical Platforms

Author

Xia, Tianze, Li, Zheng, Yu, Nenghai, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

48. One Program Model for Cloud Computing

Author

Zhou, Guofu, He, Guoliang, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

49. BlueSky Cloud Framework: An E-Learning Framework Embracing Cloud Computing

Author

Dong, Bo, Zheng, Qinghua, Qiao, Mu, Shu, Jian, Yang, Jie, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009

50. Enterprise Cloud Architecture for Chinese Ministry of Railway

Author

Shan, Xumei, Liu, Hefeng, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jaatun, Martin Gilje, editor, Zhao, Gansen, editor, and Rong, Chunming, editor

Published

2009