Some computational grid applications have very large resource requirements and need simultaneous access to resources from more than one parallel computer. Current scheduling systems do not provide mechanisms to gain such simultaneous access without the help of human administrators of the computer systems. In this work, we propose and evaluate several algorithms for supporting advanced reservation of resources in supercomputing scheduling systems. These advanced reservations allow users to request resources from scheduling systems at specific times. We find that the wait times of applications submitted to the queue increases when reservations are supported and the increase depends on how reservations are supported. Further, we find that the best performance is achieved when we assume that applications can be terminated and restarted, backfilling is performed, and relatively accurate run-time predictions are used.

Scheduling with advanced reservations

Lightweight IoT-based authentication scheme in cloud computing circumstance

With the exponential increase of the mobile devices and the fast development of cloud computing, a new computing paradigm called mobile cloud computing (MCC) is put forward to solve the limitation of the mobile device's storage, communication, and computation. Through mobile devices, users can enjoy various cloud computing services during their mobility. However, it is difficult to ensure security and protect privacy due to the openness of wireless communication in the new computing paradigm. Recently, Tsai and Lo proposed a privacy-aware authentication (PAA) scheme to solve the identification problem in MCC services and proved that their scheme was able to resist many kinds of existing attacks. Unfortunately, we found that Tsai and Lo's scheme cannot resist the service provider impersonation attack, i.e., an adversary can impersonate the service provider to the user. Also, the adversary can extract the user's real identity during executing the service provider impersonation attack. To address the above problems, in this paper, we construct a new PAA scheme for MCC services by using an identity-based signature scheme. Security analysis shows that the proposed PAA scheme is able to address the serious security problems existing in Tsai and Lo's scheme and can meet security requirements for MCC services. The performance evaluation shows that the proposed PAA scheme has less computation and communication costs compared with Tsai and Lo's PAA scheme.

Efficient Privacy-Aware Authentication Scheme for Mobile Cloud Computing Services

[서평]「Computer Networks and Internets」

D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events

Distributed denial of service (DDoS) attacks are ever threatening to the developers and users of the Internet. DDoS attacks targeted at the application layer are especially difficult to be detected since they mimic the legitimate users' requests. The situation becomes more serious when they occur during flash events. A more sophisticated algorithm is required to detect such attacks during a flash crowd. A few existing works make use of flow similarity for differentiating flash crowds and DDoS, but flow characteristics alone cannot be used for effective detection. In this paper, we propose a novel mechanism for discriminating DDoS and flash crowds based on the combination of the parameters reflecting their behavioral differences. Flow similarity, client legitimacy, and web page requested are identified as the principal parameters and are used together for effective discrimination. The proposed mechanism is implemented on resilient proxies in order to protect the server from direct flooding and to improve the overall performance. The real datasets are used for simulation, and the results are presented to evaluate the performance of the proposed system. The results show that the proposed mechanism does effective detection with fewer false positives and false negatives.

/pdf/behavior-based-detection-of-application-layer-distributed-4g7rj11lhi.pdf

Behavior-based detection of application layer distributed denial of service attacks during flash events

The growth of the Internet and telecommunication technology has facilitated remote access. During the last decade, many secure dynamic identity (ID)-based remote user authentication schemes have been proposed for the multiserver environment using smart cards. Recently, Li et al. point that the Lee et al. scheme is vulnerable to forgery attack, server spoofing attack, improper authentication, and unfriendly and inefficient password change. To overcome these security weaknesses, Li et al. propose a novel smart-card- and dynamic ID-based remote user authentication scheme for multiserver environments. In this paper, we show that the Li et al. scheme is also vulnerable to offline password guessing attack, stolen smart-card attack, forgery attack, and poor reparability. Their scheme does not also provide two-factor security. To provide a secure remote user authentication scheme for the multiserver environment and to overcome the security weaknesses, we propose an enhanced scheme. Our scheme is aimed at logically securing the data stored in the smart card and improving the dynamic property of the ID using password randomization for each session. Our scheme resists forgery attack, replay attack, stolen smart-card attack, offline password guessing attack, and spoofing attack. Our scheme’s efficiency has been established analytically and confirmed through simulation.

Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multiserver Environment

A cloud system uses virtualization technology to provide cloud resources (e.g. CPU, memory) to users in form of virtual machines. Job requests are assigned on these VMs for execution. Efficient job assignment on VMs will reduce the number of hosts used. Hence, it is essential to achieve energy optimization in cloud computing environments. Therefore, in this paper, a job scheduling mechanism is proposed to assign job to a VM of the existing active hosts itself by considering job classification and preemption. So that minimizing the number of host used in allocation intern reduces the energy consumption in the Cloud datacenter. In our proposed job scheduling algorithm, categorizing the job in to three different types and assigned based on preemption policy with the earliest available time of the resource (VM) which is attached to a host. Thereby, we reduce the energy consumption by making less number of hosts in the active state and increase the utilization of active host. Finally, we conduct simulations using CloudSim and compare our algorithm with other existing methods. Significant energy savings can be obtained depending on system loads. Energy saving is about 2% to 46% with respect to the non-energy aware algorithm, 1% to 7% than the energy aware algorithms.

Energy Aware Resource Management and Job Scheduling in Cloud Datacenter

Distributed Denial of Service attacks are becoming a serious issue for the developers and the users of the Internet. In recent times, the attackers are targeting the online applications and web services. Detecting such application level attacks are much challenging because the attack traffic mimics the legitimate behaviour. A more sophisticated mechanism is required to detect and mitigate such attacks. In this paper, a novel method for detecting application layer Distributed Denial of Service attack is proposed. Initially, web user behaviour on different perspectives is analyzed using the system log and key dimensions that are highly responsive to attacks are identified using Principal Component Analysis. The extracted key features are analyzed to fix up the appropriate thresholds for differentiating legitimate and illegitimate access. Each incoming session is examined and if found suspicious, the detection mechanism is invoked. The detection mechanism includes a score assignment mechanism which assigns the threat score based on the history and statistical analysis of the current characteristics. The sessions having acceptable score are then scheduled to get service from the server. Remaining sessions are considered malicious and dropped. The real data sets are taken for the simulation and the results are exhibited to show the efficiency of the proposed detection method. The results show that the proposed technique performs effective detection of constant flooding and repeated shot attacks with low false positives and low false negatives.

Renuka Devi Saravanan

Papers

Behavior-based detection of application layer distributed denial of service attacks during flash events

Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multiserver Environment

Energy Aware Resource Management and Job Scheduling in Cloud Datacenter

Suspicious Score Based Mechanism to Protect Web Servers against Application Layer Distributed Denial of Service Attacks

Securing VPN from insider and outsider bandwidth flooding attack