Application Execution Time Prediction for Effective CPU Provisioning in Virtualization EnvironmentProvisioning of hardware resources through virtual machines (VMs) has been widely used for supporting server consolidation and infrastructure-as-a-cloud computing. We propose NICBLE to support accurate CPU resource provisioning for application workload running on VMs. While CPU is essential for any application workload, not every workload requires the same level of CPU resource. The VM tenants may also have different expectations of application performance and preferences. NICBLE models the execution of an application workload and employs a simulation-based algorithm to predict the impact on application execution time for a hypothetical VM configuration change on the number of CPUs. One may use NICBLE to reason about whether changing the number of CPUs will significantly affect the application performance. We built the NICBLE prototype on top of the Xen hypervisor . NICBLE does not require modification to the guest systems. The performance overhead on the guest system is negligible. Our evaluation indicates that NICBLE is able to provide accurate prediction with an average error rate of less than 15% for non-adaptive application workload.
MicroApp Architecting Web Application for Non-Uniform Trustworthiness in Cloud Computing EnvironmentAn increasing number of web applications are now hosted in cloud infrastructures such as Amazon Web Services. Cloud infrastructures generally lack a uniform guarantee on security, reliability, performance, and cost. A privately owned cloud infrastructure may be considered more secure but less performant than a third-party public cloud infrastructure. Infrastructures that span across geographical regions may further incur complications on the trustworthiness of infrastructures due to the varying power of jurisdiction. Application developers have to be aware of the non-uniformity of infrastructure trustworthiness when deploying applications in the cloud. We propose the MicroApp architecture that help address the difficulty in dealing with the non-uniformity. MicroApp splits a web application into multiple micro applications. Each micro application encapsulates a port of the code and data with the same level of security and integrity requirement. The micro applications will then be deployed to corresponding infrastructures that satisfy the respective requirements. MicroApp provides an RPC mechanism to allow control flows across micro applications. The architecture can be transparently applied to existing web applications and allows an application to effectively adapt to the cloud environment.
Mobile Device Management
對於攜入個人智慧行動裝置(Bring Your Own Device)於軍事管制區，目前國防部已著手導入行動裝置管理(Mobile Device Management)第三方解決方案來處理其所造成的資安隱憂。但由於管制區內的人事物有其敏感性，若僅仰賴第三方解決方案，恐形成一極大的國安漏洞。因此在本研究中我們對Android智慧行動裝置安全管控各項功能之實作可行性進行評估進而掌握其背後所需的關鍵技術，包括如裝置資訊取得、裝置控制、管控系統自體防護以及架構設計等。本研究的成果可立即作為國防部於初期導入第三方MDM解決方案的採購評量參考，而針對中長期須自行開發MDM系統的目標，本研究所發展的諸項關鍵技術也將具有極高的參考價值。
Software Defined Networking (SDN) allows the construction of virtual networks on top of a datacenter network infrastructure. However, the flexibility also increases the chance of inconsistencies in the network configurations caused by component failures, software bugs, or human errors. The inconsistencies may result in service outage or security policy violation. We propose a model-based verification system to check the consistency of a virtual network. The system models the requirements as logic constraints and extracts the configuration states of a virtual network. The configuration states are checked against the logic constraints by using a SMT solver. The prototype system successfully detects various inconsistencies injected to the testbed and incurs reasonable amount of overheads.