This paper proposes a two-level scheduling strategy to address the performance differences,various combinations of cipher service processing commands and cipher algorithms,and random high concurrency of computing nodes in a heterogeneous cloud environment.The strategy supports various cipher processing commands and algorithms.Considering the multiple attributes of request tasks of users and computing nodes in the cloud,it optimizes the Quality of Service(QoS) and success rate of task scheduling of the whole scheduling system from both the task viewpoint and the node viewpoint.Through the mapping of function attributes between tasks and computing nodes,the cipher service requests can be realized correctly.On this basis,the node priority algorithm is used to improve the real-time performance of task processing and success rate of task scheduling in a cipher service system with random high concurrency.Simulation results show that the proposed strategy can guarantee the success rate of task scheduling and effectively improve the execution efficiency and task load balancing performance.Compared with the Dynamic Priority Assignment(DPA) scheme and Genetic algorithm(GA),it can shorten task execution by around 4% and 17% respectively.

Aiming at the problems that the fragmentation of physical resources results in the rejection of the embedding requests and reduces utilization of physical resources during the virtual network mapping,a Virtual Network Mapping(VNM) algorithm based on the optimal subnet is proposed.It coarsens network topology using Band Heavy Edge Matching(B-HEM) algorithm by merging the virtual nodes that meet the constraints.A set of candidate physical subnet is created by the Breadth First Search(BFS) algorithm,and the coarsened virtual network request is mapped to the optimal subnet.Simulation results show that the proposed algorithm can reduce the hops of link mapping and improve the request acceptance ratio and the revenue/cost ratio of virtual networks.

In the hybrid cloud environment,in order to meet the cross-domain authentication requirements of identity authentication schemes between different cryptosystems,a cross-domain identity authentication scheme based on Public Key Infrastructure(PKI) and Certificateless Cryptography(CLC) is proposed.The PKI-based multi-center authentication management mechanism is introduced to control and track the anonymous identity of users in different cryptosystem security domains.In the bidirectional authentication process between the user and the cloud service provider,the negotiation of the session key and the conversion of the anonymous identity of different cryptosystems are completed.The analysis results show that the scheme can resist replay attacks,replacement attacks and man-in-the-middle attacks while achieving cross-domain identity authentication between different cryptosystems,and it has high security and computational efficiency.

Aiming at the Coflow scheduling problem in the prior knowledge unknown scene,an Approximate Smallest-Effective-Bottleneck-First(A-SEBF) Coflow scheduling method is proposed.Coflow's scheduling order is determined by combining the current size and width of Coflow,and the Coflow is characterized by large and small flows,as well as features such as fat,short and thin,so as to increase the space for scheduling optimization.Experimental results show that compared with the Aalo method in the prior knowledge unknown scene,the method can reduce the average completion time of Coflow by 33.2%.Compared with the SEBF method in the prior knowledge known scene,the average completion time of Coflow lags only 7.3% in performance.

In order to solve multi-objective task scheduling problem in cloud manufacturing environment,this paper proposes a User Preference Task Scheduling Algorithm(UPTSA) through improving Non-dominated Sorting Biogeography-based Optimization(NSBBO) algorithm.The quality of the manufacturing task scheduling scheme is evaluated by the user preference defined by the uniform weight allocation strategy,so that the UPTSA algorithm can find the optimal solution reflecting the user's preference,and the trapezoidal migration rate calculation model is designed to expand the search neighborhood and avoid falling into the local maximum.The example analysis results show that UPTSA algorithm can effectively solve the multi-objective task scheduling problem in cloud manufacturing environment,and provide users with a set of scheduling schemes to assist their decision-making,so as to meet highly personalized user requirements.

Changing the relationship between virtual machine selection and placement in cloud data centers can improve the overall performance of cloud data centers.For this reason,this paper proposes a virtual machine selection strategy based on task mapping.This strategy takes granularity of tasks,the size of a virtual machine and computing capabilities of a physical machine as indexes.Four selection algorithms,Simple,Multiple(k),Maxsize(u) and Relation,are designed by integrating the selection and placement of virtual machine,so as to construct mathematical models for virtual machine selection based on task mapping.Experimental results based on Cloudsim simulator show that,by using the proposed strategy to optimize the virtual machine selection and placement processes,the energy consumption and times of virtual machine migration can be reduced,and the cost of cloud service providers can be saved.

The traditional Ciphertextpolicy Attribute-based Encryption(CP-ABE) systems are based on singleauthority organization,and most of them have the problems of large computation cost,low key maintenance efficiency,and inability to achieve anti-conspiracy attacks.Therefore,an improved cloud access control scheme is proposed.The logical binary tree constructed by the hash function generates a group key for each attribute,and uses the group key to update the user’s private key and ciphertext to achieve fine-grained attribute changes.The private key of the user’s attribute is jointly distributed by multiple authorized centers to solve the performance bottleneck of the single authorized organization.With decryption outsourcing and fixed ciphertext encryption technology,users’ computing time and storage cost are reduced.The introduction of linear secret sharing matrix achieves a flexible resource access control strategy.Analysis results show that compared with other schemes such as cloud storage schemes based on attribute encryption,the complexity of the user’s computation is optimal when the attribute changes,which greatly enhances the user’s decryption efficiency.

For cloud data access control research,there are many problems such as large cost of attribute change and inflexibility.On the basis of ciphertext policy Attribute-based Encryption(ABE),this paper proposes a scheme supporting fine-grained attribute change.It combines a Hash function that has irreversible calculation properties and defines a logical binary tree to re-encrypt the ciphertext,and updates the ciphertext and the private key according to the group key generated by the root node of the largest covering subtree corresponding to each attribute,so that each attribute can be fine-grained changed.Simulation experimental results show that this scheme can effectively reduce the whole computation complexity and user storage pressure,and the change efficiency can be improved.

Aiming at the problem that task scheduling based on ant colony algorithm has unbalanced load and slow convergence speed,an improved task scheduling optimization algorithm is proposed.The pheromone update rules of the ant colony algorithm are optimized by weighting methods to accelerate the solution speed,and the comprehensive performance of the dynamic update volatilization coefficient optimization algorithm is utilized,and the load weight coefficient of the virtual machine is introduced during the update process of the local pheromone to ensure the load balancing of virtual machines.Experimental results show that the task scheduling strategy of the improved algorithm ensures that the task is reasonably allocated,and at the same time,the convergence speed of the algorithm is improved and the total execution time is shortened.

For the attribute-based encryption scheme,a single authority has the problem of low efficiency and easy disclosure of user keys.Through the establishment of a decentralized attribute authority and agent reencryption technology,a Ciphertext-policy Attribute-based Encrypfion(CP-ABE) with attribute revocation function in a multi-attribute authority environment is designed.The scheme implements user attribute revocation through the version number tagging method,and establishes the access tree structure to manage attributes issued by different attribute authorities,so as to resist the joint attack of multiple attribute authority and achieve fine-grained access of users.Analysis results show that compared with the existing attribute-based encryption schemes,this scheme can shorten the length of the ciphertext and reduce the user’s computation cost.

In data decryption process of cloud platform server,it is easy to cause problems of information disclosure,the database administrators spy on users’ privacy information and heavy processing tasks of client.To solve above problems,a design scheme of security private cloud platform based on homomorphic cryptography is proposed.In the private cloud platform scene meeting the demand of bank business processing,by adopting with adjustable onion encryption strategy,ciphertexts can be evaluated directly by additive homomorphism of Paillier and multiplicative homomorphism of ElGamal.Then,frequent interactions between client and server,as well as data encryption and decryption operations can be avoided.Simulation experiment and efficiency analysis results show that the proposed scheme can effectively resist the chosen plaintext attack while ensuring the operation efficiency.

To optimize the scheduling process of cloud workflow tasks,a workflow scheduling algorithm based on deadline constraint and Critical Path(CP) is presented,which named WS-DCCP.Firstly,combined with the heterogenous and elastic features of cloud resources,all tasks are partitioned into different logic levels.Based on this logic levels,the workflow deadline is proportionally re-distributed.Then,tasks are prioritized by the improved sum of task upwark rank and downward rank,and the Constrainted CP(CCP) are constructed based on task priority.Finally,the tasks set on the CCP are scheduled on the same resource so as to reduce the communication cost.The next is to find the resource minimizing the workflow execution cost under meeting the sub-deadline constraint of the CCP,which can obtain the scheduling solution minimizing the execution cost under meeting deadline constraint.Through the simulation experiments,the performance evaluations are conducted compared with IC-PCP and JIT.The results show that WS-DCCP can reduce the workflow scheduling cost and improve the scheduling success rate while meeting deadline constraints.

For enterprise level private cloud systems,thousands of virtual machine instances are deployed on multiple data centers across the nation,which will generate massive raw data for the monitoring system to persist and process.This makes a significant pressure on computing,storage and network for monitoring system providing real-time monitor and statistical reports.Aiming at this problem,this paper designs a monitoring system for large scale private cloud by using whole set of big data method which makes the work distributed to solve the challenge mentioned above.Meanwhile,with the collected monitoring data,it uses thermal migration mechanism to reduce the waste of physical resources caused by unevenly distribution.Experimental result shows that this system can satisfy real-time monitoring as well as offline statistics and enhance above 13% physical resource utilization rate.

In most of existing cloud storage integrity detection schemes,people need to execute many public key computations and complicated public key certificate management operations.In order to solve this problem,this paper proposes an ID-based cloud storage integrity detection scheme.It introduces ID-based cryptography,which reduces public key certificate management operations for user.Besides,user can authorize a Third-Party Auditor(TPA) to complete all time-consuming operations,including data uploading,generating data authenticator and data integrity detection,which minimizes the burden on the user side.The security and performance analysis results show that the proposed scheme can reduce computational overhead and generate user lightweight validators while supporting data privacy.

To solve the problem that the ciphertext interval search scheme based on single assertion named SRQSAE cannot resist statistical analysis attack of only-ciphertext,a new secure ciphertext interval retrieval scheme based on cloud storage technology is proposed.Through improving the structure of the key matrix and introducing random numbers,the proposed scheme can hide the size of keyword and ensure the confidentiality of keyword index and interval trapdoor,which can meet the requirements for the security of arrange and merge features.The comparative results of the complexity,storage space,operation time and data transmission show that,compared with SRQSAE scheme,the proposed scheme can get great improvement on above performance while ensuring the security.

Most of traditional replicas distribution strategies usually assume that the data is independent and require no management cost,with no consideration of influence to data replicas cost and the generation of intermediate data.For these reasons,a two-phase data replicas distribution and generation strategy considering cost and storage space is proposed.In the phase of distributing the data replica,it selects the appropriate replicas storage places based on Genetic Algorithm(GA) by comparing the data transfers cost and storage cost and determines the storage and generation mode on the data center based on Dijkstra algorithm by comparing the data storage cost and generation cost.Experimental results show that the strategy is both feasible and effective in reliable data access while reducing the data management cost and data storage space,so as to improve the performance of cloud storage.

The traditional Information Flow Control(IFC) technology is limited by its stand-alone environment research,it is difficult to effectively protect the security of data in cloud computing.Therefore,this paper proposes an information flow control mechanism based on attribute encryption technology,which combines Attribute-Based Encryption(ABE) technology with IFC technology.By redesigning the user private key and access tree generation method,it reduces to access mechanism,making the mechanism to control the cloud data effective information flow,thus eliminates potential safety problems.Performance test results show that this mechanism can effectively resist the shared channel based attacks and protect the security of sensitive data in static virtual domains.

Hospital cloud computing system has the problems of demand uncertainty and heterogeneity of nodes,which causes load imbalance.Therefore,a load balancing hospital cloud computing system resource scheduling scheme is proposed.The scheme is based on the hybrid leapfrog algorithm,aiming at the problem that the hybrid leapfrog algorithm is easy to fall into the local optimal solution,a resource scheduling scheme of the hospital cloud computing system based on the discussion mechanism leapfrog algorithm is proposed.By increasing the number of self-adaptive discussions,the search capability of the algorithm is improved.Simulation results show that the proposed scheme has better performance of load balancing than the traditional load balancing scheme and can solve the problem that the hybrid leap frog algorithm falls into local optimum.

Transmission signed file transfer of digital signature technology based on Public Key Infrastructure(PKI) is usually subject to factors such as the environment,the terminal,and the file format between the users,and the signatures between different signature systems are not compatible either.In order to solve these problems,this paper analyzes and studies the cloud digital signature technology,including its advantages,specific protocol and signature procedure,and designs the cloud signature system.The system applications are put on the cloud server,and users only need a simple text interaction with the cloud server to achieve cross-platform operation of signature files.The application results show that the signature operation of the cloud digital signature system possesses the features of unity,convenience and universality.The system can ensure that the signed files are compatible with each other and have the characteristics of high security and low cost of equipment maintenance.

Aiming at the problem of now internal low aircraft maintenance resources utilization,a Prognostic and Health Management(PHM) architecture based on cloud computing is put forward.Allocation model based on particles swarm algorithm is set for PHM resources in cloud computing virtual layer,it ensures utility function between users and resources is higher than utility function between asks and resources under optimal service quality,and the simulation experiments are carried out by using CloudSim platform,results show that the architecture can improve the generality and utilization of knowledge to PHM system,and can solve effectively the problem of resource optimization in aircraft maintenance support.

In order to maximize the profit of service user virtual resource leasing in cloud computing,a new virtual resource leasing algorithm of cloud computing is proposed.By the cloud computing environment composed of three functional modules which are Virtual Resource Provider(VRP),Cloud Service Provider(CSP) and end user,it gives the virtual resource rental profit target.Considering the distribution of price and the urgency of tasks,for the weakly stationary price sequence,it uses the outlier detection method to filter the extreme price,designs the weak balance operator which uses the exponential function to control the integral shape of objective function’s curve,and uses the non-uniform mutation operator to adjust local operators and effectively predict the future price.Then it gets the optimal leasing rental price of Virtual Machine(VM) processing tasks.Experimental results show that the proposed algorithm can improve the efficiency and rental cost of virual resource and reduce its usage cost.

In order to improve the equilibrium of resources scheduling in cloud computing system and maximize the benefits of resource providers,this paper proposes an allocation model for cloud computing resource based on queuing theory.It considers waiting queue length as the premise of resource allocation,analyzes the resource allocation strategy in terms of Nash Equilibrium(NE) theory and proposes Modified Resource Allocation(MRA) algorithm.Meanwhile,this alogithm is compared with some resource allocation algorithms in distributed computing architecture,Hadoop.Experimental results show that,compared with Fair algorithm,First-In First-Out(FIFO) algorithm and classical Random algorithm,the proposed MRA algorithm not only can realize the fair sharing of resources for users,but also can meet the needs of resource providers in improving the system response time.

Cloudlets are small self-maintained clouds.They improve the overall performance of mobile services through balancing user access requests.In practice,the dispersed user demand changes with time,and the service resources of cloudlets need to be deployed in advance according to the prediction of the required resources.Therefore,in order to optimize the overall performance of the system resource utilization,queuing theory is used to construct resource limited service model of cloudlets which fits in with the birth and death processes.Then,the comparison between single and multiple queues show that the single queue model with multiple virtual cores is better than the multi-queue model with single virtual core under the same service intensity.Experimental result showes that the service model of cloudlets can further optimize the overall system performance with the increase of the virtual cores.

In order to improve the reliability of on-board cloud computing resource scheduling and reduce the computation time of data processing,a parallel MapReduce heuristics on-board cloud resource scheduling algorithm with Quality of Service(QoS) perception is proposed.Based on the MapReduce parallel computing model,the On-Board Unit(OBU)-based vehicle parallel detection service framework in cloud computing environment is designed,and the relative priority factor is used to construct the on-board cloud computing scheduling model.Then the cloud resource scheduling model is optimized by using heuristic parallel optimization algorithm to reduce the computational complexity of the proposed algorithm.The simulation results in NS-3 show that the proposed algorithm can shorten the job execution time effectively and has higher reliability.

Aiming at the problem that the performance parameters of the virtual links cannot be emulated accurately in the OpenStack cloud platform,a method of high-fidelity link emulation is proposed.The virtual network nodes are emulated by multi-granularity virtualization technology,and the virtual links between virtual network nodes are constructed based on Software Defined Network(SDN).According to the location of the compute nodes where the virtual network nodes communicate,the intra-host link emulation and the inter-host link emulation are achieved respectively,so that the flexible configuration and automatic deployment of the virtual link performance parameters(bandwidth,delay and packet loss rate) are supported.The experimental results show that the method can accurately emulate the performance parameters of virtual links and improve the fidelity of link emulation.

This paper researches Proxy Re-encryption(PRE) technology under the Certificateless Public Key Cryptography(CL-PKC),gives a formal definition and security model for certificateless PRE system and construct a new certificateless PRE scheme.The new scheme is proved secure against chosen plaintext attack in the Random Oracle Model(ROM).With the help of the proposed scheme,cloud service providers can transform ciphertexts encrypted under a user’s public key into different ciphertexts that can be decrypted by the other user’s secret key,and the other user also can access raw data to realize data sharing.Analysis result shows that the scheme can effectively ensure the safety and reliability of data under the environment of cloud computing.

In order to improve the delivery efficiency of Content Delivery Network(CDN) under Cloud storage environment,this paper puts forward a cache resource allocation and pricing algorithm based on Stackelberg game.It models the Web servers and cloud CDN service agents as a multi-leader multi-follower Stackelberg game model,and builds their respective utility functions.It also proves the existence of Nash Equilibrium(NE) point of the Web servers when the CDN agents’ prices are fixed.Finally,it utilizes a distributed iterative algorithm to solve the game model,and finds the optimal price and the optimal cache allocation under it.Simulation results show that the proposed algorithm ensures the Web server’s cache needs be efficiently allocated between agents.Compared with the user’s Quality of Service(QoS) priority algorithm,it can make the Web server obtain higher benefit per unit cost.

The researches on the security of cloud computing architecture are mainly focused on the architecture design and some technology improvement which are lack of overall thinking and guantitative analysis on the environment and related factors of the architecture.This paper abstracts the regulars and factors of cloud computing architectures,and finds those who affect their security through probability prove.A method about how to cut data into blocks according to its length is given.Security analysis result shows that the security of cloud architecture is related to data classification,increasing data security level and data block cutting which enhancing the difficulty of data recovery can improve the security of cloud architecture.

Aiming at the problem that the virtual machines of OpenStack cloud platforms fail to better utilize host physical machine resources,this paper builds a OpenStack platform based on Docker container technology which combines the efficiency of OpenStack based on component work in cloud platform management and the rapid deployment of Docker container virtualization.It tests the basic performance of the guest OSs of Docker container in the cloud platform,including computing,scheduling,memory access and I/O performance,evaluates and analyzes the related performance and compares its performance with the traditional OpenStack virtual machine in a multi instance running state.Analysis result shows that the new cloud platform can optimize the computation performance and the file system I/O performance from a global perspective by using the lightweight virtualization capabilities of Docker container.

The existing Virtual Machine(VM) placement researches mostly aim at energy saving,which reduce energy consumption by consolidating of resources.However,the excessive consolidation of these resources may lead to network performance degradation.Aiming at this problem,this paper studies the network-aware VM placement problem,analyzes the influence factors of VM placement and proposes a two-phase heuristic VM placement algorithm.Firstly,based on analyzing the similarity between VMs,the aggregation is performed to improve communication ability among VMs and reduce the network traffic of data center.Then,a modified knapsack algorithm is used to implement the appropriate allocation of VMs between physical hosts.Experimental results show that,compared with Best Fit(BF) algorithm and random algorithm,the proposed algorithm can optimize the network traffic,reduce the number of avtivated physical hosts and save energy consumption more effectively.

In order to accurately and efficiently verify data integrity in smart grid with cloud storage,this paper proposes a new scheme for dynamic data integrity verification.On the basis of protecting the data confidentiality,this scheme performs BLS short signature on data and supports third party auditing,which can verify the integrity of partial data and reduce the computational cost according to user requirements.Meanwhile,it uses the Locality Sensitive Hash(LSH) as an quick searching manner to improve the query efficiency of updating the stored data and quickly retrieve the data while integrity being validated.Experimental results show that the proposed scheme can verify the integrity of the power data accurately and support efficient dynamic data updating.

The resource scheduling policies for the cloud platform are too simple to meet the needs of the medical service effectively.Aiming at this problem,this paper analyzes different demands of different medical systems on resources and proposes the IB-Choose resource scheduling strategy on this basis.It builds a medical cloud platform with doctor diagnosis and treatment system,laboratory test system and image archiving system based on OpenStack platform,and implements the IB-Choose strategy on this platform.Experimental results show that,compared with the default resource scheduling policy in OpenStack,named Chance,the IB-Choose resource scheduling policy can shorten the service time of starting virtual machines by 25%~30%.At the same time,it reduces the cloud resources overhead and improves the utilization rate of cloud resources.

The Quality of Experience(QoE) of mobile terminals severely reduces caused by both local service station to a serious shortage of resources,and mobile terminal resources with limited.Furthermore,the task offloading into remote cloud brings the large time delay.This paper proposes a joint optimization of the power and load allocation algorithm for small cell cloud.Based on the channel quality and the rest of the available computing resources to build Small Cell Cloud(SCC),according to the same element,it distributes the load(offloading tasks) to SCC and uses a heuristic algorithm to seek approximate suboptimal solution to transmitting power.Simulation results show that the algorithm can improve the utilization of the radio and computing resources,and enhance the user QoE at the same time.

The virtual machines which are I/O intensive need to communicate with each other frequently.In order to solve the problems of low efficiency and big latency in inter-domain communication of virtual machines,an inter-domain communiaction optimization method between driver domain and user domain based on Double Ring Buffer(DRB) is proposed.Two ring buffers in user domain are built to be shared with a driver domain,and the access rights of the driver domain is controlled by the virtual machines monitor according to I/O task tables,which reduces the overhead of processor mode switching and memory mapping.Experimental results show that the inter-domain communication mechanism after using the optimization method has higher throughput and lower delay compared with original inter-domain virtual machine communication mechanism,and it greatly improves the inter-domain communication performance of the user domain and drive domain.

To solve the problem that untrusted cloud computing service providers steal user’s privacy data,this paper uses the homogeneous linear difference equations with constant coeffcients as a tool,applies secret sharing technology in cloud computing,and proposes a novel(m+1,t+1) threshold secret sharing scheme.This scheme manages the decryption key of the user privacy data,and distributes a special secret share to user and a common secret share to each computing service provider by homogeneous linear difference equations with constant coeffcients.Cloud computing service providers cannot recover the user’s privacy data without the user’s involvement.Analysis reslut shows that the scheme resolves the problem that untrusted cloud computing service providers steal user’s privacy data,and reduces the cost of memory overhead by optimizing secret share.

In order to improve the computing and storage capacity of mobile cloud data storage remote server,this paper proposes an improved mobile cloud data storage algorithm.Firstly,it constructs resampling expected propagation time calculation model by considering node failure probability with the voting data distribution and voting data processing framework,and establishes the dynamic voting network integrating energy efficiency and fault tolerance.It uses the probability distribution estimation method to optimize the storage routes of dynamic network model.At the same time,it uses Gibbs sampling to solve the problems of high-dimensional coupling and unsupervised training of sample data and non supervision training.Experimental results show that compared with the greedy algorithm,random placement algorithm and Estimation of Distribution Algorithms(EDAs),the proposed algorithm has high energy efficiency and storage reliability.

Complex Event Processing(CEP) is an effective approach for real-time event stream monitoring,processing,analyzing and mining.Core concepts and basic elements of CEP are introduced.Major areas that utilizing CEP technology are reviewed,such as Internet of Things(IoT),cloud computing,grid computing,Business Process Management(BPM) and computation finance.Based on these applications,cloud based distributed parallel CEP technologies are introduced.By analyzing the requirements of future stream processing systems,it is concluded that such cloud based CEP technology is an important direction for the development of future CEP systems.Potential new areas that require such cloud based CEP system for complex stream event processing are explored,such as power system intelligent control,instrument control and intelligent measurement.Guidance can be provided for the utilization of the CEP technology for now and future.

The Data Transfer Time(DTT) is one of the dominating factors of task completion time in the data-intensive architecture of datacenter.A reasonable Virtual Machine(VM) placement method can effectively resolve the above problem.A good optimal VM placement result can obtain short DTT in the data-intensive datacenter and get the optimal task completion time in the datacenter.Aiming at this characteristic,this paper presents an optimized VM placement model so as to minimize the DTT.From the view of model analysis,the proposed model is a NP-complete problem.A corresponding proof is given in this paper.Simultaneously,a heuristic algorithm is given to solve the proposed model.Experimental results show that the proposed method can reasonably optimize VM placement and effectively decrease DTT in the data-intensive datacenter.

For the secure issues of outsourced data in cloud storage,a new method of data integrity verification is proposed,which can support secure deduplication and public verification.The method combines the advantages of Proofs of Ownership(POW) and Proofs of Retrievability(POR),and achieves client-side secure deduplication and data integrity verification simultaneously,in which data block,random sampling and dynamic coefficient are used.By introducing bilinear pairings and erasure codes,users can infinitely verify whether the data is intact in cloud storage.If the data is damaged,users can repair it with erasure codes.To achieve privacy preserving,the technology of random masking is introduced,which can hide the information of users’ data effectively.Analysis results show that the proposed method not only can assure the security and integrity of data stored in cloud storage,but also can efficiently reduce the computing cost and communication cost.

Since the nodes of the volunteer cloud have the characteristics of high dynamic and low reliability,the volunteer cloud is prone to Byzantine fault.Byzantine consensus algorithm can make the system keep consistent when f malicious nodes are present.However,the existing algorithms have high redundancy degree.Aiming at this problem,this paper proposes a Byzantine fault tolerance algorithm based on Gossip protocol,which reduces the system redundancy degree to 2f+1.It does not need to set the master node and all the computing nodes in system are set to be in peer status,so as to avoid single point failure in master-slave redundancy system.Theoretical analysis and experimental results show that the proposed algorithm can not only satisfy the Byzantine tolerance requirement,but also reduce the system redundancy degree.Compared with BFTCloud and Zyzzyva algorithm,it improves the system throughput.

Marine monitoring data has the characteristics of large scale and strong correlation.How to effectively layout the data and how to improve the execution efficiency of data management and application are the keys in current marine data research.With the integration of Internet-plus and digital ocean,a marine monitoring data layout strategy in cloud environment based on the correlation of monitoring data is proposed.In view of the characteristics of marine monitoring data in digital ocean,a strong correlation matrix is established according to the correlation of monitoring tasks,monitoring points and monitoring data.This brings data with high correlation together in the matrix arrangement.It divides the data based on the correlation matrix.Consequently,the data in different group can be distributed to different data center based on the capacity.Experimental results show that the strategy reduces the running time of the algorithm and the response time of marine monitoring data access.Besides,the strategy provides an effective method to the management and layout of marine monitoring data in digital ocean.

Big data applications meet various challenges in data migration in cloud computing environment.It mainly manifests in below aspects:reduce the number of network access,reduce the overall time consumption and improve the efficiency by the time of balancing the global load in the migration process and so on.Facing these challenges,it builds the problem model and descripts the dynamic migration strategy,then solves the global time consumption of data migration,the number of network access and global load balance in these three parameters.The cloud computing simulation experiment is done under Cloudsim experimental platform.The result shows that the proposed data dynamic migration strategy makes the task completion time reduced by 10% than Zipf distribution,network access number be lower than Zipf and tends to be stable.And in global load,the variance of the node’s store space is closed to zero.

Most existing public encryption schemes with keyword search are only suitable for the single user setting and do not allow users to launch a fuzzy retrieval.In order to solve this problem, an encryption scheme which can meet the demand of multiple users to share data in cloud environment is proposed.This scheme based on Multi-keyword Ranked Search(MRSE),uses Lagrange function and Euclidean distance to achieve key sharing and fuzzy matching.Analysis results show that,compared with MRSE scheme,this scheme does not reduce the performance of each user with expanding multi-user query,and can achieve privacy inquiry,specified retrieval,multiple users’ inquiries and other functions.

Aiming at the problem of NP hard optimization in the process of cloud computing Virtual Machine(VM) resource allocation,a new algorithm based on cloud computing Simulated Evolution-First Fit Decreasing(SME-FFD) is proposed.The optimal degree evaluation scheme of virtual machine resource allocation is put forward by use of the strong ability of climbing of simulated evolution,and for which the choice of virtual resource allocation,evaluation and sorting process is carried out.The FFD rule is adopted to the sort of virtual machine and physical host resource allocation to improve the efficiency and effectiveness of resource allocation.By comparing the experimental results with the CloundSim grid laboratory and Gridbus cloud simulation platform,it shows that the proposed algorithm is more than 55% of CPU usage,memory usage rate can reach more than 60%,which can improve the utilization rate of the host resources,and achieve the purpose of energy saving.

In cloud computing environment,technologies such as dynamic migration and scaling decrease both violations of Service Level Agreement(SLA) and energy cost.But frequent migration of Virtual Machine(VM) can increase SLA violations and cause the performance degradation.To minimize SLA violations and migrations,this paper proposes a scalable real-time VM scheduling policy.It builds a scalable system with Kafka and Spark to analyze history data,predicates future load and generates migration plan.Simulation experimental result shows that the policy decreases migrations by 50% while maintaining low SLA violation rate compared with native policy of CloudSim.

In order to meet the secure requirements of data sharing in mobile cloud storage environment,a verifiable access control scheme based on Ciphertext-policy Attribute-based Encryption(CP-ABE) is proposed from the aspects of data security access control and integrity verification,to deal with the situations such as inadequate battery power,limited data storage and computation capacity for mobile devices.It introduces the Encryption Service Provider(ESP) and Decryption Service Provider(DSP) into the system model,and implements the security outsourcing of encryption computation by using the permission attribute.ESP generates the verifiable tag for the ciphertext,before decrypting,the data integrity verification is requested by the challenger,and completed by Cloud Service Provider(CSP) according to the verifiable tag.DSP decrypts the ciphertext for the user who requests to access data.Due to the user secret key holding only by the corresponding user,the decryption computation is outsourced in security.The results of analysis and evaluation show that the proposed scheme can reduce the computation overhead of the mobile user by outsourcing computation to other servers.

Aiming at the problem that the existed host Security Risk Assessment(SRA) index is not complete,difficult to operate and the result is hard to understand,this paper proposes a method for host SRA based on Analytic Hierarchy Process(AHP) and cloud model.It integrates the national information security classified protection policy,designs a multi-level index system using AHP and cloud model to assess the risk of host security fuzzily and quantifiably.Experimental results show that the proposed method achieves a satisfactory result in quantitative evaluation of complex host system,and effectively improves the accuracy and scientificity of the detection results.

Most cloud platforms like CloudStack have no safety plug-in or function to protect the virtual machines.Aiming at this problem,this paper proposes a monitoring framework for malicious hidden process based on Xen virtual machine monitor on CloudStack.Firstly,the monitor client installed in the privileged virtual machine requests to monitor the processes in the target virtual machine,and the daemon process passes the request to the Xen virtual machine monitor using the event channel,then the event registration/capture module in the virtual machine monitor registers the event hook in the guest virtual machine.After listening CR3 register content changing in the target virtual machine kernel,this event is notified to the monitor response module,and then it uses the virtual machine introspection technology to get memory data of the target virtual machine and restores them by semantic restoration technology,and finally passes the processes monitor information from the virtual machine monitor to the monitor client through shared memory mechanism.Experimental results show that the proposed framework can accurately find malicious hidden processes in the target virtual machine,and obtain resource usage information of hidden processes.

Audit of data possession is the key technique of ensuring the cloud data integrity,but the concurrent update operation makes the audit system efficiency dramatically decreased.Aiming at this problem,this paper proposes an audit method of cloud storage data possession supporting concurrent update.By improving Merkle Hash Tree(MHT) structure,it makes multiple updated requests of MHT intermediate node delay execution and generates updated state tree.It separates multiple leaf nodes and combines them to execute,which can significantly eliminate duplicate nodes in MHT,and effectively reduce the update cost of cloud storage data integrity audit system.Both formal analysis and the experimental results indicate that the proposed method can efficiently reduce the number of updating MHT nodes,and improve the update efficiency for the audit of cloud storage data possession.

Under the environment of big data,the traditional association rule mining algorithms have lower efficiency caused by the rapidly increasing data.Aiming at the problem,this paper proposes a parallel incremental updating algorithm of association rules based on the Frequent Pattern Growth(FP-growth) algorithm.Each step of incremental FP-growth algorithm is realized to parallel process by using the MapReduce programming model and cloud computing platform.In the updating process,it uses the existing incremental of frequent itemsets and 1-set to construct frequent pattern tree of the new transaction after completing frequent itemsets updating by scanning the original transaction database one time.Experimental results show that the algorithm has better efficiency and expansibility compared with the traditional association rule mining algorithm,therefore it can be applied to the association rules incremental mining of massive data.