Author ORCID Identifier

https://orcid.org/0000-0002-5572-8504

Year of Publication

2020

Degree Name

Doctor of Philosophy (PhD)

Document Type

Doctoral Dissertation

College

Engineering

Department

Computer Science

First Advisor

Dr. D. Manivannan

Abstract

Security and fault tolerance are the two major areas in cloud computing systems that need careful attention for its widespread deployment. Unlike supercomputers, cloud clusters are mostly built on low cost, unreliable, commodity hardware. Therefore, large-scale cloud systems often suffer from performance degradation, service outages, and sometimes node and application failures. On the other hand, the multi-tenant shared architecture, dynamism, heterogeneity, and openness of cloud computing make it susceptible to various security threats and vulnerabilities. In this dissertation, we analyze these problems and propose algorithms for achieving fault tolerance and ensuring security in cloud computing systems.

First, we perform a failure characterization study on the Google cluster data trace and find out the key attributes that cause a job or a task to fail. Based on these findings, we propose a failure prediction model that takes resource usage data of a job or a task and predicts its probability to fail or finish. Next, we design a cloud scheduler by leveraging this failure prediction model. Our scheduler adjusts its scheduling decisions dynamically relying on the predicted outcome. Experimental evaluations indicate that, our scheduler reduces job failure rate, increases resource utilization, maintains load balance, and decreases job completion time.

Second, we present two cloud storage schemes that simultaneously achieve confidentiality, integrity, availability, and storage efficiency. Our first scheme uses convergent encryption with perfect secret sharing method to secure data and encryption keys. This scheme also supports both file level and block level deduplication. User authentication, fine-grained access control, and integrity auditing are addressed using a challenge-response protocol based on Merkle hash tree data structure. Our second scheme is a slight variation of the first one, where we introduce some approaches to overcome the limitations of convergent encryption. In this scheme, we use ciphertext policy attribute-based access structure to simplify fine-grained access control and key management. This scheme is resilient against side-channel attacks and overall the attack vectors are reduced than the first scheme. Simulation results indicate that, both schemes are semantically secure and incur minor overhead compared to the existing state-of-the-art techniques.

Digital Object Identifier (DOI)

https://doi.org/10.13023/etd.2020.413

Available for download on Friday, October 07, 2022

Share

COinS