Serverless computing is a promising paradigm in cloud computing that greatly simplifies cloud programming.With serverless computing,developers only provide function code to serverless platform,and these functions are ...Serverless computing is a promising paradigm in cloud computing that greatly simplifies cloud programming.With serverless computing,developers only provide function code to serverless platform,and these functions are invoked by its driven events.Nonetheless,security threats in serverless computing such as vulnerability-based security threats have become the pain point hindering its wide adoption.The ideas in proactive defense such as redundancy,diversity and dynamic provide promising approaches to protect against cyberattacks.However,these security technologies are mostly applied to serverless platform based on“stacked”mode,as they are designed independent with serverless computing.The lack of security consideration in the initial design makes it especially challenging to achieve the all life cycle protection for serverless application with limited cost.In this paper,we present ATSSC,a proactive defense enabled attack tolerant serverless platform.ATSSC integrates the characteristic of redundancy,diversity and dynamic into serverless seamless to achieve high-level security and efficiency.Specifically,ATSSC constructs multiple diverse function replicas to process the driven events and performs cross-validation to verify the results.In order to create diverse function replicas,both software diversity and environment diversity are adopted.Furthermore,a dynamic function refresh strategy is proposed to keep the clean state of serverless functions.We implement ATSSC based on Kubernetes and Knative.Analysis and experimental results demonstrate that ATSSC can effectively protect serverless computing against cyberattacks with acceptable costs.展开更多
The data analysis of blasting sites has always been the research goal of relevant researchers.The rise of mobile blasting robots has aroused many researchers’interest in machine learning methods for target detection ...The data analysis of blasting sites has always been the research goal of relevant researchers.The rise of mobile blasting robots has aroused many researchers’interest in machine learning methods for target detection in the field of blasting.Serverless Computing can provide a variety of computing services for people without hardware foundations and rich software development experience,which has aroused people’s interest in how to use it in the field ofmachine learning.In this paper,we design a distributedmachine learning training application based on the AWS Lambda platform.Based on data parallelism,the data aggregation and training synchronization in Function as a Service(FaaS)are effectively realized.It also encrypts the data set,effectively reducing the risk of data leakage.We rent a cloud server and a Lambda,and then we conduct experiments to evaluate our applications.Our results indicate the effectiveness,rapidity,and economy of distributed training on FaaS.展开更多
Cloud computing has been exploited in managing large-scale IoT systems.IoT cloud servers usually handle a large number of requests from various IoT devices.Due to the fluctuant and heavy workload,the servers require t...Cloud computing has been exploited in managing large-scale IoT systems.IoT cloud servers usually handle a large number of requests from various IoT devices.Due to the fluctuant and heavy workload,the servers require the cloud to provide high scalability,stable performance,low price and necessary functionalities.However,traditional clouds usually offer computing service with the abstraction of virtual machine(VM),which can hardly meet these requirements.Meanwhile,different cloud vendors provide different performance stabilities and price models,which fluctuate according to the dynamic workload.A single cloud cannot satisfy all the requirements of the IoT scenario well.The JointCloud computing model empowers the cooperation among multiple public clouds.However,it is still difficult to dynamically schedule the workload on different clouds based on the VM abstraction.This paper introduces HCloud,a trusted JointCloud platform for IoT systems using serverless computing model.HCloud allows an IoT server to be implemented with multiple serverless functions and schedules these functions on different clouds based on a schedule policy.The policy is specified by the client and includes the required functionalities,execution resources,latency,price and so on.HCloud collects the status of each cloud and dispatches serverless functions to the most suitable cloud based on the schedule policy.By leveraging the blockchain technology,we further enforce that our system can neither fake the cloud status nor wrongly dispatch the target functions.We have implemented a prototype of HCloud and evaluated it by simulating multiple cloud providers.The evaluation results show that HCloud can greatly improve the performance of serverless workloads with negligible costs.展开更多
FaaS(Function as a Service)允许开发者在不管理服务器的情况下在云端上传和执行代码。为解决使用FaaS过程中出现的性能和扩展问题,提出并证明了一种轻量级高性能Serverless设计,该设计提供优于现有解决方案的性能和扩展优势,并且可以...FaaS(Function as a Service)允许开发者在不管理服务器的情况下在云端上传和执行代码。为解决使用FaaS过程中出现的性能和扩展问题,提出并证明了一种轻量级高性能Serverless设计,该设计提供优于现有解决方案的性能和扩展优势,并且可以实现细粒度的即用即付模型。比较了相同算法下的Docker和WebAssembly实现之间使用的性能基准。还讨论了在Serverless计算中采用WebAssembly的存在问题。展开更多
This work proposes ARS(FaaS) serverless framework scheduling and provisioning resources for streaming applications autonomously, which ensures real-time response on unpredictable and fluctuating streaming data. A HPC ...This work proposes ARS(FaaS) serverless framework scheduling and provisioning resources for streaming applications autonomously, which ensures real-time response on unpredictable and fluctuating streaming data. A HPC cloud platform is used as a de facto platform, on which serverless computing for stream analytic is explored. This work enables application developers to build and run steaming applications without worrying about servers, which means that the developers are able to focus on application features instead of scheduling and provisioning resources of the infrastructure. The serverless computing framework, ARS(FaaS), provides function-as-a-service to make the developers write code in discrete event-driven functions. ARS(FaaS) is capable of running and scaling the developer's code automatically, according to the throughput of streaming events. The major contribution of this serverless framework is effective and efficient autonomous resource scheduling for real-time streaming analytic, which enables the developers to build applications faster with autonomous resource scheduling. ARS(FaaS) framework is appropriate for real-time and stream analytic on event-driven data with spiky and variable compute requirements.展开更多
<div style="text-align:justify;"> <span style="font-family:Verdana;">Serverless Computing or Functions-as-a-Service (FaaS) is an execution model for cloud computing environments where t...<div style="text-align:justify;"> <span style="font-family:Verdana;">Serverless Computing or Functions-as-a-Service (FaaS) is an execution model for cloud computing environments where the cloud provider executes a piece of code (a function) by dynamically allocating resources. When a function has not been executed for a long time or is being executed for the first time, a new container has to be created, and the execution environment has to be initialized resulting in a cold start. Cold start can result in a higher latency. We propose a new computing and execution model for cloud environments called Result-as-a-Service (RaaS), which aims to reduce the computational cost and overhead while achieving high availability. In between successive calls to a function, a persistent function can help in successive calls by precomputing the functions for different possible arguments and then distributing the results when a matching function call is found.</span> </div>展开更多
移动边缘计算(Mobile Edge Computing,MEC)是一种利用靠近移动设备的边缘节点提供的计算能力,来提升性能的前沿技术。现有的一些先进的计算卸载方法,已能够支持在MEC环境中基于函数粒度进行动态卸载。函数即服务(Function as a Service,...移动边缘计算(Mobile Edge Computing,MEC)是一种利用靠近移动设备的边缘节点提供的计算能力,来提升性能的前沿技术。现有的一些先进的计算卸载方法,已能够支持在MEC环境中基于函数粒度进行动态卸载。函数即服务(Function as a Service,FaaS)作为无服务架构的一种经典范式,提供了一种在函数粒度上构建和拓展应用程序的新方式。相比传统的方式,FaaS提供了理想的资源弹性。OpenFaaS作为当下流行的开源FaaS项目,为FaaS平台的搭建提供了良好的基础。将先进的计算卸载方法与FaaS解决方案(OpenFaaS)进行整合,是有意义且具有挑战的。为此,文中设计并实现了一个基于OpenFaaS的多边缘管理框架,该框架实现了对多个边缘上OpenFaaS的搭建与状态管理。同时,对于需要部署的函数,将其重构并部署到OpenFaaS上,在运行时能够灵活地在多个OpenFaaS间调度函数执行。针对5个实际的Java智能应用对该框架进行了评估,结果表明该框架可以有效管理多个边缘,且与本地运行相比,该框架平均可节省10.49%~49.36%的响应时间。展开更多
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant No.61521003the National Natural Science Foundation of China under Grant No.62072467 and 62002383.
文摘Serverless computing is a promising paradigm in cloud computing that greatly simplifies cloud programming.With serverless computing,developers only provide function code to serverless platform,and these functions are invoked by its driven events.Nonetheless,security threats in serverless computing such as vulnerability-based security threats have become the pain point hindering its wide adoption.The ideas in proactive defense such as redundancy,diversity and dynamic provide promising approaches to protect against cyberattacks.However,these security technologies are mostly applied to serverless platform based on“stacked”mode,as they are designed independent with serverless computing.The lack of security consideration in the initial design makes it especially challenging to achieve the all life cycle protection for serverless application with limited cost.In this paper,we present ATSSC,a proactive defense enabled attack tolerant serverless platform.ATSSC integrates the characteristic of redundancy,diversity and dynamic into serverless seamless to achieve high-level security and efficiency.Specifically,ATSSC constructs multiple diverse function replicas to process the driven events and performs cross-validation to verify the results.In order to create diverse function replicas,both software diversity and environment diversity are adopted.Furthermore,a dynamic function refresh strategy is proposed to keep the clean state of serverless functions.We implement ATSSC based on Kubernetes and Knative.Analysis and experimental results demonstrate that ATSSC can effectively protect serverless computing against cyberattacks with acceptable costs.
文摘The data analysis of blasting sites has always been the research goal of relevant researchers.The rise of mobile blasting robots has aroused many researchers’interest in machine learning methods for target detection in the field of blasting.Serverless Computing can provide a variety of computing services for people without hardware foundations and rich software development experience,which has aroused people’s interest in how to use it in the field ofmachine learning.In this paper,we design a distributedmachine learning training application based on the AWS Lambda platform.Based on data parallelism,the data aggregation and training synchronization in Function as a Service(FaaS)are effectively realized.It also encrypts the data set,effectively reducing the risk of data leakage.We rent a cloud server and a Lambda,and then we conduct experiments to evaluate our applications.Our results indicate the effectiveness,rapidity,and economy of distributed training on FaaS.
基金supported by the National Key Research&Development Program(No.2016YFB1000104).
文摘Cloud computing has been exploited in managing large-scale IoT systems.IoT cloud servers usually handle a large number of requests from various IoT devices.Due to the fluctuant and heavy workload,the servers require the cloud to provide high scalability,stable performance,low price and necessary functionalities.However,traditional clouds usually offer computing service with the abstraction of virtual machine(VM),which can hardly meet these requirements.Meanwhile,different cloud vendors provide different performance stabilities and price models,which fluctuate according to the dynamic workload.A single cloud cannot satisfy all the requirements of the IoT scenario well.The JointCloud computing model empowers the cooperation among multiple public clouds.However,it is still difficult to dynamically schedule the workload on different clouds based on the VM abstraction.This paper introduces HCloud,a trusted JointCloud platform for IoT systems using serverless computing model.HCloud allows an IoT server to be implemented with multiple serverless functions and schedules these functions on different clouds based on a schedule policy.The policy is specified by the client and includes the required functionalities,execution resources,latency,price and so on.HCloud collects the status of each cloud and dispatches serverless functions to the most suitable cloud based on the schedule policy.By leveraging the blockchain technology,we further enforce that our system can neither fake the cloud status nor wrongly dispatch the target functions.We have implemented a prototype of HCloud and evaluated it by simulating multiple cloud providers.The evaluation results show that HCloud can greatly improve the performance of serverless workloads with negligible costs.
文摘FaaS(Function as a Service)允许开发者在不管理服务器的情况下在云端上传和执行代码。为解决使用FaaS过程中出现的性能和扩展问题,提出并证明了一种轻量级高性能Serverless设计,该设计提供优于现有解决方案的性能和扩展优势,并且可以实现细粒度的即用即付模型。比较了相同算法下的Docker和WebAssembly实现之间使用的性能基准。还讨论了在Serverless计算中采用WebAssembly的存在问题。
基金Suported by the National Natural Science Foundation of China(No.61472089,61572143)NSFC-Guangdong Joint Found(No.U1501254)China Scholarship Council(No.201608440336)。
文摘This work proposes ARS(FaaS) serverless framework scheduling and provisioning resources for streaming applications autonomously, which ensures real-time response on unpredictable and fluctuating streaming data. A HPC cloud platform is used as a de facto platform, on which serverless computing for stream analytic is explored. This work enables application developers to build and run steaming applications without worrying about servers, which means that the developers are able to focus on application features instead of scheduling and provisioning resources of the infrastructure. The serverless computing framework, ARS(FaaS), provides function-as-a-service to make the developers write code in discrete event-driven functions. ARS(FaaS) is capable of running and scaling the developer's code automatically, according to the throughput of streaming events. The major contribution of this serverless framework is effective and efficient autonomous resource scheduling for real-time streaming analytic, which enables the developers to build applications faster with autonomous resource scheduling. ARS(FaaS) framework is appropriate for real-time and stream analytic on event-driven data with spiky and variable compute requirements.
文摘<div style="text-align:justify;"> <span style="font-family:Verdana;">Serverless Computing or Functions-as-a-Service (FaaS) is an execution model for cloud computing environments where the cloud provider executes a piece of code (a function) by dynamically allocating resources. When a function has not been executed for a long time or is being executed for the first time, a new container has to be created, and the execution environment has to be initialized resulting in a cold start. Cold start can result in a higher latency. We propose a new computing and execution model for cloud environments called Result-as-a-Service (RaaS), which aims to reduce the computational cost and overhead while achieving high availability. In between successive calls to a function, a persistent function can help in successive calls by precomputing the functions for different possible arguments and then distributing the results when a matching function call is found.</span> </div>
文摘移动边缘计算(Mobile Edge Computing,MEC)是一种利用靠近移动设备的边缘节点提供的计算能力,来提升性能的前沿技术。现有的一些先进的计算卸载方法,已能够支持在MEC环境中基于函数粒度进行动态卸载。函数即服务(Function as a Service,FaaS)作为无服务架构的一种经典范式,提供了一种在函数粒度上构建和拓展应用程序的新方式。相比传统的方式,FaaS提供了理想的资源弹性。OpenFaaS作为当下流行的开源FaaS项目,为FaaS平台的搭建提供了良好的基础。将先进的计算卸载方法与FaaS解决方案(OpenFaaS)进行整合,是有意义且具有挑战的。为此,文中设计并实现了一个基于OpenFaaS的多边缘管理框架,该框架实现了对多个边缘上OpenFaaS的搭建与状态管理。同时,对于需要部署的函数,将其重构并部署到OpenFaaS上,在运行时能够灵活地在多个OpenFaaS间调度函数执行。针对5个实际的Java智能应用对该框架进行了评估,结果表明该框架可以有效管理多个边缘,且与本地运行相比,该框架平均可节省10.49%~49.36%的响应时间。
