Cloud control for IIoT in a cloud-edge environment

The industrial Internet of Things(IIoT)is a new indus-trial idea that combines the latest information and communica-tion technologies with the industrial economy.In this paper,a cloud control structure is designed for IIoT in cloud-edge envi-ronment with three modes of 5G.For 5G based IIoT,the time sensitive network(TSN)service is introduced in transmission network.A 5G logical TSN bridge is designed to transport TSN streams over 5G framework to achieve end-to-end configuration.For a transmission control protocol(TCP)model with nonlinear disturbance,time delay and uncertainties,a robust adaptive fuzzy sliding mode controller(AFSMC)is given with control rule parameters.IIoT workflows are made up of a series of subtasks that are linked by the dependencies between sensor datasets and task flows.IIoT workflow scheduling is a non-deterministic polynomial(NP)-hard problem in cloud-edge environment.An adaptive and non-local-convergent particle swarm optimization(ANCPSO)is designed with nonlinear inertia weight to avoid falling into local optimum,which can reduce the makespan and cost dramatically.Simulation and experiments demonstrate that ANCPSO has better performances than other classical algo-rithms.

Cloud-based predictive adaptive cruise control considering preceding vehicle and slope information

With the advantage of exceptional long-range traffic perception capabilities and data fusion computational prowess,the cloud control system(CCS)has exhibited formidable poten-tial in the realm of connected assisted driving,such as the adap-tive cruise control(ACC).Based on the CCS architecture,this paper proposes a cloud-based predictive ACC(PACC)strategy,which fully considers the road slope information and the preced-ing vehicle status.In the cloud,based on the dynamic program-ming(DP),the long-term economic speed planning is carried out by using the slope information.At the vehicle side,the real-time fusion planning of the economic speed and the preceding vehi-cle state is realized based on the model predictive control(MPC),taking into account the safety and economy of driving.In order to ensure the safety and stability of the vehicle-cloud cooperative control system,an event-triggered cruise mode switching method is proposed based on the state of each sub-system of the vehicle-cloud-network-map.Simulation results indicate that the PACC system can still ensure stable cruising under delays and some complex conditions.Moreover,under normal conditions,compared to the ACC system,the PACC sys-tem can further improve economy while ensuring safety and improve the overall energy efficiency of the vehicle,thus achiev-ing fuel savings of 3%to 8%.

Cloud Control Systems

The concept of cloud control systems is discussed in this paper, which is an extension of networked control systems (NCSs). With the development of internet of things (IOT), the technology of NCSs has played a key role in IOT. At the same time, cloud computing is developed rapidly, which provides a perfect platform for big data processing, controller design and performance assessment. The research on cloud control systems will give new contribution to the control theory and applications in the near future. © 2014 Chinese Association of Automation.

Cloud Control System Architectures,Technologies and Applications on Intelligent and Connected Vehicles:a Review

The electrification of vehicle helps to improve its operation efficiency and safety.Due to fast development of network,sensors,as well as computing technology,it becomes realizable to have vehicles driving autonomously.To achieve autonomous driving,several steps,including environment perception,path-planning,and dynamic control,need to be done.However,vehicles equipped with on-board sensors still have limitations in acquiring necessary environmental data for optimal driving decisions.Intelligent and connected vehicles(ICV)cloud control system(CCS)has been introduced as a new concept as it is a potentially synthetic solution for high level automated driving to improve safety and optimize traffic flow in intelligent transportation.This paper systematically investigated the concept of cloud control system from cloud related applications on ICVs,and cloud control system architecture design,as well as its core technologies development.Based on the analysis,the challenges and suggestions on cloud control system development have been addressed.

Attribute-Based Access Control for Multi-Authority Systems with Constant Size Ciphertext in Cloud Computing

In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.

MTBAC： A Mutual Trust Based Access Control Model in Cloud Computing

As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.

Service Security Architecture and Access Control Model for Cloud Computing

Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.

Predictive cruise control for heavy trucks based on slope information under cloud control system

With the advantage of fast calculation and map resources on cloud control system(CCS), cloud-based predictive cruise control(CPCC) for heavy trucks has great potential to improve energy efficiency, which is significant to achieve the goal of national carbon neutrality. However, most investigations focus on the on-board predictive cruise control(PCC) system,lack of research on CPCC architecture under CCS. Besides, the current PCC algorithms have the problems of a single control target and high computational complexity, which hinders the improvement of the control effect. In this paper, a layered architecture based on CCS is proposed to effectively address the realtime computing of CPCC system and the deployment of its algorithm on vehicle-cloud. In addition, based on the dynamic programming principle and the proposed road point segmentation method(RPSM), a PCC algorithm is designed to optimize the speed and gear of heavy trucks with slope information. Simulation results show that the CPCC system can adaptively control vehicle driving through the slope prediction, with fuel-saving rate of 6.17% in comparison with the constant cruise control. Also,compared with other similar algorithms, the PCC algorithm can make the engine operate more in the efficient zone by cooperatively optimizing the gear and speed. Moreover, the RPSM algorithm can reconfigure the road in advance, with a 91% roadpoint reduction rate, significantly reducing algorithm complexity.Therefore, this study has essential research significance for the economic driving of heavy trucks and the promotion of the CPCC system.

Design and implementation of data-driven predictive cloud control system

The rapid increase of the scale and the complexity of the controlled plants bring new challenges such as computing power and storage for conventional control systems.Cloud computing is concerned as a powerful solution to handle complex large-scale control missions by using sufficient computing resources.However,the computing ability enables more complex devices and more data to be involved and most of the data have not been fully utilized.Meanwhile,it is even impossible to obtain an accurate model of each device in the complex control systems for the model-based control algorithms.Therefore,motivated by the above reasons,we propose a data-driven predictive cloud control system.To achieve the proposed system,a practical data-driven predictive cloud control testbed is established and together a cloud-edge communication scheme is developed.Finally,the simulations and experiments demonstrate the effectiveness of the proposed system.

A semantic-centered cloud control framework for autonomous unmanned system

Rich semantic information in natural language increases team efficiency in human collaboration, reduces dependence on high precision data information, and improves adaptability to dynamic environment. We propose a semantic centered cloud control framework for cooperative multi-unmanned ground vehicle(UGV) system. Firstly, semantic modeling of task and environment is implemented by ontology to build a unified conceptual architecture, and secondly, a scene semantic information extraction method combining deep learning and semantic web rule language(SWRL) rules is used to realize the scene understanding and task-level cloud task cooperation. Finally, simulation results show that the framework is a feasible way to enable autonomous unmanned systems to conduct cooperative tasks.

Enhanced Trust Based Access Control for Multi-Cloud Environment

Security is an essential part of the cloud environment.For ensuring the security of the data being communicated to and from the cloud server,a significant parameter called trust was introduced.Trust-based security played a vital role in ensuring that the communication between cloud users and service providers remained unadulterated and authentic.In most cloud-based data distribution environments,emphasis is placed on accepting trusted client users’requests,but the cloud servers’integrity is seldom verified.This paper designs a trust-based access control model based on user and server characteristics in a multi-cloud environment to address this issue.The proposed methodology consists of data encryption using Cyclic Shift Transposition Algorithm and trust-based access control method.In this trust-based access control mechanism framework,trust values are assigned to cloud users using direct trust degrees.The direct trust degree is estimated based on the following metrics:success and failure rate of interactions,service satisfaction index,and dishonesty level.In addition to this,trust values are assigned to cloud servers based on the metrics:server load,service rejection rate,and service access delay.The role-Based Access control policy of each user is modified based on his trust level.If the server fails to meet the minimum trust level,then another suitable server will be selected.The proposed system is found to outperform other existing systems in a multi-cloud environment.

Attribute Based DRM Scheme with Dynamic Usage Control in Cloud Computing

In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.

Access Control Policy Analysis and Access Denial Method for Cloud Services

Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payment status and service level agreement. This work proposes a novel access control method for personal cloud service business. The proposed method sets metadata, policy analysis rules, and access denying rules. Metadata define the structure of access control policies and user requirements for cloud services. The policy analysis rules are used to compare conflicts and redundancies between access control policies. The access denying rules apply policies for inhibiting inappropriate access. The ontology is a theoretical foundation of this method. In this work, ontologies for payment status, access permission, service level, and the cloud provide semantic information needed to execute rules. A scenario of personal data backup cloud service is also provided in this work. This work potentially provides cloud service providers with a convenient method of controlling user access according to changeable business and marketing strategies.

Control Framework for Secure Cloud Computing

Cloud computing is touted as the next big thing in the Information Technology (IT) industry, which is going to impact the businesses of any size and yet the security issue continues to pose a big threat on it. The security and privacy issues persisting in cloud computing have proved to be an obstacle for its widespread adoption. In this paper, we look at these issues from a business perspective and how they are damaging the reputation of big companies. There is a literature review on the existing issues in cloud computing and how they are being tackled by the Cloud Service Providers (CSP). We propose a governing body framework which aims at solving these issues by establishing relationship amongst the CSPs in which the data about possible threats can be generated based on the previous attacks on other CSPs. The Governing Body will be responsible for Data Center control, Policy control, legal control, user awareness, performance evaluation, solution architecture and providing motivation for the entities involved.

Attribute-Based Access Control Scheme with Efficient Revocation in Cloud Computing

Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies that the attribute authority can access all encrypted data,which is known as the key escrow problem.In addition,because all access privileges are defined over a single attribute universe and attributes are shared among multiple data users,the revocation of users is inefficient for the existing ABE scheme.In this paper,we propose a novel scheme that solves the key escrow problem and supports efficient user revocation.First,an access controller is introduced into the existing scheme,and then,secret keys are generated corporately by the attribute authority and access controller.Second,an efficient user revocation mechanism is achieved using a version key that supports forward and backward security.The analysis proves that our scheme is secure and efficient in user authorization and revocation.

Distributed energy storage node controller and control strategy based on energy storage cloud platform architecture

Based on the energy storage cloud platform architecture,this study considers the extensive configuration of energy storage devices and the future large-scale application of electric vehicles at the customer side to build a new mode of smart power consumption with a flexible interaction,smooth the peak/valley difference of the load side power,and improve energy efficiency.A plug and play device for customer-side energy storage and an internet-based energy storage cloud platform are developed herein to build a new intelligent power consumption mode with a flexible interaction suitable for ordinary customers.Based on the load perception of the power grid,this study aims to investigate the operating state and service life of distributed energy storage devices.By selecting an integrated optimal control scheme,this study designs a kind of energy optimization and deployment strategy for stratified partition to reduce the operating cost of the energy storage device on the client side.The effectiveness of the system and the control strategy is verified through the Suzhou client-side distributed energy storage demonstration project.

Distributed point-to-point routing method for tasks in cloud control systems

With the rapid development of cloud computing and control theory, a new paradigm of networked control systems called cloud control systems is proposed to meet the requirements of large-scale and complex applications. Currently, cloud control systems are mainly built by using a centralized architecture. The centralized system is overly dependent on the central control plane and has huge challenges in large-scale heterogeneous node systems. In this paper, we propose a decentralized approach to establish cloud control systems by proposing a distributed point-to-point task routing method. A considerable number of tasks in the system will not rely on the central plane and will be directly routed to the target devices through the pointto-point routing method, which improves the horizontal scalability of the cloud control system. The point-to-point routing method directly gives a unique address to every task, making inter-task communication more efficient in a complex heterogeneous and busy cloud control systems. Finally, we experimentally demonstrate that the distributed point-to-point task routing approach is compatible against the state-of-the-art central systems in large-scale task situations.

Security analysis of access control model in hybrid cloud based on security entropy

To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.

Ensuring Security, Confidentiality and Fine-Grained Data Access Control of Cloud Data Storage Implementation Environment

With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.

A Novel Stateful PCE-Cloud Based Control Architecture of Optical Networks for Cloud Services

The next-generation optical network is a service oriented network,which could be delivered by utilizing the generalized multiprotocol label switching(GMPLS) based control plane to realize lots of intelligent features such as rapid provisioning,automated protection and restoration(P&R),efficient resource allocation,and support for different quality of service(QoS) requirements.In this paper,we propose a novel stateful PCE-cloud(SPC)based architecture of GMPLS optical networks for cloud services.The cloud computing technologies(e.g.virtualization and parallel computing) are applied to the construction of SPC for improving the reliability and maximizing resource utilization.The functions of SPC and GMPLS based control plane are expanded according to the features of cloud services for different QoS requirements.The architecture and detailed description of the components of SPC are provided.Different potential cooperation relationships between public stateful PCE cloud(PSPC) and region stateful PCE cloud(RSPC) are investigated.Moreover,we present the policy-enabled and constraint-based routing scheme base on the cooperation of PSPC and RSPC.Simulation results for verifying the performance of routing and control plane reliability are analyzed.