The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in...The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in the Cloud.In this paper,we present an alternative approach which divides big data into sequenced parts and stores them among multiple Cloud storage service providers.Instead of protecting the big data itself,the proposed scheme protects the mapping of the various data elements to each provider using a trapdoor function.Analysis,comparison and simulation prove that the proposed scheme is efficient and secure for the big data of Cloud tenants.展开更多
IPv6 has been an inevitable trend with the depletion of the global IPv4 address space. However, new IPv6 users still need public IPv4 addresses to access global IPv4 users/resources, making it important for providers ...IPv6 has been an inevitable trend with the depletion of the global IPv4 address space. However, new IPv6 users still need public IPv4 addresses to access global IPv4 users/resources, making it important for providers to share scarce global IPv4 addresses effectively. There are two categories of solutions to the problem, carrier-grade NAT (CGN) and 'A+P' (each customer shaving the same IPv4 address is assigned an excluded port range). However, both of them have limitations. Specifically, CGN solutions are not scalable and can bring much complexity in managing customers in large-scale deployments, while A+P solutions are not flexible enough to meet dynamic port requirements. In this paper, we propose a hybrid mechanism to improve current solutions and have deployed it in the Tsinghua University Campus Network. The real traffic data shows that our mechanism can utilize limited IPv4 addresses efficiently without degrading the performance of applications on end hosts. Based on the enhanced mechanism, we propose a method to help service providers make address plans based on their own traffic patterns and actual requirements.展开更多
基金supported in part by the National Nature Science Foundation of China under Grant No.61402413 and 61340058 the "Six Kinds Peak Talents Plan" project of Jiangsu Province under Grant No.ll-JY-009+2 种基金the Nature Science Foundation of Zhejiang Province under Grant No.LY14F020019, Z14F020006 and Y1101183the China Postdoctoral Science Foundation funded project under Grant No.2012M511732Jiangsu Province Postdoctoral Science Foundation funded project Grant No.1102014C
文摘The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in the Cloud.In this paper,we present an alternative approach which divides big data into sequenced parts and stores them among multiple Cloud storage service providers.Instead of protecting the big data itself,the proposed scheme protects the mapping of the various data elements to each provider using a trapdoor function.Analysis,comparison and simulation prove that the proposed scheme is efficient and secure for the big data of Cloud tenants.
文摘IPv6 has been an inevitable trend with the depletion of the global IPv4 address space. However, new IPv6 users still need public IPv4 addresses to access global IPv4 users/resources, making it important for providers to share scarce global IPv4 addresses effectively. There are two categories of solutions to the problem, carrier-grade NAT (CGN) and 'A+P' (each customer shaving the same IPv4 address is assigned an excluded port range). However, both of them have limitations. Specifically, CGN solutions are not scalable and can bring much complexity in managing customers in large-scale deployments, while A+P solutions are not flexible enough to meet dynamic port requirements. In this paper, we propose a hybrid mechanism to improve current solutions and have deployed it in the Tsinghua University Campus Network. The real traffic data shows that our mechanism can utilize limited IPv4 addresses efficiently without degrading the performance of applications on end hosts. Based on the enhanced mechanism, we propose a method to help service providers make address plans based on their own traffic patterns and actual requirements.
