Cloud computing plays an important role in today’s Internet environment,which meets the requirements of scalability,security and reliability by using virtualization technologies.Container technology is one of the two...Cloud computing plays an important role in today’s Internet environment,which meets the requirements of scalability,security and reliability by using virtualization technologies.Container technology is one of the two mainstream virtualization solutions.Its lightweight,high deployment efficiency make container technology widely used in large-scale cloud computing.While container technology has created huge benefits for cloud service providers and tenants,it cannot meet the requirements of security monitoring and management from a tenant perspective.Currently,tenants can only run their security monitors in the target container,but it is not secure because the attacker is able to detect and compromise the security monitor.In this paper,a secure external monitoring approach is proposed to monitor target containers in another management container.The management container is transparent for target containers,but it can obtain the executing information of target containers,providing a secure monitoring environment.Security monitors running inside management containers are secure for the cloud host,since the management containers are not privileged.We implement the transparent external management containers by performing the one-way isolation of processes and files.For process one-way isolation,we leverage Linux namespace technology to let management container become the parent of target containers.By mounting the file system of target container to that of the management container,file system one-way isolation is achieved.Compared with the existing host-based monitoring approach,our approach is more secure and suitable in the cloud environment.展开更多
Managing software packages in a scientific computing environment is a challenging task, especially in the case of heterogeneous systems. It is error prone when installing and updating software packages in a sophistica...Managing software packages in a scientific computing environment is a challenging task, especially in the case of heterogeneous systems. It is error prone when installing and updating software packages in a sophisticated computing environment. Testing and performance evaluation in an on-the-fly manner is also a troublesome task for a production system. In this paper, we discuss a package management scheme based on containers. The newly developed method can ease the maintenance complexity and reduce human mistakes. We can benefit from the self-containing and isolation features of container technologies for maintaining the software packages among intricately connected clusters. By deploying the Super Computing application Strore(SCStore) over the WAN connected world-largest clusters, it proved that it can greatly reduce the effort for maintaining the consistency of software environment and bring benefit to achieve automation.展开更多
The container sea-rail multimodal transport system faces complex challenges with de- mand uncertainties for joint slot allocation and dynamic pricing. The challenge is formulated as a two-stage optimal model based on ...The container sea-rail multimodal transport system faces complex challenges with de- mand uncertainties for joint slot allocation and dynamic pricing. The challenge is formulated as a two-stage optimal model based on revenue management (RM) as actual slots sale of multi-node container sea-rail multimodal transport usually includes contract sale to large shippers and free sale to scattered shippers. First stage in the model utilizes an origin-destination control approach, formulated as a stochastic integer programming equation, to settle long-term slot allocation in the contract market and empty container allocation. Second stage in the model is formulated as a stochastic nonlinear programming equation to solve a multiproduct joint dynamic pricing and inventory control problem for price settling and slot allocation in each period of free market. Considering the random nature of demand, the methods of chance constrained programming and robust optimi- zation are utilized to transform stochastic models into deterministic models. A numerical experiment is presented to verify the availability of models and solving methods. Results of considering uncertain/certain demand are compared, which show that the two-stage optimal strategy integrating slot allocation with dynamic pricing considering random de- mand is revealed to increase the revenue for multimodal transport operators (MTO) while concurrently satisfying shippers' demand. Research resulting from this paper will contribute to the theory and practice of container sea-rail multimodal transport revenue management and provide a scientific decision-making tool for MTO.展开更多
基金This paper is supported by National Natural Science Foundation of China(http://www.nsfc.gov.cn/)under Grant No.61872111,and Sichuan Science and Technology Program(http://kjt.sc.gov.cn/)under Grant No.2019YFSY0049 which are both received by L.Ye.
文摘Cloud computing plays an important role in today’s Internet environment,which meets the requirements of scalability,security and reliability by using virtualization technologies.Container technology is one of the two mainstream virtualization solutions.Its lightweight,high deployment efficiency make container technology widely used in large-scale cloud computing.While container technology has created huge benefits for cloud service providers and tenants,it cannot meet the requirements of security monitoring and management from a tenant perspective.Currently,tenants can only run their security monitors in the target container,but it is not secure because the attacker is able to detect and compromise the security monitor.In this paper,a secure external monitoring approach is proposed to monitor target containers in another management container.The management container is transparent for target containers,but it can obtain the executing information of target containers,providing a secure monitoring environment.Security monitors running inside management containers are secure for the cloud host,since the management containers are not privileged.We implement the transparent external management containers by performing the one-way isolation of processes and files.For process one-way isolation,we leverage Linux namespace technology to let management container become the parent of target containers.By mounting the file system of target container to that of the management container,file system one-way isolation is achieved.Compared with the existing host-based monitoring approach,our approach is more secure and suitable in the cloud environment.
基金supported by the National Key R&D Program of China(No.2016YFA0602100)the National Natural Science Foundation of China(No.91530323)Open Fund of Key Laboratory of Data Analysis and Applications,SOA(No.LDAA-2014-03)
文摘Managing software packages in a scientific computing environment is a challenging task, especially in the case of heterogeneous systems. It is error prone when installing and updating software packages in a sophisticated computing environment. Testing and performance evaluation in an on-the-fly manner is also a troublesome task for a production system. In this paper, we discuss a package management scheme based on containers. The newly developed method can ease the maintenance complexity and reduce human mistakes. We can benefit from the self-containing and isolation features of container technologies for maintaining the software packages among intricately connected clusters. By deploying the Super Computing application Strore(SCStore) over the WAN connected world-largest clusters, it proved that it can greatly reduce the effort for maintaining the consistency of software environment and bring benefit to achieve automation.
基金supported by the National Natural Science Foundation of China(No.71372088)the scientific research fund of Education Department of Liaoning Province (No.L2014179,L2013207)
文摘The container sea-rail multimodal transport system faces complex challenges with de- mand uncertainties for joint slot allocation and dynamic pricing. The challenge is formulated as a two-stage optimal model based on revenue management (RM) as actual slots sale of multi-node container sea-rail multimodal transport usually includes contract sale to large shippers and free sale to scattered shippers. First stage in the model utilizes an origin-destination control approach, formulated as a stochastic integer programming equation, to settle long-term slot allocation in the contract market and empty container allocation. Second stage in the model is formulated as a stochastic nonlinear programming equation to solve a multiproduct joint dynamic pricing and inventory control problem for price settling and slot allocation in each period of free market. Considering the random nature of demand, the methods of chance constrained programming and robust optimi- zation are utilized to transform stochastic models into deterministic models. A numerical experiment is presented to verify the availability of models and solving methods. Results of considering uncertain/certain demand are compared, which show that the two-stage optimal strategy integrating slot allocation with dynamic pricing considering random de- mand is revealed to increase the revenue for multimodal transport operators (MTO) while concurrently satisfying shippers' demand. Research resulting from this paper will contribute to the theory and practice of container sea-rail multimodal transport revenue management and provide a scientific decision-making tool for MTO.
