With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,mal...With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.展开更多
Federated learning is an ideal solution to the limitation of not preser-ving the users’privacy information in edge computing.In federated learning,the cloud aggregates local model updates from the devices to generate...Federated learning is an ideal solution to the limitation of not preser-ving the users’privacy information in edge computing.In federated learning,the cloud aggregates local model updates from the devices to generate a global model.To protect devices’privacy,the cloud is designed to have no visibility into how these updates are generated,making detecting and defending malicious model updates a challenging task.Unlike existing works that struggle to tolerate adversarial attacks,the paper manages to exclude malicious updates from the glo-bal model’s aggregation.This paper focuses on Byzantine attack and backdoor attack in the federated learning setting.We propose a federated learning frame-work,which we call Federated Reconstruction Error Probability Distribution(FREPD).FREPD uses a VAE model to compute updates’reconstruction errors.Updates with higher reconstruction errors than the average reconstruction error are deemed as malicious updates and removed.Meanwhile,we apply the Kolmogorov-Smirnov test to choose a proper probability distribution function and tune its parameters to fit the distribution of reconstruction errors from observed benign updates.We then use the distribution function to estimate the probability that an unseen reconstruction error belongs to the benign reconstruction error distribution.Based on the probability,we classify the model updates as benign or malicious.Only benign updates are used to aggregate the global model.FREPD is tested with extensive experiments on independent and identically distributed(IID)and non-IID federated benchmarks,showing a competitive performance over existing aggregation methods under Byzantine attack and backdoor attack.展开更多
Quantum computing is an emerging technology that is expected to realize an exponential increase in computing power. Recently,its theoretical foundation and application scenarios have been extensively researched and ex...Quantum computing is an emerging technology that is expected to realize an exponential increase in computing power. Recently,its theoretical foundation and application scenarios have been extensively researched and explored. In this work, we propose efficient quantum algorithms suitable for solving computing power scheduling problems in the cloud-rendering domain, which can be viewed mathematically as a generalized form of a typical NP-complete problem, i.e., a multiway number partitioning problem.In our algorithm, the matching pattern between tasks and computing resources with the shortest completion time or optimal load balancing is encoded into the ground state of the Hamiltonian;it is then solved using the optical coherent Ising machine, a practical quantum computing device with at least 100 qubits. The experimental results show that the proposed quantum scheme can achieve significant acceleration and save 97% of the time required to solve combinatorial optimization problems compared with classical algorithms. This demonstrates the computational advantages of optical quantum devices in solving combinatorial optimization problems. Our algorithmic and experimental work will advance the utilization of quantum computers to solve specific NP problems and will broaden the range of possible applications.展开更多
基金supported by China’s National Natural Science Foundation (U19A2081,61802270,61802271)Ministry of Education and China Mobile Research Fund Project (MCM20200102,CM20200409)Sichuan University Engineering Characteristic Team Project 2020SCUNG129.
文摘With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.
基金This research is supported by Education Ministry-China Mobile Research Funding under Grant No.MCM20170404.
文摘Federated learning is an ideal solution to the limitation of not preser-ving the users’privacy information in edge computing.In federated learning,the cloud aggregates local model updates from the devices to generate a global model.To protect devices’privacy,the cloud is designed to have no visibility into how these updates are generated,making detecting and defending malicious model updates a challenging task.Unlike existing works that struggle to tolerate adversarial attacks,the paper manages to exclude malicious updates from the glo-bal model’s aggregation.This paper focuses on Byzantine attack and backdoor attack in the federated learning setting.We propose a federated learning frame-work,which we call Federated Reconstruction Error Probability Distribution(FREPD).FREPD uses a VAE model to compute updates’reconstruction errors.Updates with higher reconstruction errors than the average reconstruction error are deemed as malicious updates and removed.Meanwhile,we apply the Kolmogorov-Smirnov test to choose a proper probability distribution function and tune its parameters to fit the distribution of reconstruction errors from observed benign updates.We then use the distribution function to estimate the probability that an unseen reconstruction error belongs to the benign reconstruction error distribution.Based on the probability,we classify the model updates as benign or malicious.Only benign updates are used to aggregate the global model.FREPD is tested with extensive experiments on independent and identically distributed(IID)and non-IID federated benchmarks,showing a competitive performance over existing aggregation methods under Byzantine attack and backdoor attack.
基金supported by the National Key R&D Plan (Grant No. 2021YFB2801800)。
文摘Quantum computing is an emerging technology that is expected to realize an exponential increase in computing power. Recently,its theoretical foundation and application scenarios have been extensively researched and explored. In this work, we propose efficient quantum algorithms suitable for solving computing power scheduling problems in the cloud-rendering domain, which can be viewed mathematically as a generalized form of a typical NP-complete problem, i.e., a multiway number partitioning problem.In our algorithm, the matching pattern between tasks and computing resources with the shortest completion time or optimal load balancing is encoded into the ground state of the Hamiltonian;it is then solved using the optical coherent Ising machine, a practical quantum computing device with at least 100 qubits. The experimental results show that the proposed quantum scheme can achieve significant acceleration and save 97% of the time required to solve combinatorial optimization problems compared with classical algorithms. This demonstrates the computational advantages of optical quantum devices in solving combinatorial optimization problems. Our algorithmic and experimental work will advance the utilization of quantum computers to solve specific NP problems and will broaden the range of possible applications.