cloud computing · reliability-engineering models. now, reliability engineering will have to adapt...

Also in this issue:

> How Abundance Changes Software Engineering

> Multimedia Research: What Is the Right Approach?

AUGUST 2017 www.computer.org

CLOUD COMPUTING

FOR DIRECT LINKS TO THESE RESOURCES, VISIT

www.computer.org/edge-resourcesThe Community for Technology Leaders

Move Your Career ForwardIEEE Computer Society Membership

• Cloud Computing in the Business Environment

• Cloud Governance and Security

• Cloud Economics, Migration, and Metrics

Cloud Computing Professional Development CoursesThe Computer Society offers three professional development courses on cloud computing:

All three can help you in migrating your IT infrastructure to the Cloud.

IEEE Cloud ComputingIEEE Cloud Computing is your best source for peer-reviewed articles showcasing innovative research, applications results, and case studies in all areas of cloud computing.

IEEE Transactions on Cloud ComputingIEEE Transactions on Cloud Computing (TCC) publishes peer reviewed articles that provide innovative research ideas and applications results in all areas relating to cloud computing. Topics relating to novel theory, algorithms, performance analyses and applications of techniques relating to all areas of cloud computing are considered for the transactions.

IEEE Cloud Computing InitiativeHelping accelerate cloud computing technology development and use, this IEEE initiative offers six interdependent resources: standards

development; a Web portal (http://cloudcomputing.ieee.org); conferences; continuing education courses; publications; standards development; and a testbed.

Explore These Cloud Computing Resources

STAFF

EditorLee Garber

Contributing Staff

Christine Anthony, Brian Brannon, Lori Cameron, Cathy Martin, Chris Nelson, Meghan O’Dell, Dennis Taylor, Rebecca Torres, Bonnie Wylie

Production & DesignCarmen Flores-Garvey, Monette Velasco, Jennie Zhu-Mai, Mark Bartosik

Manager, Editorial ContentCarrie Clark

Senior Manager, Editorial ServicesRobin Baldwin

Director, Products and ServicesEvan Butterfield

Senior Advertising CoordinatorDebbie Sims

Circulation: ComputingEdge (ISSN 2469-7087) is published monthly by the IEEE Computer Society. IEEE Headquarters, Three Park Avenue, 17th Floor, New York, NY 10016-5997; IEEE Computer Society Publications Office, 10662 Los Vaqueros Circle, Los Alamitos, CA 90720; voice +1 714 821 8380; fax +1 714 821 4010; IEEE Computer Society Headquarters, 2001 L Street NW, Suite 700, Washington, DC 20036.

Postmaster: Send address changes to ComputingEdge-IEEE Membership Processing Dept., 445 Hoes Lane, Piscataway, NJ 08855. Periodicals Postage Paid at New York, New York, and at additional mailing offices. Printed in USA.

Editorial: Unless otherwise stated, bylined articles, as well as product and service descriptions, reflect the author’s or firm’s opinion. Inclusion in ComputingEdge does not necessarily constitute endorsement by the IEEE or the Computer Society. All submissions are subject to editing for style, clarity, and space.

Reuse Rights and Reprint Permissions: Educational or personal use of this material is permitted without fee, provided such use: 1) is not made for profit; 2) includes this notice and a full citation to the original work on the first page of the copy; and 3) does not imply IEEE endorsement of any third-party products or services. Authors and their companies are permitted to post the accepted version of IEEE-copyrighted material on their own Web servers without permission, provided that the IEEE copyright notice and a full citation to the original work appear on the first scree n of the posted copy. An accepted manuscript is a version which has been revised by the author to incorporate review suggestions, but not the published version with copy-editing, proofreading, and formatting added by IEEE. For more information, please go to: http://www.ieee .org/publications_standards/publications/rights/paperversionpolicy.html. Permission to reprint/republish this material for commercial, advertising, or promotional purposes or for creating new collective works for resale or redistribution must be obtained from IEEE by writing to the IEEE Intellectual Property Rights Office, 445 Hoes Lane, Piscataway, NJ 08854-4141 or pubs-permissions@ieee .org. Copyright © 2017 IEEE. All rights reserved.

Abstracting and Library Use: Abstracting is permitted with credit to the source. Libraries are permitted to photocopy for private use of patrons, provided the per-copy fee indicated in the code at the bottom of the first page is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923.

Unsubscribe: If you no longer wish to receive this ComputingEdge mailing, please email IEEE Computer Society Customer Service at [email protected] and type “unsubscribe ComputingEdge” in your subject line.

IEEE prohibits discrimination, harassment, and bullying. For more information, visit www.ieee.org/web/aboutus/whatis/policies/p9-26.html.

IEEE COMPUTER SOCIETY http://computer.org • +1 714 821 8380

www.computer.org/computingedge 1

IEEE Computer Society Magazine Editors in Chief

ComputerSumi Helal, Lancaster University

IEEE SoftwareDiomidis Spinellis, Athens University of Economics and Business

IEEE Internet ComputingM. Brian Blake, University of Miami

IT ProfessionalSan Murugesan, BRITE Professional Services

IEEE Security & PrivacyAhmad-Reza Sadeghi, Technical University of Darmstadt

IEEE MicroLieven Eeckhout, Ghent University

IEEE Computer Graphics and ApplicationsL. Miguel Encarnação, ACT, Inc.

IEEE Pervasive ComputingMaria Ebling, IBM T.J. Watson Research Center

Computing in Science & EngineeringJim X. Chen, George Mason University

IEEE Intelligent SystemsV.S. Subrahmanian, University of Maryland

IEEE MultiMediaYong Rui, Lenovo Research and Technology

IEEE Annals of the History of ComputingNathan Ensmenger, Indiana University Bloomington

IEEE Cloud ComputingMazin Yousif, T-Systems International

AUGUST 2017 • VOLUME 3, NUMBER 8

THEME HERE

8Open Source Solutions for

Cloud Computing

18Quality of Cloud Services: Expect the Unexpected

23Extending the

Cloud to the Network Edge

34FocusStack:

Orchestrating Edge Clouds

Using Focus of Attention Subscribe to ComputingEdge for free at

www.computer.org/computingedge.

6 Spotlight on Transactions: Computer Engineers’ Challenges for the Next Decade: The Triangle of Power Density, Circuit Degradation, and ReliabilityJÖRG HENKEL AND PAOLO MONTUSCHI

7 Editor’s Note: Computing in the Cloud

8 Open Source Solutions for Cloud ComputingG.R. GANGADHARAN

13 Standards at the Edge of the CloudALAN SILL

18 Quality of Cloud Services: Expect the UnexpectedDAVID BERMBACH

23 Extending the Cloud to the Network EdgeRUBEN S. MONTERO, ELISA ROJAS, ALFONSO A. CARRILLO, AND IGNACIO M. LLORENTE

28 Evidence and Forensics in the Cloud: Challenges and Future Research DirectionsKIM-KWANG RAYMOND CHOO, CHRISTIAN ESPOSITO, AND ANIELLO CASTIGLIONE

34 FocusStack: Orchestrating Edge Clouds Using Focus of AttentionBRIAN AMENTO, ROBERT J. HALL, KAUSTUBH JOSHI, AND K. HAL PURDY

42 Connecting Fog and Cloud ComputingDAVID S. LINTHICUM

46 How Abundance Changes Software EngineeringDIOMIDIS SPINELLIS

50 Multimedia Research: What Is the Right Approach?ALAN HANJALIC

Departments

4 Magazine Roundup53 Computing Careers: Cloud-Computing Careers

4 August 2017 Published by the IEEE Computer Society 2469-7087/17/$33.00 © 2017 IEEE

CS FOCUSCS FOCUSCS FOCUSCS FOCUSCS FOCUSCS FOCUSCS FOCUSCS FOCUSCS FOCUSCS FOCUS

The IEEE Computer Society’s lineup of 13 peer-reviewed technical

magazines covers cutting-edge topics ranging from software design and computer graphics to Internet computing and secu-rity, from scientifi c applications and machine intelligence to cloud migration and microchip design. Here are highlights from recent issues.

Computer

As we approach the limits of Moore’s law, we increasingly rely on computer architecture inno-vations to scale performance. Computer’s August 2017 special

issue on new computer-design developments explores several of these architectural approaches.

IEEE Software

Over time, software developers have defi ned and used various reliability-engineering models. Now, reliability engineering will have to adapt to today’s more con-nected world. The three articles in IEEE Software’s July/August 2017 special issue illustrate several ways this is already happening.

IEEE Internet Computing

Most smartphone-authentication schemes still rely on simple

digit or character input, which has shortcomings. In “May the Force Be with You: The Future of Force-Sensitive Authenti-cation,” from Internet Comput-ing’s May/June 2017 issue, the authors examine the potential of force-PINs, which augmentdigit-PIN security by assigning a pressure value to each digit or character.

Computing in Science & Engineering

Previous research suggests that access and exposure to comput-ing, social support, a sense of belonging in computing, and a computing identity all contrib-ute to women pursuing comput-ing as a fi eld of study or career. “Multiple Factors Converge to Infl uence Women’s Persis-tence in Computing: A Quali-tative Analysis,” from CiSE’s May/June 2017 issue, discusses a recent study that explores what helps young women per-sist in computing despite the obstacles they encounter.

Magazine Roundup


IEEE Security & Privacy

Our society is undergoing perva-sive computerization and digita-lization, which is aff ecting many aspects of our personal and pro-fessional lives. Such sweeping changes raise ethical issues that computing professionals must deal with. This is addressed in “Ethics in Information Security,” from IEEE S&P’s May/June 2017 issue.

IEEE Cloud Computing

Data integration is still an after-thought when it comes to cloud deployments, according to “Cloud Computing Changes Data Integra-tion Forever: What’s Needed Right Now,” from IEEE Cloud Comput-ing’s May/June 2017 issue. Enter-prises moving to the cloud tend to focus on the move itself, not on what they need to do once they get there. But they should also focus on data integration because they will have to use their cloud deploy-ment to share their information among diff erent systems.

IEEE Computer Graphics and Applications

Researchers have studied simula-tions of surgical cuts on deform-able bodies for more than two decades. However, previous eff orts based on fi nite element methods and mass spring meshes don’t scale to complex surgical sce-narios. “Effi cient Surgical Cutting with Position-Based Dynamics,” from CG&A’s May/June 2017 issue, presents a novel method that uses

position-based dynamics for mesh-free cutting simulation.

IEEE Intelligent Systems

Over the last two decades, man-ufacturing has become more intelligent and data driven. The manufacturing industry has used these capabilities to start focus-ing on analyzing huge data sets from entire production lines over long periods to identify perfor-mance, maintenance, and defect-related issues. “Manufacturing Analytics and Industrial Inter-net of Things,” from IEEE Intel-ligent Systems’ May/June 2017 issue, presents a related case study and looks at matters such as data extraction, modeling, and visualization.

IEEE MultiMedia

“JPEG at 25: Still Going Strong,” from IEEE MultiMedia’s April–June 2017 issue, asks question about JPEG—which is celebrating its 25th anniversary as a standard this year—such as where did it come from and what fundamental com-ponents have given it longevity.

IEEE Annals of the History of Computing

“At the Electronic Crossroads Once Again: The Myth of the Mod-ern Computer Utility in the United States,” from IEEE Annals’ April–June 2017 issue, tries to determine whether past and present applica-tions of the term “computer util-ity” share any commonalities. The authors also question whether

there has ever actually been such a utility.

IEEE Pervasive Computing

The authors of “On-Device Mobile Phone Security Exploits Machine Learning,” from IEEE Pervasive Computing’s April–June 2017 issue, off er a novel approach for protecting mobile devices from malware and keeping them from connecting to malicious access points. The approach uses learn-ing techniques to analyze apps and their behavior at runtime, and monitors the way devices associ-ate with Wi-Fi access points.

IT Professional

“Big Data and Big Money: The Role of Data in the Financial Sec-tor,” from IT Pro’s May/June 2017 issue, looks at big data’s relevance to the fi nancial sector. The article also outlines both adoption chal-lenges and future opportunities.

IEEE Micro

IEEE Micro’s May/June 2017 spe-cial issue features the top papers from the various 2016 computer-architecture conferences, as cho-sen by a selection committee.

Computing Now

The Computing Now website (computingnow.computer.org) features up-to-the-minute com-puting news and blogs, along with articles ranging from peer-reviewed research to opinion pieces by indus-try leaders.

6 August 2017 Published by the IEEE Computer Society 2469-7087/17/$33.00 © 2017 IEEE12 C O M P U T E R P U B L I S H E D B Y T H E I E E E C O M P U T E R S O C I E T Y 0 0 1 8 - 9 1 6 2 / 1 7 / $ 3 3 . 0 0 © 2 0 1 7 I E E E

SECTION TITLESPOTLIGHT ON TRANSACTIONS

Computer Engineers’ Challenges for the Next Decade: The Triangle of Power Density, Circuit Degradation, and ReliabilityJörg Henkel, Karlsruhe Institute of Technology

Paolo Montuschi, Polytechnic University of Turin

This installment highlighting the work published

in IEEE Computer Society journals comes from

IEEE Transactions on Computers.

For more than 65 years, IEEE Transactions on Computers (TC)has served the computing community with top-quality

research contributions. We recently played a stimulating game: we rolled back 10+ years, grabbed a few TC issues, looked at the state of the art in a partic-ular � eld, compared it with today’s pic-ture, and re� ected on the fact that “old” problems have been solved and “new” questions have emerged. First, there was Moore’s law. Then came Dennard scaling (DS), which states that when moving from one technology node to the next, a transistor’s power density is constant—that is, independent of the technology. Recently, DS was discontin-ued. So, what will happen in the future?

It’s a fact that power density will be a major challenge for the foreseeable future. Despite orders-of-magnitude

improved e� ciency, power consump-tion per area is sharply rising. The reason is that, after a long reign, DS has ended because supply voltage has stopped scaling down. Some refer to this problem as “dark silicon,” infer-ring that major parts of a chip would need to remain idle (dark)—but expen-sive, highly integrated silicon clearly can’t stay idle.

One promising solution is to tightly control power densities, operating close to or even temporarily exceeding recommended densities. To investi-gate the physical implications of high power densities, we must distinguish among peak and average tempera-tures and temporal and spatial ther-mal gradients because they trigger circuit-aging mechanisms such as negative-bias temperature instability and electromigration.

Various techniques have been investigated to mitigate, for example, recon� gurable cir-

cuits’ aging problem.1 System-level approaches can also mitigate the prob-lem at the OS level, where hardware re-sources are carefully selected to avoid rapid circuit degradation.2 More accu-rate circuit-aging models are needed to allow high-level methods to operate on-chip systems at their real power- density limits (rather than costly con-servative ones),3 while continuously monitoring the tradeo� between per-formance and thermally triggered aging mechanisms and their negative short- and long-term reliability ef-fects.3 Involving all abstraction layers in the on-chip system’s design process in this smart way will help extend DS. The key is cross-layer approaches.

REFERENCES1. H. Zhang et al., “Aging Resilience

and Fault Tolerance in Runtime Recon� gurable Architectures,” IEEE Trans. Computers, vol. 66, no. 6, 2017, pp. 957–970.

2. H. Khdr et al., “Power Density-Aware Resource Management for Hetero-geneous Tiled Multicores,” to be published in IEEE Trans. Computers, vol. 66, no. 3, 2017.

3. S. Pagani et al., “Thermal Safe Power (TSP): E� cient Power Budgeting for Heterogeneous Manycore Systems in Dark Silicon,” IEEE Trans. Computers, vol. 66, no. 1, 2017, pp. 147–162.

JÖRG HENKEL is a professor at Karlsruhe Institute of Technology. Contact him at henkel@kit edu or visit ces.itec.kit.edu/~henkel.

PAOLO MONTUSCHI is a profes-sor of computer engineering at Polytechnic University of Turin. Contact him at [email protected] or visit sta� .polito.it/paolo.montuschi.

2469-7087/17/$33.00 © 2017 IEEE Published by the IEEE Computer Society August 2017 7

EDITOR’S NOTEEDITOR’S NOTEEDITOR’S NOTEEDITOR’S NOTEEDITOR’S NOTEEDITOR’S NOTEEDITOR’S NOTE

Since cloud computing began in earnest about 20 years ago, researchers have advanced the approach considerably.

Cloud computing now involves technologies and issues such as fog computing, the Internet of Things (IoT), forensics in the cloud, edge computing, quality of service, and standards. August’s ComputingEdgeissue looks at these and other important matters.

The availability of many types of open source systems off ers aff ordable opportunities for organi-zations to build and adopt various kinds of cloud-computing environments, according to Computer’s “Open Source Solutions for Cloud Computing.”

Computing along the boundary between cloud components and the world of humans and devices entails connectedness that requires the development of new standards, note the authors of IEEE Cloud Computing’s “Standards at the Edge of the Cloud.”

The author of IEEE Internet Computing’s “Qual-ity of Cloud Services: Expect the Unexpected” presents experiences from several years of bench-marking cloud services. He discusses how the quality-related behaviors he observed aff ect cloud applications, for better or worse.

Computer’s “Extending the Cloud to the Net-work Edge” looks at the Telefónica telecommunica-tions company’s OnLife project, which virtualizes the access network and gives cloud-computing capabilities at the network edge to IoT application developers and content providers.

“Evidence and Forensics in the Cloud: Chal-lenges and Future Research Directions,” from IEEE Cloud Computing, describes cloud forensics’ challenges and opportunities.

Managing resources in IoT edge devices presents signifi cant challenges. The authors of “FocusStack: Orchestrating Edge Clouds Using Focus of Attention,” from IEEE Internet Comput-ing, propose managing edge devices as part of infrastructure-as-a-service clouds, employing their FocusStack approach.

The amount of data used in both cloud com-puting and the IoT could easily grow to become unmanageable, which creates numerous prob-lems. “Connecting Fog and Cloud Computing,” from IEEE Cloud Computing, looks at the problems and potential solutions.

This ComputingEdge issue also includes arti-cles on topics other than cloud computing:

• The ready availability of processing power is altering the nature of software engineering, according to IEEE Software’s “How Abundance Changes Software Engineering.”

• The author of IEEE MultiMedia’s “Multimedia Research: What Is the Right Approach?” asks whether the multimedia community is suffi -ciently proactive in discussing how to select the correct research approaches for solving various problems.

Computing in the Cloud

8 August 2017 Published by the IEEE Computer Society 2469-7087/17/$33.00 © 2017 IEEE66 C O M P U T E R P U B L I S H E D B Y T H E I E E E C O M P U T E R S O C I E T Y 0 0 1 8 - 9 1 6 2 / 1 7 / $ 3 3 . 0 0 © 2 0 1 7 I E E E

CLOUD COVER

Cloud computing—which lets organizations access resources on demand via the Internet, rather than having to provide applications and services on their own—has emerged as

a cost-e� ective and e� cient way to deploy IT solutions. However, commercial, proprietary cloud products are of-ten expensive. Open source cloud-computing systems, on the other hand, o� er cheaper, vendor-independent alter-natives1–3 that provide scalability, customizability, secu-rity, interoperability, and easier migration.

Communities of skilled volun-teers working together over the In-ternet collaboratively develop open source, cloud-based infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and hypervisor systems, which continue to evolve and im-

prove. Their features and compatibility with existing in-frastructures have increased industry adoption by lead-ing � rms and start-ups.

I address these matters in this article, which is an abridged, updated version of a chapter that I co-wrote on this topic published in Encyclopedia of Cloud Computing.4

OPEN SOURCE IAASIaaS provides customers with raw computing infrastruc-ture, including storage, processing, and networking

Open Source Solutions for Cloud ComputingG.R. Gangadharan, Institute for Development and Research in Banking Technology

The availability of many open source

systems offers affordable opportunities for

organizations to build and adopt various types

of cloud computing environments.

www.computer.org/computingedge 9J A N U A R Y 2 0 1 7 67

EDITOR SAN MURUGESAN BRITE Professional Services; [email protected]

resources. There are several popular open source IaaS systems (see Table 1).

For example, Hewlett-Packard’s HPE Helion Eucalyptus (www.eucalyptus.com)—elastic utility computing archi-tecture for linking programs to useful systems—is a scalable IaaS framework that uses the Amazon Web Services (AWS) API to enable interoperability and cloud creation. It supports KVM (kernel-based virtual machine), Xen, and VMware virtualization; runs on

major Windows and Linux distribu-tions; and integrates with Amazon’s S3 (Simple Storage Service) and EC2 (Elas-tic Compute Cloud) public clouds.

OpenStack (www.openstack.org) o� ers a modular architecture that provides a component-based way to build clouds. It was developed by cloud-computing vendor Rackspace Inc. and NASA, and is supported by companies such as Hewlett-Packard, IBM, and Intel.

Apache CloudStack (cloudstack.apache.org) supports KVM, VM-ware’s vSphere, and Xen virtualiza-tion, and o� ers a management server with a web dashboard.

OPEN SOURCE PAASPaaS o� ers development and middle-ware systems for designing and test-ing software. There are several note-worthy open source PaaS platforms (see Table 2).

TABLE 1. Comparison of open source infrastructure-as-a-service (IaaS) offerings.

Criteria Eucalyptus OpenStack CloudStack

Ease of deployment and management

Amazon Web Services (AWS)–compatible API; web-based management console

Automated deployment and management using the open source Compass system

Web-based management of server provisioning, hosts, storage, and other elements

Provisioning and orchestration

Supported by cloud controller, cluster controller, and node controller

Uses Heat Orchestration Template, via Representational State Transfer (REST) APIs to launch multiple composite-cloud applications

Supported by the CloudStack orchestration engine

Monitoring and alerts

Supports tools like Ganglia and NagiosSupported by Eucalyptus Stats and Amazon’s Cloudwatch

Supports tools like Nagios and GangliaSupported by OpenStack Telemetry

Supports tools like Zenoss and NagiosSupports noti� cations via email and management server

Interoperability Supports AWS API, EC2 (Elastic Compute Cloud), and S3 (Simple Storage Service)

Supports RefStack and Citrix Systems’ NetScaler SD-WAN

Supports NetScaler SD-WAN

Networking modes and services

Edge, managed (virtual LAN/non-VLAN), virtual-private-cloud networking modes

API-driven networking serviceVLAN, ¡ at, generic routing encapsulation, and virtual extensible LAN networking modes

Basic (layer 3 � ltering) zone and advanced zone

Storage Allocation and deallocation of memory on demand by the storage controller

Supported by ephemeral � le system, block storage cinder, Object Storage (Swift), and shared � le system

Primary storage: disk volumes for guest virtual machines associated with cluster Secondary storage: Network File System-based storage

Security Security groups (networking rules applied to all associated instances [layer 2 isolation]), identity access control

Components for identity provisioning, password management, and authentication

Web sessions, Data Encryption Standard–encrypted tokens, security groups

Support Supported by knowledge base, documentation, web-based issue tracking, community forum, reference architectures, and expert support from Hewlett Packard Enterprise

Supported by Internet relay chat (IRC), documentation and community forum, and vendor support

Supported by documentation, community support, and IRC channel

66 C O M P U T E R P U B L I S H E D B Y T H E I E E E C O M P U T E R S O C I E T Y 0 0 1 8 - 9 1 6 2 / 1 7 / $ 3 3 . 0 0 © 2 0 1 7 I E E E

CLOUD COVER

Cloud computing—which lets organizations access resources on demand via the Internet, rather than having to provide applications and services on their own—has emerged as

a cost-e� ective and e� cient way to deploy IT solutions. However, commercial, proprietary cloud products are of-ten expensive. Open source cloud-computing systems, on the other hand, o� er cheaper, vendor-independent alter-natives1–3 that provide scalability, customizability, secu-rity, interoperability, and easier migration.

Communities of skilled volun-teers working together over the In-ternet collaboratively develop open source, cloud-based infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and hypervisor systems, which continue to evolve and im-

prove. Their features and compatibility with existing in-frastructures have increased industry adoption by lead-ing � rms and start-ups.

I address these matters in this article, which is an abridged, updated version of a chapter that I co-wrote on this topic published in Encyclopedia of Cloud Computing.4

OPEN SOURCE IAASIaaS provides customers with raw computing infrastruc-ture, including storage, processing, and networking

Open Source Solutions for Cloud ComputingG.R. Gangadharan, Institute for Development and Research in Banking Technology

The availability of many open source

systems offers affordable opportunities for

organizations to build and adopt various types

of cloud computing environments.

10 Computing Edge August 201768 C O M P U T E R W W W . C O M P U T E R . O R G / C O M P U T E R

CLOUD COVER

VMware, Dell EMC, and General Electric developed Cloud Foundry (www.cloudfoundry.org) as a self- service application-execution engine, automated deployment engine, and lifecycle manager, integrated with various development tools. It uses a scriptable command-line interface.

Cloudify (getcloudify.org) is a TOSCA (topology and orchestration specification for cloud applications)- based cloud orchestration frame-work that models applications and services, and automates their entire lifecycles.

OpenShift (www.openshift.com), which open source software vendor Red Hat developed, leverages both Kuber-netes, Google’s open source container cluster manager, and Docker, an open source system that automates the de-ployment of Linux applications within containers. OpenShift adds DevOps tools to improve deployed applications’ development and maintenance.

OPEN SOURCE SAASSaaS o�ers software hosted on a pro-vider’s infrastructure. Open source SaaS cloud systems allow rapid cus-tomization and extension of the pro-vided software. There are several important open source SaaS cloud of-ferings (see Table 3).

Acquia (www.acquia.com) en-ables hosting of the Drupal content- management system on the Amazon EC2 cloud service to create a digital foundation for delivering web content.

SuiteCRM (suitecrm.com) is a customer relationship management (CRM) application.

Openbravo (openbravo.com) is enter-prise resource planning (ERP) software.

OPEN SOURCE HYPERVISORSHypervisors are the foundation of cloud computing, providing a way to create, run, manage, and delete VMs on the �y without changing the hardware

environment. They also enable resource sharing. There are several leading open source hypervisors (see Table 4).

KVM (www.linux-kvm.org) is a Li-nux kernel module that permits VM hosting. It is a virtualization infra-structure for the Linux kernel that turns it into a hypervisor.

OpenVZ (openvz.org) allows OS-level virtualization by creating multi-ple secure, isolated Linux containers on a single server. This enables better server utilization and avoids applica-tion con�icts.

Xen (www.xenproject.org) uses a microkernel to provide services that run a VM. It lets multiple OSs execute on the same hardware simultaneously and enables VM migration over a LAN.

The availability of many open source cloud o�erings lets organizations adopt a ho-

listic cloud ecosystem in which

TABLE 2. Comparison of open source platform-as-a-service (PaaS) solutions.

Criteria Cloud Foundry Cloudify OpenShift

Ease of deployment

Provides services for easy developmentSupports command-line interface (CLI) pushes and many languages

Supports dynamic provisioning and automatic resource scalability

Provides automatic deployment through Git pushes or the Red Hat Cloud (RHC) CLI tool

Security Provides account authentication as an identity-management service

Supports role- and resource-based authorization security

Uses �rewalls, intrusion-detection systems, port monitoring, RPM (Red Hat’s RPM package manager) veri�cation, and encrypted communication

Features Supports multiple languages and frameworks with �exible con�gurations

Provides a simple orchestration tool to con�gure and manage cloud resources and to better support integration with external tools

Supports multiple languages and databases

Service metering

O�ers REST (Representational State Transfer)-based metering and aggregation services via cf-abacus, Cloud Foundry’s usage-metering engine

Supports third-party metering service for accounting of pay-per-use resources

Provides microservice metering, which measures units consumed at the container level

Resilience Provides virtual-machine resurrection and cross availability-zone redundancy

Supports automatic resource control

Allows failovers and loose-service coupling for resilienceAllows both vertical (more resources) and horizontal (more instances) scaling via the open source HAProxy TCP/HTTP load balancer

www.computer.org/computingedge 11J A N U A R Y 2 0 1 7 69

organizations can adopt di�erent solutions for di�erent purposes, based on what’s best for them. Table 5 lists some of the organizations sup-porting open source cloud systems.

Open source cloud solutions of-fer freedom of reuse and promote innovation. Their vendor neutrality and interoperability make migration cost-e�ective and easy. However, se-curity issues, lack of service support, and the shortage of IT workers skilled

in these systems still limit adoption. Thus, more research is needed in these areas.

ACKNOWLEDGMENTSI would like to thank University of Hy-derabad PhD student Deepnarayan Ti-wari and Srinivas Komaragiri, a post-graduate student in banking technology at the Institute for Development and Re-search in Banking Technology, for their useful insights.

REFERENCES1. I. Voras, B. Mihaljevic, and M.

Orlic, “Criteria for Evaluation of Open Source Cloud Computing Solutions,” Proc. 33rd Int’l Conf. In-formation Technology Interfaces (ITI 11), 2011, pp. 137–142.

2. P.T. Endo et al., “A Survey on Open Source Cloud Computing Solu-tions,” Proc. 28th Brazilian Symp. Computer Networks and Distributed Systems (SBRC 10), 2010, pp. 3–16.

TABLE 3. Comparison of open source software-as-a-service (SaaS) offerings.

Criteria Acquia SuiteCRM Openbravo

Features and applicability

A content-management system that lets users add modules and perform custom coding as neededProvides a content-delivery network

A fully customizable customer relationship management system that lets users extend its functionality as needed

A web-based enterprise resource-planning system that automates most common business processes

Security Supports physical security, customer segregation, system-access controls, OS and LAMP-stack security-patch management, antivirus upload scanning, �le-system encryption, SSL, HTTPS, data and physical media destruction, and logging

Supports role-based security models with the con�guration of network security such as SSL and HTTPS Provides OS security by including access control, �le-system encryption, and so on

Supports SSL and HTTPS

Scalability Manages sudden tra�c spikes Uses the Network File System Uses model-view-controller programming to enable scalability

Support Includes community forum, documentation, and Internet relay chat

Includes community forum and documentation

Includes community forum and documentation

TABLE 4. Comparison of open source hypervisors.

Criteria KVM OpenVZ Xen

Supported hosts Supports x86 and x86-64Ported to ARM, PowerPC, and IA-64

Supports x86 andx86-64 Available for ARM, IA-32, x86, and x86-64

Features Provides emulation via QEMU, an open source hypervisorProvides paravirtualization

Provides virtualization, checkpointing, isolation, and resource management

Provides virtual machine migration over a LAN, hardware-assisted virtualization, and paravirtualization

Supported guest OS Runs UNIX-like distributions, Windows, OS X, Android, and Solaris

Supports only Linux distributions Runs most UNIX-like distributions and runs Windows with virtualization support

Support Includes forums and online tracking

Supported by online forums, as well as wiki and issue/source tracking via a Git repository

Includes a knowledge center, online forums, training, and paid Citrix Systems support

68 C O M P U T E R W W W . C O M P U T E R . O R G / C O M P U T E R

CLOUD COVER

VMware, Dell EMC, and General Electric developed Cloud Foundry (www.cloudfoundry.org) as a self- service application-execution engine, automated deployment engine, and lifecycle manager, integrated with various development tools. It uses a scriptable command-line interface.

Cloudify (getcloudify.org) is a TOSCA (topology and orchestration specification for cloud applications)- based cloud orchestration frame-work that models applications and services, and automates their entire lifecycles.

OpenShift (www.openshift.com), which open source software vendor Red Hat developed, leverages both Kuber-netes, Google’s open source container cluster manager, and Docker, an open source system that automates the de-ployment of Linux applications within containers. OpenShift adds DevOps tools to improve deployed applications’ development and maintenance.

OPEN SOURCE SAASSaaS o�ers software hosted on a pro-vider’s infrastructure. Open source SaaS cloud systems allow rapid cus-tomization and extension of the pro-vided software. There are several important open source SaaS cloud of-ferings (see Table 3).

Acquia (www.acquia.com) en-ables hosting of the Drupal content- management system on the Amazon EC2 cloud service to create a digital foundation for delivering web content.

SuiteCRM (suitecrm.com) is a customer relationship management (CRM) application.

Openbravo (openbravo.com) is enter-prise resource planning (ERP) software.

OPEN SOURCE HYPERVISORSHypervisors are the foundation of cloud computing, providing a way to create, run, manage, and delete VMs on the �y without changing the hardware

environment. They also enable resource sharing. There are several leading open source hypervisors (see Table 4).

KVM (www.linux-kvm.org) is a Li-nux kernel module that permits VM hosting. It is a virtualization infra-structure for the Linux kernel that turns it into a hypervisor.

OpenVZ (openvz.org) allows OS-level virtualization by creating multi-ple secure, isolated Linux containers on a single server. This enables better server utilization and avoids applica-tion con�icts.

Xen (www.xenproject.org) uses a microkernel to provide services that run a VM. It lets multiple OSs execute on the same hardware simultaneously and enables VM migration over a LAN.

The availability of many open source cloud o�erings lets organizations adopt a ho-

listic cloud ecosystem in which

TABLE 2. Comparison of open source platform-as-a-service (PaaS) solutions.

Criteria Cloud Foundry Cloudify OpenShift

Ease of deployment

Provides services for easy developmentSupports command-line interface (CLI) pushes and many languages

Supports dynamic provisioning and automatic resource scalability

Provides automatic deployment through Git pushes or the Red Hat Cloud (RHC) CLI tool

Security Provides account authentication as an identity-management service

Supports role- and resource-based authorization security

Uses �rewalls, intrusion-detection systems, port monitoring, RPM (Red Hat’s RPM package manager) veri�cation, and encrypted communication

Features Supports multiple languages and frameworks with �exible con�gurations

Provides a simple orchestration tool to con�gure and manage cloud resources and to better support integration with external tools

Supports multiple languages and databases

Service metering

O�ers REST (Representational State Transfer)-based metering and aggregation services via cf-abacus, Cloud Foundry’s usage-metering engine

Supports third-party metering service for accounting of pay-per-use resources

Provides microservice metering, which measures units consumed at the container level

Resilience Provides virtual-machine resurrection and cross availability-zone redundancy

Supports automatic resource control

Allows failovers and loose-service coupling for resilienceAllows both vertical (more resources) and horizontal (more instances) scaling via the open source HAProxy TCP/HTTP load balancer


CLOUD COVER

3. C. Bryant, “A Guide to Open Source Cloud Computing Software.” Tom’s IT Pro, 12 June 2014; www.tomsitpro.com/articles/open-source-cloud-computing-software,2-754.html.

4. G.R. Gangadharan et al., “Open-Source Cloud Software Solutions,” Encyclopedia of Cloud Computing, S. Murugesan and I. Bojanova, eds., Wiley-IEEE Press, 2016, pp. 139–149.

TABLE 5. Organizations supporting open source cloud systems.

Category Open source cloud system Organizations

IaaS Eucalyptus Hewlett Packard Enterprise

OpenStack Best Buy, Bloomberg, Comcast, PayPal Holdings

CloudStack China Telecommunications, DataCentrix Holdings, University of Melbourne

PaaS CloudFoundry Cisco Systems, Hewlett Packard Enterprise, IBM, SAP

Cloudify GigaSpaces Technologies, VMware

OpenShift 6Fusion, Accenture, Vizuri

SaaS Acquia Australian government, BBC, Warner Music Group

SuiteCRM NHS England

Openbravo Decathlon, Home’s Up

Hypervisor KVM IBM, Linux

OpenVZ Virtuozzo

Xen Cavium, Intel

Read your subscriptions through the myCS publications portal at

http://mycs.computer.org

G.R. GANGADHARAN is an as-sociate professor at the Institute for Development and Research in Banking Technology, India. Contact him at [email protected].

2017 B. Ramakrishna Rau AwardCall for Nominations

Honoring contributions to the computer microarchitecture field

New Deadline: 1 May 2017

Established in memory of Dr. B. (Bob) Ramakrishna Rau, the award recognizes his distinguished career in promoting and expanding the use of innovative computer microarchitecture techniques, including his innovation in complier technology, his leadership in academic and industrial computer architecture, and his extremely high personal and ethical standards.

WHO IS ELIGIBLE?: The candidate will have made an outstanding innovative contribution or contributions to microarchitecture, use of novel microarchitectural techniques or compiler/architecture interfacing. It is hoped, but not required, that the winner will have also contributed to the computer microarchitecture community through teaching, mentoring, or community service.

AWARD: Certificate and a $2,000 honorarium.

PRESENTATION: Annually presented at the ACM/IEEE International Symposium on Microarchitecture

NOMINATION SUBMISSION: This award requires 3 endorsements. Nominations are being accepted electronically: www.computer.org/web/awards/rau

CONTACT US: Send any award-related questions to [email protected]

www.computer.org/awards

got flaws?

Find out more and get involved:cybersecurity.ieee.org

This article originally appeared in Computer, vol. 50, no. 1, 2017.

2469-7087/17/$33.00 © 2017 IEEE Published by the IEEE Computer Society August 2017 132 3 2 5 - 6 0 9 5/ 16/$ 3 3 . 0 0 © 2 0 16 I EEE M A R CH/A P R I L 2 0 1 7 I EEE CLO U D CO M P U T I N G 63

ALAN SILL Texas Tech University, [email protected]

CLOUD CLOUD

CLOUD COMPUTING ASSUMES COMMUNI-CATION AMONG PARTICIPATING COMPO-NENTS. The boundary between the collection of these components and the world of humans and de-vices has acquired a set of names that encompass dif-ferent concepts, including fog computing (implying a highly diffuse, distributed cloud), edge computing (implying a clean boundary between connected and non-connected devices), and the Internet of Things (IoT). These concepts all assume a degree of connect-edness that requires development of standards.

It’s intrinsically dif�cult to restrain the scope of discussion when tackling topics related to the Internet of Things. The idea that a relatively small number of communication and automation methods can allow simple control over real-world devices is compelling, and the power of this idea naturally leads one to gloss over the many dif�culties that come with implementing it. It’s good to look at some counter-examples, therefore, from the outset.

Even among humans, communication is not a simple endeavor. Despite many attempts, some po-litical, some altruistic, and most at their core eco-nomic, there has never been nor will there ever most likely be a single standard spoken or written language that spans all of humanity and crowds all other languages to non-existence. The closest we have come so far as a species may be HTML, and even this nearly-universal method shows the rapid evolution, fragmentation, and specialization that are characteristic of human endeavors.

In the light of this historical failure, and for oth-er reasons that I’ll cover in this column, we should be modest in our expectations for a single unifying paradigm and a single simple set of standards to cov-er the concepts mentioned above.

The Internet of EverythingA smooth intellectual transition can take place from observing that some real devices can be connected and automated to the assumption that everything can be treated as part of the same col-lection. It would not be correct, however, to assume that standards for communication protocols, hard-ware, device management, data formats, security, or any of the other myriad aspects of the “things” in the IoT will all become uniform and simpli�ed on their own.

Even as individuals, people have a natural pre-disposition to pursue multiple options and to keep their choices �exible and variable. The Internet of Everything, if it comes to exist, will necessarily in-clude many such things chosen to be included in this collection at various times and by different sets of people, all making choices according to their own needs and circumstances.

A large amount of device history and many different physical and communication choices will be aggregated together. Some fog, edge, and IoT aspects will be easier than others to include in the resulting aggregated collection, and some will require special considerations. As covered elsewhere in this special issue, a wide variety of sensors, inputs, and communication mecha-nisms with an equally wide range of reliability and security considerations will also have to be included.

Standards at the Edge of the Cloud

d2sta.indd 63 7/21/17 9:16 AM

14 Computing Edge August 201764 I EEE CLO U D CO M P U T I N G W W W.CO M P U T ER .O R G /CLO U D CO M P U T I N G

STANDARDS NOW

Fog, Edge, and Non-Centralized ComputingThese fog, edge, and IoT concepts share the basic characteristic that they are not concentrated in a single location. They are intrinsically distributed, with the characteristic assumption that they can in principle be connected through intermediate mech-anisms. Such mechanisms may not be simple single interfaces, but may instead take place through mul-tiple levels or layers, each of which is amenable to one or more standard speci�cations.

A useful breakdown of these multiple layers has been compiled at the postscapes.com web site. Again, because of history and the variety of com-munication methods and devices, multiple protocols can be applicable at each layer.

A summary of these topics and typical stan-dards associated with each of them extended from the collection at this site is contained in Table 1. This collection is not at all exhaustive or definitive, but already serves to illustrate the va-riety of existing specifications and considerations for connecting devices and getting them to oper-ate in IoT settings.

To �t the discussion of these topics in the space available in this column, I won’t attempt to cover every topic in Table 1 or to expand each of

these abbreviations. Some have been covered in previous columns in this series, and the rest can be found on the web site referenced. Instead, I’ll concentrate the rest of this column on standards speci�c to the edge of the cloud, and especially on those that are receiving recent attention to adapt them to such settings.

Edge-Specific Communication TechnologiesCommunication technologies have experienced a burst of recent activity driven by the need to im-prove speeds and reliability across a wide range of transmission methods. Among the standards that have seen rapid evolution are several in the IEEE 802.x family of speci�cations (www.ieee802.org). Although these are similarly named and differ in designation only in the �nal numbers and letters, they differ widely in data format and signaling be-havior and, for wireless speci�cations, in frequency spectrum and physical range.

For IoT applications, the standards that have seen the most recent activity include 802.11ad, aimed to replace 802.11ac as the highest-speed short-range WLAN communications; 802.11af, which is being proposed as a long-range wide-area protocol; and

Table 1. A classification of layers and settings for IoT, edge, and fog computing along with examples of relevant standards and protocols.

Layer Type Example Protocol, Standard, and/or Setting

Infrastructure 6LowPAN, IPv4/IPv6, RPL

Identification EPC, uCode, IPv6, URIs

Communications / Transport Wifi, Bluetooth, LPWAN

Discovery Physical Web, mDNS, DNS-SD

Data and Messaging Protocols MQTT, CoAP, AMQP, Websocket, Node

Device Management TR-069, OMA-DM

Semantic JSON-LD, Web Thing Model

Multi-layer Frameworks Alljoyn, IoTivity, Weave, Homekit

Security OTrP, X.509, Blockchain, OAuth, OpenID

Industry Vertical Connected Home, Industrial, Utility, Telecom

d2sta.indd 64 7/21/17 9:52 AM

www.computer.org/computingedge 15M A R CH/A P R I L 2 0 1 7 I EEE CLO U D CO M P U T I N G 65

802.11ah (also called “low power WiFi”), which is aimed at long-range but shorter-duration applica-tions such as those for sensors and other sources of intermittent data. A standard designated as “WiFi” is differentiated from other wireless communica-tions in that it always incorporates use of the full TCP/IP protocols.

These various speci�cations also use differ-ent portions of the radio spectrum. For example, 802.11ad is designed for 60 GHz communications using a region of the spectrum that has not been ex-ploited yet due to cost and technology limitations, and that has not yet been agreed for use by interna-tional standards bodies.

Another, 802.11ah, uses portions of the spectrum between 54 and 790 MHz that have up to now been used for broadcast television, and therefore must be freed for other uses by individual governments through regulatory processes. It uses the already-crowded 900 MHz band, which is in use also by com-peting approaches including some non-standardized proprietary WiFi devices.

Similar evolution is taking place in the Blue-tooth family of speci�cations. Low-energy Bluetooth is already built into almost all recent-generation smartphones, for example. Its advantages of low power requirements and inexpensive chip sets are counterbalanced by limited range and complica-tions involving pairing and coordination of key sets among devices.

Emerging approaches to this problem com-bine Bluetooth access to local devices that serve as bridges to other communication technologies. The Bluetooth standard itself is evolving to include other variants, such as Bluetooth 4.2, which uti-lizes the Internet Engineering Task Force (IETF) IPv6/6LoWPAN protocol1 to transmit IPv6 packets and to form corresponding IPv6 link-local addresses with stateless auto-con�gured addresses on IEEE 802.15.4 networks.

Cellular and mesh network communication ap-proaches are also being applied to machine-to-machine communications, and to overlay networks that can extend and enhance the range and reliability of other networking methods. A wide variety of other communication technologies aimed at reducing the complexity and power requirements for dedicated in-dustrial IoT applications is also being pursued.

A wireless data networking technology based on the earlier Highway Addressable Remote Transduc-er Protocol (HART) digital instrumentation wired automation standard called WiHART (or Wire-lessHART) also emerged in 2004. It was adopted as IEC 62591 in 2010, which was replaced in 2016 by an updated version.2 The radio communications are de�ned by IEEE 802.15.4, and operate as a mesh protocol in the 2.4 GHz band.

Messaging Standards and ProtocolsBeyond the physical transmission layer, selection of a data interchange method is also necessary. The most familiar of these is HTTP and its secure vari-ant (HTTPS), which are speci�ed in a range of IETF documents summarized at the working group web-site (httpwg.org/specs). Several other application, transport, and link layer protocols are also useful. (see the May/June 2016 “Standards Now” column for an overview of the de�nitions of these network-ing layers). 3

For communications that can be intermittent or don’t have to be completely received, the User Datagram Protocol (UDP)4 is a useful method to carry out Internet communications. It can also be used to carry out IP communications in situations in which handshaking and veri�cation of receipt of the individual message packets aren’t necessary. Al-ternatives to UDP are TCP and the Stream Control Transmission Protocol (SCTP).5

Several IETF documents form the basis of the much more complex set of speci�cations underlying the Transmission Control Protocol (TCP)6, which continues to receive ongoing attention from the In-ternet community due to its importance in various settings.

Methods to handle publish/subscribe messag-ing, such as the Message Queuing Telemetry Trans-port (MQTT)7, can have advantages compared to the previously described protocols when used for machine-to-machine communication at high speeds.

The Constrained Application Protocol (CoAP)8, another manufacturing-relevant specialized trans-fer standard, provides a “request/response interac-tion model between application endpoints, supports built-in discovery of services and resources, and in-cludes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily

d2sta.indd 65 7/21/17 9:16 AM

64 I EEE CLO U D CO M P U T I N G W W W.CO M P U T ER .O R G /CLO U D CO M P U T I N G

STANDARDS NOW

Fog, Edge, and Non-Centralized ComputingThese fog, edge, and IoT concepts share the basic characteristic that they are not concentrated in a single location. They are intrinsically distributed, with the characteristic assumption that they can in principle be connected through intermediate mech-anisms. Such mechanisms may not be simple single interfaces, but may instead take place through mul-tiple levels or layers, each of which is amenable to one or more standard speci�cations.

A useful breakdown of these multiple layers has been compiled at the postscapes.com web site. Again, because of history and the variety of com-munication methods and devices, multiple protocols can be applicable at each layer.

A summary of these topics and typical stan-dards associated with each of them extended from the collection at this site is contained in Table 1. This collection is not at all exhaustive or definitive, but already serves to illustrate the va-riety of existing specifications and considerations for connecting devices and getting them to oper-ate in IoT settings.

To �t the discussion of these topics in the space available in this column, I won’t attempt to cover every topic in Table 1 or to expand each of

these abbreviations. Some have been covered in previous columns in this series, and the rest can be found on the web site referenced. Instead, I’ll concentrate the rest of this column on standards speci�c to the edge of the cloud, and especially on those that are receiving recent attention to adapt them to such settings.

Edge-Specific Communication TechnologiesCommunication technologies have experienced a burst of recent activity driven by the need to im-prove speeds and reliability across a wide range of transmission methods. Among the standards that have seen rapid evolution are several in the IEEE 802.x family of speci�cations (www.ieee802.org). Although these are similarly named and differ in designation only in the �nal numbers and letters, they differ widely in data format and signaling be-havior and, for wireless speci�cations, in frequency spectrum and physical range.

For IoT applications, the standards that have seen the most recent activity include 802.11ad, aimed to replace 802.11ac as the highest-speed short-range WLAN communications; 802.11af, which is being proposed as a long-range wide-area protocol; and

Table 1. A classification of layers and settings for IoT, edge, and fog computing along with examples of relevant standards and protocols.

Layer Type Example Protocol, Standard, and/or Setting

Infrastructure 6LowPAN, IPv4/IPv6, RPL

Identification EPC, uCode, IPv6, URIs

Communications / Transport Wifi, Bluetooth, LPWAN

Discovery Physical Web, mDNS, DNS-SD

Data and Messaging Protocols MQTT, CoAP, AMQP, Websocket, Node

Device Management TR-069, OMA-DM

Semantic JSON-LD, Web Thing Model

Multi-layer Frameworks Alljoyn, IoTivity, Weave, Homekit

Security OTrP, X.509, Blockchain, OAuth, OpenID

Industry Vertical Connected Home, Industrial, Utility, Telecom

d2sta.indd 64 7/21/17 9:52 AM


STANDARDS NOW

interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.”

The Advanced Message Queuing Protocol (AMQP)9 is also a middleware messaging standard set. It can be applied using either publish/subscribe or point-to-point communication patterns. AMQP has a layered architecture and is organized into dif-ferent parts to re�ect that architecture.

The Data Distribution Service (DDS)10 and re-lated DDS Data Local Reconstruction Layer (DDS-DLRL) speci�cations handle data interchange tasks related to IoT systems. Unlike the other protocols mentioned here, DDS can handle content-aware net-work routing, data prioritization by transport priori-ties, and both unicast and multicast communications within the methods de�ned by the standard set itself.

The most popular data formats in cloud com-puting are JavaScript Object Notation (JSON) and XML. JSON shows signi�cant evidence of adoption beyond the context of the JavaScript language, and may outlast it in the long run. For IoT and manufac-turing settings, another interesting re�nement is the Sensor Network Object Notation (SNON)11, which is a representation based on JSON that includes some prede�ned �elds that are especially useful in dealing with sensor data.

XML continues to receive attention and to be adapted to different IoT-related settings. The XML-based Extensible Messaging and Presence Protocol (XMPP) is designed for message-oriented middleware communications (see http://xmpp.org/extensions). Beyond its applications to human-oriented communi-cations, XMPP is also used in smart electrical grid applications and a variety of industrial applications. Several extensions directly oriented toward use in IoT settings were published in late 2015.

Security in Edge and Distributed SettingsBecause of the huge range in types of input, physical scale, frequency of communication and variety of us-ers, it is nearly impossible to summarize the security considerations for IoT, fog and edge computing within a single set of paradigms. The variable that is hardest to control, it seems to me, will be the degree to which human users wish to change their minds about the security perimeter that applies to a given function.

An owner of a given device might want one set of restrictions to apply on one day to a given setting, but decide to change this to a different set of users or conditions on a different day or even within the same day based on personal whim or variable needs. This characteristic of security—that it is not a static concept but instead can be mutable and subject to complex decision-making characteristics—strikes me as more important than the technical details of speci�c security protocols, which are well studied. A larger discussion of this topic will have to wait until a future issue.

AS ALWAYS, THIS DISCUSSION ONLY REP-RESENTS MY OWN VIEWPOINT. I’d like to hear your opinions and experience in this area. I’m sure other readers of the magazine would also appreciate additional information on this topic. Please respond with your input on this or previous columns. Please include news you think the com-munity should know about in the general areas of cloud standards, compliance, or related topics. I’m happy to review ideas for potential submissions to the magazine or for proposed guest columns. I can be reached for this purpose at alan.sill@standards -now.org.

References 1. IETF Datatracker. “Internet Engineering Task

Force (IETF) IPv6/6LoWPAN protocol,” https://datatracker.ietf.org/wg/6lowpan/documents.

2. Industrial Electrotechnical Commission, 2016; https://webstore.iec.ch/publication/24433.

3. Sill, Alan, “Standards Underlying Cloud Network,”IEEE Cloud Computing, vol. 3, no. 3, 2016, pp. 76–80.

4. “User Datagram Protocol (UDP),” https://tools.ietf.org/html/rfc768

5. “Stream Control Transmission Protocol (SCTP),” https://tools.ietf.org/html/rfc4960

6. “Transmission Control Protocol,” https://tools.ietf.org/html/rfc7414

7. OASIS, 2017; “Message Queuing Telemetry Transport (MQTT),” https://www.oasis-open .org/committees/mqtt/

8. “Constrained Application Protocol (CoAP),” https://tools.ietf.org/html/rfc7252

d2sta.indd 66 7/21/17 9:16 AM


9. “Advanced Message Queuing Protocol (AMQP),” https://www.amqp.org

10. Object Management Group, 2017; “Data Dis-tribution Service (DDS),” www.omg.org/spec/DDS

11. “Sensor Network Object Notation (SNON),” www.snon.org

ALAN SILL is senior director of the High Perfor-mance Computing Center and adjunct professor of physics at Texas Tech University. He also co-directs the US National Science Foundation’s multi-university “Cloud and Autonomic Computing” industry/univer-sity cooperative research center, and holds a posi-tion as visiting professor of distributed computing at the University of Derby. Sill has a PhD in physics from American University. He serves as president

for the Open Grid Forum and is an active member of IEEE, the Distributed Management Task Force, and other cloud standards working groups, and serves on national and international computing standards roadmap committees. For further details, visit http://nsfcac.org or contact him at alan.sill @standards-now.org.

Are Enemy Hackers Slipping through Your Team’s Defenses?

Protect Your Organization from Hackers

by Thinking Like Them

Take Our E-Learning Courses in the Art of Hacking

You and your staff can take these courses where you are and at your own pace, getting hands-on, real-

world training that you can put to work immediately.

www.computer.org/artofhacking

Read your subscriptions through the myCS publications portal at http://mycs.computer.org.

d2sta.indd 67 7/21/17 9:16 AM


STANDARDS NOW

interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.”

The Advanced Message Queuing Protocol (AMQP)9 is also a middleware messaging standard set. It can be applied using either publish/subscribe or point-to-point communication patterns. AMQP has a layered architecture and is organized into dif-ferent parts to re�ect that architecture.

The Data Distribution Service (DDS)10 and re-lated DDS Data Local Reconstruction Layer (DDS-DLRL) speci�cations handle data interchange tasks related to IoT systems. Unlike the other protocols mentioned here, DDS can handle content-aware net-work routing, data prioritization by transport priori-ties, and both unicast and multicast communications within the methods de�ned by the standard set itself.

The most popular data formats in cloud com-puting are JavaScript Object Notation (JSON) and XML. JSON shows signi�cant evidence of adoption beyond the context of the JavaScript language, and may outlast it in the long run. For IoT and manufac-turing settings, another interesting re�nement is the Sensor Network Object Notation (SNON)11, which is a representation based on JSON that includes some prede�ned �elds that are especially useful in dealing with sensor data.

XML continues to receive attention and to be adapted to different IoT-related settings. The XML-based Extensible Messaging and Presence Protocol (XMPP) is designed for message-oriented middleware communications (see http://xmpp.org/extensions). Beyond its applications to human-oriented communi-cations, XMPP is also used in smart electrical grid applications and a variety of industrial applications. Several extensions directly oriented toward use in IoT settings were published in late 2015.

Security in Edge and Distributed SettingsBecause of the huge range in types of input, physical scale, frequency of communication and variety of us-ers, it is nearly impossible to summarize the security considerations for IoT, fog and edge computing within a single set of paradigms. The variable that is hardest to control, it seems to me, will be the degree to which human users wish to change their minds about the security perimeter that applies to a given function.

An owner of a given device might want one set of restrictions to apply on one day to a given setting, but decide to change this to a different set of users or conditions on a different day or even within the same day based on personal whim or variable needs. This characteristic of security—that it is not a static concept but instead can be mutable and subject to complex decision-making characteristics—strikes me as more important than the technical details of speci�c security protocols, which are well studied. A larger discussion of this topic will have to wait until a future issue.

AS ALWAYS, THIS DISCUSSION ONLY REP-RESENTS MY OWN VIEWPOINT. I’d like to hear your opinions and experience in this area. I’m sure other readers of the magazine would also appreciate additional information on this topic. Please respond with your input on this or previous columns. Please include news you think the com-munity should know about in the general areas of cloud standards, compliance, or related topics. I’m happy to review ideas for potential submissions to the magazine or for proposed guest columns. I can be reached for this purpose at alan.sill@standards -now.org.

References 1. IETF Datatracker. “Internet Engineering Task

Force (IETF) IPv6/6LoWPAN protocol,” https://datatracker.ietf.org/wg/6lowpan/documents.

2. Industrial Electrotechnical Commission, 2016; https://webstore.iec.ch/publication/24433.

3. Sill, Alan, “Standards Underlying Cloud Network,”IEEE Cloud Computing, vol. 3, no. 3, 2016, pp. 76–80.

4. “User Datagram Protocol (UDP),” https://tools.ietf.org/html/rfc768

5. “Stream Control Transmission Protocol (SCTP),” https://tools.ietf.org/html/rfc4960

6. “Transmission Control Protocol,” https://tools.ietf.org/html/rfc7414

7. OASIS, 2017; “Message Queuing Telemetry Transport (MQTT),” https://www.oasis-open .org/committees/mqtt/

8. “Constrained Application Protocol (CoAP),” https://tools.ietf.org/html/rfc7252

d2sta.indd 66 7/21/17 9:16 AM

This article originally appeared in IEEE Cloud Computing, vol. 4, no. 2, 2017.


View from the CloudEditor: George Pallis • [email protected]

68 Published by the IEEE Computer Society 1089-7801/17/$33.00 © 2017 IEEE IEEE INTERNET COMPUTING

Quality of Cloud Services: Expect the UnexpectedDavid Bermbach • TU Berlin

Here, the author presents a number of experiences from several years of bench-

marking cloud services. He discusses how the respectively observed quality

behavior would have affected cloud applications or how cloud consumers could

use the behavior to their advantage.

I n the last few years, cloud computing has found widespread adoption in companies of all sizes. A core focus of these cloud consumers

is typically on cost savings, convenience of man-aged services, and on-demand capacity changes. The quality of cloud services, however, is usually taken “as-is”: based on documentation, advertise-ments, but also past experiences from a non-cloud world, cloud consumers typically have implicit assumptions. For instance, an eventually consis-tent storage system that claims to have triple rep-lication in close-by datacenters with high-speed network interconnection can be assumed to show low millisecond staleness – that is, relatively good consistency behavior. As another example, virtual machines (VMs) that come in sizes S, M, L, and XL can be expected to grow in capacity for all resources – network bandwidth, disk storage volume, RAM size, CPU clock speed, or cores – when choosing a bigger instance type. However, in both examples this isn’t always the case – in fact, cloud consum-ers should always expect the unexpected.

This isn’t meant to imply that the unexpected is always bad for the cloud consumer. Actually, observable quality behavior is typically much bet-ter than what’s guaranteed, for example, when cloud consumers only plan for what’s guaranteed, they’ll never tap the full potential of cloud ser-vices. Furthermore, violations of guarantees might still occur. Therefore, not knowing about the qual-ity of the cloud services used will generally either lead to unexpected negative surprises through (seemingly) obscure application behavior or to inef�ciencies when cloud consumers design their applications only based on explicitly provided quality guarantees. The only way to avoid this

and to get insights into the actual quality of cloud services is through cloud service benchmarking (see the related sidebar).

Thus, here I report on a number of experiences from several years of benchmarking cloud services and brie�y discuss how the respectively observed quality behavior would have affected cloud appli-cations or how cloud consumers could use the behavior to their advantage. This article should be seen as a call: Don’t make assumptions, make experiments. For this purpose, I also sketch out how cloud consumers can use cloud service bench-marking in their application lifecycle.

Performance of Virtual MachinesIn 2011, Alexander Lenk and colleagues1 ran a num-ber of performance experiments on top of Amazon EC2 instances using the Phoronix test suite. Soon, they discovered that they had a twin peak distri-bution of compute performance results: For every benchmark in the suite, there were some machines that showed a very good performance while oth-ers showed a rather poor performance. Through in-depth analysis of results, they realized that the performance variance stayed constant over time and could also not be attributed to different instance sizes; instead, Amazon had obviously deployed two different CPU types (AMD Opteron and Intel Xeon). Depending on the CPU type, the machines either excelled at �oating point or at integer operations. However, both types came with the same price tag. Furthermore, the performance difference could only be identi�ed after having provisioned the instance. Obviously, this isn’t the anticipated behavior that a cloud consumer would expect from a cloud pro-vider that offers a standardized product.


Quality of Cloud Services: Expect the Unexpected

JANUARY/FEBRUARY 2017 69

These benchmark results are an excellent example where cloud consum-ers could bene�t from their knowledge on cloud service quality: depending on the performance requirements of the respective cloud application, the cloud consumer could simply start a new instance, run a short test, and then determine whether they wanted to use that instance for their application or whether to repeat the provisioning process.

Such unexpected behavior isn’t a thing of the past. In 2015, we men-tored a student project in which a group of master’s students at Tech-nische Universität Berlin ran a number of performance benchmarks on VMs. In their experiments, they compared an open stack-based SME cloud pro-vider to Amazon’s EC2. For their mea-surements, they used a subset of the Phoronix test suite to quantify CPU compute capacity, RAM, and disk throughput, but also network band-width between different VMs of all

sizes. What they discovered for the SME provider was that – across differ-ent VM sizes – compute power, mem-ory, and disk throughput increased as expected – that is, an M instance gen-erally showed better performance than an S instance. However, independent of the actual VM size, the available network bandwidth stayed constant. Considering the cost of different VM sizes, this leads to an interesting situ-ation where for a number of applica-tions it will be much more attractive to scale-out using the smallest VM type instead of scaling up; especially so for network-bound applications. These effects would never have been discov-ered without benchmarking.

Consistency of Cloud Storage ServicesCloud storage systems and services are typically replicated; many of them guarantee so-called eventual con-sistency. In such systems, an update operation terminates before writing all

replicas. This implies two things: �rst, that other clients can read outdated data while updates are being propa-gated; and second, that several clients might write the same data item con-currently, thereby leading to con�icts. Especially in the presence of failures (such as message loss or crashed instances), this inconsistency window – also called staleness – that is, the time during which outdated data might still be read, could become rather long. In general, applications can often tol-erate staleness quite well; however, this becomes much easier if staleness is bounded. To our knowledge, even today there’s no cloud provider that guarantees upper bounds for staleness. Therefore, in 2011, we developed a benchmarking approach for consis-tency and repeatedly measured consis-tency behavior of the Amazon Simple Storage Service (S3) over the years.2

Basically, this approach aims to pro-voke the worst possible consistency behavior so as to obtain probabilistic

Cloud Service Benchmarking

To fully understand cloud service benchmarking, �rst we must consider what a cloud service is, and how to deter-

mine its qualities.

What’s a Cloud Service?Much has been written about cloud computing, often focusing on delivery models or a cloud computing stack. However, with the availability of container technologies or lambda services, a differentiation into infrastructure as a service (IaaS) and plat-form as a service (PaaS) seems somewhat outdated. At the same time, Web APIs are widely used and NoSQL systems are much more similar to cloud storage services than the latter group is to virtual machines. For our purposes, a cloud service is, thus, a software system running in the cloud whose functionality is consumed programmatically by applications over Internet proto-cols. To applications, such cloud services appear like a black box, independent of the deployment model used, which is expected to adapt to application workloads while maintaining quality goals. Speci�cally, we consider an open source system such as Apache Kafka or Apache Cassandra, deployed on top of a compute ser-vice to be a cloud service as long as it’s used/consumed like a ser-vice. This means that our understanding of cloud services is less

driven by the deployment model and more by the usage model.

What’s a Cloud Service Quality?A cloud service – that is, the software system behind the service interface, will confront the cloud consumer with a particular quality behavior: the cloud service might become unavailable, it might be slow to respond, or it might be limited with regards to the number of requests that it can handle. These are all exam-ples of qualities – namely, availability, latency, or scalability – and an application using the respective service needs to have mechanisms in place to deal with these qualities (or, rather, deal with poor quality).

What’s Cloud Service Benchmarking?Cloud service benchmarking is a way to systematically study the quality of cloud services based on experiments. For this purpose, the benchmark tool creates an arti�cial load on the cloud service under test while carefully tracking detailed quality metrics. A key design goal of cloud service benchmarking is to mimic an appli-cation as closely as possible to get meaningful results; however, benchmark runs also aim to extensively stress the service, for example, through system load or even injected failures.

View from the CloudEditor: George Pallis • [email protected]


Quality of Cloud Services: Expect the UnexpectedDavid Bermbach • TU Berlin

Here, the author presents a number of experiences from several years of bench-

marking cloud services. He discusses how the respectively observed quality

behavior would have affected cloud applications or how cloud consumers could

use the behavior to their advantage.

I n the last few years, cloud computing has found widespread adoption in companies of all sizes. A core focus of these cloud consumers

is typically on cost savings, convenience of man-aged services, and on-demand capacity changes. The quality of cloud services, however, is usually taken “as-is”: based on documentation, advertise-ments, but also past experiences from a non-cloud world, cloud consumers typically have implicit assumptions. For instance, an eventually consis-tent storage system that claims to have triple rep-lication in close-by datacenters with high-speed network interconnection can be assumed to show low millisecond staleness – that is, relatively good consistency behavior. As another example, virtual machines (VMs) that come in sizes S, M, L, and XL can be expected to grow in capacity for all resources – network bandwidth, disk storage volume, RAM size, CPU clock speed, or cores – when choosing a bigger instance type. However, in both examples this isn’t always the case – in fact, cloud consum-ers should always expect the unexpected.

This isn’t meant to imply that the unexpected is always bad for the cloud consumer. Actually, observable quality behavior is typically much bet-ter than what’s guaranteed, for example, when cloud consumers only plan for what’s guaranteed, they’ll never tap the full potential of cloud ser-vices. Furthermore, violations of guarantees might still occur. Therefore, not knowing about the qual-ity of the cloud services used will generally either lead to unexpected negative surprises through (seemingly) obscure application behavior or to inef�ciencies when cloud consumers design their applications only based on explicitly provided quality guarantees. The only way to avoid this

and to get insights into the actual quality of cloud services is through cloud service benchmarking (see the related sidebar).

Thus, here I report on a number of experiences from several years of benchmarking cloud services and brie�y discuss how the respectively observed quality behavior would have affected cloud appli-cations or how cloud consumers could use the behavior to their advantage. This article should be seen as a call: Don’t make assumptions, make experiments. For this purpose, I also sketch out how cloud consumers can use cloud service bench-marking in their application lifecycle.

Performance of Virtual MachinesIn 2011, Alexander Lenk and colleagues1 ran a num-ber of performance experiments on top of Amazon EC2 instances using the Phoronix test suite. Soon, they discovered that they had a twin peak distri-bution of compute performance results: For every benchmark in the suite, there were some machines that showed a very good performance while oth-ers showed a rather poor performance. Through in-depth analysis of results, they realized that the performance variance stayed constant over time and could also not be attributed to different instance sizes; instead, Amazon had obviously deployed two different CPU types (AMD Opteron and Intel Xeon). Depending on the CPU type, the machines either excelled at �oating point or at integer operations. However, both types came with the same price tag. Furthermore, the performance difference could only be identi�ed after having provisioned the instance. Obviously, this isn’t the anticipated behavior that a cloud consumer would expect from a cloud pro-vider that offers a standardized product.

20 Computing Edge August 2017

View from the Cloud

70 www.computer.org/internet/ IEEE INTERNET COMPUTING

upper bounds on staleness, for example. The measurement approach comprises a number of distributed machines (for instance, 12 is a good number for three replicas) that continuously poll a tar-get key. Another machine periodically updates that target key with the cur-rent timestamp and a version number (one test in Figure 1b). Correlation of values read and the respective current timestamp can then be used to deter-mine the staleness. Furthermore, this data also can be used to determine the probability of reading stale data as a function of the duration since the last update.

S3 guarantees eventual consistency based on at least three replicas located in adjacent datacenters. What could be expected, hence, were staleness val-ues in the lower two-digit millisecond range. However, in our �rst (repeated) experiments in 2011, we found that while S3 had acceptable staleness at

night, it followed an obscure saw pat-tern during the day. Figures 1a and 1b, taken from previous work,2 show this behavior measured during a one-week benchmark run: During the day, the �rst update has a 2-second staleness, the second one a 4-second staleness, and so on until it drops back down after close to 2 minutes and starts all over again. Of course, we contacted Amazon about this behavior and also continued to benchmark S3 consistency behavior over the years: Not only was the ini-tial behavior totally unexpected – until our last benchmark run in late 2013, it continued to change signi�cantly (see Figure 22), thus providing further proof for our “expect the unexpected” mantra. Without going into further details, suf�ce it to say that dealing with inconsistencies at the application level isn’t too dif�cult – unless there’s no information on the quality behavior of underlying cloud services.3

Security of Cloud Storage ServicesEspecially when dealing with sensitive data in cloud environments, security becomes a key design goal – particu-larly for data-in-transit security, where data are encrypted and hashed before being sent over the Internet. This, how-ever, can be expected to come with a performance impact – which has largely been neglected by researchers so far: either researchers focus on secu-rity so that performance impacts are largely disregarded, or they focus on performance, then ignoring security or choosing the weakest option available.

In recent experiments, I’ve worked with colleagues to benchmark how enabling data-in-transit security (for example, based on TLS) affects the performance of cloud storage ser-vices. Interestingly, though, there’s no clear result, as the impact com-pletely depends on the concrete sys-tem. For instance, in previous work,4

we described how Apache Cassandra con�gurations with TLS might, in fact, outperform unsecured con�gu-rations (essentially, this means that the natural performance variability of cloud resources exceeds and hides the performance impact of TLS); this, however, depends on the respective con�guration and setup details. Ama-zon’s DynamoDB service, on the other hand, shows no performance impact at all – aside from computation over-heads on the application machines, the performance overhead is shoul-dered and paid for by Amazon. On the other hand, we’ve seen in recent experiments with Apache HBase that enabling data-in-transit security could have a catastrophic impact on performance, thereby also severely limiting scalability.5 For example, we could observe that a 12-node HBase cluster with data-in-transit security enabled can sustain approximately the same throughput as an unsecured 6-node cluster.

For application developers, this should have a strong effect on the

Figure 1. Consistency of Amazon Simple Storage Service (S3) in a one-week benchmark run in 2011. (a) At night, S3 showed much lower and more predictable staleness than during the day. (b) During the day, staleness of S3 followed a saw pattern. This pattern was independent of the interval between individual tests.

20,000

15,000

10,000

5,000

0

0

2,000

4,000

6,000

8,000

10,000

12,000

0

50,0

00

100,

000

150,

000

200,

000

250,

000

300,

000

350,

000

400,

000

450,

000

500,

000

550,

000

Seconds since experiment start

0 10 20 30 40 50 60 70Test no.

Stal

enes

s in

ms

Stal

enes

s in

ms

(a)

(b)


Quality of Cloud Services: Expect the Unexpected


service-selection process. For instance, HBase should be avoided if security is necessary in cloud deploy-ments. On the other hand, a hosted service might be an excellent choice where maximum security essentially comes for free as long as you trust the cloud provider.

Availability of Web APIsAs a completely different example of cloud services, we recently ran a three-month experiment where we benchmarked performance and avail-ability of Web APIs which, as I previ-ously described, we also consider cloud services due to their similarity from a service consumption perspective. A key aspect of our experiment6 was the geodistribution of clients: because Web and mobile applications are inherently distributed – either through a global user base or through the geomobil-ity of individual users – we deployed our benchmarking clients all over the world. For the experiment, we selected 15 hand-picked Web APIs so as to cover a wide variety of application areas, countries, provider sizes, and so on. Each of the benchmarking clients periodically called all 15 Web APIs over both HTTP and HTTPS, and also pinged the API host. For these calls, we col-lected detailed results and thus could track latency and availability.

What we expected to �nd in the results was a performance variance depending on the geolocation of the client – this was typically the case. However, what we also expected was that availability would be comparable across locations. This was absolutely not the case. We were surprised to �nd that there were several APIs that had an availability of less than 50 percent for most of the days of our experiment – however, this was true only in some regions while they were fully available in others. For an unknown reason, some APIs don’t have the same availability across geographic regions so that end users of mobile applications built on top might be confronted with negative

surprises. Another curious behavior was that there was approximately a 70 percent chance of the HTTPS endpoint of an API being available while the HTTP endpoint of the same API wasn’t (and vice versa). This indicates that Web API providers often have separate front-end servers per protocol and only share the backend services.

Both results can be dangerous for application developers if they aren’t known. However, they also can be leveraged, for example, by trying the respective other protocol in case of unavailability or by tunneling requests through additional backend servers in other geographic regions.

Cloud Service Benchmarking for DevelopersNow that we’ve seen how cloud ser-vices show unexpected behavior again and again, when and how should application developers use cloud ser-vice benchmarking?

Generally, a cloud migration or the development of a cloud-native application will begin with an initial assessment phase, where the devel-opers decide on the target runtime environment but also on the set of cloud services that their application will use. In this phase, it’s useful to select existing benchmark imple-mentations that are as similar as possible to the application workload. Developers should then use these benchmark tools to better under-

stand the quality of all options. Of course, there are often interdepen-dencies – for instance, developers might need cloud services that are offered by only a single provider, or a federated setup7 might be desir-able. This should lead to an environ-ment of handpicked cloud services, along with initial ideas for dealing with quality problems.

Afterward, in the (initial) devel-opment phase we would recommend implementing micro-benchmarks as well for the application itself – simi-lar to unit tests, benchmarks for testing non-functional properties should be part of the build process. This approach is especially well-suited for microservice-based applications where modules can be benchmarked individually. During this phase, it also makes sense to periodically reassess the quality of underlying cloud services. Finally, when the application goes into production, underlying cloud services should be carefully monitored using both monitoring, periodic benchmark-ing, or indirect monitoring,2 where business key performance indicators (KPIs) gauge for quality changes in the underlying cloud services. Whenever something unusual happens, develop-ers should reassess the quality of the cloud services used, but also adapt their deployment decisions by, for example, switching providers. Of course, actually implementing this approach in practice comes with a number of challenges;

Figure 2. Consistency behavior of Amazon S3, as determined through one-week benchmark runs in 2011–2013. Throughout the benchmark runs, behavior changed signi�cantly.

20,000

Stal

enes

s in

ms

Stan

dard

dev

iatio

n10,000

1,000

100

10

11 2 3 4 5 6 7 8

Experiment

4,000

3,000

2,000

1,000

0

Average

Max

Min

Median

Standarddeviation

View from the Cloud


upper bounds on staleness, for example. The measurement approach comprises a number of distributed machines (for instance, 12 is a good number for three replicas) that continuously poll a tar-get key. Another machine periodically updates that target key with the cur-rent timestamp and a version number (one test in Figure 1b). Correlation of values read and the respective current timestamp can then be used to deter-mine the staleness. Furthermore, this data also can be used to determine the probability of reading stale data as a function of the duration since the last update.

S3 guarantees eventual consistency based on at least three replicas located in adjacent datacenters. What could be expected, hence, were staleness val-ues in the lower two-digit millisecond range. However, in our �rst (repeated) experiments in 2011, we found that while S3 had acceptable staleness at

night, it followed an obscure saw pat-tern during the day. Figures 1a and 1b, taken from previous work,2 show this behavior measured during a one-week benchmark run: During the day, the �rst update has a 2-second staleness, the second one a 4-second staleness, and so on until it drops back down after close to 2 minutes and starts all over again. Of course, we contacted Amazon about this behavior and also continued to benchmark S3 consistency behavior over the years: Not only was the ini-tial behavior totally unexpected – until our last benchmark run in late 2013, it continued to change signi�cantly (see Figure 22), thus providing further proof for our “expect the unexpected” mantra. Without going into further details, suf�ce it to say that dealing with inconsistencies at the application level isn’t too dif�cult – unless there’s no information on the quality behavior of underlying cloud services.3

Security of Cloud Storage ServicesEspecially when dealing with sensitive data in cloud environments, security becomes a key design goal – particu-larly for data-in-transit security, where data are encrypted and hashed before being sent over the Internet. This, how-ever, can be expected to come with a performance impact – which has largely been neglected by researchers so far: either researchers focus on secu-rity so that performance impacts are largely disregarded, or they focus on performance, then ignoring security or choosing the weakest option available.

In recent experiments, I’ve worked with colleagues to benchmark how enabling data-in-transit security (for example, based on TLS) affects the performance of cloud storage ser-vices. Interestingly, though, there’s no clear result, as the impact com-pletely depends on the concrete sys-tem. For instance, in previous work,4

we described how Apache Cassandra con�gurations with TLS might, in fact, outperform unsecured con�gu-rations (essentially, this means that the natural performance variability of cloud resources exceeds and hides the performance impact of TLS); this, however, depends on the respective con�guration and setup details. Ama-zon’s DynamoDB service, on the other hand, shows no performance impact at all – aside from computation over-heads on the application machines, the performance overhead is shoul-dered and paid for by Amazon. On the other hand, we’ve seen in recent experiments with Apache HBase that enabling data-in-transit security could have a catastrophic impact on performance, thereby also severely limiting scalability.5 For example, we could observe that a 12-node HBase cluster with data-in-transit security enabled can sustain approximately the same throughput as an unsecured 6-node cluster.

For application developers, this should have a strong effect on the

Figure 1. Consistency of Amazon Simple Storage Service (S3) in a one-week benchmark run in 2011. (a) At night, S3 showed much lower and more predictable staleness than during the day. (b) During the day, staleness of S3 followed a saw pattern. This pattern was independent of the interval between individual tests.

20,000

15,000

10,000

5,000

0

0

2,000

4,000

6,000

8,000

10,000

12,000

0

50,0

00

100,

000

150,

000

200,

000

250,

000

300,

000

350,

000

400,

000

450,

000

500,

000

550,

000

Seconds since experiment start

0 10 20 30 40 50 60 70Test no.

Stal

enes

s in

ms

Stal

enes

s in

ms

(a)

(b)


View from the Cloud


however, these are beyond the scope of this article.

I n all these examples, we have seen how completely unexpected behav-

ior recurs in all kinds of cloud services. Application developers should, there-fore, never assume that cloud services behave like traditional on-premises environments – instead, developers should expect the unexpected and prepare for it. This, however, is only possible through cloud service bench-marking: Don’t make assumptions, make experiments.

There are a number of open chal-lenges that would bene� t from future research efforts. The first is that benchmarks are typically designed for reuse. However, especially in the context of custom microservices, cur-rently it’s unclear how benchmarks that are part of the build process can be generalized and reused. After all, a speci� c microservice is rather unique in its nature so that devel-oping a “standard” benchmark that doesn’t only test a minimum subset of features is quite challenging. The second aspect is moving from � ne-granular benchmarks (or even micro-benchmarks) to more high-level benchmarks. After all, application developers are often more interested in the overall quality of an entire cloud platform than in assessing individual cloud services – or even worse: of small subsets of a service such as disk throughput of a VM. In this area, identifying suitable, real-istic application workloads but also again the portability of benchmarking tools is an unsolved major challenge. The third challenge is on develop-ing benchmarks that assess multiple qualities at the same time – currently, most benchmarks measure only one quality, usually performance.

AcknowledgmentsI thank Steffen Müller, Frank Pallas, Stefan Tai,

and Erik Wittern for the joint work leading to the

experimental results used as a basis for this

article.

References1. A. Lenk et al., “What Are You Paying for?

Performance Benchmarking for Infrastruc-

ture-as-a-Service Offerings,” Proc. IEEE Int’l

Conf. Cloud Computing, 2011, pp. 484–491.

2. D. Bermbach and S. Tai, “Benchmarking

Eventual Consistency: Lessons Learned from

Long-Term Experimental Studies,” Proc.

IEEE Int’l Conf. Cloud Eng., 2014, pp. 47–56.

3. D. Bermbach, “Benchmarking Eventually

Consistent Distributed Storage Systems,” PhD

thesis, Dept. of Economics and Manage-

ment, Karlsruhe Inst. of Technology, 2014.

4. S. Müller et al., “Benchmarking the Perfor-

mance Impact of Transport Layer Security

in Cloud Database Systems,” Proc. IEEE

Int’l Conf. Cloud Eng., 2014, pp. 27–36.

5. F. Pallas, J. Günther, and D. Bermbach, “Pick

Your Choice in HBase: Security or Performance,”

Proc. IEEE Int’l Conf. Big Data, to appear.

6. D. Bermbach and E. Wittern, “Benchmark-

ing Web API Quality,” Proc. Int’l Conf. Web

Eng., 2016, pp. 188–206.

7. T. Kurze et al., “Cloud Federation,” Proc.

Int’l Conf. Clouds, Grids, and Virtualiza-

tion, 2011, pp. 32–38.

David Bermbach is a senior researcher in the Infor-

mation Systems Engineering research group

of TU Berlin. His research interests include

cloud service benchmarking, cloud applica-

tions, and IoT platforms, but also middleware

and distributed systems in general. Bermbach

has a PhD with distinction in computer sci-

ence from Karlsruhe Institute of Technology.

Contact him at [email protected].

Read your subscriptions through the myCS pub-lications portal at http://mycs.computer.org.

2017 B. Ramakrishna Rau AwardCall for Nominations

Honoring contributions to the computer microarchitecture field

New Deadline: 1 May 2017

Established in memory of Dr. B. (Bob) Ramakrishna Rau, the award recognizes his distinguished career in promoting and expanding the use of innovative computer microarchitecture techniques, including his innovation in complier technology, his leadership in academic and industrial computer architecture, and his extremely high personal and ethical standards.

WHO IS ELIGIBLE?: The candidate will have made an outstanding innovative contribution or contributions to microarchitecture, use of novel microarchitectural techniques or compiler/architecture interfacing. It is hoped, but not required, that the winner will have also contributed to the computer microarchitecture community through teaching, mentoring, or community service.

AWARD: Certificate and a $2,000 honorarium.

PRESENTATION: Annually presented at the ACM/IEEE International Symposium on Microarchitecture

NOMINATION SUBMISSION: This award requires 3 endorsements. Nominations are being accepted electronically: www.computer.org/web/awards/rau

CONTACT US: Send any award-related questions to [email protected]

www.computer.org/awards

This article originally appeared in IEEE Internet Computing, vol. 21, no. 1, 2017.

mult-22-03-c1 Cover-1 July 12, 2016 4:40 PM

http://www.computer.org

JULY

–SEP

TEM

BER

2016

IEEE M

ultiM

edia

July–Sep

temb

er 2016

❚ Quality M

od

eling

Vo

lum

e 23 N

um

ber 3

IEEE MultiMedia serves the community of scholars, developers, practitioners, and students who are interested in multiple media

types and work in fields such as image and video processing, audio analysis, text retrieval, and data fusion.

Read It Today!www.computer.org/multimedia


THE IOT CONNECTION

C O M P U T E R 0 0 1 8 - 9 1 6 2 / 1 7 / $ 3 3 . 0 0 © 2 0 1 7 I E E E P U B L I S H E D B Y T H E I E E E C O M P U T E R S O C I E T Y A P R I L 2 0 1 7 91

EDITOR ROY WANT Google; [email protected]

The Internet of Things (IoT) is drastically chang-ing our world by connecting every kind of device to the Internet, from doorbells and sprinkler sys-tems to health sensors and tra� c lights. Ideally,

these devices will interconnect with other devices or ser-vices to perform their tasks in smarter ways, forming the basis of an optimal environment that reacts to our needs and moods.

To realize this vision, we need a new computing infrastructure that can cope with massive device con-nectivity and is � exible enough to address the requirements of a di-verse set of devices and their asso-

ciated applications.1 Reducing and managing communication latency will de ne the future of IoT applica-tions like video streaming, gaming, and many mobile apps.2 For example, voice-controlled smart-home sys-tems bene t from content caching, health devices require low latency to respond to emergencies in real time, connected cars might rely on the

collective processing of nearby vehicles’ sensor data, and industrial robotics demand more computing capabilities with steady latency.

The geographical distance between IoT service pro-viders and users from a centralized cloud infrastruc-ture turns out to be an important issue.3 Centralized clouds are appropriate for services with limited data communication— such as web services—or for batch

Extending the Cloud to the Network EdgeRubén S. Montero, OpenNebula and Complutense University

Elisa Rojas, Telcaria Ideas SL

Alfonso A. Carrillo, Telefónica

Ignacio M. Llorente, OpenNebula, Complutense University, and Harvard University

Telefónica’s OnLife project aims to virtualize the

access network and give third-party Internet

of Things application developers and content

providers cloud-computing capabilities at the

network edge.

FROM THE EDITOR

The Internet of Things presents many new challenges, including ensuring low- latency interactions between users and devices. Low latency is particularly diffi -cult to achieve when cloud services are involved, as the cloud could be far away from the devices it controls. In this article, the authors present a practical design that dynamically migrates computing services closer to the user to solve this prob-lem. —Roy Want


THE IOT CONNECTION

processing, but not for applications that require moving large amounts of distributed data or those with interac-tive users that require low latency and real-time processing. Meeting these latency demands requires bringing re-sources as close to IoT devices as phys-ically possible, as the response delay introduced by intercountry—or inter-continental—round trips would make IoT applications unfeasible. Moreover,

if we consider the number of con-nected IoT devices, centralized pro-cessing of their generated data doesn’t scale, and such processing needs to be distributed among resources close to the devices. These close-to-the-device resources also need to be provisioned in a cloud-like manner to support the various connected IoT devices, their applications, and service providers.

THE NEED FOR EXTENDING THE CLOUDMost IoT service providers across dif-ferent industries have acknowledged the latency issue and are building or using distributed clouds to colocate their services across di�erent geo-graphical areas to provide the required quality of service (QoS) and function-ality. Telecommunications companies are in a unique position to solve this problem because central oces (COs) are usually located close to their cus-tomers’ premises and thus close to IoT devices. In addition, COs can be trans-formed into clouds. Similar to the cloudlet concept, in which small-scale cloud datacenters at the edge of the Internet are used to support resource- intensive and interactive mobile ap-plications,2 this can extend IoT service

providers’ computing facilities to the network edge.

There are several initiatives to achieve this goal, mainly built around mobile-edge computing (MEC)—a net-work architecture concept that enables cloud-computing capabilities and an IT service environment at the edge of the cellular network.4 Among these, the Central Oce Re-architected as a Data-center (CORD) initiative seems to be

better suited for convergent telecoms, as it integrates network function virtu-alization (NFV) and software- de�ned networking (SDN).5 CORD aims to re-duce costs while bringing agility and re�ned control to the network. CORD’s reference architecture is based on three pillars: commodity hardware, an SDN kernel to control the underlying switching fabric, and a virtualization management platform to create and control the virtualized functions.

However, we believe that to support the various IoT devices and applications of future cities and homes, the CO must be further re-architected as a cloud at the edge of the access network. This will transform the CO into a multi tenant en-vironment where IoT service providers can deploy elastic applications with a great degree of control.

Telefónica, one of the world’s largest telecoms, is exploring this approach through the OnLife project, whose main goal is to design a future-proof technology stack that could bring the bene�ts of cloud computing and net-work programmability to the access network. OnLife’s technological core is the CO datacenter (COdc), which builds on some of CORD’s principles but takes its disruptive approach a step further

by simplifying the implementation and introducing an open framework to de-ploy edge applications.

ONLIFEThe COdc’s functional goals are two-fold: �rst, it must support current residential services, such as Internet access, voice calls, and Internet Proto-col Television (IPTV); second, it must allow the deployment of third-party edge solutions. While designing the COdc, we adhered to the following principles: use open source software and open hardware speci�cations, green�eld to avoid constraining new applications with current pro-tocols, and maintain simplicity by not over-engineering an intrinsically complex system.

Figure 1 shows the main compo-nents of OnLife’s architecture. In the upper layer, the business support sys-tem (BSS) provides the COdc with basic user authentication, authorization, and accounting capabilities. Interac-tion with Telefónica’s business logic is performed through a custom cap-tive portal that o�ers available edge applications (for example, remotely controlling the lighting in a house), connectivity, and additional services.

The SDN controller, based on the Open Network Operating System (ONOS; onos project.org) and respon-sible for executing the networking logic that controls the switching fab-ric in the CO, is in the lower layer. There are two main network appli-cations running in ONOS: vOLT and ClosFwd. The vOLT application re-produces the behavior of an optical line terminal (OLT) by redirecting trac to the captive portal by default (where clients can consult with and hire di�erent services), and switching the inbound trac to the CO once the client is subscribed to the network. The ClosFwd application is in charge of internally forwarding the CO and creates the paths between the client, the virtual subscriber gateway (vSG; the virtual replacement of the cus-tomer premises equipment [CPE] that

We need a new computing infrastructure that can cope with massive device

connectivity and is flexible enough to address the requirements of a diverse set of devices

and their associated applications.

www.computer.org/computingedge 25A P R I L 2 0 1 7 93

runs in a virtual machine [VM] and provides basic routing and �ltering), and the various services. Both appli-cations provide a RESTful API that is dynamically controlled by the cloud management platform (CMP), which is located at the same logical level of the SDN controller and built with OpenNebula (opennebula.org).6

OpenNebula, a lightweight and powerful CMP, is responsible for man-aging the virtualized resources that implement the di�erent NFVs and edge applications. OpenNebula also interacts with the ONOS components to establish the network connectiv-ity for each VM. Additionally, it pro-vides the orchestration functionality needed to manage multiple- VM ap-plications that might include inter-dependencies and elasticity rules to dynamically adjust the number of VMs based on the application load.

Finally, several virtualized com-ponents of the architecture are im-plemented as either VMs or SDN ap-plications: a vSG; a CO virtual router (COvr; in charge of routing tra�c to Telefónica’s transport networks), and the edge applications to support IoT devices that are deployed in indepen-dent VMs in an isolated network. The idea behind edge applications is that third-party companies can develop their own appliances to implement the associated edge logic for the devices.

The OnLife architecture has been implemented in a proof-of-concept CO, based on compute nodes with 8 CPUs and 32 Gbytes of RAM, using a virtualized Clos fabric consisting of 4 x 2 leaf-spine OpenFlow switches and an emulated OLT. This setup allowed us to showcase a complete work�ow from customer authentication to the deployment of associated edge appli-cations. As test cases, we implemented basic connectivity applications (Inter-net access and video on demand) and a content delivery network (CDN).

EDGE APPLICATIONSOne of OnLife’s main challenges is to make the CO available for third-party

edge computing applications, similar to the infrastructure as a service (IaaS) model, which opens the datacenter to external workloads. The ability to pro-vide this edge-computing platform in a pay-as-you-go model (similar to IaaS) opens up avenues in both innovative use cases and business models.

However, given the CO’s speci�c characteristics in terms of computa-tional and storage resources—in ad-dition to the environment’s security constraints—a well-de�ned frame-work to develop such edge applica-tions is required. For example, an application deployed at the network edge has to be rapidly reallocated when the user moves across the ac-cess network (for instance, from home to o�ce). Therefore, we require edge applications to not store any state or

persistency information at the edge. This includes the application logic itself, so edge applications also need to be able to autocon�gure. The auto-con�guration process is performed using speci�c information passed to the edge application upon bootup. The context could include user data, con-�guration parameters, or additional resources to install the application.

We envision a wide range of edge applications that will work with On-Life, from single-component instances to app lications that require the de-ployment of multiple VMs. An edge application in the COdc provides this capability and includes deployment dependencies between the VMs. The interconnection of the VMs for each edge application happens in a separate private network.

Business logic

Supervision

COdc (OnLife central of�ce)

vSGEdgeapp

SDN

vOLT ClosFwd

COvr

Cloud management and app orchestration

Clos fabric

Computing infrastructure

Edgeapp

Edgeapp

BSS

Figure 1. OnLife architecture. The business support system (BSS) in the upper layer provides the central office datacenter (COdc) with basic user authentication, authoriza-tion, and accounting capabilities. The software-defined networking controller, based on the Open Network Operating System (ONOS), is responsible for executing the network-ing logic that controls the Clos switching fabric in the CO. The cloud manager, based on OpenNebula, is responsible for managing the virtualized resources that implement the different network function virtualizations and edge applications. COvr: CO virtual router; vOLT: network application that replicates the behavior of an optical line terminal; vSG: virtual subscriber gateway.


THE IOT CONNECTION

processing, but not for applications that require moving large amounts of distributed data or those with interac-tive users that require low latency and real-time processing. Meeting these latency demands requires bringing re-sources as close to IoT devices as phys-ically possible, as the response delay introduced by intercountry—or inter-continental—round trips would make IoT applications unfeasible. Moreover,

if we consider the number of con-nected IoT devices, centralized pro-cessing of their generated data doesn’t scale, and such processing needs to be distributed among resources close to the devices. These close-to-the-device resources also need to be provisioned in a cloud-like manner to support the various connected IoT devices, their applications, and service providers.

THE NEED FOR EXTENDING THE CLOUDMost IoT service providers across dif-ferent industries have acknowledged the latency issue and are building or using distributed clouds to colocate their services across di�erent geo-graphical areas to provide the required quality of service (QoS) and function-ality. Telecommunications companies are in a unique position to solve this problem because central oces (COs) are usually located close to their cus-tomers’ premises and thus close to IoT devices. In addition, COs can be trans-formed into clouds. Similar to the cloudlet concept, in which small-scale cloud datacenters at the edge of the Internet are used to support resource- intensive and interactive mobile ap-plications,2 this can extend IoT service

providers’ computing facilities to the network edge.

There are several initiatives to achieve this goal, mainly built around mobile-edge computing (MEC)—a net-work architecture concept that enables cloud-computing capabilities and an IT service environment at the edge of the cellular network.4 Among these, the Central Oce Re-architected as a Data-center (CORD) initiative seems to be

better suited for convergent telecoms, as it integrates network function virtu-alization (NFV) and software- de�ned networking (SDN).5 CORD aims to re-duce costs while bringing agility and re�ned control to the network. CORD’s reference architecture is based on three pillars: commodity hardware, an SDN kernel to control the underlying switching fabric, and a virtualization management platform to create and control the virtualized functions.

However, we believe that to support the various IoT devices and applications of future cities and homes, the CO must be further re-architected as a cloud at the edge of the access network. This will transform the CO into a multi tenant en-vironment where IoT service providers can deploy elastic applications with a great degree of control.

Telefónica, one of the world’s largest telecoms, is exploring this approach through the OnLife project, whose main goal is to design a future-proof technology stack that could bring the bene�ts of cloud computing and net-work programmability to the access network. OnLife’s technological core is the CO datacenter (COdc), which builds on some of CORD’s principles but takes its disruptive approach a step further

by simplifying the implementation and introducing an open framework to de-ploy edge applications.

ONLIFEThe COdc’s functional goals are two-fold: �rst, it must support current residential services, such as Internet access, voice calls, and Internet Proto-col Television (IPTV); second, it must allow the deployment of third-party edge solutions. While designing the COdc, we adhered to the following principles: use open source software and open hardware speci�cations, green�eld to avoid constraining new applications with current pro-tocols, and maintain simplicity by not over-engineering an intrinsically complex system.

Figure 1 shows the main compo-nents of OnLife’s architecture. In the upper layer, the business support sys-tem (BSS) provides the COdc with basic user authentication, authorization, and accounting capabilities. Interac-tion with Telefónica’s business logic is performed through a custom cap-tive portal that o�ers available edge applications (for example, remotely controlling the lighting in a house), connectivity, and additional services.

The SDN controller, based on the Open Network Operating System (ONOS; onos project.org) and respon-sible for executing the networking logic that controls the switching fab-ric in the CO, is in the lower layer. There are two main network appli-cations running in ONOS: vOLT and ClosFwd. The vOLT application re-produces the behavior of an optical line terminal (OLT) by redirecting trac to the captive portal by default (where clients can consult with and hire di�erent services), and switching the inbound trac to the CO once the client is subscribed to the network. The ClosFwd application is in charge of internally forwarding the CO and creates the paths between the client, the virtual subscriber gateway (vSG; the virtual replacement of the cus-tomer premises equipment [CPE] that

We need a new computing infrastructure that can cope with massive device

connectivity and is flexible enough to address the requirements of a diverse set of devices

and their associated applications.


THE IOT CONNECTION

Figure 2 depicts the deployment of several applications in the COdc. IoT devices use the residential network to connect to the edge applications de-ployed in the COdc. Within the COdc, the IoT tra�c is then forwarded to the target application through speci�c switching circuits in the Clos, which eventually could send the data to the ISP backbone network. Apart from IoT applications, basic service apps are also deployed for each customer and accessed in the same way (for example, vSG for Internet access).

Edge applications are tied to the environmental conditions where IoT devices operate. A problem such

as a tra�c jam, a large event, or an emergency in a neighborhood might require allocating additional com-putational resources to the associ-ated edge application. The COdc can increase (or decrease) the number of VMs considering application-speci�c performance metrics; for example, to add more VMs at speci�c times and dates or when the number of requests are above a given threshold.

The COdc also provides a well- de�ned API to manage edge ap-plications. This API resembles the classical IaaS API to control a VM’s lifecycle. The COdc uses the func-tionality exposed by OpenNebula and

ONOS to deploy the edge applications and provide them with the features mentioned earlier.

MOVING SERVICES FROM CUSTOMER PREMISES TO THE CENTRAL OFFICEThe initial functional and perfor-mance analyses made using the proof-of-concept and demo applica-tions are very promising, and show us how to move other Telefónica solu-tions (currently deployed in the CPE or in expensive centralized locations) to the network edge. CPEs have limited capacity to host new IoT services such as internal security, access control, and energy management, which cur-rently require the installation of addi-tional physical equipment. The COdc allows us to host these services within a vSG built for the speci�c needs of the product o�ering. In particular, the fol-lowing Telefónica solutions and ser-vices are being considered:

› Inmótica Hydra. This energy- e�ciency enterprise solution helps customers manage and re-duce their energy consumption and requires the installation of on- premise servers that occupy �oor space and remote mainte-nance for each customer facility. Telefónica aims to remove this equipment and host all function-ality within the COdc, leaving only the system’s meters and sensors on premises.

› On the Spot. This retail commerce– oriented solution, which provides small businesses with in-store music, digital signage, and customer Wi-Fi, also requires the installation of on-premise servers that oc-cupy �oor space. On the Spot’s maintenance cost and contin-uous software updates pose a challenge that the COdc is well suited to help resolve.

› FAAST Vulnerability. This resi-dential solution, which provides protection against IoT threats,

serv2 serv1 COvrBackbone network

InternetClosAccess

portal

vOLT

vSG CDN

Central of�ce

HGU

Residential access

Edge application

VLAN for each app

s1

L1 L2 L3 L4

s2

Figure 2. Service architecture for OnLife edge applications. Applications are deployed as virtual machines by OpenNebula and interconnected in the Clos through specif-ic switching circuits installed by ONOS. Internet of Things devices connect to each application in the COdc through the residential access network. Together with the edge applications, standard services applications are also deployed in the COdc (for example, Internet access or VoIP) and accessed in the same way. CDN: content delivery network; HGU: home gateway unit.

www.computer.org/computingedge 27A P R I L 2 0 1 7 95

requires an agent in the CPE. However, most home CPEs don’t have the capabilities to host it. The COdc is the only way to de-liver this service without replac-ing or upgrading the residential CPE-installed base.

Making use of NFV and SDN, �exible datacenters built on commodity hardware can

now be deployed in telecom COs. Fur-thermore, it’s been shown that the open source ONOS and OpenNebula projects can be adapted to di�erent application scenarios and support new requirements, while allowing for fast and inexpensive prototyping.

Next steps for the OnLife project will consist of migrating and adapt-ing the solution to a production-ready hardware infrastructure and replacing the emulated elements (such as vOLT) with actual equipment. We also aim to replace our current gigabit passive optical network (GPON) access tech-nology with the latest XGS-PON and NG-PON2 technologies, without mod-ifying the COdc software solution and at a reduced capital expenditure.

REFERENCES1. K. Xu, X. Wang, and W. Wei, “Toward

Software De�ned Smart Home,” IEEE Comm. Magazine, vol. 54, no. 5, 2016, pp. 116–122.

2. M. Satyanarayanan et al., “The Case for VM-Based Cloudlets in Mobile Computing,” IEEE Pervasive Comput-ing, vol. 8, no. 4, 2009, pp. 14–23.

3. S. Clinch et al., “How Close Is Close Enough? Understanding the Role of Cloudlets in Supporting Display Appropriation by Mobile Users,” Proc. 2012 IEEE Int’l Conf. Pervasive Computing and Comm. (PerCom 12), 2012; elijah.cs.cmu.edu/DOCS/clinch-percom-2012-CAMERA-READY.pdf.

4. M. Patel et al., Mobile-Edge Comput-ing, white paper, ETSI, Sept. 2014;

portal.etsi.org/portals/0/tbpages/mec/docs/mobile-edge_computing_-_introductory_technical_white_paper_v1%2018-09-14.pdf.

5. L. Peterson et al., “Central Oªce Re-Architected as a Data Center,” IEEE Comm. Magazine, vol. 54, no. 10, 2016, pp. 96–101.

6. B. Sotomayor et al., “Virtual Infra-structure Management in Private and Hybrid Clouds,” IEEE Internet Computing, vol. 13, no. 5, 2009, pp. 14–22.

RUBÉN S. MONTERO is chief archi-tect at OpenNebula and an associate professor of computer architecture at Complutense University. Contact him at [email protected].

ELISA ROJAS is a research director at Telcaria Ideas S.L. Contact her at [email protected].

ALFONSO A. CARRILLO manages the COdc architecture at Telefónica. Contact him at [email protected].

IGNACIO M. LLORENTE is a project director at OpenNebula and a full professor of computer architecture as well as head of the Distributed Systems Architecture Research Group at Complutense University. He is also a visiting scholar at Harvard University. Contact him at [email protected].

PURPOSE: The IEEE Computer Society is the world’s largest association of computing professionals and is the leading provider of technical information in the �eld. Visit our website at www.computer.org.OMBUDSMAN: Email [email protected].

Next Board Meeting: 12–17 June 2017, Phoenix, AZ, USA

EXECUTIVE COMMITTEEPresident: Jean-Luc GaudiotPresident-Elect: Hironori Kasahara; Past President: Roger U. Fujii; Secretary: Forrest Shull; First VP, Treasurer: David Lomet; Second VP, Publications: Gregory T. Byrd; VP, Member & Geographic Activities: Cecilia Metra; VP, Professional & Educational Activities: Andy T. Chen; VP, Standards Activities: Jon Rosdahl; VP, Technical & Conference Activities: Hausi A. Müller; 2017–2018 IEEE Director & Delegate Division VIII: Dejan S. Milojičić; 2016–2017 IEEE Director & Delegate Division V: Harold Javid; 2017 IEEE Director-Elect & Delegate Division V-Elect: John W. Walz

BOARD OF GOVERNORSTerm Expiring 2017: Alfredo Benso, Sy-Yen Kuo, Ming C. Lin, Fabrizio Lombardi, Hausi A. Müller, Dimitrios Serpanos, Forrest J. ShullTerm Expiring 2018: Ann DeMarle, Fred Douglis, Vladimir Getov, Bruce M. McMillin, Cecilia Metra, Kunio Uchiyama, Stefano ZaneroTerm Expiring 2019: Saurabh Bagchi, Leila De Floriani, David S. Ebert, Jill I. Gostin, William Gropp, Sumi Helal, Avi Mendelson

EXECUTIVE STAFFExecutive Director: Angela R. Burgess; Director, Governance & Associate Executive Director: Anne Marie Kelly; Director, Finance & Accounting: Sunny Hwang; Director, Information Technology & Services: Sumit Kacker; Director, Membership Development: Eric Berkowitz; Director, Products & Services: Evan M. Butter�eld; Director, Sales & Marketing: Chris Jensen

COMPUTER SOCIETY OFFICESWashington, D.C.: 2001 L St., Ste. 700, Washington, D.C. 20036-4928Phone: +1 202 371 0101 • Fax: +1 202 728 9614Email: [email protected] Alamitos: 10662 Los Vaqueros Circle, Los Alamitos, CA 90720 • Phone: +1 714 821 8380 • Email: [email protected] & Publication OrdersPhone: +1 800 272 6657 • Fax: +1 714 821 4641 • Email: [email protected]/Paci�c: Watanabe Building, 1-4-2 Minami-Aoyama, Minato-ku, Tokyo 107-0062, Japan • Phone: +81 3 3408 3118 • Fax: +81 3 3408 3553 • Email: [email protected]

IEEE BOARD OF DIRECTORSPresident & CEO: Karen Bartleson; President-Elect: James Jefferies; Past President: Barry L. Shoop; Secretary: William Walsh; Treasurer: John W. Walz; Director & President, IEEE-USA: Karen Pedersen; Director & President, Standards Association: Forrest Don Wright; Director & VP, Educational Activities: S.K. Ramesh; Director & VP, Membership and Geographic Activities: Mary Ellen Randall; Director & VP, Publication Services and Products: Samir El-Ghazaly; Director & VP, Technical Activities: Marina Ruggieri; Director & Delegate Division V: Harold Javid; Director & Delegate Division VIII: Dejan S. Milojičić

revised 26 Jan. 2017

Read your subscriptions through the myCS publications portal at

http://mycs.computer.org


THE IOT CONNECTION

Figure 2 depicts the deployment of several applications in the COdc. IoT devices use the residential network to connect to the edge applications de-ployed in the COdc. Within the COdc, the IoT tra�c is then forwarded to the target application through speci�c switching circuits in the Clos, which eventually could send the data to the ISP backbone network. Apart from IoT applications, basic service apps are also deployed for each customer and accessed in the same way (for example, vSG for Internet access).

Edge applications are tied to the environmental conditions where IoT devices operate. A problem such

as a tra�c jam, a large event, or an emergency in a neighborhood might require allocating additional com-putational resources to the associ-ated edge application. The COdc can increase (or decrease) the number of VMs considering application-speci�c performance metrics; for example, to add more VMs at speci�c times and dates or when the number of requests are above a given threshold.

The COdc also provides a well- de�ned API to manage edge ap-plications. This API resembles the classical IaaS API to control a VM’s lifecycle. The COdc uses the func-tionality exposed by OpenNebula and

ONOS to deploy the edge applications and provide them with the features mentioned earlier.

MOVING SERVICES FROM CUSTOMER PREMISES TO THE CENTRAL OFFICEThe initial functional and perfor-mance analyses made using the proof-of-concept and demo applica-tions are very promising, and show us how to move other Telefónica solu-tions (currently deployed in the CPE or in expensive centralized locations) to the network edge. CPEs have limited capacity to host new IoT services such as internal security, access control, and energy management, which cur-rently require the installation of addi-tional physical equipment. The COdc allows us to host these services within a vSG built for the speci�c needs of the product o�ering. In particular, the fol-lowing Telefónica solutions and ser-vices are being considered:

› Inmótica Hydra. This energy- e�ciency enterprise solution helps customers manage and re-duce their energy consumption and requires the installation of on- premise servers that occupy �oor space and remote mainte-nance for each customer facility. Telefónica aims to remove this equipment and host all function-ality within the COdc, leaving only the system’s meters and sensors on premises.

› On the Spot. This retail commerce– oriented solution, which provides small businesses with in-store music, digital signage, and customer Wi-Fi, also requires the installation of on-premise servers that oc-cupy �oor space. On the Spot’s maintenance cost and contin-uous software updates pose a challenge that the COdc is well suited to help resolve.

› FAAST Vulnerability. This resi-dential solution, which provides protection against IoT threats,

serv2 serv1 COvrBackbone network

InternetClosAccess

portal

vOLT

vSG CDN

Central of�ce

HGU

Residential access

Edge application

VLAN for each app

s1

L1 L2 L3 L4

s2

Figure 2. Service architecture for OnLife edge applications. Applications are deployed as virtual machines by OpenNebula and interconnected in the Clos through specif-ic switching circuits installed by ONOS. Internet of Things devices connect to each application in the COdc through the residential access network. Together with the edge applications, standard services applications are also deployed in the COdc (for example, Internet access or VoIP) and accessed in the same way. CDN: content delivery network; HGU: home gateway unit.

This article originally appeared in Computer, vol. 50, no. 4, 2017.

PURPOSE: The IEEE Computer Society is the world’s largest association of computing professionals and is the leading provider of technical information in the �eld. Visit our website at www.computer.org.OMBUDSMAN: Email [email protected].

Next Board Meeting: 12–13 November 2017, Phoenix, AZ, USA

EXECUTIVE COMMITTEEPresident: Jean-Luc GaudiotPresident-Elect: Hironori Kasahara; Past President: Roger U. Fujii; Secretary: Forrest Shull; First VP, Treasurer: David Lomet; Second VP, Publications: Gregory T. Byrd; VP, Member & Geographic Activities: Cecilia Metra; VP, Professional & Educational Activities: Andy T. Chen; VP, Standards Activities: Jon Rosdahl; VP, Technical & Conference Activities: Hausi A. Müller; 2017–2018 IEEE Director & Delegate Division VIII: Dejan S. Milojičić; 2016–2017 IEEE Director & Delegate Division V: Harold Javid; 2017 IEEE Director-Elect & Delegate Division V-Elect: John W. Walz

BOARD OF GOVERNORSTerm Expiring 2017: Alfredo Benso, Sy-Yen Kuo, Ming C. Lin, Fabrizio Lombardi, Hausi A. Müller, Dimitrios Serpanos, Forrest J. ShullTerm Expiring 2018: Ann DeMarle, Fred Douglis, Vladimir Getov, Bruce M. McMillin, Cecilia Metra, Kunio Uchiyama, Stefano ZaneroTerm Expiring 2019: Saurabh Bagchi, Leila De Floriani, David S. Ebert, Jill I. Gostin, William Gropp, Sumi Helal, Avi Mendelson

EXECUTIVE STAFFExecutive Director: Angela R. Burgess; Director, Governance & Associate Executive Director: Anne Marie Kelly; Director, Finance & Accounting: Sunny Hwang; Director, Information Technology & Services: Sumit Kacker; Director, Membership Development: Eric Berkowitz; Director, Products & Services: Evan M. Butter�eld; Director, Sales & Marketing: Chris Jensen

COMPUTER SOCIETY OFFICESWashington, D.C.: 2001 L St., Ste. 700, Washington, D.C. 20036-4928Phone: +1 202 371 0101 • Fax: +1 202 728 9614Email: [email protected] Alamitos: 10662 Los Vaqueros Circle, Los Alamitos, CA 90720 • Phone: +1 714 821 8380 • Email: [email protected] & Publication OrdersPhone: +1 800 272 6657 • Fax: +1 714 821 4641 • Email: [email protected]/Paci�c: Watanabe Building, 1-4-2 Minami-Aoyama, Minato-ku, Tokyo 107-0062, Japan • Phone: +81 3 3408 3118 • Fax: +81 3 3408 3553 • Email: [email protected]

IEEE BOARD OF DIRECTORSPresident & CEO: Karen Bartleson; President-Elect: James Jefferies; Past President: Barry L. Shoop; Secretary: William Walsh; Treasurer: John W. Walz; Director & President, IEEE-USA: Karen Pedersen; Director & President, Standards Association: Forrest Don Wright; Director & VP, Educational Activities: S.K. Ramesh; Director & VP, Membership and Geographic Activities: Mary Ellen Randall; Director & VP, Publication Services and Products: Samir El-Ghazaly; Director & VP, Technical Activities: Marina Ruggieri; Director & Delegate Division V: Harold Javid; Director & Delegate Division VIII: Dejan S. Milojičić

revised 31 May 2017

28 August 2017 Published by the IEEE Computer Society 2469-7087/17/$33.00 © 2017 IEEE14 I EEE CLO U D CO M P U T I N G P U B L I S H ED BY T H E I EEE CO M P U T ER S O CI E T Y 2 3 2 5 - 6 0 9 5/ 1 7/$ 3 3 . 0 0 © 2 0 1 7 I EEE

EDITOR:

KIM-KWANG RAYMOND CHOO

University of Texas at San [email protected]

Evidence and Forensics in the Cloud: Challenges and Future Research DirectionsKim-Kwang Raymond Choo, University of Texas at San Antonio

Christian Esposito and Aniello Castiglione, University of Salerno

ALTHOUGH IT IS POPULAR WITH COMPA-NIES AND PRIVATE USERS, CLOUD COM-PUTING CAN BE ABUSED OR TARGETED BY CRIMINALS. This can range from stealing person-

al information stored and outsourced to the cloud, to frauds that are more sophisticated, and to attacks that are disruptive, such as compromising a com-pany’s day-to-day operations. Cloud storage services can also be abused by criminals, who use it to store and hide incriminating and illegal materials or to distribute copyright materials.1

There have been several concerted efforts by cloud service providers to prevent their services from being criminally exploited. For example, Drop-box has implemented a child abuse material de-tection software, whose details are not publically available, which allows searching within the �les stored on Dropbox to identify breaches of the Terms of Use and Acceptable Use Policy. Similarly, Micro-soft’s PhotoDNA is designed to identify child abuse materials from the �les stored by companies on their servers, and used in its cloud storage product.

Another commonly seen criminal exploitation of the cloud is to support the execution of large-scale and distributed attacks, for example by compro-mising some instances of virtual machines within a cloud infrastructure to launch Distributed De-nial-of-Service (DDoS) attacks against third-party websites, portals or platforms. In 2012, a group of cyber-criminals exploited the CVE-2014-3120 Elas-ticsearch 1.1.x vulnerability, in order to compro-mise virtual machines within Amazon EC2, and launched a UDP based DDoS attack. Predictably, most cloud service providers have platform-wide DDoS protection systems that monitor incoming and outgoing traf�c in order to prevent DDoS at-tack against their platform or to avoid being used to launch such attacks.

A number of other security solutions have been proposed for the cloud in the literature, ranging from access control to crypto primitives to intrusion detection to privacy-preserving, and so forth. Despite the existence and deployment of various security solutions, there will be times where digital investigation is needed. As noted in a previous column,2 to successfully prosecute in-dividuals who commit crimes involving digital evi-dence, one must be able to gather evidence of an incident or crime that has involved cloud servers as well as the client devices that have been used to access the cloud services, a process known as digital forensics (or cloud forensics).

CLOUD AND THE LAW

d3law.indd 14 7/21/17 9:20 AM

www.computer.org/computingedge 29M AY/J U N E 2 0 1 7 I EEE CLO U D CO M P U T I N G 15

Cloud Forensics In a cloud forensic investigation, it is necessary to analyze the data �ow, commonly at three main stages, data-at-rest on the client device(s), data-in-transit, and data-at-rest on the server(s). Therefore, it is important to conduct static analysis and dynamic (binary code) analysis of apps installed on the client device, analysis of data communication and ex�ltra-tion channels and techniques, and investigation and validation of techniques to locate and recover public and private keys, authentication tokens, encrypted blocks, and other data of interest in the network traf-�c and on the client device and server (e.g. memory dumps). For example, a number of re-searchers have examined the potential to recover data remnants from client devices, such as Android and iOS devic-es, that have been used to access cloud services (such as the potential to recover forensic artefacts from an OS X PC af-ter it had been used to access Apple’s iCloud). 3 In a recent investigation of the implementation of the OAuth protocol, a commonly used token-based authentica-tion system in mobile apps, the research-ers demonstrated how one can intercept and recover security tokens (e.g. access and refresh tokens used to authenticate the user) from the device’s memory heap. This would allow forensic investigators having obtained the security tokens to access a user account even after the user has changed his/her password-based credentials (de-pending on the service provider’s implementation).4

Data may not initially be in a format appropri-ate for collection as digital evidence, and as such, it becomes necessary to “decode” the protocol used by the application or operating system for data stor-age and/or transit. Thus, it is important to conduct a comprehensive, empirical investigation of a range of client devices and cloud servers against existing techniques and commercial and open source digital forensic tools, in order to make a detailed determi-nation of the limitations of existing techniques and forensic tools when collecting data from client de-vices and cloud servers.

It is expected that such technical investigations will clearly demonstrate the strengths and weak-nesses of current techniques and the various foren-

sic tools in terms of their evidential data collection and analysis capabilities. It may also identify types of evidence available on computing devices that fo-rensic investigators would not have otherwise known were available.

However, existing techniques may not be appli-cable in cloud forensics. For example, investigators may not have physical access to the evidence, and a corrupted insider from the cloud service provider can easily alter the evidence. Roussev et al. also not-ed that in software as a service (SaaS) forensics, ` .̀..the use of traditional forensic tools results in acqui-sition and analysis [that] is inherently incomplete’’.5

Infrastructure such as distributed �lesystems can support Infrastructure as a Service (IaaS) and other cloud computing environments by providing data fragmentation and distribution, potentially between countries and within datacentres. This results in signi�cant technical, jurisdictional and operational challenges in the collection of eviden-tial data for analysis in both criminal investigations and civil litigation matters.6,7 For example, a Brit-ish barrister and a Senior Policy Advisor and Crown Advocate with UK Government Crown Prosecution Service predicted that the evidence obtained from the cloud will play a more signi�cant role in the foreseeable future.8

In addition, as explained by Martini and Choo, investigators must trust the cloud service provider to maintaining trustworthy logs about the cloud activity, and providing reports about the activities of user(s) of interest upon request (e.g. a court or-der).9 Zawoad, Dutta and Hasan presented a solu-tion for logging the activities within the cloud, and

There have been several concerted efforts by cloud service providers

to prevent their services from being criminally exploited.

d3law.indd 15 7/21/17 9:20 AM

14 I EEE CLO U D CO M P U T I N G P U B L I S H ED BY T H E I EEE CO M P U T ER S O CI E T Y 2 3 2 5 - 6 0 9 5/ 1 7/$ 3 3 . 0 0 © 2 0 1 7 I EEE

EDITOR:

KIM-KWANG RAYMOND CHOO

University of Texas at San [email protected]

Evidence and Forensics in the Cloud: Challenges and Future Research DirectionsKim-Kwang Raymond Choo, University of Texas at San Antonio

Christian Esposito and Aniello Castiglione, University of Salerno

ALTHOUGH IT IS POPULAR WITH COMPA-NIES AND PRIVATE USERS, CLOUD COM-PUTING CAN BE ABUSED OR TARGETED BY CRIMINALS. This can range from stealing person-

al information stored and outsourced to the cloud, to frauds that are more sophisticated, and to attacks that are disruptive, such as compromising a com-pany’s day-to-day operations. Cloud storage services can also be abused by criminals, who use it to store and hide incriminating and illegal materials or to distribute copyright materials.1

There have been several concerted efforts by cloud service providers to prevent their services from being criminally exploited. For example, Drop-box has implemented a child abuse material de-tection software, whose details are not publically available, which allows searching within the �les stored on Dropbox to identify breaches of the Terms of Use and Acceptable Use Policy. Similarly, Micro-soft’s PhotoDNA is designed to identify child abuse materials from the �les stored by companies on their servers, and used in its cloud storage product.

Another commonly seen criminal exploitation of the cloud is to support the execution of large-scale and distributed attacks, for example by compro-mising some instances of virtual machines within a cloud infrastructure to launch Distributed De-nial-of-Service (DDoS) attacks against third-party websites, portals or platforms. In 2012, a group of cyber-criminals exploited the CVE-2014-3120 Elas-ticsearch 1.1.x vulnerability, in order to compro-mise virtual machines within Amazon EC2, and launched a UDP based DDoS attack. Predictably, most cloud service providers have platform-wide DDoS protection systems that monitor incoming and outgoing traf�c in order to prevent DDoS at-tack against their platform or to avoid being used to launch such attacks.

A number of other security solutions have been proposed for the cloud in the literature, ranging from access control to crypto primitives to intrusion detection to privacy-preserving, and so forth. Despite the existence and deployment of various security solutions, there will be times where digital investigation is needed. As noted in a previous column,2 to successfully prosecute in-dividuals who commit crimes involving digital evi-dence, one must be able to gather evidence of an incident or crime that has involved cloud servers as well as the client devices that have been used to access the cloud services, a process known as digital forensics (or cloud forensics).

CLOUD AND THE LAW

d3law.indd 14 7/21/17 9:20 AM


CLOUD AND THE LAW

to ensure the integrity and con�dentiality of such logs.10 Speci�cally, they propose a Proof of Past Log (PPL) scheme to avoid tampering of the logs after their generation, and to encrypt some crucial in-formation within the logs so as to protect the user’s privacy. The proposed solution also facilitates the presentation of the collected evidence for veri�ca-tion in the court.

Dykstra and Sherman described a method to collect forensic artifacts from Amazon’s EC2 ser-vice. They also used Eucalyptus (which operates similarly from a client point of view to EC2) for the purposes of injecting forensic tools into running VMs via the hypervisor layer.11 Using conventional forensic tools (such as Guidance Software EnCase and AccessData FTK), the authors were success-ful in collecting evidence from EC2 and Eucalyp-

tus. The level of trust required to execute each of the collection procedures was also reported in the study. In a latter work, the same authors contributed a forensic toolkit for the OpenStack cloud platform – FROST.12 FROST allows a remote user to collect an image of the users’ VMs hosted in OpenStack, and retrieve log events for all API requests made by the user and �rewall logs for all of the users’ VMs. FROST is integrated with several OpenStack Dash-board and Compute components.

Martini and Choo presented a four-stage cloud forensic framework, and used it to guide their server and client analysis of the ownCloud private Stor-age.13,14 The authors successfully recovered a range of artifacts, including �le data, metadata and au-thentication credentials. Then they analyzed the server component of ownCloud. In addition to locat-ing a range of metadata and uploaded �les (including

previous versions), they were able to use the authen-tication credentials collected from the client to de-crypt �les stored on the server. This demonstrated the utility of the client followed by server forensic investigation approach. In another work, the same authors designed a process for remote programmatic collection of evidence from an IaaS cloud service, which would provide forensic researchers and prac-titioners a tool (for instance collecting data via API) to collect evidential data using a repeatable and fo-rensically sound process.15

Forensic-by-Design and Forensic-as-a-ServiceAb Rahman and colleagues proposed an alternative forensic readiness strategy, referred to as forensic-by-design.16 Conceptually, forensic-by-design is

similar to security-by-design and priva-cy-by-design, where requirements for forensics are integrated into relevant phases of the system development life-cycle, with the objective of developing forensic-ready systems. The utility of such an approach is demonstrated in a latter work.17

There has also been research into offering forensic-as-a-service. Concep-tually, forensic-as-a-service is similar to software-as-a-service where foren-sic applications and services are being

moved to the cloud. For example, Castiglione and colleagues presented a cloud-based methodology to acquire forensic evidence from online services, such as webpages, chats, documents, photos and videos.18

A cloud-based solution hosts a network trusted ser-vice used to acquire evidence for subsequent analy-sis. Such an acquisition can be undertaken using a HTTPS proxy (capable of recording activities at the network level, such as IP, when an online service is accessed), or a software agent for the collection of in-formation obtained by the targeted online service in a What You See Is What You Get (WYSIWYG) manner.

Along with his colleagues, van Beek proposed a cloud-based approach which allows one to process and investigate the large volume of seized digital materials,19 typically of a criminal investigation. This was also coined big data forensics by Quick and Choo.20 Speci�cally, digital evidence obtained

Conceptually, forensic-as-a-service is similar to software-as-a-service

where forensic applications and services are being moved to the cloud.

d3law.indd 16 7/21/17 9:20 AM


during the investigation are outsourced to the cloud by creating forensic copies, and later examined us-ing a standard set of tools. Thus, evidence copies can be created and stored in a centralized and ac-cessible location. Fu and his colleagues presented a cloud-based distributed solution for tracing Internet criminals using high-bandwidth sentinels within anonymous networks, such as Tor.21 This allows the capturing of (criminal) communications for analysis.

HARNESSING TECHNOLOGICAL ADVANCES FOR VARIOUS ASPECTS OF POLICING HAS BEEN A KEY OPERATIONAL OBJECTIVE IN MANY GOVERNMENTS AND LAW EN-FORCEMENT AGENCIES.22 Examples include modernizing communications between �eld inves-tigators, such as crime scene analysis personal and investigators, forensic laboratories, and the digi-tal archives, using cloud computing. For example, Schiliro and Choo presented a cloud-based interac-tive constable on patrol system, which allows a law enforcement agency (or any other private sector or-ganization) to deliver the organization’s capabilities to the frontline of�cer via a mobile app.23 This in-cludes the capability to connect and pull/push infor-mation and intelligence from a wide range of public and private databases (for example CCTV systems in a particular city, such as San Antonio), employing data-mining and other big data analytical technolo-gies, and so on.

As cloud and related technologies advance, fo-rensic investigators will �nd it challenging to keep pace, in the sense of identifying new forensic ar-tifacts. Thus, there is a need for ongoing research into identifying new forensic artefacts in the cloud and related environment (for example multi-cloud and federated cloud, fog computing, edge comput-ing, and Internet of Things, such as Internet of Bat-tle�eld Things), considering both data-at-rest and data-in-transit, as well as developing new forensi-cally sound data collection techniques.

Current forensic techniques generally make use of vendor data communication facilities built into the mobile devices (such as iTunes backups for iOS devices) for the purpose of forensic extrac-tion. Often this limits the potential for data extrac-tion. For example, current tools would not be able

to collect evidence from devices that are encrypted using strong passwords. Therefore, it is crucial to develop, validate and re�ne novel evidence-based data collection techniques to obtain evidential data from cloud computing (and other computing) de-vices in crimes that make use of sophisticated and secure technologies, for example, the use of strong encryption to secure both data-at-rest and data-in-transit, as well as anti-forensic techniques. These novel evidence-based data collection techniques need to be designed to circumvent advanced secu-rity features (such as developing low-level exploits and undertaking physical hardware analysis) and obtain evidential data from cloud computing devic-es, without compromising the evidence’s integrity. These techniques will enhance “guardianship” and the “deterrent” effect in policing.

A recent literature survey also shows that there is a need for effective visualization of evidential data for forensic practitioners and investigators, as point-ed out by the authors “while many researchers have made progress towards a model for visualizing foren-sic data, there continue to be gaps in this research area which need to be addressed”.24,25

When designing cloud forensic techniques, it is also important to balance the need for a secure mobile telecommunications system and the rights of individuals to privacy against the need to protect the community from serious and organized crimes and cyber and national security interests. This issue has serious implications on the ability of governments to protect their citizens against serious and organized crimes. However, it remains an under-researched area due to the interdisciplinary challenges speci�c to cloud (and digital) forensics. Thus, it is important to bring together approaches from different disci-plines to address the major contemporary challenges associated with cloud forensics. For instance, to en-sure individual privacy, the techniques developed by forensic researchers should focus on individual sus-pect devices under direct judicial oversight (for ex-ample under a search warrant), as opposed to broad spectrum surveillance, such as the NSA incident re-vealed by Snowden in 2013.

References 1. D. Ó Coileáin, and D. O’mahony, “Accounting

and Accountability in Content Distribution

d3law.indd 17 7/21/17 9:20 AM


CLOUD AND THE LAW

to ensure the integrity and con�dentiality of such logs.10 Speci�cally, they propose a Proof of Past Log (PPL) scheme to avoid tampering of the logs after their generation, and to encrypt some crucial in-formation within the logs so as to protect the user’s privacy. The proposed solution also facilitates the presentation of the collected evidence for veri�ca-tion in the court.

Dykstra and Sherman described a method to collect forensic artifacts from Amazon’s EC2 ser-vice. They also used Eucalyptus (which operates similarly from a client point of view to EC2) for the purposes of injecting forensic tools into running VMs via the hypervisor layer.11 Using conventional forensic tools (such as Guidance Software EnCase and AccessData FTK), the authors were success-ful in collecting evidence from EC2 and Eucalyp-

tus. The level of trust required to execute each of the collection procedures was also reported in the study. In a latter work, the same authors contributed a forensic toolkit for the OpenStack cloud platform – FROST.12 FROST allows a remote user to collect an image of the users’ VMs hosted in OpenStack, and retrieve log events for all API requests made by the user and �rewall logs for all of the users’ VMs. FROST is integrated with several OpenStack Dash-board and Compute components.

Martini and Choo presented a four-stage cloud forensic framework, and used it to guide their server and client analysis of the ownCloud private Stor-age.13,14 The authors successfully recovered a range of artifacts, including �le data, metadata and au-thentication credentials. Then they analyzed the server component of ownCloud. In addition to locat-ing a range of metadata and uploaded �les (including

previous versions), they were able to use the authen-tication credentials collected from the client to de-crypt �les stored on the server. This demonstrated the utility of the client followed by server forensic investigation approach. In another work, the same authors designed a process for remote programmatic collection of evidence from an IaaS cloud service, which would provide forensic researchers and prac-titioners a tool (for instance collecting data via API) to collect evidential data using a repeatable and fo-rensically sound process.15

Forensic-by-Design and Forensic-as-a-ServiceAb Rahman and colleagues proposed an alternative forensic readiness strategy, referred to as forensic-by-design.16 Conceptually, forensic-by-design is

similar to security-by-design and priva-cy-by-design, where requirements for forensics are integrated into relevant phases of the system development life-cycle, with the objective of developing forensic-ready systems. The utility of such an approach is demonstrated in a latter work.17

There has also been research into offering forensic-as-a-service. Concep-tually, forensic-as-a-service is similar to software-as-a-service where foren-sic applications and services are being

moved to the cloud. For example, Castiglione and colleagues presented a cloud-based methodology to acquire forensic evidence from online services, such as webpages, chats, documents, photos and videos.18

A cloud-based solution hosts a network trusted ser-vice used to acquire evidence for subsequent analy-sis. Such an acquisition can be undertaken using a HTTPS proxy (capable of recording activities at the network level, such as IP, when an online service is accessed), or a software agent for the collection of in-formation obtained by the targeted online service in a What You See Is What You Get (WYSIWYG) manner.

Along with his colleagues, van Beek proposed a cloud-based approach which allows one to process and investigate the large volume of seized digital materials,19 typically of a criminal investigation. This was also coined big data forensics by Quick and Choo.20 Speci�cally, digital evidence obtained

Conceptually, forensic-as-a-service is similar to software-as-a-service

where forensic applications and services are being moved to the cloud.

d3law.indd 16 7/21/17 9:20 AM


CLOUD AND THE LAW

Architectures: A Survey”, ACM Computing Sur-veys, vol. 47, no. 4, art. 59, May 2015.

2. B. Martini, and K.-K. R. Choo, Cloud Forensic Technical Challenges and Solutions: A Snapshot, IEEE Cloud Computing, vol. 1, no. 4, pp. 20-25, 2014.

3. K. Oestreicher, “A forensically robust method for acquisition of iCloud data”, Digital Investigation, vol. 11, Supplement 2, pp: S106-S113, August 2014.

4. B. Martini, Q. Do and K.-K. R. Choo, “Digital fo-rensics in the cloud era: The decline of passwords and the need for legal reform”. Trends & Issues in Crime and Criminal Justice, vol. 512, pp. 1–16, 2016.

5. V. Roussev, I. Ahmed, A. Barreto, S. McCulley, and V. Shanmughan, “Cloud forensics–Tool de-velopment studies & future outlook”, Digital In-vestigation, vol. 18, pp: 79-95, 2016.

6. C. Hooper, B. Martini, K.-K. R. Choo, Cloud computing and its implications for cybercrime investigations in Australia, Computer Law & Se-curity Review, vol. 29, no. 2, pp. 152-163, 2013.

7. D. J. B. Svantesson, and L. van Zwieten, Law en-forcement access to evidence via direct contact with cloud providers – identifying the contours of a solution, Computer Law & Security Review, vol. 32, no. 5, pp. 671-682, 2016.

8. S. Mason, and E. George, Digital evidence and ‘cloud’ computing, Computer Law & Security Re-view, vol. 27, no. 5, pp. 524-528, 2011.

9. B. Martini, and K.-K. R. Choo, An integrated conceptual digital forensic framework for cloud computing, Digital Investigation, vol. 9, no. 2, pp. 71-80, 2012.

10. S. Zawoad, A. K. Dutta and R. Hasan, “Towards Building Forensics Enabled Cloud Through Se-cure Logging-as-a-Service”, IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 2, pp. 148-162, 2016.

11. J. Dykstra, and A. T. Sherman, Acquiring fo-rensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques, Digital Investigation, vol. 9, Supplement, pp. S90-S98, 2012.

12. J. Dykstra, and A. T. Sherman, Design and im-plementation of FROST: Digital forensic tools for the OpenStack cloud computing platform, Digi-

tal Investigation, vol. 10, Supplement, pp. S87-S95, 2013.

13. B. Martini, and K.-K. R. Choo, Cloud storage fo-rensics: ownCloud as a case study, Digital Investi-gation, vol. 10, no. 4, pp: 287-299, December 2013.

14. B. Martini, K.-K. R. Choo, An integrated concep-tual digital forensic framework for cloud comput-ing, Digital Investigation, vol. 9, no. 2, pp: 71-80, November 2012.

15. B. Martini and K.-K. R. Choo, Remote Program-matic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept, Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TRUSTCOM ‘14), pp: 935-942, 2014.

16. N. H. Ab Rahman, W. B. Glisson, Y. Yang, K.-K. R. Choo, Forensic-by-Design Framework for Cyber-Physical Cloud Systems, IEEE Cloud Computing, vol. 3, no. 1, pp: 50-59, 2016.

17. N. H. Ab Rahman, N. D. W. Cahyani, and K.-K. R. Choo, “Cloud incident handling and forensic-by-design: cloud storage as a case study”, Con-currency and Computation: Practice and Experi-ence, 2017. http://dx.doi.org/10.1002/cpe.3868

18. A. Castiglione, G. Cattaneo, G. De Maio, A. De Santis, and G. Roscigno, “A Novel Methodol-ogy to Acquire Live Big Data Evidence from the Cloud”, IEEE Transactions on Big Data, 2017. https://doi.org/10.1109/TBDATA.2017.2683521

19. H.M.A. van Beek, E.J. van Eijk, R.B. van Baar, M. Ugen, J.N.C. Bodde, and A.J. Siemelink, “Digital forensics as a service: Game on”, Digital Investigation, vol. 15, pp: 20-38, December 2015.

20. D. Quick, and K.-K. R. Choo, “Big Forensic Data Management in Heterogeneous Distributed Sys-tems: Quick Analysis of Multimedia Forensic Data”, Software: Practice and Experience, 2017. http://dx.doi.org/10.1002/spe.2429

21. X. Fu, Z. Ling, W. Yu, and J. Luo, “Cyber Crime Scene Investigations (C²SI) through Cloud Com-puting”, Proceedings of the IEEE 30th Interna-tional Conference on Distributed Computing Sys-tems Workshops, pp: 26-31, 2010.

22. K.-K. R. Choo, Harnessing information and com-munications technologies in community polic-ing, in Judy Putt, editor, Community policing in Australia, Research and Public Policy, vol. 111, pp.

d3law.indd 18 7/21/17 9:20 AM


67–75, available at http://www.aic.gov.au/media_library/publications/rpp/111/rpp111.pdf, 2011.

23. F. Schiliro, and K.-K. R. Choo, The Role of Mo-bile Devices in Enhancing the Policing System to Improve Ef� ciency and Effectiveness: A Practi-tioner’s Perspective,. In Au M H and Choo K-K R, editors, Mobile Security and Privacy: Advances, Challenges and Future Research Directions, pp. 85–99, Syngress, an Imprint of Elsevier. http://dx.doi.org/10.1016/B978-0-12-804629-6.00005-5.

24. C. Tassone, B. Martini, and K.-K. R. Choo. Fo-rensic Visualization: Survey and Future Research Directions. In Choo K-K R and Dehghantanha A, editors, Contemporary Digital Forensic Inves-tigations of Cloud and Mobile Applications, pp. 163–184, Syngress, an Imprint of Elsevier. http://dx.doi.org/10.1016/B978-0-12-805303-4.00011-3.

25. C. Tassone, B. Martini, and K.-K. R. Choo, “Vi-sualizing Digital Forensic Datasets: A Proof of Concept”, Journal of Forensic Sciences,2017. http://dx.doi.org/10.1111/1556-4029.13431

KIM-KWANG RAYMOND CHOO holds the Cloud Technology Endowed Professorship in the De-partment of Information Systems and Cyber Security at the University of Texas at San Antonio. His research interests include cyber and information security and digital forensics. He is a senior member of IEEE, a Fellow of the Australian Computer Society, an Hon-orary Commander, 502nd Air Base Wing, Joint Base San Antonio-Fort Sam Houston, USA, and has a PhD in information security from Queensland Univer-sity of Technology, Australia. Contact him at [email protected].

CHRISTIAN ESPOSITO received the Ph.D. de-gree in computer engineering and automation from the University of Napoli “Federico II”, Italy. He is an adjunct professor at the University of Naples “Federi-co II”, Italy, and at the University of Salerno, Italy, where he is also a research fellow. His research in-terests include reliable and secure communications, middleware, distributed systems, positioning systems, multi-objective optimization, and game theory. Con-tact him at [email protected].

ANIELLO CASTIGLIONE is an adjunct professor at the University of Salerno (Italy) and at the University of Naples “Federico II” (Italy). His research interests include security, communication networks, infor-mation forensics and security, applied cryptography. Castiglione has a PhD in computer science from the University of Salerno, Italy. He is member of several associations, including IEEE and ACM. Contact him at [email protected].

IEEE-CS

CHARLES BABBAGE AWARD

CALL FOR AWARD NOMINATIONSDeadline 15 October 2017

ABOUT THE IEEE-CS CHARLES BABBAGE AWARDEstablished in memory of Charles Babbage in recognition of significant contributions in the field of parallel computation. The candidate would have made an outstanding, innovative contribution or contributions to parallel computation. It is hoped, but not required, that the winner will have also contributed to the parallel computation community through teaching, mentoring, or community service.

AWARD & PRESENTATIONA certificate and a $1,000 honorarium presented to a single recipient. The winner will be invited to present a paper and/or presentation at the annual IEEE-CS International Parallel and Distributed Processing Symposium (IPDPS 2017).

NOMINATION SITEawards.computer.org

AWARDS HOMEPAGEwww.computer.org/awards

CONTACT [email protected]


d3law.indd 19 7/21/17 9:20 AM


CLOUD AND THE LAW

Architectures: A Survey”, ACM Computing Sur-veys, vol. 47, no. 4, art. 59, May 2015.

2. B. Martini, and K.-K. R. Choo, Cloud Forensic Technical Challenges and Solutions: A Snapshot, IEEE Cloud Computing, vol. 1, no. 4, pp. 20-25, 2014.

3. K. Oestreicher, “A forensically robust method for acquisition of iCloud data”, Digital Investigation, vol. 11, Supplement 2, pp: S106-S113, August 2014.

4. B. Martini, Q. Do and K.-K. R. Choo, “Digital fo-rensics in the cloud era: The decline of passwords and the need for legal reform”. Trends & Issues in Crime and Criminal Justice, vol. 512, pp. 1–16, 2016.

5. V. Roussev, I. Ahmed, A. Barreto, S. McCulley, and V. Shanmughan, “Cloud forensics–Tool de-velopment studies & future outlook”, Digital In-vestigation, vol. 18, pp: 79-95, 2016.

6. C. Hooper, B. Martini, K.-K. R. Choo, Cloud computing and its implications for cybercrime investigations in Australia, Computer Law & Se-curity Review, vol. 29, no. 2, pp. 152-163, 2013.

7. D. J. B. Svantesson, and L. van Zwieten, Law en-forcement access to evidence via direct contact with cloud providers – identifying the contours of a solution, Computer Law & Security Review, vol. 32, no. 5, pp. 671-682, 2016.

8. S. Mason, and E. George, Digital evidence and ‘cloud’ computing, Computer Law & Security Re-view, vol. 27, no. 5, pp. 524-528, 2011.

9. B. Martini, and K.-K. R. Choo, An integrated conceptual digital forensic framework for cloud computing, Digital Investigation, vol. 9, no. 2, pp. 71-80, 2012.

10. S. Zawoad, A. K. Dutta and R. Hasan, “Towards Building Forensics Enabled Cloud Through Se-cure Logging-as-a-Service”, IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 2, pp. 148-162, 2016.

11. J. Dykstra, and A. T. Sherman, Acquiring fo-rensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques, Digital Investigation, vol. 9, Supplement, pp. S90-S98, 2012.

12. J. Dykstra, and A. T. Sherman, Design and im-plementation of FROST: Digital forensic tools for the OpenStack cloud computing platform, Digi-

tal Investigation, vol. 10, Supplement, pp. S87-S95, 2013.

13. B. Martini, and K.-K. R. Choo, Cloud storage fo-rensics: ownCloud as a case study, Digital Investi-gation, vol. 10, no. 4, pp: 287-299, December 2013.

14. B. Martini, K.-K. R. Choo, An integrated concep-tual digital forensic framework for cloud comput-ing, Digital Investigation, vol. 9, no. 2, pp: 71-80, November 2012.

15. B. Martini and K.-K. R. Choo, Remote Program-matic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept, Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TRUSTCOM ‘14), pp: 935-942, 2014.

16. N. H. Ab Rahman, W. B. Glisson, Y. Yang, K.-K. R. Choo, Forensic-by-Design Framework for Cyber-Physical Cloud Systems, IEEE Cloud Computing, vol. 3, no. 1, pp: 50-59, 2016.

17. N. H. Ab Rahman, N. D. W. Cahyani, and K.-K. R. Choo, “Cloud incident handling and forensic-by-design: cloud storage as a case study”, Con-currency and Computation: Practice and Experi-ence, 2017. http://dx.doi.org/10.1002/cpe.3868

18. A. Castiglione, G. Cattaneo, G. De Maio, A. De Santis, and G. Roscigno, “A Novel Methodol-ogy to Acquire Live Big Data Evidence from the Cloud”, IEEE Transactions on Big Data, 2017. https://doi.org/10.1109/TBDATA.2017.2683521

19. H.M.A. van Beek, E.J. van Eijk, R.B. van Baar, M. Ugen, J.N.C. Bodde, and A.J. Siemelink, “Digital forensics as a service: Game on”, Digital Investigation, vol. 15, pp: 20-38, December 2015.

20. D. Quick, and K.-K. R. Choo, “Big Forensic Data Management in Heterogeneous Distributed Sys-tems: Quick Analysis of Multimedia Forensic Data”, Software: Practice and Experience, 2017. http://dx.doi.org/10.1002/spe.2429

21. X. Fu, Z. Ling, W. Yu, and J. Luo, “Cyber Crime Scene Investigations (C²SI) through Cloud Com-puting”, Proceedings of the IEEE 30th Interna-tional Conference on Distributed Computing Sys-tems Workshops, pp: 26-31, 2010.

22. K.-K. R. Choo, Harnessing information and com-munications technologies in community polic-ing, in Judy Putt, editor, Community policing in Australia, Research and Public Policy, vol. 111, pp.

d3law.indd 18 7/21/17 9:20 AM


IEEE-CS

CHARLES BABBAGE AWARD

CALL FOR AWARD NOMINATIONSDeadline 1 October 2017

ABOUT THE IEEE-CS CHARLES BABBAGE AWARDEstablished in memory of Charles Babbage in recognition of significant contributions in the field of parallel computation. The candidate would have made an outstanding, innovative contribution or contributions to parallel computation. It is hoped, but not required, that the winner will have also contributed to the parallel computation community through teaching, mentoring, or community service.

AWARD & PRESENTATIONA certificate and a $1,000 honorarium presented to a single recipient. The winner will be invited to present a paper and/or presentation at the annual IEEE-CS International Parallel and Distributed Processing Symposium (IPDPS 2017).

NOMINATION SITEawards.computer.org

AWARDS HOMEPAGEwww.computer.org/awards

CONTACT [email protected]


Beyond WiresEditor: Yih-Farn Robin Chen • [email protected]


FocusStack: Orchestrating Edge Clouds Using Focus of AttentionBrian Amento, Robert J. Hall, Kaustubh Joshi, and K. Hal Purdy • AT&T Labs Research

Managing resources in Internet of Things (IoT) edge devices presents new chal-

lenges: massive scale, novel security issues, and new resource types. We pro-

pose that edge devices can be managed as part of Infrastructure-as-a-Service

clouds. Our approach, FocusStack, uses situational awareness to solve problems

of inef�cient messaging and mixed-initiative control that IoT device management

raises for traditional cloud platforms.

E dge computing (also known as cloudlets or fog computing) has traditionally focused on small cloud data centers associated with the

last mile of the Internet. Increasingly, however, even the small form factor devices that connect to the last mile, such as television set-top boxes, network gateways, WiFi access points, cars, and drones, present an interesting target for building a managed cloud computing platform that can serve a rich set of new applications. Applications range from traditional network edge services such as content caches or WAN accelerators, to more novel ones such as privacy-preserving big data analytics on set-top boxes, connected cars, Internet of Things (IoT) sensor-sharing applica-tions, and applications allowing users to lease sensors and computation resources in drones.

We propose that distributed edge devices should be managed similarly to an Infrastructure-as-a-Service (IaaS) cloud computing data center by extending traditional cloud orchestration tools. We assume that the devices are managed, at least in part, by a controlling entity, such as a cable provider with a collection of set-top boxes, an operator deploying a �eet of drones, or an auto manufacturer providing a managed computing platform in its cars. This conceptual framework considers each mobile edge device as analogous to a compute server. Tenant applications, poten-

tially from different developers, are deployed to these devices. These application instances coor-dinate with other instances to perform tasks with local or platform-wide scope. Control plane nodes in the cloud orchestrate the management of these “distributed virtual data centers” of edge devices, and allow both tenants and administra-tors to interact with this edge cloud. Through this interface, tenants deploy and update applications, configure secure application networking, and provide access to storage resources.

Despite similarities to the traditional cloud IaaS model, such an approach presents unique challenges. First, edge devices often have lim-ited compute and memory resources, and in the case of drones, limited energy as well. Second, the network environment is dramatically differ-ent from the typical data center, complete with nodes that might be moving constantly and have intermittent connectivity with scarce and variable available bandwidth. Third, the ratio of compute to control nodes is dramatically different. With potentially millions of devices attaching to a small set of cloud controllers, the control plane must be highly ef�cient. Last, these devices often need mixed-initiative man-agement that’s distinct from traditional cloud provider/tenant separation (we discuss this more later).


FocusStack: Orchestrating Edge Clouds Using Focus of Attention


We address these challenges using an intelligent approach to messag-ing based on the concept of focus of attention. The cloud control plane’s operations are scoped based on con-text that includes the edge device’s location, health, capabilities, and user authorization preferences. We call this capability location-based situational awareness. Devices that aren’t in the current focus of atten-tion are neither tracked by the cloud control plane, nor participate in any control plane protocols. Doing so not only minimizes the resource uti-lization of the edge devices, since they don’t need to provide periodic updates to the cloud, but it also allows the cloud control plane to be more ef�cient and scalable, since it only needs to handle a small subset of devices at any one time. Finally, such dynamic scoping is essential for handling edge devices that are constantly moving and might be dis-connected from the network at any given time; such devices are simply excluded from the focus of attention of the current orchestration task.

We have bui lt such a cloud, called FocusStack, by combining OpenStack (see www.openstack.org) — one of the most popular open source cloud management platforms — with the AT&T Labs Geocast Sys-tem (ALGS),1 a multi-tiered geo-graphic addressing (GA) network subsystem that allows packets to be sent to devices in a geographic region instead of a speci�c set of IP endpoints, as in IP unicast or mul-ticast. FocusStack can be deployed on an unmodi�ed installation of OpenStack, and can deploy appli-cations that are packaged as light-weight Docker (see www.docker.com) OS container instances to “compute nodes” running on edge devices.

Motivating ExamplesFocusStack can be used to manage clouds that comprise a variety of end-point types with a range of charac-

teristics: as a �rst example, consider customer premise devices such as set-top boxes, edge routers, or WiFi access points. These devices could provide a number of services ranging from usage analytics to environment sens-ing. As a second example, consider that cars are rich sensor platforms not just due to the wealth of data they collect about themselves, but also for their ability to measure their environ-ment and the driving habits of those who operate them. In addition to constraints on compute and memory, cars have additional challenges due to mobility and variable network con-nectivity. A third example, drones, are the ultimate mobile platforms experi-encing severe energy constraints and extreme variability in network condi-tions, as they �y in and out of radio range. General-purpose drone plat-forms can be useful as a platform as well as for environmental sensing and tracking. The following are additional examples.

Viewership analytics. CableCorp wants to understand differences between TV viewing habits in Los Angeles and New York City. Using FocusStack’s geoaddressing primi-tives, CableCorp can identify and deploy two Hadoop instances in the target regions. Thus, CableCorp can compute the aggregate results they need without ever collecting the individual users’ TV viewing history.

Car diagnostics. Fast Motors Inc. wishes to understand how cold ambient temper-ature affects engine performance. While it isn’t feasible (for volume and privacy reasons) to continuously upload detailed diagnostics data from all cars at all times, it’s possible to write a simple one-time app to read internal data from speci�c cars and run analytics to access engine performance. They use FocusStack to deploy the app to a small sample of cars in New England. When the study is complete, the app is no longer needed and can be removed from the cars.

Drones for hire. RentMyEyes �ies a �eet of connected drones equipped with cameras and environmen-tal sensors. These drones wait for remote sensing jobs to be submitted over the Internet. Each job is rep-resented by a target area the drone must �y to, along with an app that the drone should run once there. Once at the target, the app is autho-rized to collect and analyze data from the drone’s camera and sen-sors in real time, and potentially adjust the drone’s �ight plan based on its analysis. On receiving the job, RentMyEyes can use FocusStack to identify a drone close to the target area with suf�cient energy left, and deploy the app to it.

Need for Situational AwarenessIn the aforementioned scenarios, situational awareness plays a key role in not just the semantics of the service, but also in enabling ef�ciency and scalability. Assum-ing that the cloud can’t afford to actively monitor the operations of every edge device at all times, we need an architecture that can focus attention on the devices in an area of interest at a time of interest, extract information, and take action on that information. For example, Highway I-5 is a long, straight road run-ning the length of California along which, most of the time, nothing interesting happens. While thou-sands of cars drive on I-5 each day, only a tiny fraction of them would be of interest to the Car Diagnostics service. The health, computational state, and opt-in state of the rest are irrelevant to the Car Diagnostics application and would require sig-ni�cant cellular data bandwidth to report at all times. For the tiny frac-tion of cars of interest, we require a method for gaining up-to-date intelligence on their computational and resource states.

Motivated by these consid-erations, our primary requirement

Beyond WiresEditor: Yih-Farn Robin Chen • [email protected]


FocusStack: Orchestrating Edge Clouds Using Focus of AttentionBrian Amento, Robert J. Hall, Kaustubh Joshi, and K. Hal Purdy • AT&T Labs Research

Managing resources in Internet of Things (IoT) edge devices presents new chal-

lenges: massive scale, novel security issues, and new resource types. We pro-

pose that edge devices can be managed as part of Infrastructure-as-a-Service

clouds. Our approach, FocusStack, uses situational awareness to solve problems

of inef�cient messaging and mixed-initiative control that IoT device management

raises for traditional cloud platforms.

E dge computing (also known as cloudlets or fog computing) has traditionally focused on small cloud data centers associated with the

last mile of the Internet. Increasingly, however, even the small form factor devices that connect to the last mile, such as television set-top boxes, network gateways, WiFi access points, cars, and drones, present an interesting target for building a managed cloud computing platform that can serve a rich set of new applications. Applications range from traditional network edge services such as content caches or WAN accelerators, to more novel ones such as privacy-preserving big data analytics on set-top boxes, connected cars, Internet of Things (IoT) sensor-sharing applica-tions, and applications allowing users to lease sensors and computation resources in drones.

We propose that distributed edge devices should be managed similarly to an Infrastructure-as-a-Service (IaaS) cloud computing data center by extending traditional cloud orchestration tools. We assume that the devices are managed, at least in part, by a controlling entity, such as a cable provider with a collection of set-top boxes, an operator deploying a �eet of drones, or an auto manufacturer providing a managed computing platform in its cars. This conceptual framework considers each mobile edge device as analogous to a compute server. Tenant applications, poten-

tially from different developers, are deployed to these devices. These application instances coor-dinate with other instances to perform tasks with local or platform-wide scope. Control plane nodes in the cloud orchestrate the management of these “distributed virtual data centers” of edge devices, and allow both tenants and administra-tors to interact with this edge cloud. Through this interface, tenants deploy and update applications, configure secure application networking, and provide access to storage resources.

Despite similarities to the traditional cloud IaaS model, such an approach presents unique challenges. First, edge devices often have lim-ited compute and memory resources, and in the case of drones, limited energy as well. Second, the network environment is dramatically differ-ent from the typical data center, complete with nodes that might be moving constantly and have intermittent connectivity with scarce and variable available bandwidth. Third, the ratio of compute to control nodes is dramatically different. With potentially millions of devices attaching to a small set of cloud controllers, the control plane must be highly ef�cient. Last, these devices often need mixed-initiative man-agement that’s distinct from traditional cloud provider/tenant separation (we discuss this more later).


Beyond Wires


for FocusStack’s awareness func-tion is to obtain awareness infor-mation when attention is focused on a geographic area. Consequently, applications well-suited for use with FocusStack are like those described in the previous examples — that is,

where the application needs to be deployed and active on edge devices located within a circumscribed geo-graphical area.

A second key requirement is moti-vated by the observation that an appli-cation clearly isn’t interested in all IoT

devices in a particular area. The Car Diagnostics application is only inter-ested in a subset of a manufacturer’s cars on the road. A remote sens-ing application is interested only in the environmental sensors provid-ing information of interest. Thus,

The AT&T Labs Geocast System

We detail a schematic of the AT&T Labs Geocast System (ALGS) in Figure A.1 The ALGS implements a seam-

lessly integrated, two-tier network geographic addressing (GA) service. A packet’s address, referred to as its geocast region, is de�ned by a circle, where the packet header contains latitude and longitude of the center of the circle and the radius in meters. Packets sent via the ALGS can transit either an ad hoc WiFi tier or a long-range tier mediated by an Internet-based georouting service accessed through the 3G/4G/LTE/GSM (Global System for Mobile Communications) system. Packets can be relayed across either tier or both tiers; in some cases, a packet originat-ing in one ad hoc tier can be transferred to a long-range-capable device, which will relay it over the long-range tier to a device

near the destination region, where it will be relayed again across the ad hoc WiFi tier to devices in the region.

Because the car diagnostics service makes use of edge devices in connected vehicles, they don’t have WiFi capability, so that service depends entirely upon ALGS’s long-range tier. See else-where for more details about ALGS and its use by FocusStack.1,2

References1. R. Hall et al, “Scaling up a Geographic Addressing System,” Proc. 2013 IEEE

Military Comm. Conf., 2013; doi:10.1109/MILCOM.2013.34.

2. B. Amento et al., “FocusStack: Orchestrating Edge Clouds Using Loca-

tion-Based Focus of Attention,” Proc. 2016 IEEE/ACM Symp. Edge Com-

puting, 2016, pp. 179–191.

Figure A. The AT&T Labs Geocast System. GRDB = georouter database; GSM = Global System for Mobile Communications; and SAGP = Scalable ad hoc Geocast Protocol.

Virtual Botswana server

Bot

Bot

Bot

Long-range extension server

Georouter server GRDB

Internet

GSM(3G/4G/LTE)

GSM(3G/4G/LTE)

GSM(3G/4G/LTE)

SmartphoneSmartphone Smartphone

802.11 ad hoc WiFiSAGP geocast

WiFi device




FocusStack’s awareness component must be capable of limiting the scope of queries so that only a narrow subset of all IoT devices in an area will even reply.

Finally, different applications require different awareness informa-tion. The Drones For Hire application is interested only in the computa-tional, communications, energy, and opt-in state of participating drones. It isn’t interested in information rel-evant to other applications, such as remote auto maintenance data in road vehicles, humidity data from nearby farm �eld sensors, bat-tery level information from nearby smartphones, and so on. However, other applications might want these other types of information. Thus, FocusStack must be able to query for custom sets of application-speci�c awareness information.

When multiple edge devices meet the criteria relevant to a particular application, the set of edge devices meeting the application criteria is presented to the application for further application-speci�c selec-tion. The individual application then decides on which of the edge devices to invoke application elements.

FocusStack ArchitectureFocusStack is an architecture that supports deploying heteroge-neous applications to a diverse set of IoT edge devices. These devices are potentially limited in compute power, energy, and connectivity and are frequently mobile. Our platform enables developers to focus on their application rather than on �nding and tracking the various edge com-puting devices where they will be deployed.

There are two major architec-tural components that together com-prise the FocusStack platform. The Location-based Situational Aware-ness (LSA) subsystem is based on the AT&T Labs Geocast System (ALGS).1

It provides an awareness operating

picture to our OpenStack Extension(OSE) subsystem that allows deploy-ment, execution, and management of containers on small edge comput-ing devices with limited network-ing capabilities. Figure 1 shows the overall architecture of FocusStack, which forms a hybrid cloud con-sisting of both edge devices run-ning lightweight Linux containers (based on Docker), and cloud-based compute nodes that can run virtual machines (VMs) as with a traditional IaaS cloud.

When a cloud operation (such as deploying a new container instance) is invoked by calling the appropriate FocusStack API, the LSA subsystem is �rst used to scope this request by building an operating picture (we discuss this more in the following section) for use in seeding the appro-priate OpenStack operation to be carried out by OSE.

LSA SubsystemThe LSA subsystem allows FocusStack to obtain awareness information on-demand when the focus of attention is directed to a particular geographic area and, equally importantly, to stop the awareness messaging once focus is no longer directed there. LSA is implemented in the GCLib

framework, whose monitoring com-ponent, SAMonitor, is based on the Field Common Operating Picture(FCOP) algorithm,2 which is a dis-tributed algorithm using geographi-cally addressed messaging.

• In geographic addressing (GA), a packet’s address identi�es a subset of physical space. When sent, this means that the packet will be transferred to all devices cur-rently in that space. A GA service is implemented in the network and appears to the programmer as an API analogous to (and in paral-lel with) the IP stack. FocusStack uses the ALGS1 for GA messaging (see the related sidebar).

• The FCOP algorithm2 is a GA-based d ist r ibuted a lgor ithm designed to enable each device to update all others on its current awareness information in an ef�-cient and scalable manner.

• GCLib is the software framework supporting LSA that provides components access to GA mes-saging, access to sharing of arbi-trary data within the device (car, drone, and so on), and automatic support for the query/response awareness function. Full details are provided elsewhere.3

Figure 1. FocusStack architecture. LSA = Location-based Situational Awareness; OSE = OpenStack Extension; and VMs = virtual machines.

Containers

GClib Nova

Containers

GClib Nova

Edge devices

Geocast query

GeocastGeorouter

FocusStackAPI

OpenStacknova

OpenStackcontrol

OpenStack control

SAMonitor

Cloud-basedNova Compute

node

VMs

Edge devices

Apps

LSA subsystem

OSE subsystem

LSA awareness messages

OSE messages when infocus of aGenHon

OSE always-on messages

Beyond Wires


for FocusStack’s awareness func-tion is to obtain awareness infor-mation when attention is focused on a geographic area. Consequently, applications well-suited for use with FocusStack are like those described in the previous examples — that is,

where the application needs to be deployed and active on edge devices located within a circumscribed geo-graphical area.

A second key requirement is moti-vated by the observation that an appli-cation clearly isn’t interested in all IoT

devices in a particular area. The Car Diagnostics application is only inter-ested in a subset of a manufacturer’s cars on the road. A remote sens-ing application is interested only in the environmental sensors provid-ing information of interest. Thus,

The AT&T Labs Geocast System

We detail a schematic of the AT&T Labs Geocast System (ALGS) in Figure A.1 The ALGS implements a seam-

lessly integrated, two-tier network geographic addressing (GA) service. A packet’s address, referred to as its geocast region, is de�ned by a circle, where the packet header contains latitude and longitude of the center of the circle and the radius in meters. Packets sent via the ALGS can transit either an ad hoc WiFi tier or a long-range tier mediated by an Internet-based georouting service accessed through the 3G/4G/LTE/GSM (Global System for Mobile Communications) system. Packets can be relayed across either tier or both tiers; in some cases, a packet originat-ing in one ad hoc tier can be transferred to a long-range-capable device, which will relay it over the long-range tier to a device

near the destination region, where it will be relayed again across the ad hoc WiFi tier to devices in the region.

Because the car diagnostics service makes use of edge devices in connected vehicles, they don’t have WiFi capability, so that service depends entirely upon ALGS’s long-range tier. See else-where for more details about ALGS and its use by FocusStack.1,2

References1. R. Hall et al, “Scaling up a Geographic Addressing System,” Proc. 2013 IEEE

Military Comm. Conf., 2013; doi:10.1109/MILCOM.2013.34.

2. B. Amento et al., “FocusStack: Orchestrating Edge Clouds Using Loca-

tion-Based Focus of Attention,” Proc. 2016 IEEE/ACM Symp. Edge Com-

puting, 2016, pp. 179–191.

Figure A. The AT&T Labs Geocast System. GRDB = georouter database; GSM = Global System for Mobile Communications; and SAGP = Scalable ad hoc Geocast Protocol.

Virtual Botswana server

Bot

Bot

Bot

Long-range extension server

Georouter server GRDB

Internet

GSM(3G/4G/LTE)

GSM(3G/4G/LTE)

GSM(3G/4G/LTE)

SmartphoneSmartphone Smartphone

802.11 ad hoc WiFiSAGP geocast

WiFi device


Beyond Wires


• The SAMonitor component is the heart of our situational aware-ness technique. When attention is focused on an area, here mean-ing a circle de�ned by center latitude/longitude and radius in meters, an SAMonitor component is created that periodically sends the awareness query determined by the application, and collects an operating picture consisting of the timestamped query responses sent back by all devices report-ing from the monitored area. This periodic querying is main-tained throughout the time that attention is focused, so that new devices entering the area during this time are added to the oper-ating picture and become avail-able to the application or service. The awareness query is program-mable and is tailored to the needs of the application or service using a particular SAMonitor instance. Example query terms include location, velocity, computational state, and battery level.

Now that we’ve detailed the LSA sub-system, let’s look at the OSE subsystem.

OpenStack Extensions (OSE) SubsystemIn a standard OpenStack environ-ment, VMs are deployed and man-aged on compute nodes comprised of traditional data center server machines. To incorporate relatively limited edge device compute nodes, we opt instead to integrate light-weight Docker containers into the OpenStack platform. This enables the portability, security, and application isolation of Docker containers while still sharing the rich set of orchestra-tion and management tools available in OpenStack with other typical data center applications.

Edge compute nodes require sev-eral components to interact with our architecture. Nodes run a custom version of Nova Compute that inter-

acts with a local Docker instance to launch and manage containers. Con-tainers running on the edge nodes are provided full OpenStack ser-vices, including access to con�gu-rable virtual networks. These virtual networks are implemented using OpenStack’s standard LinuxBridge neutron plugin. Connectivity across the LTE cellular network between the edge nodes and layer 3 network nodes in the cloud occurs over IP Security (IPsec) tunnels.

W e proposed to treat huge num-bers of real-world IoT devices

as members of a cloud, so that the rich set of tools and applications developed for IaaS cloud comput-ing can be brought to bear for the IoT. We postulate that control plane scalabi lity and communication complexity are major challenges in doing so. In response, we proposed a solution based on dynamic focus of attention, implemented within our location-based situational aware-ness technique. Our initial studies show this can dramatically reduce message traf�c and control plane overhead by more than four orders of magnitude.3

However, challenges remain that must be tackled in the future; namely, security and mixed-initiative con-trol. Regarding security — unlike a traditional cloud data center that relies on physical security to ensure that servers and hypervisors can be trusted, FocusStack must assume that edge nodes can be compromised at any time, because they’re under physical control by end users. This assumption necessitates a revisiting of trust models in the cloud control plane, which today might lead to the entire cloud infrastructure being compromised because of a single compute node compromise.4 Future work will address this issue by limit-ing the scope of operations that can be initiated from an edge node.

Regarding mixed-initiative con-trol — the presence of stakeholders like the device’s owner or opera-tor, in addition to traditional cloud operators and application owners, requires changes to management and access control. We’ve taken �rst steps in addressing the problem of multiple stakeholders managing the same device by our focus of atten-tion concept. A FocusStack control plane, F, by rebuilding its aware-ness operating picture each time attention is focused on an area, can make accurate management deci-sions even when other stakeholders might have carried out their own management operations on devices in the area while those devices were out of F’s focus. However, in addi-tion, the device must also be pro-tected from cloud-initiated actions. For example, when the application owner asks the cloud to deploy an application on an edge device, the edge node owner’s preferences must be accounted for. In the future, we intend to develop a policy frame-work that allows a device owner to express conditions under which applications are authorized to exe-cute orchestration actions on the device.

With the resolution of these chal-lenges, we believe that an IoT edge cloud can provide the means to cre-ate a rich and diverse ecosystem for IoT applications similar to the one that exists for IaaS clouds.

References1. R. Hall et al, “Scaling up a Geographic

Addressing System,” Proc. 2013 IEEE

Military Comm. Conf., 2013; doi:10.1109/

MILCOM.2013.34.

2. R. Hall, “A Geocast-Based Algorithm for

a Field Common Operating Picture,” Proc.

2012 IEEE Military Comm. Conf, 2012;

doi:10.1109/MILCOM.2012.6415848.

3. B. Amento et al., “FocusStack: Orchestrat-

ing Edge Clouds Using Location-Based

Focus of Attention,” Proc. 2016 IEEE/ACM

Symp. Edge Computing, 2016, pp. 179–191.




4. W.K. Sze, A. Srivastava, and R. Sekar,

“Hardening Openstack Cloud Platforms

against Compute Node Compromises,”

Proc. 11th ACM on Asia Conf. Computer

and Comm. Security, 2016, pp. 341–352.

Brian Amento is a principal inventive scientist

at AT&T Labs Research. His research inter-

ests include novel interaction techniques,

the Internet of Things, general-purpose

GPU comput ing, and edge dev ices.

Amento has a PhD in computer science

from Virginia Polytechnic and State Uni-

versity with a specialty in human-com-

puter interaction. Contact him at brian@

research.att.com.

Robert J. Hall is a principal investigator at

AT&T Labs Research. His work focuses

in the areas of automated software

engineering, requirements engineering,

modeling and simulation, scalable wire-

less network protocols, and cloud per-

formance engineering. Hall has a PhD in

electrical engineering and computer sci-

ence from the Massachusetts Institute of

Technology. He is a Fellow of Automated

Software Engineering and member of

the Steering Committee of the IEEE/ACM

International Conferences on Automated

Software Engineering. He serves as Edi-

tor in Chief of Automated Software Engi-

neering, an international journal, and is

an ACM Distinguished Scientist. Contact

him at [email protected].

Kaustubh Joshi is a lead inventive scientist

at AT&T Labs Research, where he leads

research efforts on new cloud manage-

ment and network dataplane technolo-

gies needed to pave the way for AT&T’s

network function virtualization (NFV)

vision of virtualizing the majority of its

network by 2020. His expertise is in the

areas of adaptable and dependable dis-

tributed systems, the cloud, virtualiza-

tion, and networking. Joshi has a PhD in

computer science from the University of

Illinois at Urbana-Champaign. Contact


K. Hal Purdy is a lead inventive scientist at

AT&T Labs Research. His current inter-

ests include cloud computing, connected

car technology, and general-purpose GPU

computing. Purdy has an MS in computer

science from Rutgers University. Contact


Read your subscriptions through the myCS publi-cations portal at http://mycs.computer.org.

Advertising Personnel

Marian Anderson: Sr. Advertising CoordinatorEmail: [email protected]: +1 714 816 2139 | Fax: +1 714 821 4010

Sandy Brown: Sr. Business Development Mgr.Email [email protected]: +1 714 816 2144 | Fax: +1 714 821 4010

Advertising Sales Representatives (display)

Central, Northwest, Far East: Eric KincaidEmail: [email protected]: +1 214 673 3742Fax: +1 888 886 8599

Northeast, Midwest, Europe, Middle East: Ann & David SchisslerEmail: [email protected], [email protected]: +1 508 394 4026Fax: +1 508 394 1707

Southwest, California: Mike HughesEmail: [email protected]: +1 805 529 6790

Southeast: Heather BuonadiesEmail: [email protected]: +1 973 304 4123Fax: +1 973 585 7071

Advertising Sales Representatives (Classified Line)

Heather BuonadiesEmail: [email protected]: +1 973 304 4123Fax: +1 973 585 7071

Advertising Sales Representatives (Jobs Board)

Heather BuonadiesEmail: [email protected]: +1 973 304 4123Fax: +1 973 585 7071

ADVERTISER INFORMATION

Beyond Wires


• The SAMonitor component is the heart of our situational aware-ness technique. When attention is focused on an area, here mean-ing a circle de�ned by center latitude/longitude and radius in meters, an SAMonitor component is created that periodically sends the awareness query determined by the application, and collects an operating picture consisting of the timestamped query responses sent back by all devices report-ing from the monitored area. This periodic querying is main-tained throughout the time that attention is focused, so that new devices entering the area during this time are added to the oper-ating picture and become avail-able to the application or service. The awareness query is program-mable and is tailored to the needs of the application or service using a particular SAMonitor instance. Example query terms include location, velocity, computational state, and battery level.

Now that we’ve detailed the LSA sub-system, let’s look at the OSE subsystem.

OpenStack Extensions (OSE) SubsystemIn a standard OpenStack environ-ment, VMs are deployed and man-aged on compute nodes comprised of traditional data center server machines. To incorporate relatively limited edge device compute nodes, we opt instead to integrate light-weight Docker containers into the OpenStack platform. This enables the portability, security, and application isolation of Docker containers while still sharing the rich set of orchestra-tion and management tools available in OpenStack with other typical data center applications.

Edge compute nodes require sev-eral components to interact with our architecture. Nodes run a custom version of Nova Compute that inter-

acts with a local Docker instance to launch and manage containers. Con-tainers running on the edge nodes are provided full OpenStack ser-vices, including access to con�gu-rable virtual networks. These virtual networks are implemented using OpenStack’s standard LinuxBridge neutron plugin. Connectivity across the LTE cellular network between the edge nodes and layer 3 network nodes in the cloud occurs over IP Security (IPsec) tunnels.

W e proposed to treat huge num-bers of real-world IoT devices

as members of a cloud, so that the rich set of tools and applications developed for IaaS cloud comput-ing can be brought to bear for the IoT. We postulate that control plane scalabi lity and communication complexity are major challenges in doing so. In response, we proposed a solution based on dynamic focus of attention, implemented within our location-based situational aware-ness technique. Our initial studies show this can dramatically reduce message traf�c and control plane overhead by more than four orders of magnitude.3

However, challenges remain that must be tackled in the future; namely, security and mixed-initiative con-trol. Regarding security — unlike a traditional cloud data center that relies on physical security to ensure that servers and hypervisors can be trusted, FocusStack must assume that edge nodes can be compromised at any time, because they’re under physical control by end users. This assumption necessitates a revisiting of trust models in the cloud control plane, which today might lead to the entire cloud infrastructure being compromised because of a single compute node compromise.4 Future work will address this issue by limit-ing the scope of operations that can be initiated from an edge node.

Regarding mixed-initiative con-trol — the presence of stakeholders like the device’s owner or opera-tor, in addition to traditional cloud operators and application owners, requires changes to management and access control. We’ve taken �rst steps in addressing the problem of multiple stakeholders managing the same device by our focus of atten-tion concept. A FocusStack control plane, F, by rebuilding its aware-ness operating picture each time attention is focused on an area, can make accurate management deci-sions even when other stakeholders might have carried out their own management operations on devices in the area while those devices were out of F’s focus. However, in addi-tion, the device must also be pro-tected from cloud-initiated actions. For example, when the application owner asks the cloud to deploy an application on an edge device, the edge node owner’s preferences must be accounted for. In the future, we intend to develop a policy frame-work that allows a device owner to express conditions under which applications are authorized to exe-cute orchestration actions on the device.

With the resolution of these chal-lenges, we believe that an IoT edge cloud can provide the means to cre-ate a rich and diverse ecosystem for IoT applications similar to the one that exists for IaaS clouds.

References1. R. Hall et al, “Scaling up a Geographic

Addressing System,” Proc. 2013 IEEE

Military Comm. Conf., 2013; doi:10.1109/

MILCOM.2013.34.

2. R. Hall, “A Geocast-Based Algorithm for

a Field Common Operating Picture,” Proc.

2012 IEEE Military Comm. Conf, 2012;

doi:10.1109/MILCOM.2012.6415848.

3. B. Amento et al., “FocusStack: Orchestrat-

ing Edge Clouds Using Location-Based

Focus of Attention,” Proc. 2016 IEEE/ACM

Symp. Edge Computing, 2016, pp. 179–191.

This article originally appeared in IEEE Internet Computing, vol. 21, no. 1, 2017.

Advertising Personnel

Debbie Sims: Advertising CoordinatorEmail: [email protected]: +1 714 816 2138 | Fax: +1 714 821 4010

Advertising Sales Representatives (display)

Central, Northwest, Southeast, Far East: Eric KincaidEmail: [email protected]: +1 214 673 3742Fax: +1 888 886 8599

Northeast, Midwest, Europe, Middle East: David SchisslerEmail: [email protected] Phone: +1 508 394 4026Fax: +1 508 394 1707

Southwest, California: Mike HughesEmail: [email protected]: +1 805 529 6790

Advertising Sales Representative (Classi�eds & Jobs Board)

Heather BuonadiesEmail: [email protected]: +1 201 887 1703

Advertising Sales Representative (Jobs Board)

Marie ThompsonEmail: [email protected]: 714-813-5094

ADVERTISER INFORMATION • AUGUST 2017

NEW MEMBERSHIP OPTIONS FOR A BETTER FIT.

And a better match for your career goals.IEEE Computer Society lets you choose your membership — and the benefits it provides — to fit your specific career needs. With four professional membership categories and one student package, you can select the precise industry resources, offered exclusively through the

Computer Society, that will help you achieve your goals.

Learn more at www.computer.org/membership.

PREFERRED PLUS

TRAINING & DEVELOPMENT

RESEARCH

BASIC

STUDENT

www.computer.org/membership

Explore your options below.

Achieve your career goals with the fit that’s right for you.

Select your membership

Preferred Plus Training & Development Research Basic Student

$60IEEE

Member

$126Affiliate Member

$55IEEE

Member


$55IEEE

Member


$40IEEE

Member

$99Affiliate Member

$8Does not include IEEE membership

Computer magazine (12 digital issues)*

ComputingEdge magazine (12 issues)

Members-only discounts on conferences and events

Members-only webinars

Unlimited access to Computing Now, computer.org, and the new mobile-ready myCS

Local chapter membership

Skillsoft’s Skillchoice™ Complete with 67,000+ books, videos, courses, practice exams and mentorship resources

Books24x7 on-demand access to 15,000 technical and business resources

Two complimentary Computer Society magazine subscriptions

myComputer mobile app 30 tokens 30 tokens 30 tokens

Computer Society Digital Library12 FREE

downloads Member pricing 12 FREE downloads Member pricing Included

Training webinars3 FREE

webinars3 FREE

webinars Member pricing Member pricing Member pricing

Priority registration to Computer Society events

Right to vote and hold office

One-time 20% Computer Society online store discount

* Print publications are available for an additional fee. See catalog for details.

42 August 2017 Published by the IEEE Computer Society 2469-7087/17/$33.00 © 2017 IEEE18 I EEE CLO U D CO M P U T I N G P U B L I S H ED BY T H E I EEE CO M P U T ER S O CI E T Y 2 3 2 5 - 6 0 9 5/ 1 7/$ 3 3 . 0 0 © 2 0 1 7 I EEE

DAVID S. LINTHICUM

Cloud Technology [email protected]

I ATTENDED THE INTERNET OF THINGS WORLD 2016 EVENT IN SANTA CLARA, CA-LIF., last year and served as the track chairman for, you guessed it, cloud and IoT. The feeling I got throughout the event was one of confusion: IoT seems to be so sys-temic, yet is dif�cult to de�ne. As one presenter put it, “It’s like plastic. It’s going to be a part of everything.”

According to Research Nester, “The Global In-ternet of Things (IoT) market reached USD 598.2 billion in 2015 and the market is expected to reach USD 724.2 billion by 2023. Further, the market is projected to register a CAGR of 13.2 percent during the forecast period 2016-2023 globally.”1

But you don’t have to tell us. Everything in our lives from the cars we drive, to the thermostats on the wall, to our refrigerators, literally, has a mind of their own these days. So much so, that we have ridiculous examples, everything from connected egg trays to Bluetooth-enabled toilets.

With all that said, we do have challenges to con-sider. The challenges include how we can get data processed from so many external devices. According Cisco, cloud traf�c is likely to rise 3.7-fold by 2020, increasing 3.9 zettabytes (ZB) per year in 2015 (the latest full year for which data is available) to 14.1 ZB per year by 2020.2

Moreover, big data-associated Internet of Things devices are a large cause of this growth. In-deed, by 2020, database, analytics and IoT work-loads will account for 22 percent of total business workloads, compared to 20 percent in 2015. The total volume of data generated by IoT will reach 600 ZB per year by 2020, which is 275 times higher than projected traf�c going from data centers to end users/devices (2.2 ZB); 39 times higher than total projected data center traf�c (15.3 ZB), accord-ing to the same Cisco report.

Thus, we have the perfect storm of the use of cloud computing, and the growth of IoT. IoT is about processing data that comes from devices in some way that’s meaningful, and cloud computing is about leveraging data from centralized computing and storage. Growth rates of both can easily become un-manageable. We have some problems to solve.

Define the Problem, and the Solution In the context of the Internet of Things, the trouble with the cloud is that data needs to be sent back from the sensors gathering info, such as a Nest thermostat or a Fitbit wristband, to a database in a remote public cloud. The time that it takes for the data to be trans-ferred from the device or sensor to the remote public cloud, that is the latency, is often too great to meet the requirements of the IoT system.

We need to do something different, and we can start by doing IoT applications at the cloud’s edge. This means that we avoid sending all the data from sensors and devices back to the cloud, but instead build data and applications on the edge of the net-work that can handle most of the data gathering and processing.

Recently, I published an article in Computer about Edge computing3. In that article I de�ned an architecture called Responsive Data Architecture, in which I mentioned that IoT brings this issue of moving some computing to the edge again. For ex-ample, say there is a machine on a factory �oor that

Connecting Fog and Cloud Computing

CLOUD TIDBITS

d2tid.indd 18 7/21/17 9:22 AM


analyzes the quality of an auto part that it makes. If the part is not up to quality, as determined by an optical scanner, then it is automatically rejected.

While this keeps a human from looking at the part, and thus slowing down the process, it also takes a great deal of time to transmit the data and image back to the centralized database and compute engine, where a determination is made as to the suc-cess of the manufacturing process, and then com-municated back to the machine.

The cloud complicates this process even more. We’re focused on centralized computing, thus there will be latency. Now, instead of sending the data back to the data center on the other side of the factory, we send it to a remote cloud server that can be thousands of miles away. To make things worse, we send it over the open Internet. However, consid-ering the amount of processing that needs to occur, the cloud is typically more ef�cient.

So what do we do? How do we solve the problem? We already know that computing at the edge pushes most of the data processes out to the edge of the network, close to the source. Then it’s a matter of dividing the processing between data and processing at the edge, versus data and processing in the centralized system, meaning a public cloud such as Amazon Web Services.

The concept is to process the data that needs to quickly return to the device. In this case, the pass/fail data that indicates the success or failure of the physical manufacturing of the auto part. However, the data should also be centrally stored, and, ulti-mately, all of the data is sent back to the centralized system, cloud or not, for permanent storage and for future processing.

The bene�t is better performance and ef�ciency. IoT applications need to react almost instantly to the data generated by a sensor or device, such as stop-ping a train, if sensors have reported problems with the track switch a few miles ahead, or shutting down an industrial machine that is about to overheat and explode. There are hundreds of use cases where re-action time is the key value of the IoT system.

Of course, we have to give this a name. Cisco Systems has tried to brand it fog computing and set

up the OpenFog Consortium to promote its view. Whatever it ends up being called and de�ned, the key is to reduce latency for response-critical applica-tions by moving the data transfer and processing to the edge of the cloud, closer to the IoT device.

I’ve been involved in dozens of systems where the data and applications were placed near the source, yet still working with centralized data and applications. While it’s a bit tricky, it’s not that hard to do. So, what value does OpenFog bring?

There are a few bene�ts that I see, including:

• A standard architecture and enabling technol-ogy that allows you to approach edge computing in a simple but consistent way.

• The ability to provide a good product develop-ment framework that network devices and soft-ware builders can follow, as well as in�uence.

• The ability to deal with security in a consistent way. Last year DDOS attacks took over devices, not computers, and now that everything is smart and has an OS, this will be a fact of life going forward.

OpenFog recently published a reference archi-tecture that covers pretty much everything from Se-curity to Programmability (see Figure). If this looks like it’s been designed by committee, it’s because it has. I did not �nd it useful.

Like other open standards, OpenFog gets things done through workgroups and committees. The danger here is that OpenFog could suffer from “too many cooks in the kitchen.” The lack of interest in many standards came about due to lack of speed. However, OpenFog does have a good list of mem-ber companies (see www.openfogconsortium.org/what-we-do/).

Computing at the edge of the network is, of course, nothing new – we’ve been

doing it for years to solve the same issue with other kinds of computing.

d2tid.indd 19 7/21/17 9:22 AM

18 I EEE CLO U D CO M P U T I N G P U B L I S H ED BY T H E I EEE CO M P U T ER S O CI E T Y 2 3 2 5 - 6 0 9 5/ 1 7/$ 3 3 . 0 0 © 2 0 1 7 I EEE

DAVID S. LINTHICUM

Cloud Technology [email protected]

I ATTENDED THE INTERNET OF THINGS WORLD 2016 EVENT IN SANTA CLARA, CA-LIF., last year and served as the track chairman for, you guessed it, cloud and IoT. The feeling I got throughout the event was one of confusion: IoT seems to be so sys-temic, yet is dif�cult to de�ne. As one presenter put it, “It’s like plastic. It’s going to be a part of everything.”

According to Research Nester, “The Global In-ternet of Things (IoT) market reached USD 598.2 billion in 2015 and the market is expected to reach USD 724.2 billion by 2023. Further, the market is projected to register a CAGR of 13.2 percent during the forecast period 2016-2023 globally.”1

But you don’t have to tell us. Everything in our lives from the cars we drive, to the thermostats on the wall, to our refrigerators, literally, has a mind of their own these days. So much so, that we have ridiculous examples, everything from connected egg trays to Bluetooth-enabled toilets.

With all that said, we do have challenges to con-sider. The challenges include how we can get data processed from so many external devices. According Cisco, cloud traf�c is likely to rise 3.7-fold by 2020, increasing 3.9 zettabytes (ZB) per year in 2015 (the latest full year for which data is available) to 14.1 ZB per year by 2020.2

Moreover, big data-associated Internet of Things devices are a large cause of this growth. In-deed, by 2020, database, analytics and IoT work-loads will account for 22 percent of total business workloads, compared to 20 percent in 2015. The total volume of data generated by IoT will reach 600 ZB per year by 2020, which is 275 times higher than projected traf�c going from data centers to end users/devices (2.2 ZB); 39 times higher than total projected data center traf�c (15.3 ZB), accord-ing to the same Cisco report.

Thus, we have the perfect storm of the use of cloud computing, and the growth of IoT. IoT is about processing data that comes from devices in some way that’s meaningful, and cloud computing is about leveraging data from centralized computing and storage. Growth rates of both can easily become un-manageable. We have some problems to solve.

Define the Problem, and the Solution In the context of the Internet of Things, the trouble with the cloud is that data needs to be sent back from the sensors gathering info, such as a Nest thermostat or a Fitbit wristband, to a database in a remote public cloud. The time that it takes for the data to be trans-ferred from the device or sensor to the remote public cloud, that is the latency, is often too great to meet the requirements of the IoT system.

We need to do something different, and we can start by doing IoT applications at the cloud’s edge. This means that we avoid sending all the data from sensors and devices back to the cloud, but instead build data and applications on the edge of the net-work that can handle most of the data gathering and processing.

Recently, I published an article in Computer about Edge computing3. In that article I de�ned an architecture called Responsive Data Architecture, in which I mentioned that IoT brings this issue of moving some computing to the edge again. For ex-ample, say there is a machine on a factory �oor that

Connecting Fog and Cloud Computing

CLOUD TIDBITS

d2tid.indd 18 7/21/17 9:22 AM


CLOUD TIDBITS

What does this mean? With the Internet of Things, the latency issue is more acute and more widespread than it is for other kinds of computing. That’s why putting IoT at the edge of the cloud is such an important concept. Again, it’s not that hard of a concept to carry out. Most distributed computing developers are very fa-miliar with the concept of placing the processing as close to the source as you can.

No matter how speedy the networks get, latency will always be something that developers and ad-mins will try to manage. While we can certainly toss new equipment at the problem, I’ve found that most performance issues need to be solved by changing the design, and not the infrastructure. This is the only way you can truly solve the problem.

So, the concept is sound, and OpenFog, and Fog computing, is attempting to formalize it, lead-ing thought and promoting the notion of computing at the edge for cloud and non-cloud deployments. If the Cisco standard is successful, then OpenFog will have accomplished its objective.

That said, standards seem to fail, and this stan-dard could be no exception. The fact of the matter is that they fail because so many of the member com-panies have their own agendas, which may not line up with the agendas of the other members. Thus, not much gets done, and the fruit of the standard dies on the vine. Fair warning, OpenFog.

If IoT and cloud are in your future (who does not have them in their future?), then you need to study this issue. This means reading my other article, Responsive Data Architecture (RDA), as well as understanding what OpenFog has to offer with an eye on what’s realistic.

At their core, the value of all of these concepts is that we’re considering alternatives to placing every-thing in the public cloud. Why? Because the public cloud does not make sense, in some cases. IoT will challenge us to think differently, and the use of edge computing, or fog computing, all combined with cloud computing, is the likely path that we will �nd ourselves upon.

References1. Internet of Things (IoT) Market: Global De-

mand, Growth Analysis & Opportunity Outlook 2023. Published 1 February 2017, http://www .researchnester.com/reports/internet-of-things -iot-market-global-demand-growth-analysis -opportunity-outlook-2023/216

2. VNI Global Fixed and Mobile Internet Traf�c Forecasts. 2017. http://www.cisco.com/c/en/us/ solutions/service-provider/visual-networking -index-vni

3. David Linthicum, “Responsive Data Archi-tecture for the Internet of Things”, Computer, vol. 49, no. , pp. 72-75, Oct. 2016, doi:10.1109/MC.2016.302

DAVID S. LINTHICUM is senior vice president of Cloud Technology Partners. He’s also Gigaom’s re-search analyst and frequently writes for InfoWorld on deep technology subjects. His research interests in-clude complex distributed systems, including cloud computing, data integration, service-oriented archi-tecture, Internet of Things, and big data systems. Contact him at [email protected].

Security Scalability Open Autonomy RAS Agility Hierarchy Programmability

FIGURE 1. The OpenFog Reference Architecture is based on eight pillars.

d2tid.indd 20 7/21/17 9:22 AM



TECHNOLOGYHelp build the next generation of systems behind Facebook's products.

Facebook, Inc.currently has multiple openings in Menlo Park, CA (various levels/types):

Production Engineer (PEB0717J) Participate in the design, implementation and ongoing management of major site applications and subsystems. Bachelor’s degree required. Exp. may be required depending on level/type. Production Engineer (PEM0717J) Participate in the design, implementation and ongoing management of major site applications and subsystems. Master’s degree required. Exp. may be required depending on level/type. Data Scientist (9794J) Apply your expertise in quantitative analysis, data mining, and the presentation of data to see beyond the numbers and understand how our users interact with our core products. Community Operations Specialist, Instagram (4680J) Process and analyze data to develop operational strategies for improving community support experience; define clear business problems and prioritize solutions using data-driven analytics. Product Manager (411J) Plan business objectives, develop product strategies and establish responsibilities across product area. Product Manager (8022J) Engage in product design and development of digital products. Partner Solutions Manager (7344J) Lead technical implementation & execution for multiple data partners whose data is stored on the platform. Technical Program Manager (7865J) Lead the development of products to support the Infrastructure Engineering organization, whose responsibilities include the growth, management and 24x7 upkeep of the Facebook website. Application Product Manager (8763J) Develop innovative solutions by re-engineering business processes. Decision Scientist (9960J) Partner with marketing, research and product organizations to design, execute, measure and improve the impact of marketing efforts. eBusiness Program Manager (9795J) Plan business systems architecture automation for customer-facing eBusiness functions, including B2C eCommerce, CRM, and B2B data integration. Position requires occasional domestic and international travel to unanticipated locations. Research Scientist (7764J) Research, design, and develop new optimization algorithms and techniques to improve the efficiency and performance of Facebook’s platforms. Solutions Engineering Manager (6786J) Drive engineering effort, communicate cross-functionality, and be a subject matter expert. Technical Program Manager (1908J) Manage cross-functional Solutions Engineering programs in a matrix organization covering a range of ad tech products across all lines of the business. Engineering Manager (3844J) Drive engineering effort, communicate cross-functionality, and be a subject matter expert. Front End Engineer (9047J) Work with Product Designers to implement the next generation of Company’s products. Application Engineer (9049J) Design and develop Hyperion systems. Enhance Hyperion applications for budget, forecast and long range plan for financial planning and analysis (FP&A). Systems Engineer (8952J) Build test benches and regression tests for network operating system dependencies with focus on hardware-software interactions. Data Engineer (8810J) Build, scale, and administer Facebook’s internal enterprise RDBMS databases Oracle along with enterprise applications such as Oracle E-business suite, Oracle Fusion Middle-ware, Microstrategy, and Tableau. Technical Program Manager (10243J) Coordinate cross-functional infrastructure software engineering programs in a matrix organization covering a range of areas (Network, Content Distribution Network, Security, Performance). Analyst, New Products (8542J) Conduct in-depth investigations leveraging large and complex data sets using advanced statistical methodologies and tools. Technical Program Manager (10861J) Coordinate cross-functional site infrastructure projects in a matrix organization covering a range of areas (data center, office, PoP, datacenter network & backbone network, CDN, hardware systems, capacity management). UX Researcher (10391J) Oversee and design the user experience component to generate actionable insights. Design research studies that address both user behavior and attitudes. Electrical Engineer (9831J) Design, prototype, implement, and validate electrical systems including power systems, sensor systems, microcontroller systems, RF systems, and other sub systems to enable virtual reality headsets. Position requires occasional domestic and international travel.

Openings in Redmond, WA (multiple openings, various levels/types):Optical Scientist (7275J) Development of novel algorithms and simulation methods for design of advanced polarization optics for use in future wearable display systems.

Openings in Seattle, WA (multiple openings, various levels/types):Software Engineer (SWE717-BJ) Create web and/or mobile applications that reach over one billion people & build high volume servers to support our content. Bachelor’s degree required. Exp. may be required depending on level/type. Software Engineer (SWE717-MJ) Create web and/or mobile applications that reach over one billion people & build high-volume servers to support our content, utilizing graduate level knowledge. Master’s degree required. Exp. may be required depending on level/type. Software Engineer (7085J) Create web and/or mobile applications that reach over one billion people, and develop highly scalable tools leveraging machine learning, data regression, and rule based models.

Mail resume to: Facebook, Inc. Attn: SB-GIM, 1 Hacker Way, Menlo Park, CA 94025. Must reference job title & job# shown above, when applying.

46 August 2017 Published by the IEEE Computer Society 2469-7087/17/$33.00 © 2017 IEEE4 IEEE SOFTWARE | PUBLISHED BY THE IEEE COMPUTER SOCIETY 0 7 4 0 - 7 4 5 9 / 1 7 / $ 3 3 . 0 0 © 2 0 1 7 I E E E

FROM THE EDITOR Editor in Chief: Diomidis Spinellis Athens University of Economics and Business, [email protected]

IEEE Software To be the best source of reliable, useful, peer-reviewed information for leading software practitioners—Mission Statement the developers and managers who want to keep up with rapid technology change.

IN THE END, it seems it was all about numbers. Consider the marvelous be-havior of a humble honeybee. It � ies and navigates; it communicates and exhibits social behavior; it perceives shapes, col-ors, patterns, odors, and movements. Achieving these tasks with a computer has been challenging scientists for de-cades. Yet, over the past few years we’ve been conquering one tough problem af-ter another. Technologies such as self-driving cars, automatic translation, speech recognition, and face tagging are entering the mainstream.

Although algorithmic innovation has played an important role, the key en-abler has been raw processing power. A honeybee’s brain contains about a million neurons and a billion synapses, while modern CPUs contain a few bil-lion transistors. Granted, a synapse is a lot more complex than a logic gate, and silicon gates switch much faster than neurons, but on a rough scale, you could argue that computers are now achieving some sort of parity with tiny biologi-cal brains. We see a similar abundance of resources in other areas of comput-ing: gigabit networking, terabyte stor-

age units, petabyte databases, immense cloud-based datacenters, millions of software components, and, for some for-tunate companies, billions of users.

This abundance is changing the na-ture of software engineering. First, by reducing the cost of failure, abundance changes how we developers use comput-ing technologies. Second, abundance changes our role by moving the focus from technology to management.

When Failure Is an OptionThe rise of processing power is letting us adopt different ways to ensure a pro-gram’s correctness. So, compile-time type checking is giving way to languages with dynamic type systems, such as JavaScript and Python, even for use in production. Such systems are obviously wasteful; their inability (failure) to verify types up front means they might pay the cost of type checking every time they execute a statement. Yet their versatility often justi-� es their price. Similarly, although signif-icant progress has been made in formally ensuring a program’s correctness, nowa-days we often prefer to run thousands of unit and regression tests every time we

How Abundance Changes Software EngineeringDiomidis Spinellis

www.computer.org/computingedge 47 MAY/JUNE 2017 | IEEE SOFTWARE 5


change as little as the name of a sin-gle variable. Thus, ample processing power has reduced production system failures to failed test cases.

The abundance of central mem-ory capacity has created a similar shift. Many modern systems eschew the problems of explicit manual memory management by adopting dynamic garbage collection. Their overhead (the cost of failing to man-ually manage every allocated byte) can be as much as the program’s whole working set and one CPU core devoted to the task. But with mem-ory capacity measured in gigabytes and multicore CPUs available even on low-end smartphones, this is a small price to pay for the increased productivity and reliability that such systems bring us.

We often don’t think of our soft-ware’s users as a resource, but they are. Globalization, the distribution of software as a service, and network effects often endow our organiza-tions with millions of users. When users are plentiful, we can some-times do without detailed require-ments analysis and instead experi-ment with various options through A/B testing. We simply divide our users into groups and try different versions of the software on them to decide which features to adopt and which failed ones to axe.

A lavish user base is also allow-ing us (or forcing us) to reduce an application’s feature set to the lowest common denominator. Our mandate is no longer to stuff an application with features to satisfy every one of its (in the past, few) users but to se-lect carefully those features that will satisfy the majority in our large user group. This phenomenon is most pronounced in minimal but handy apps that run in widespread devices such as tablets.

Many users can also bring with them millions of service requests per minute. With such numbers of re-quests, detailed performance char-acterization and service provisioning are often dif�cult or unnecessary. In-stead, we accept that servicing some requests will be slightly delayed, and we use these delays as a signaling mechanism for dynamic load balanc-ing and the elastic provision of addi-tional computing resources.

On the software side we now have thousands of components just a mouse click away. From HTML parsing to QR code scanning and from cryptographic protocols to full text search, it’s all there. This wealth of elements is letting us move from generic, elaborately designed frameworks to organic ecosystems in which our systems can gradually grow according to our speci�c needs.

From Technology to ManagementThe profusion of easily available software components and systems is also changing our focus as software developers: from specifying, design-ing, implementing, and maintain-ing code to selecting, integrating, using, managing, and contributing software components. This entails learning how to �nd and choose components on the basis of their quality and ability to meet our sys-tem’s requirements. We must also become skilled in keeping track of the selected components’ evolution in a way that keeps our systems se-cure, reliable, and maintainable. And, because ecosystems die when we all derive value from them with-out also giving back, we must con-tribute to the ecosystems we use. This means expanding our attention from managing our organization’s teams to successfully participating

EDITORIAL STAFFLead Editor: Meghan O’Dell, [email protected] Editor: Dennis TaylorStaff Editors: Lee Garber and Rebecca TorresPublications Coordinator: [email protected] Designer: Jennie Zhu-MaiProduction Editor: Monette VelascoWebmaster: Brandi OrtegaMultimedia Editor: Erica HardisonIllustrators: Annie Jiu, Robert Stack, and Alex TorresCover Artist: Peter BollingerDirector, Products & Services: Evan Butter�eldSenior Manager, Editorial Services: Robin BaldwinManager, Editorial Content: Carrie ClarkSenior Business Development Manager: Sandra BrownSenior Advertising Coordinators: Marian Anderson, [email protected] Debbie Sims, [email protected]

CS PUBLICATIONS BOARDGreg Byrd (VP for Publications), Alfredo Benso, Irena Bojanova, Robert Dupuis, David S. Ebert, Davide Falessi, Vladimir Getov, José Martínez, Forrest Shull, George K. Thiruvathukal

CS MAGAZINE OPERATIONS COMMITTEEGeorge K. Thiruvathukal (Chair), Gul Agha, M. Brian Blake, Jim X. Chen, Maria Ebling, Lieven Eeckhout, Miguel Encarnação, Nathan Ensmenger, Sumi Helal, San Murugesan, Yong Rui, Ahmad-Reza Sadeghi, Diomidis Spinellis, VS Subrahmanian, Mazin Yousif

Editorial: All submissions are subject to editing for clarity, style, and space. Unless otherwise stated, bylined articles and departments, as well as product and service descriptions, re�ect the author’s or �rm’s opinion. Inclusion in IEEE Software does not necessarily constitute endorsement by IEEE or the IEEE Computer Society.

To Submit: Access the IEEE Computer Society’s Web-based system, ScholarOne, at http://mc.manuscript central.com/sw-cs. Be sure to select the right manuscript type when submitting. Articles must be original and not exceed 4,700 words including �gures and tables, which count for 200 words each.

IEEE prohibits discrimination, harassment and bullying: For more information, visit www.ieee.org /web/aboutus/whatis/policies/p9-26.html.

4 IEEE SOFTWARE | PUBLISHED BY THE IEEE COMPUTER SOCIETY 0 7 4 0 - 7 4 5 9 / 1 7 / $ 3 3 . 0 0 © 2 0 1 7 I E E E


IEEE Software To be the best source of reliable, useful, peer-reviewed information for leading software practitioners—Mission Statement the developers and managers who want to keep up with rapid technology change.

IN THE END, it seems it was all about numbers. Consider the marvelous be-havior of a humble honeybee. It � ies and navigates; it communicates and exhibits social behavior; it perceives shapes, col-ors, patterns, odors, and movements. Achieving these tasks with a computer has been challenging scientists for de-cades. Yet, over the past few years we’ve been conquering one tough problem af-ter another. Technologies such as self-driving cars, automatic translation, speech recognition, and face tagging are entering the mainstream.

Although algorithmic innovation has played an important role, the key en-abler has been raw processing power. A honeybee’s brain contains about a million neurons and a billion synapses, while modern CPUs contain a few bil-lion transistors. Granted, a synapse is a lot more complex than a logic gate, and silicon gates switch much faster than neurons, but on a rough scale, you could argue that computers are now achieving some sort of parity with tiny biologi-cal brains. We see a similar abundance of resources in other areas of comput-ing: gigabit networking, terabyte stor-

age units, petabyte databases, immense cloud-based datacenters, millions of software components, and, for some for-tunate companies, billions of users.

This abundance is changing the na-ture of software engineering. First, by reducing the cost of failure, abundance changes how we developers use comput-ing technologies. Second, abundance changes our role by moving the focus from technology to management.

When Failure Is an OptionThe rise of processing power is letting us adopt different ways to ensure a pro-gram’s correctness. So, compile-time type checking is giving way to languages with dynamic type systems, such as JavaScript and Python, even for use in production. Such systems are obviously wasteful; their inability (failure) to verify types up front means they might pay the cost of type checking every time they execute a statement. Yet their versatility often justi-� es their price. Similarly, although signif-icant progress has been made in formally ensuring a program’s correctness, nowa-days we often prefer to run thousands of unit and regression tests every time we

How Abundance Changes Software EngineeringDiomidis Spinellis

IEEE TRANSACTIONS ON

BIG DATA

For more information on paper submission, featured articles, calls for papers, and subscription links visit:

www.computer.org/tbd

SUBSCRIBE AND SUBMIT

TBD is financially cosponsored by IEEE Computer Society, IEEE Communications Society, IEEE

Computational Intelligence Society, IEEE Sensors Council, IEEE Consumer

Electronics Society, IEEE Signal Processing Society, IEEE Systems, Man & Cybernetics Society, IEEE Systems Council, IEEE Vehicular

Technology Society

TBD is technically cosponsored by IEEE Control Systems Society, IEEE Photonics Society, IEEE Engineering in Medicine & Biology Society, IEEE Power & Energy Society, and IEEE

Biometrics Council

SUBMITTODAY


FROM THE EDITOR

6 IEEE SOFTWARE | W W W.COMPUTER.ORG/SOFT WARE | @IEEESOFT WARE

in larger open source and commer-cial communities.

Moreover, the abundance of com-puting resources is changing our goals. Often we’re interested not in developing software that can run on constrained resources but in uti-lizing the available resources in the most productive, pro� table, and in-

novative way. For example, in the 1980s the Lotus Corporation prof-ited mightily by managing to cram a fully featured and blindingly re-sponsive spreadsheet program into a 4.77-MHz IBM PC with 256 Kbytes of RAM. Nowadays, instead of struggling to shoehorn applications into constrained hardware, Wall

CONTACT US

AUTHORS

For detailed information on submitting articles, access www.computer.org/software/author.htm.

LETTERS TO THE EDITOR

Send letters to

Editor, IEEE Software 10662 Los Vaqueros Circle Los Alamitos, CA 90720 [email protected]

Please provide an email addressor daytime phone number with your letter.

ON THE WEB

www.computer.org/software

SUBSCRIBE

www.computer.org/software/subscribe

SUBSCRIPTIONCHANGE OF ADDRESS

[email protected] specify IEEE Software.

MEMBERSHIPCHANGE OF ADDRESS

[email protected].

MISSINGOR DAMAGED COPIES

[email protected].

REPRINTS OF ARTICLES

For price information or to order reprints,email [email protected] fax +1 714 821 4010.

REPRINT PERMISSION

To obtain permission to reprint an article,contact the Intellectual Property Rights Of� ce at [email protected].

WELCOME NEW EDITORIAL BOARD MEMBERS

Sarah C. Gregory is a senior methodologist in re-quirements engineering (RE) at Intel. She develops and mentors RE subject matter experts across Intel worldwide; conducts training; and supports individu-als, teams, and leaders who seek to improve their personal, group, or business unit RE practice. She’s deeply engaged with the IEEE International Require-ments Engineering Conference, having served as an

industry track reviewer, an industry cochair, and the industry representative to the conference steering committee. Gregory’s academic background includes graduate degrees in law, information science, and systematic theology, and she’s pursuing a doctorate in social theory. Starting with the Sept./Oct. issue of IEEE Software, she’ll be the editor of the Requirements department. Contact her at [email protected].

Didar Zowghi is a professor of software engineer-ing at the University of Technology Sydney (UTS) and an adjunct professor of software engineering at the Auckland University of Technology. Her research ad-dresses the issues and challenges of requirements engineering. Previously she was the director of the Centre for Human Centred Technology Design and the associate dean of research at the UTS Faculty of In-

formation Technology. She has worked in the software industry in the UK and Australia as a programmer, software engineer, analyst, consultant, and project manager. Zowghi received a PhD in software engineering from Macquarie Uni-versity. She’s a member of the program committee and the chair of the steer-ing committee of the IEEE International Conference on Requirements Engineer-ing. She is the regional editor of the Requirements Engineering Journal and is on the editorial board of IET Software. She is IEEE Software’s new associate editor for Software Requirements. Contact her at [email protected].

www.computer.org/ silverbullet

*Also available at iTunes

�is series of in-depth interviews with prominent security experts

features Gary McGraw as anchor. IEEE Security & Privacy

magazine publishes excerpts of the 20-minute conversations

in article format each issue.


FROM THE EDITOR

MAY/JUNE 2017 | IEEE SOFTWARE 7

Street’s technology darlings are com-ing up with ways to use the wide-spread broadband connectivity and vast cloud-based infrastructures to offer undreamed-of services. Often, our dif�cult task is no longer to de-sign algorithms, data structures, and schemata but to manage immense datacenters and data stores.

Finally, the shift to cloud com-puting and the provision of services on a global scale is shifting our re-sponsibility from working on soft-ware with clearly de�ned boundar-ies to managing planet-wide system deployments. Our objective isn’t so much to deliver quality software but to offer a correspondingly reliable, secure, ef�cient, and maintainable software-based service.

O n the basis of what I’ve ar-gued here, someone might think that all we need

to do from now on is to sail on the tailwinds of abundance. However, this isn’t the whole story. To take it to an extreme, it’s like arguing that the moon landings were a matter of having high-energy combustion fuel. Yes, the feats we’ve seen in the past couple of years have been the result of increasing raw computing power. However, that power isn’t enough. And it doesn’t come alone, nor will it increase forever.

To realize the systems I’ve de-scribed, in both software and hard-ware, scores of very intelligent people have devoted their lives to delivering ingenious designs and im-plementations. Perhaps someday the singularity will arrive and machines will design machines. Until then, the enormous processing power we use requires similar brawn to cre-ate it. A neural network might per-form marvels, but that requires raw processing power, infrastructure ar-

chitecture, and operations, plus the design of the neural network itself, for which advances come from select groups around the world. The same applies, for example, to testing. We now have the power to test thou-sands of components and users, but if we don’t know what we’re doing, all tests are worthless.

So, in the end, was it all about numbers? Well, yes, but to get to the numbers we also need a lot of good old-fashioned engineering, algorith-mic thinking, and sweat.

CorrectionIn “App Store 2.0: From Crowdsourced Information to Actionable Feedback in Mobile Ecosystems” (Mar./Apr. 2017, pp. 81–89), in the �fth line of the sec-ond column on p. 83, “see sia” should be “see Figure 2a.” IEEE Software regrets the error.

IEEE Pervasive Computing explores the many facets of pervasive and ubiquitous computing with research articles, case studies, product reviews, conference reports,

departments covering wearable and mobile technologies, and much more.

Keep abreast of rapid technology change by subscribing today!

www.computer.org/pervasive

FROM THE EDITOR

6 IEEE SOFTWARE | W W W.COMPUTER.ORG/SOFT WARE | @IEEESOFT WARE

in larger open source and commer-cial communities.

Moreover, the abundance of com-puting resources is changing our goals. Often we’re interested not in developing software that can run on constrained resources but in uti-lizing the available resources in the most productive, pro� table, and in-

novative way. For example, in the 1980s the Lotus Corporation prof-ited mightily by managing to cram a fully featured and blindingly re-sponsive spreadsheet program into a 4.77-MHz IBM PC with 256 Kbytes of RAM. Nowadays, instead of struggling to shoehorn applications into constrained hardware, Wall

CONTACT US

AUTHORS

For detailed information on submitting articles, access www.computer.org/software/author.htm.

LETTERS TO THE EDITOR

Send letters to

Editor, IEEE Software 10662 Los Vaqueros Circle Los Alamitos, CA 90720 [email protected]

Please provide an email addressor daytime phone number with your letter.

ON THE WEB


SUBSCRIBE

www.computer.org/software/subscribe

SUBSCRIPTIONCHANGE OF ADDRESS

[email protected] specify IEEE Software.

MEMBERSHIPCHANGE OF ADDRESS

[email protected].

MISSINGOR DAMAGED COPIES

[email protected].

REPRINTS OF ARTICLES

For price information or to order reprints,email [email protected] fax +1 714 821 4010.

REPRINT PERMISSION

To obtain permission to reprint an article,contact the Intellectual Property Rights Of� ce at [email protected].

WELCOME NEW EDITORIAL BOARD MEMBERS

Sarah C. Gregory is a senior methodologist in re-quirements engineering (RE) at Intel. She develops and mentors RE subject matter experts across Intel worldwide; conducts training; and supports individu-als, teams, and leaders who seek to improve their personal, group, or business unit RE practice. She’s deeply engaged with the IEEE International Require-ments Engineering Conference, having served as an

industry track reviewer, an industry cochair, and the industry representative to the conference steering committee. Gregory’s academic background includes graduate degrees in law, information science, and systematic theology, and she’s pursuing a doctorate in social theory. Starting with the Sept./Oct. issue of IEEE Software, she’ll be the editor of the Requirements department. Contact her at [email protected].

Didar Zowghi is a professor of software engineer-ing at the University of Technology Sydney (UTS) and an adjunct professor of software engineering at the Auckland University of Technology. Her research ad-dresses the issues and challenges of requirements engineering. Previously she was the director of the Centre for Human Centred Technology Design and the associate dean of research at the UTS Faculty of In-

formation Technology. She has worked in the software industry in the UK and Australia as a programmer, software engineer, analyst, consultant, and project manager. Zowghi received a PhD in software engineering from Macquarie Uni-versity. She’s a member of the program committee and the chair of the steer-ing committee of the IEEE International Conference on Requirements Engineer-ing. She is the regional editor of the Requirements Engineering Journal and is on the editorial board of IET Software. She is IEEE Software’s new associate editor for Software Requirements. Contact her at [email protected].

This article originally appeared in IEEE Software, vol. 34, no. 3, 2017.

stay connected.Keep up with the latest IEEE Computer Society

publications and activities wherever you are.

| IEEE Computer Society| Computing Now

| facebook.com/IEEEComputerSociety| facebook.com/ComputingNow

| @ComputerSociety | @ComputingNow

| youtube.com/ieeecomputersociety


Multimedia Research: What Is theRight Approach?

Our multimedia research community has

become increasingly open to and proac-

tive in addressing the needs and concerns of

people living in a world dominated by big (mul-

timedia) data. Initiatives coming from recent

multimedia conferences—such as the call for

“novel topics” at ACMMultimedia 2017 (www.

acmmm.org/2017/program/novel-topics) or

the focus on societal impact in the “Brave New

Ideas” session at ACM Multimedia 2016—

clearly show a focus shift. We’ve moved from

user-agnostic problems (such as semantic image

interpretation) to user-centric problems (such

as investigating whether an image is relevant,

interesting, or useful).

The quality of the solutions we offer for these

problems largely depends on the approach we

choose, including the method, algorithm, and

dataset. The question I would like to raise, based

on my observations of the recent developments

in our community, is are we as open and proac-

tive when it comes to discussing whether the

approaches we choose to address these problems

are the right ones? What are our guiding princi-

ples in this choice? Do we have a philosophy

underlying these principles, and, if so, what is

this philosophy based on? How does it help us

optimize the mapping between the problems

we try to solve and the solutions we offer?What

are the long-term implications of deploying our

solutions in the society?

Understanding Broader ImplicationsThe questions just given should inform the

design of methods and algorithms and help us

understand their impact on our users in a broad

and long-term context. Problems related to

dealing with and getting the most from big

(multimedia) data are becoming more complex

and thus require complex solutions. A simplis-

tic approach runs the risk of addressing only

some aspects of the problem, leaving other, pos-

sibly critical aspects, unanswered. Now that

multimedia technology has reached the level of

large-scale, real-world deployment, our users

will increasingly be confronted with these

unanswered aspects.

As indicated by Moshe Vardi in his Editor’s

Letter, “Technology for the Most Effective Use

of Mankind,” appearing in the January 2017

issue of Communications of the ACM, IT is

“changing the world, but not always for the

better.” He states that “deploying technology

without understanding its societal context may

have adverse societal consequences.” He also

gives the example of the “frictionless sharing”

technology that eventually gave rise to the

“fake-news phenomenon.” Specifically con-

cerning multimedia technology—such as auto-

matic algorithmic solutions for multimedia

content indexing, recommendation, and distri-

bution—the implications of algorithms failing

in a real-world setting might also be significant.

Consider, for example, an algorithm that auto-

matically assigns wrong or offensive labels to

images.

However, instead of taking these implica-

tions more and more seriously, quite an op-

posite development can be observed in our

community. We’re witnessing an enormous

technology push (through evaluation bench-

marks and industry), an increased sensitivity

to hypes, growing social pressure (through

peer reviews), and a lack of constructive doubt

when adopting new ideas and algorithms.

Take, for example, the recent hype around

deep learning, which has started to dominate

sessions in multimedia conferences and is

increasingly perceived as a universal approach

to solving all problems.

In addition, we tend to select approaches that

give us solutions that performoptimally in terms

of some popular evaluation criteria and metrics,

without much discussion about whether the

Alan Hanjalic

Associate EICDelft University of

Technology

EIC’sMessage

1070-986X/17/$33.00�c 2017 IEEE Published by the IEEE Computer Society4


solutions reflect the requested user require-

ments. Here, the statistical improvement—for

example, in terms of theMean Average Precision

(MAP)—over the best performing baseline is typ-

ically the key. If we manage to achieve sufficient

improvement on one portion of our data that

pushes the average performance of the entire

dataset above the state of the art, we can easily

publish our approach, even if we (and our

reviewers) know that our performance on the

rest of the data points might show significant

deficiencies relative to our competitors.

Targeting Individual UsersWhy is the focus on the statistical performance

improvement problematic? The real-world

problems in the multimedia field have to do

with an individual real-world user who is not

interested in any hyped algorithm or its statisti-

cal performance over many users and data

points. An individual user is solely interested in

the ability of the system to help her with her

concrete problems, help her develop her knowl-

edge and skills over a long time period, or make

her life easier and more pleasant in general. I

would therefore argue that in our multimedia

field, a system that can help each target user at

least a little bit more than the state of the art is

more valuable than a system that helps some

target users greatly but others not at all, even if

it means that the average performance increase

in terms ofMAP is lower than in state-of-the-art

approaches. Consequently, it is critical to focus

on the failure cases and analyze them from the

perspective of an individual user in order to

define productive directions for further improv-

ing our research approach or choosing a new

one.

Furthermore, coming back to the examples

of user-centric problems—such as searching for

relevant, interesting, or useful images—the

question arises whether the images identified

by our algorithms are indeed relevant, interest-

ing, or useful, and for whom. By simply adopt-

ing a popular approach and following common

evaluation criteria, we cannot really say that we

did our best to fit our solution to the problem

we address. Instead, it seems that we keep fit-

ting the problem to our proposed solution. In

other words, it seems that we keep interpreting

and defining the terms, including “relevance,”

“interestingness,” or “usefulness” as we go,

depending on the results of our algorithms or

how our dataset is created and annotated. We

also tend to assume that the statistical improve-

ment of our method over the competitors

directly translates into improvement from the

perspective of every user wewish to serve. As dis-

cussed, this is not necessarily the case.

T hese observations are illustrative of the

need to increase awareness of—and inten-

sify community discussions about—the suit-

ability of the criteria, metrics, and design

principles underlying the approaches we pro-

pose. To initiate this, I suggest the following list

of necessary actions to guide the selection and

design of our research approaches:

� Start by understanding the problem you

are trying to solve: Who are the users, what

are their needs, and what is the individual

or social use context for which the solution

must be optimized?

� Be open to all reasonable approaches to

solve the problem and give sufficient atten-

tion to all related solutions.

� Make sure that the dataset used does not

influence conclusions about the quality of

an approach.

� Focus on understanding to what extent

each considered approach addresses all rel-

evant aspects of the given problem.

� Analyze possible negative implications of

different approaches and solutions for

New Editorial BoardMemberTao Mei is a senior researcher

with Microsoft Research Asia,

Beijing, China. His research

interests include multimedia

content analysis and com-

puter vision. Mei received his

PhD from the University of Science and Technol-

ogy of China. He is a Fellow of IAPR, a Distin-

guished Scientist of ACM, and a senior member

of IEEE. He will be taking over for Rong Yan as

editor of the Startups department. Contact him

at [email protected].

April–Ju

ne2017

5

Multimedia Research: What Is theRight Approach?

Our multimedia research community has

become increasingly open to and proac-

tive in addressing the needs and concerns of

people living in a world dominated by big (mul-

timedia) data. Initiatives coming from recent

multimedia conferences—such as the call for

“novel topics” at ACMMultimedia 2017 (www.

acmmm.org/2017/program/novel-topics) or

the focus on societal impact in the “Brave New

Ideas” session at ACM Multimedia 2016—

clearly show a focus shift. We’ve moved from

user-agnostic problems (such as semantic image

interpretation) to user-centric problems (such

as investigating whether an image is relevant,

interesting, or useful).

The quality of the solutions we offer for these

problems largely depends on the approach we

choose, including the method, algorithm, and

dataset. The question I would like to raise, based

on my observations of the recent developments

in our community, is are we as open and proac-

tive when it comes to discussing whether the

approaches we choose to address these problems

are the right ones? What are our guiding princi-

ples in this choice? Do we have a philosophy

underlying these principles, and, if so, what is

this philosophy based on? How does it help us

optimize the mapping between the problems

we try to solve and the solutions we offer?What

are the long-term implications of deploying our

solutions in the society?

Understanding Broader ImplicationsThe questions just given should inform the

design of methods and algorithms and help us

understand their impact on our users in a broad

and long-term context. Problems related to

dealing with and getting the most from big

(multimedia) data are becoming more complex

and thus require complex solutions. A simplis-

tic approach runs the risk of addressing only

some aspects of the problem, leaving other, pos-

sibly critical aspects, unanswered. Now that

multimedia technology has reached the level of

large-scale, real-world deployment, our users

will increasingly be confronted with these

unanswered aspects.

As indicated by Moshe Vardi in his Editor’s

Letter, “Technology for the Most Effective Use

of Mankind,” appearing in the January 2017

issue of Communications of the ACM, IT is

“changing the world, but not always for the

better.” He states that “deploying technology

without understanding its societal context may

have adverse societal consequences.” He also

gives the example of the “frictionless sharing”

technology that eventually gave rise to the

“fake-news phenomenon.” Specifically con-

cerning multimedia technology—such as auto-

matic algorithmic solutions for multimedia

content indexing, recommendation, and distri-

bution—the implications of algorithms failing

in a real-world setting might also be significant.

Consider, for example, an algorithm that auto-

matically assigns wrong or offensive labels to

images.

However, instead of taking these implica-

tions more and more seriously, quite an op-

posite development can be observed in our

community. We’re witnessing an enormous

technology push (through evaluation bench-

marks and industry), an increased sensitivity

to hypes, growing social pressure (through

peer reviews), and a lack of constructive doubt

when adopting new ideas and algorithms.

Take, for example, the recent hype around

deep learning, which has started to dominate

sessions in multimedia conferences and is

increasingly perceived as a universal approach

to solving all problems.

In addition, we tend to select approaches that

give us solutions that performoptimally in terms

of some popular evaluation criteria and metrics,

without much discussion about whether the

Alan Hanjalic

Associate EICDelft University of

Technology

EIC’sMessage

1070-986X/17/$33.00�c 2017 IEEE Published by the IEEE Computer Society4


users and society—especially implications

of the failure cases.

� Make sure that the arguments that best

“sell” your approach are also valid from the

perspective of each individual target user.

I am confident that following these guide-

lines will increase the impact of ourmultimedia

research and help it change the world for the

better. MM

Alan Hanjalic is an associate editor in chief of IEEE

MultiMedia and a professor of computer science and

the head of theMultimedia Computing Group at the

Delft University of Technology, The Netherlands.

Contact him at [email protected].


6

This article originally appeared in IEEE MultiMedia, vol. 24, no. 2, 2017.

Author guidelines: www.computer.org/software/authorFurther details: [email protected]


IEEE Software seeks practical, readable

articles that will appeal to experts and

nonexperts alike. The magazine aims

to deliver reliable, useful, leading-edge

information to software developers,

engineers, and managers to help them

stay on top of rapid technology change.

Topics include requirements, design,

construction, tools, project management,

process improvement, maintenance, testing,

education and training, quality, standards,

and more. Submissions must be original and

no more than 4,700 words, including 250

words for each table and � gure.

Call for Articles


COMPUTING CAREERSCOMPUTING CAREERSCOMPUTING CAREERSCOMPUTING CAREERSCOMPUTING CAREERSCOMPUTING CAREERSCOMPUTING CAREERSCOMPUTING CAREERSCOMPUTING CAREERSCOMPUTING CAREERS

Cloud-Computing Careers

F or this issue of ComputingEdge, we inter-viewed Scott Campbell, senior director of technology and an instructor at Miami

University’s College of Engineering and Com-puting, about cloud-computing careers. Camp-bell was previously director of computing labs for the school’s Computer Science and Software Engineering Department. He authored the article “Teaching Cloud Computing” for Computer’s Sep-tember 2016 issue.

ComputingEdge: Which cloud-computing careers will grow the most in the next several years?

Campbell: I believe the entire fi eld of devops will grow in importance as the diff erences between the roles of programming and administration continue to blur. To take full advantage of cloud computing’s fl exibility, it will be necessary to include cloud management in program and application design. Cloud computing lets us treat hardware as programmable objects, which necessitates a new way of thinking about solu-tions as we fi gure out how to “program” hard-ware into our solutions.

ComputingEdge: What would you tell college students to give them an advantage over the competition?

Campbell: Successful students have worked on diff erent types of projects and solutions. Creat-ing a portfolio of diff erent projects is important, as is working with professors on tools and proj-ects. Working with on-campus clubs to help set up systems is also valuable. Internships continue to be helpful in both building a resume and learning what types of work you like and dislike.

ComputingEdge: What should applicants keep in mind when applying for cloud-computing jobs?

Campbell: Applicants should have a strong sys-tems, security, and networking background as well as scripting experience, which is key to mak-ing cloud computing scalable. Applicants should also be aware that cloud computing is replacing all the roles in traditional datacenters with console-management tools.

ComputingEdge: How can new hires make the strongest impression in a new position?

Campbell: A manager whom I respect said that he hired for attitude first and skills second. Being positive and willing to tackle problems are key attributes that will make a good impres-sion. Later, when given a problem by your boss, try to find one or two solutions and then ask


COMPUTING CAREERS

a colleague if they make sense. Communica-tions is also important. Reread all of your early emails and memos after letting them sit for at least 30 minutes. Then make sure they are clear, complete, and easy to follow.

ComputingEdge: Name one critical mistake that young graduates should avoid when starting their careers.

Campbell: Ignoring the workplace culture is a criti-cal mistake. Every group has both a culture and set of standard practices. Make sure to take time to learn the culture and then adapt to it rather than assuming it will adapt to you. Once you understand the culture and the reasons for the standard practices, you’ll be in a position to start making improvements.

ComputingEdge: Do you have any advice that could benefi t those just starting out in their careers?

Campbell: My favorite saying as a teacher—and parent—is “fi gure it out.” As a boss, I give assign-ments to workers assuming they will spend time working on a solution. Employees must under-stand that they will receive assignments that aren’t well defi ned and that they will have to solve itera-tively. So when given a task, spend time fi guring it out. After a bit of research and thought, circle back with the person who gave you the task to see if you are on the right track and if you heard them cor-rectly. Understand that your job is to fi gure out how best to add value to a project.

ComputingEdge’s Lori Cameron inter-viewed Campbell for this article. Contact her at [email protected] if you

would like to contribute to a future ComputingEdgearticle on computing careers. Contact Campbell at [email protected].

Oracle America, Inc.has openings for the following positions (all levels/types) in San Mateo County, including Redwood Shores, CA and San Bruno, CA; Alameda County, including Pleasanton, CA; San Francisco, CA;

Santa Clara County, including Santa Clara and San Jose, CA; and other locations in the San Francisco Bay Area. Some positions may allow for telecommuting.

Hardware Developers (HWD717): Evaluate reliability of materials, properties and techniques used in production; plan, design and develop electronic parts, components, integrated circuitry, mechanical systems, equipment and packaging, optical systems and/or DSP systems.

Product Managers (PM717): Participate in all software and/or hardware product development life cycle activities. Move software products through the software product development cycle from design and development to implementation, testing, and/or marketing.

Software Developers (SWD717): Design, develop, troubleshoot and/or test/QA software.

Applications Developers (APD717): Analyze, design, develop, troubleshoot and debug software programs for commercial or end user applications. Write code, complete programming and perform testing and debugging of applications.

Programmer Analysts (PA717): Analyze user requirements to develop, implement, and/or support Oracle’s global infrastructure.

Technical Analysts-Support (TAS717): Deliver solutions to the Oracle customer base while serving as an advocate for customer needs. Offer strategic technical support to assure the highest level of customer satisfaction.

Consultants (TCONS717): Analyze requirements and deliver functional and technical solutions. Implement products and technologies to meet post-sale customer needs. Travel to various unanticipated sites throughout the U.S. required. Sales Consultants (TSC717): Provide presales technical/functional support to prospective customers. Design, validate and present Oracle’s software solutions to include product concepts and future direction. Travel to various unanticipated sites throughout the U.S. required.

Software Developers (TSWD717): Design, develop, troubleshoot and/or test/QA software. Travel to various unanticipated sites throughout the U.S. required.

Applications Developers (TAPD717): Analyze, design, develop, troubleshoot and debug software programs for commercial or end user applications. Write code, complete programming and perform testing and debugging of applications. Travel to various unanticipated sites throughout the U.S. required.

Submit resume to [email protected]. Must include job#. Oracle supports workforce diversity.

TECHNOLOGY

It’s work that matters. It's what we do at Symantec. Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. In essence, we protect the free flow of information in a connected world. As the fourth largest independent software company in the world, Symantec has operations in more than 40 countries with 475 out of Fortune's global 500 companies using our solutions. People look to us to safeguard the integrity of their information, ensuring it is secure and available. Achieving this ambitious goal is only possible through the combined efforts of the innovators and visionaries that Symantec continuously attracts. Symantec draws the very best people with a variety of backgrounds, experiences and perspectives and provides them with a work environment where uniqueness is valued and empowered. The creative people we attract help define the spirit of innovation at Symantec. Symantec is proud to be an equal opportunity employer. We currently have openings for the following positions (various levels/types):

Springfield, ORSoftware Engineers (SWEOR717) Responsible for analyzing, designing, debugging and/or modifying software; or evaluating, developing, modifying, and coding software programs to support programming needs. Engineering Managers (EMOR717) Direct and supervise team of engineering (QA and/or development teams). Develop standards for products and/or oversee development and execution of software and/or analysis of test results. Some travel required to various, unanticipated sites throughout the United States. Operations Research Analysts (1648.2288) Responsible for evaluating, developing and implementing operations processes, procedures, programs and strategies to increase technical and operational efficiencies both within the group and other functions.

Herndon, VAMSS Security Engineers (MSSVA717) Drive resolutn of issues that are not getting reslvd thru norm incidnt & problm mgmt procss. Business Operations Specialist (BOAVA717) Analyze competitive market strategies thru analysis of rltd prdct, mrkt, or share trends. Some travel may be req’d to var, unanticipated sites in US.

Cambridge, MASoftware Engineers (SWEMA717) Resp for analyzing, dsigng, debuggng &/or modifying sftwr; or evaltng, devlpng, modifying, & coding sftwr programs to supprt progrmmng needs. Software QA Engineers (SQAMA717) Resp for dvlpng, applying & maintaing quality standards for company prdcts. Dvlp & execute sftwr test plans. Analyze & write test standards & procedures.

Draper, UTEngineering Managers (EMUT717) Direct and supervise team of engineering (QA and/or development teams). Develop standards for products and/or oversee development and execution of software and/or analysis of test results.

Columbia, MDSoftware Engineers (SWEMD717) Resp for analyzing, dsigng, debuggng &/or modifying sftwr; or evaltng, devlpng, modifying, & coding sftwr programs to supprt progrmmng needs.

Submit resume to [email protected] . Must reference position & code listed above. EOE.

For additional information about Symantec and other positions visit our website at http://www.symantec.com.

The IEEE Computer Society is launching INTERFACE, a new communication tool to help members engage, collaborate and stay current on CS activities. Use INTERFACE to learn about member accomplishments and find out how your peers are changing the world with technology.

We’re putting our professional section and student branch chapters in the spotlight, sharing their recent activities and giving leaders a window into how chapters around the globe meet member expectations. Plus, INTERFACE will keep you informed on CS activities so you never miss a meeting, career development opportunity or important industry update.

Launching this spring. Watch your email for its debut.

PREPARE TO CONNECT

cloud computing · reliability-engineering models. now, reliability engineering will have to adapt...

Documents