Improving the performance, availability, and security of data access for opportunistic mobile computing

An opportunistic model of mobile computing is presently emerging in which users can fully benefit from their personal computing environment wherever they are without having to carry "heavy-weight" mobile systems with them. The transition to this model can be seen as part of the pervasive computing vision, being catalyzed by the near ubiquity of powerful smart phones, the increasing availability of local PC hardware, and recent trends in virtualization and cloud computing. The fate of the opportunistic mobile computing model will be essentially decided by the performance, availability, and security of data access relative to alternative solutions. Mobile users require safe and efficient access to their data from whatever PC or device they are currently using, wherever they may be. These requirements expose several new challenges to the performance, availability, and security of user data access under opportunistic mobile computing conditions. In this dissertation, we identify challenges to user data access within the opportunistic mobile computing model, present novel approaches to address them, and demonstrate the effectiveness of these approaches through extensive experimentation. To improve the performance of data access for opportunistic mobile computing, we introduce the concept of safe borrowing of local storage, which we prototyped as the TransPart system. To improve the availability of data access for opportunistic mobile computing, we introduce the concept of a self-cleaning portable cache, which we prototyped as the Horatio system. To improve the security of remote data access for opportunistic mobile computing, we introduce the Working Set-Based Access Control (WSBAC) scheme, which applies the concept of the working set to distributed file system access control. The main conclusion of our research is that opportunistic mobile computing can be realized in a safe and efficient manner for mobile users. Given the ad-hoc nature of opportunistic mobile computing, it is likely that the challenges identified in this dissertation will continue to exist into the foreseeable future. Fortunately, as our research shows, they can be addressed using nascent technologies and applying our concepts without violating the basic tenet of opportunistic mobile computing, namely to minimize the burden of what hardware users must carry.

[1]  Robert P. Goldberg,et al.  Survey of virtual machine research , 1974, Computer.

[2]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  Mahadev Satyanarayanan,et al.  Internet suspend/resume , 2002, Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications.

[4]  Mahadev Satyanarayanan,et al.  Pervasive computing: vision and challenges , 2001, IEEE Wirel. Commun..

[5]  Mahadev Satyanarayanan,et al.  Rapid Trust Establishment for Pervasive Personal Computing , 2007, IEEE Pervasive Computing.

[6]  Martin Kuhlmann,et al.  Role mining - revealing business roles for security administration using data mining technology , 2003, SACMAT '03.

[7]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[8]  Jason Nieh,et al.  THINC: a virtual display architecture for thin-client computing , 2005, SOSP '05.

[9]  R. Card,et al.  Design and Implementation of the Second Extended Filesystem , 2001 .

[10]  David G. Andersen,et al.  An Architecture for Internet Data Transfer , 2006, NSDI.

[11]  Daniel B. Horn,et al.  Patterns of entry and correction in large vocabulary continuous speech recognition systems , 1999, CHI '99.

[12]  Amit Kumar Saha,et al.  Modeling mobility for vehicular ad-hoc networks , 2004, VANET '04.

[13]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[14]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[15]  M. Bansal,et al.  Mobile Ad hoc Networking ( MANET ) : Routing Protocol Performance Issues and Evaluation Considerations , 2010 .

[16]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[17]  Margo I. Seltzer,et al.  Passive NFS Tracing of Email and Research Workloads , 2003, FAST.

[18]  Lalana Kagal,et al.  A Semantic Context-Aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments , 2006, SEMWEB.

[19]  Brian D. Noble,et al.  Safety, Visibility, and Performance in a Wide-Area File System , 2002, FAST.

[20]  Thu D. Nguyen,et al.  Enforcing enterprise-wide policies over standard client-server interactions , 2005, 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05).

[21]  Mahadev Satyanarayanan,et al.  An empirical study of a wide-area distributed file system , 1996, TOCS.

[22]  Liviu Iftode,et al.  FRAC: Implementing Role-Based Access Control for Network File Systems , 2007, Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007).

[23]  Liviu Iftode,et al.  Recovering Internet service sessions from operating system failures , 2005, IEEE Internet Computing.

[24]  Marco Conti,et al.  From opportunistic networks to opportunistic computing , 2010, IEEE Communications Magazine.

[25]  J. Howard Et El,et al.  Scale and performance in a distributed file system , 1988 .

[26]  B. R. Badrinath,et al.  I-TCP: indirect TCP for mobile hosts , 1995, Proceedings of 15th International Conference on Distributed Computing Systems.

[27]  Liviu Iftode,et al.  Leveraging smart phones to reduce mobility footprints , 2009, MobiSys '09.

[28]  Craig A. N. Soules,et al.  Metadata Efficiency in Versioning File Systems , 2003, FAST.

[29]  Roxana Geambasu,et al.  Study of Virtual Machine Performance over Network File Systems , 2006 .

[30]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[31]  Stavros A. Koubias,et al.  A dynamic context-aware access control architecture for e-services , 2006, Comput. Secur..

[32]  Trent Jaeger,et al.  Leveraging IPsec for Mandatory Per-Packet Access Control , 2006, 2006 Securecomm and Workshops.

[33]  Ramón Cáceres,et al.  Reincarnating PCs with portable SoulPads , 2005, MobiSys '05.

[34]  Craig A. N. Soules,et al.  Connections: using context to enhance file search , 2005, SOSP '05.

[35]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[36]  Liviu Iftode,et al.  Bringing the Cloud Down to Earth: Transient PCs Everywhere , 2010, MobiCASE.

[37]  Mahadev Satyanarayanan,et al.  Pervasive Personal Computing in an Internet Suspend/Resume System , 2007, IEEE Internet Computing.

[38]  Mark D. Corner,et al.  Contributing storage using the transparent file system , 2007, TOS.

[39]  Tao Xie,et al.  Inferring access-control policy properties via machine learning , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[40]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[41]  Liviu Iftode,et al.  Working set-based access control for network file systems , 2009, SACMAT '09.

[42]  Nishkam Ravi,et al.  Towards Securing Pocket Hard Drives and Portable Personalities , .

[43]  A. L. Narasimha Reddy,et al.  An approach to virtual allocation in storage systems , 2006, TOS.

[44]  A. Saidane Adaptive Context-Aware Access Control Policy in Ad-Hoc Networks , 2007, Third International Conference on Autonomic and Autonomous Systems (ICAS'07).

[45]  Andy Hopper,et al.  Virtual Network Computing , 1998, IEEE Internet Comput..

[46]  Mahadev Satyanarayanan,et al.  Integrating Portable and Distributed Storage , 2004, FAST.

[47]  Mark Weiser The computer for the 21st century , 1991 .

[48]  R. Sekar,et al.  Inferring Higher Level Policies from Firewall Rules , 2007, LISA.

[49]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[50]  Brent Callaghan,et al.  NFS Version 3 Protocol Specification , 1995, RFC.

[51]  Liviu Iftode,et al.  FileWall: A Firewall for Network File Systems , 2007, Third IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC 2007).

[52]  Andrea C. Arpaci-Dusseau,et al.  Information and control in gray-box systems , 2001, SOSP.

[53]  Mahadev Satyanarayanan,et al.  Disconnected Operation in the Coda File System , 1999, Mobidata.

[54]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[55]  Shigetoshi YOKOYAMA,et al.  An Anonymous Context Aware Access Control Architecture For Ubiquitous Services , 2006, 7th International Conference on Mobile Data Management (MDM'06).

[56]  Liviu Iftode,et al.  Safe Transient Use of Local Storage for VM-based Mobility , 2010 .

[57]  Mahadev Satyanarayanan,et al.  Quantifying interactive user experience on thin clients , 2006, Computer.

[58]  Gregory R. Ganger,et al.  Freeblock Scheduling Outside of Disk Firmware , 2002, FAST.

[59]  W. Buxton Human-Computer Interaction , 1988, Springer Berlin Heidelberg.

[60]  Antonio Corradi,et al.  Context-based access control for ubiquitous service provisioning , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[61]  John D. Ramsdell,et al.  Guided Policy Generation for Application , 2006 .

[62]  Monica S. Lam,et al.  The collective: a cache-based system management architecture , 2005, NSDI.

[63]  Dan Walsh,et al.  Design and implementation of the Sun network filesystem , 1985, USENIX Conference Proceedings.

[64]  Brian D. Noble,et al.  When Virtual Is Better Than Real , 2001 .

[65]  M. Rosenblum,et al.  Optimizing the migration of virtual computers , 2002, OSDI '02.

[66]  Mohan Kumar,et al.  Opportunities in Opportunistic Computing , 2010, Computer.

[67]  Daniel P. Siewiorek,et al.  Non-ideal battery properties and low power operation in wearable computing , 1999, Digest of Papers. Third International Symposium on Wearable Computers.

[68]  Jeffrey Katcher,et al.  PostMark: A New File System Benchmark , 1997 .

[69]  Robert M. Rees,et al.  IBM Storage Tank - A heterogeneous scalable SAN file system , 2003, IBM Syst. J..

[70]  Bernard Chazelle,et al.  The Bloomier filter: an efficient data structure for static support lookup tables , 2004, SODA '04.

[71]  Stefan Berger,et al.  Trustworthy and personalized computing on public kiosks , 2008, MobiSys '08.

[72]  Marcel-Catalin Rosu,et al.  Securing Pocket Hard Drives , 2007, IEEE Pervasive Computing.

[73]  Brian N. Bershad,et al.  Reducing startup latency in web and desktop applications , 1999 .

[74]  Ehab Al-Shaer,et al.  Analysis of Firewall Policy Rules Using Data Mining Techniques , 2006, 2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006.

[75]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[76]  Micah Beck,et al.  An end-to-end approach to globally scalable network storage , 2002, SIGCOMM '02.

[77]  Nikolai Joukov,et al.  A nine year study of file system and storage benchmarking , 2008, TOS.