A decentralized cloud firewall framework with resources provisioning cost optimization

Liu, Meng, Dou, Wanchun, Yu, Shui and Zhang, Zhensheng 2015, A decentralized cloud firewall framework with resources provisioning cost optimization, IEEE transactions on parallel and distributed systems, vol. 26, no. 3, pp. 621-631, doi: 10.1109/TPDS.2014.2314672.

Attached Files
Name Description MIMEType Size Downloads

Title A decentralized cloud firewall framework with resources provisioning cost optimization
Author(s) Liu, Meng
Dou, Wanchun
Yu, ShuiORCID iD for Yu, Shui orcid.org/0000-0003-4485-6743
Zhang, Zhensheng
Journal name IEEE transactions on parallel and distributed systems
Volume number 26
Issue number 3
Start page 621
End page 631
Total pages 11
Publisher IEEE
Place of publication Piscataway, N.J.
Publication date 2015-03-01
ISSN 1045-9219
Keyword(s) Science & Technology
Computer Science, Theory & Methods
Engineering, Electrical & Electronic
Computer Science
Cloud computing
resources allocation
system modeling
Summary Cloud computing is becoming popular as the next infrastructure of computing platform. Despite the promising model and hype surrounding, security has become the major concern that people hesitate to transfer their applications to clouds. Concretely, cloud platform is under numerous attacks. As a result, it is definitely expected to establish a firewall to protect cloud from these attacks. However, setting up a centralized firewall for a whole cloud data center is infeasible from both performance and financial aspects. In this paper, we propose a decentralized cloud firewall framework for individual cloud customers. We investigate how to dynamically allocate resources to optimize resources provisioning cost, while satisfying QoS requirement specified by individual customers simultaneously. Moreover, we establish novel queuing theory based model M/Geo/1 and M/Geo/m for quantitative system analysis, where the service times follow a geometric distribution. By employing Z-transform and embedded Markov chain techniques, we obtain a closed-form expression of mean packet response time. Through extensive simulations and experiments, we conclude that an M/Geo/1 model reflects the cloud firewall real system much better than a traditional M/M/1 model. Our numerical results also indicate that we are able to set up cloud firewall with affordable cost to cloud customers.
Language eng
DOI 10.1109/TPDS.2014.2314672
Field of Research 080109 Pattern Recognition and Data Mining
0805 Distributed Computing
0803 Computer Software
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2015, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30077825

Connect to link resolver
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 13 times in TR Web of Science
Scopus Citation Count Cited 16 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 292 Abstract Views, 3 File Downloads  -  Detailed Statistics
Created: Wed, 09 Mar 2016, 15:35:25 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.