skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Operating Systems for Resource-adaptive Intelligent Software: Challenges and Opportunities
The past decades witnessed the fast and wide deployment of Internet. The Internet has bred the ubiquitous computing environment that is spanning the cloud, edge, mobile devices, and IoT. Software running over such a ubiquitous computing environment environment is eating the world. A recently emerging trend of Internet-based software systems is “ resource adaptive ,” i.e., software systems should be robust and intelligent enough to the changes of heterogeneous resources, both physical and logical, provided by their running environment. To keep pace of such a trend, we argue that some considerations should be taken into account for the future operating system design and implementation. From the structural perspective, rather than the “monolithic OS” that manages the aggregated resources on the single machine, the OS should be dynamically composed over the distributed resources and flexibly adapt to the resource and environment changes. Meanwhile, the OS should leverage advanced machine/deep learning techniques to derive configurations and policies and automatically learn to tune itself and schedule resources. This article envisions our recent thinking of the new OS abstraction, namely, ServiceOS , for future resource-adaptive intelligent software systems. The idea of ServiceOS is inspired by the delivery model of “ Software-as-a-Service ” that is supported by the Service-Oriented Architecture (SOA). The key principle of ServiceOS is based on resource disaggregation, resource provisioning as a service, and learning-based resource scheduling and allocation. The major goal of this article is not providing an immediately deployable OS. Instead, we aim to summarize the challenges and potentially promising opportunities and try to provide some practical implications for researchers and practitioners.  more » « less
Award ID(s):
1633370
PAR ID:
10374173
Author(s) / Creator(s):
; ; ; ; ; ;
Date Published:
Journal Name:
ACM Transactions on Internet Technology
Volume:
21
Issue:
2
ISSN:
1533-5399
Page Range / eLocation ID:
1 to 19
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, IEEE High Performance Switching and Routing)
    Software Keyloggers are dominant class of malicious applications that surreptitiously logs all the user activity to gather confidential information. Among many other types of keyloggers, API-based keyloggers can pretend as unprivileged program running in a user-space to eavesdrop and record all the keystrokes typed by the user. In a Linux environment, defending against these types of malware means defending the kernel against being compromised and it is still an open and difficult problem. Considering how recent trend of edge computing extends cloud computing and the Internet of Things (IoT) to the edge of the network, a new types of intrusiondetection system (IDS) has been used to mitigate cybersecurity threats in edge computing. Proposed work aims to provide secure environment by constantly checking virtual machines for the presence of keyloggers using cutting edge artificial immune system (AIS) based technology. The algorithms that exist in the field of AIS exploit the immune system’s characteristics of learning and memory to solve diverse problems. We further present our approach by employing an architecture where host OS and a virtual machine (VM) layer actively collaborate to guarantee kernel integrity. This collaborative approach allows us to introspect VM by tracking events (interrupts, system calls, memory writes, network activities, etc.) and to detect anomalies by employing negative selection algorithm (NSA). 
    more » « less
  2. ; ; (, 2021 International Conference on Engineering and Emerging Technologies (ICEET))
    In the last few years, Cloud computing technology has benefited many organizations that have embraced it as a basis for revamping the IT infrastructure. Cloud computing utilizes Internet capabilities in order to use other computing resources. Amazon Web Services (AWS) is one of the most widely used cloud providers that leverages the endless computing capabilities that the cloud technology has to offer. AWS is continuously evolving to offer a variety of services, including but not limited to, infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service. Among the other important services offered by AWS is Video Surveillance as a Service (VSaaS) that is a hosted cloud-based video surveillance service. Even though this technology is complex and widely used, some security experts have pointed out that some of its vulnerabilities can be exploited in launching attacks aimed at cloud technologies. In this paper, we present a holistic security analysis of cloud-based video surveillance systems by examining the vulnerabilities, threats, and attacks that these technologies are susceptible to. We illustrate our findings by implementing several of these attacks on a test bed representing an AWS-based video surveillance system. The main contributions of our paper are: (1) we provided a holistic view of the security model of cloud based video surveillance summarizing the underlying threats, vulnerabilities and mitigation techniques (2) we proposed a novel taxonomy of attacks targeting such systems (3) we implemented several related attacks targeting cloud-based video surveillance system based on an AWS test environment and provide some guidelines for attack mitigation. The outcome of the conducted experiments showed that the vulnerabilities of the Internet Protocol (IP) and other protocols granted access to unauthorized VSaaS files. We aim that our proposed work on the security of cloud-based video surveillance systems will serve as a reference for cybersecurity researchers and practitioners who aim to conduct research in this field. 
    more » « less
  3. ; ; ; (, ACM Symposium on Edge Computing)
    null (Ed.)
    Internet of Things (IoT) devices are becoming increasingly prevalent in our environment, yet the process of programming these devices and processing the data they produce remains difficult. Typically, data is processed on device, involving arduous work in low level languages, or data is moved to the cloud, where abundant resources are available for Functions as a Service (FaaS) or other handlers. FaaS is an emerging category of flexible computing services, where developers deploy self-contained functions to be run in portable and secure containerized environments; however, at the moment, these functions are limited to running in the cloud or in some cases at the "edge" of the network using resource rich, Linux-based systems. In this work, we investigate NanoLambda, a portable platform that brings FaaS, high-level language programming, and familiar cloud service APIs to non-Linux and microcontroller-based IoT devices. To enable this, NanoLambda couples a new, minimal Python runtime system that we have designed for the least capable end of the IoT device spectrum, with API compatibility for AWS Lambda and S3. NanoLambda transfers functions between IoT devices (sensors, edge, cloud), providing power and latency savings while retaining the programmer productivity benefits of high-level languages and FaaS. A key feature of NanoLambda is a scheduler that intelligently places function executions across multi-scale IoT deployments according to resource availability and power constraints. We evaluate a range of applications that use NanoLambda to run on devices as small as the ESP8266 with 64KB of ram and 512KB flash storage. 
    more » « less
  4. ; (, 2019 ASEE Annual Conference & Exposition)
    With the increase in popularity of operating systems like macOS and Chrome OS, creating non-mobile applications that run cross-platform is becoming a challenge for developers all over the world [1]. It is costly to create non-Windows versions of applications since the Operating Systems (OS) differ in architecture and implementation. Many creators from various organizations choose different routes for increasing application compatibility but are not always willing to pay the overhead of developing the same application on another platform. As a result, consumers are stuck with not being able to use the software they need and end up resorting to workarounds ranging from running virtual machines to parallel booting the operating system. Wine is a compatibility layer capable of running Windows applications on several POSIX-compliant operating systems, such as Linux, macOS, & BSD free of cost [2]. It is an excellent way to run Windows applications on macOS and other Linux machines without installing a resource intensive virtual machine or restarting the machine to dual boot. Wine has been in active use since 1993. Since then, it has been adopted by many large companies and integrated into their products, including Borland, Google, IBM and Oracle [3]. This paper describes how a National Science Foundation (NSF) funded project experienced a need to be able to run a Windows-only program on Macs or Chromebooks and explains how Wine may be used to overcome a similar OS-limiting challenge. 
    more » « less
  5. ; ; ; (, An efficient implementation of next generation access control for the mobile health cloud)
    In today's era health informatics is a major contributor to the advancements in ubiquitous computing. Of late, the concept of mobile health (mHealth) systems has attracted considerable attention from both medical computer science communities. mHealth devices generate a significant amount of patient data on a timely basis. This data is often stored on cloud-based EHR and PHR systems to aid in timely and better quality healthcare service. However, as has been seen lately, stored personal records act as honeypots for malicious entities and the internet underground. It is thus imperative to prevent unauthorized leakage of mHealth data from cloud-based E/PHR systems. As observed from some of our preliminary research, NIST's policy machine (PM) framework suits the access control modeling requirements posed by mHealth systems. Moreover, the graph-based model adopted by this framework allows efficient policy management through advanced graph search techniques. In this paper, we leverage the policy machine model to propose a cloud-based service that achieves secure storage and fine-grained dissemination of mHealth data. The primary goal of this work is to demonstrate the applicability of the PM framework to the mHealth domain and illustrate the workflow of an algorithm to resolve access decisions in theoretically faster time than achieved by existing implementations. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email