{"title":"Cloud Load Balancers Need to Stay Off the Data Path","authors":"Yuchen Zhang;Shuai Jin;Zhenyu Wen;Shibo He;Qingzheng Hou;Yang Song;Zhigang Zong;Xiaomin Wu;Bengbeng Xue;Chenghao Sun;Ku Li;Xing Li;Biao Lyu;Rong Wen;Jiming Chen;Shunmin Zhu","doi":"10.1109/TCC.2025.3595172","DOIUrl":"https://doi.org/10.1109/TCC.2025.3595172","url":null,"abstract":"Load balancers (LBs) are crucial in cloud environments, ensuring workload scalability. They route packets destined for a service (identified by a virtual IP address, or VIP) to a group of servers designated to deliver that service, each with its direct IP address (DIP). Consequently, LBs significantly impact the performance of cloud services and the experience of tenants. Many academic studies focus on specific issues such as designing new load balancing algorithms and developing hardware load balancing devices to enhance the LB’s performance, reliability, and scalability. However, we believe this approach is not ideal for cloud data centers for the following reasons: (i) the increasing demands of users and the variety of cloud service types turn the LB into a bottleneck; and (ii) continually adding machines or upgrading hardware devices can incur substantial costs. In this paper, we propose the Next Generation Load Balancer (NGLB), designed to bypass the TCP connection datapath from the LB, thereby eliminating latency overheads and scalability bottlenecks of traditional cloud LBs. The LB only participates in the TCP connection establishment phase. The three key features of our design are: (i) the introduction of an <italic>active address learning</i> model to redirect traffic and bypass the LB, (ii) a <italic>multi-tenant isolation</i> mechanism for deployment within multi-tenant Virtual Private Cloud networks, and (iii) a distributed flow control method, known as <italic>hierarchical connection cleaner</i>, designed to ensure the availability of backend resources. The evaluation results demonstrate that NGLB reduces latency by 16% and increases nearly 3× throughput. With the same LB resources, NGLB improves 10× rate of new connection establishment. More importantly, five years of operational experience has proven NGLB’s stability for high-bandwidth services.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"1078-1090"},"PeriodicalIF":5.0,"publicationDate":"2025-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144998282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Haiyong Bao;Lu Xing;Honglin Wu;Menghong Guan;Na Ruan;Cheng Huang;Hong-Ning Dai
{"title":"MKAC: Efficient and Privacy-Preserving Multi- Keyword Ranked Query With Ciphertext Access Control in Cloud Environments","authors":"Haiyong Bao;Lu Xing;Honglin Wu;Menghong Guan;Na Ruan;Cheng Huang;Hong-Ning Dai","doi":"10.1109/TCC.2025.3594575","DOIUrl":"https://doi.org/10.1109/TCC.2025.3594575","url":null,"abstract":"With the explosion of Big Data in cloud environments, data owners tend to delegate the storage and computation to cloud servers. Since cloud servers are generally untrustworthy, data owners often encrypt data before outsourcing it to the cloud. Numerous privacy-preserving schemes for the multi-keyword ranked query have been proposed, but most of these schemes do not support ciphertext access control, which can easily lead to malicious access by unauthorized users, causing serious damage to personal privacy and commercial secrets. To address the above challenges, we propose an efficient and privacy-preserving multi-keyword ranked query scheme (MKAC) that supports ciphertext access control. Specifically, in order to enhance the efficiency of the multi-keyword ranked query, we employ a vantage point (VP) tree to organize the keyword index. Additionally, we develop a VP tree-based multi-keyword ranked query algorithm, which utilizes the pruning strategy to minimize the number of nodes to search. Next, we propose a privacy-preserving multi-keyword ranked query scheme that combines asymmetric scalar-product-preserving encryption with the VP tree. Furthermore, attribute-based encryption mechanism is used to generate the decryption key based on the query user’s attributes, which is then employed to decrypt the query results and trace any malicious query user who may leak the secret key. Finally, a rigorous analysis of the security of MKAC is conducted. The extensive experimental evaluation shows that the proposed scheme is efficient and practical.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"1065-1077"},"PeriodicalIF":5.0,"publicationDate":"2025-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144996104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Layer Redundancy Aware DNN Model Repository Planning for Fast Model Download in Edge Cloud","authors":"Hongmin Geng;Yuepeng Li;Sheng Wang;Lin Gu;Deze Zeng","doi":"10.1109/TCC.2025.3591482","DOIUrl":"https://doi.org/10.1109/TCC.2025.3591482","url":null,"abstract":"The booming development of artificial intelligence (AI) applications has greatly promoted edge intelligence technology. To support latency-sensitive Deep Neural Network (DNN) based applications, the integration of serverless inference paradigm into edge intelligence has become a widely recognized solution. However, the long DNN model downloading time from central clouds to edge servers hinders inference performance, and asks for establishing model repository within the edge cloud. This paper first identifies the inherent layer redundancy in DNN models, which is potentially beneficial to improve the storage efficiency of the model repository in the edge cloud. However, how to exploit the layer redundancy feature and allocate the DNN layers across different edge servers with capacitated storage resources to reduce the model downloading time remains challenging. To address this issue, we first formulate this problem in Quadratic Integer Programming (QIP) form, based on which a randomized rounding layer redundancy aware DNN model storage planning strategy is proposed. Our approach significantly reduces model downloading time by up to 63% compared to state-of-the-art methods, as demonstrated through extensive trace-driven experiments.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"1038-1049"},"PeriodicalIF":5.0,"publicationDate":"2025-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144997130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Genxin Chen;Jin Qi;Xingjian Zhu;Jialin Hua;Zhenjiang Dong;Yanfei Sun
{"title":"CSCR: A Cross-View Intelligent Scheduling Method Implemented via Cloud Computing Workflow Reduction","authors":"Genxin Chen;Jin Qi;Xingjian Zhu;Jialin Hua;Zhenjiang Dong;Yanfei Sun","doi":"10.1109/TCC.2025.3591549","DOIUrl":"https://doi.org/10.1109/TCC.2025.3591549","url":null,"abstract":"The surge in the development of artificial intelligence has led to increases in the complexity of computational tasks and the resource demands within cloud computing scenarios. Therefore, intelligent scheduling methods have formed a crucial research area. Solving complex scheduling problems requires many problem feature and long-sequence decision-making observations as possible. To address the workflow scheduling problem under the limited capabilities of models, workflow reduction and cross-view workflow scheduling problems are first proposed in this article, with the optimization objectives and constraints of each problem described. Second, a cross-view intelligent scheduling method implemented via cloud computing workflow reduction (CSCR), including a workflow reduction sorting algorithm (Task-priority ranker), an intelligent reduction algorithm (Workflow view-transformer), and a cross-view intelligent scheduling algorithm (Joint-scheduler), is proposed. We also propose an intelligent scheduling architecture under the workflow reduction paradigm. By reducing the workflow, we provide multiple views that support the decision-making processes of deep reinforcement learning-based scheduling models and coordinate workflow views before and after the reduction step to achieve cross-view joint scheduling. Experimental results show that CSCR achieves minimum advantages of 42.1%, 43.2%, and 33.3% in terms of three workflow reduction indicators over four other algorithms, significantly optimizing the effect of the employed scheduling model.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"1050-1064"},"PeriodicalIF":5.0,"publicationDate":"2025-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144998011","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Securing and Sustaining IoT Edge-Computing Architectures Through Nanoservice Integration","authors":"Cinthya Celina Tamayo Gonzalez;Ijaz Ahmad;Simone Soderi;Erkki Harjula","doi":"10.1109/TCC.2025.3588681","DOIUrl":"https://doi.org/10.1109/TCC.2025.3588681","url":null,"abstract":"The rapid proliferation of the Internet of Things (IoT) and edge computing devices calls for solutions that deliver low latency, energy efficiency, and robust security—often challenging goals to balance simultaneously. This paper introduces a novel nanoservice-based framework that dynamically adapts to changing demands while achieving sustainable and secure edge operations. By breaking down functionalities into specialized and narrowly scoped nanoservices that are requested only as needed and eliminated when idle, the approach significantly reduces latency and energy usage compared to conventional, more static methods. Moreover, integrating a Zero-Trust Architecture (ZTA) ensures that every component—computational or security-related—is continuously verified and restricted through strict access controls and micro-segmentation. This framework’s adaptability extends uniformly to all nanoservices, including those providing security features, thereby maintaining strong protective measures even as workloads and network conditions evolve. Experimental evaluations on IoT devices under varying workloads demonstrate that the proposed approach significantly reduces energy consumption and latency while maintaining security and scalability. These results underscore the potential for an integrated, flexible model that simultaneously addresses energy efficiency, performance, and security—an essential trifecta in future edge computing environments.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"1026-1037"},"PeriodicalIF":5.0,"publicationDate":"2025-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144998169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Meng Tian;Zhicheng Liu;Chenxuan Hou;Chao Qiu;Xiaofei Wang;Dusit Niyato;Victor C. M. Leung
{"title":"Accelerating AI-Generated Content Collaborative Inference Via Transfer Reinforcement Learning in Dynamic Edge Networks","authors":"Meng Tian;Zhicheng Liu;Chenxuan Hou;Chao Qiu;Xiaofei Wang;Dusit Niyato;Victor C. M. Leung","doi":"10.1109/TCC.2025.3586878","DOIUrl":"https://doi.org/10.1109/TCC.2025.3586878","url":null,"abstract":"While diffusion models have demonstrated remarkable success in computer vision tasks, their deployment in Internet of Things environments remains challenging. Edge devices face significant constraints in computational resources and must adapt to dynamic operating conditions. To address these limitations, we propose a novel system that accelerates AI-generated content (AIGC) collaborative inference in dynamic edge networks. The proposed system introduces a multi-exit vision transformer-based U-Net architecture that enables efficient processing through adaptive exit point selection during the diffusion process, optimizing the trade-off between inference accuracy and computational efficiency. To optimize device-level operations, we develop an innovative generative AI-assisted reinforcement learning framework that determines optimal exit selection and offloading strategies to maximize generation quality and inference speed. Furthermore, we design a fine-tuning approach with policy reuse mechanisms that facilitates rapid reinforcement learning algorithm deployment across diverse environments. Extensive experimental evaluations demonstrate that our system outperforms existing algorithms in terms of balancing inference latency and generation quality, while also exhibiting improved adaptability to environmental variations.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"1011-1025"},"PeriodicalIF":5.0,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144997132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Fog-Enhanced Personalized Privacy-Preserving Data Analysis for Smart Homes","authors":"Jiajun Chen;Chunqiang Hu;Weihong Sheng;Hui Xia;Pengfei Hu;Jiguo Yu","doi":"10.1109/TCC.2025.3586052","DOIUrl":"https://doi.org/10.1109/TCC.2025.3586052","url":null,"abstract":"The proliferation of Internet of Things (IoT) devices has led to a surge in data generation within smart home environments. This data explosion has raised significant privacy concerns and highlighted a lack of user-friendly controls. Consequently, there is a pressing need for a robust privacy-enhancing mechanism tailored for smart homes, safeguarding sensitive data from a user-centric perspective. In this article, we introduce the Fog-enhanced Personalized Differential Privacy (FEPDP) model, which utilizes the distributed nature of fog computing to improve data processing efficiency and security in smart homes. Specifically, the personalization, as a key feature of FEPDP, is manifested through an array of user-driven policy specifications, enabling home users to specify secret and privacy specifications for their personal data. These specifications not only enhance control over personal data but also align with the heterogeneous nature of smart home environments. Subsequently, aligned with fog-based smart home architecture, we propose two policy-driven partitioning mechanisms that utilize threshold partitioning based on dynamic programming to effectively implement FEPDP. Finally, comprehensive theoretical analysis and experimental validation across various statistical analysis tasks and datasets confirm that FEPDP achieves a superior privacy-utility trade-off for smart home data by leveraging non-sensitive data and fog-based partitioning.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"995-1010"},"PeriodicalIF":5.0,"publicationDate":"2025-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144998331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Refrain From Inquiring About My Scalable Storage and Boolean Queries for Secure Cloud","authors":"Boli Hu;Kai Zhang;Junqing Gong;Haifeng Qian","doi":"10.1109/TCC.2025.3582645","DOIUrl":"https://doi.org/10.1109/TCC.2025.3582645","url":null,"abstract":"Outsourcing personal data to a convenient and affordable cloud platform has become a popular practice. Considering the risk of privacy leakage, users usually encrypt their data before uploading it to the cloud server. Searchable encryption (SE) allows cloud servers to manage and search data in encrypted form based on user-specified requests. However, coercion attacks are rarely considered, where users may be forced to open search records and results. Therefore, deniable SE solutions against coercion attacks are presented, but they suffer from large storage overhead or fail to consider the dual coercion situation towards both sides of data owners and data users. In this paper, we roughly combine oblivious cross-tags protocol (OXT) and deniable encryption to propose a deniable SE (deniable cross-tag, DXT) scheme, which supports boolean queries and resists dual coercion attacks. Technically, we formalize a new primitive called updatable deniable encryption, and combine it with OXT in a non-trivial manner. In addition, we give formal system model, security model, and security proof of DXT. By employing the HUAWEI cloud platform, we conduct sufficient comparative experiments between DXT and state-of-the-art solutions based on a public dataset. The experimental results demonstrate that DXT outperforms higher search efficiency while achieving better features.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"969-982"},"PeriodicalIF":5.0,"publicationDate":"2025-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144998092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"REE-TM: Reliable and Energy-Efficient Traffic Management Model for Diverse Cloud Workloads","authors":"Ashutosh Kumar Singh;Deepika Saxena;Volker Lindenstruth","doi":"10.1109/TCC.2025.3581697","DOIUrl":"https://doi.org/10.1109/TCC.2025.3581697","url":null,"abstract":"Diversity of workload demands lays a critical impact on efficient resource allocation and management of cloud services. The existing literature has either weakly considered or overlooked the heterogeneous feature of job requests received from wide range of internet services users. To address this context, the proposed approach named <bold>R</b>eliable and <bold>E</b>nergy <bold>E</b>fficient <bold>T</b>raffic <bold>M</b>anagement (<bold>REE-TM</b>) has exploited the diversity of internet traffic in terms of variation in resource demands and expected complexity. Specifically, REE-TM incorporates categorization of heterogeneous job requests and executes them by selecting the most admissible <italic>virtual node</i> (a software-defined instance such as a virtual machine or container) and <italic>physical node</i> (an actual hardware server or compute host) within the cloud infrastructure. To deal with resource-contention-based resource failures and performance degradation, a novel workload estimator ‘Toffoli Gate-based Quantum Neural Network’ (TG-QNN) is proposed, wherein learning process or interconnection weights optimization is achieved using Quantum version of BlackHole (QBHO) algorithm. The proactively estimated workload is used to compute entropy of the upcoming internet traffic with various traffic states analysis for detection of probable resource-congestion. REE-TM is extensively evaluated through simulations using a benchmark dataset and compared with optimal and without REE-TM versions. The performance evaluation and comparison of REE-TM with measured significant metrics reveal its effectiveness in assuring higher reliability by up to 30.25% and energy-efficiency by up to 23% as compared without REE-TM.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"953-968"},"PeriodicalIF":5.0,"publicationDate":"2025-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144997133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
William Pourmajidi;Lei Zhang;John Steinbacher;Tony Erwin;Andriy Miranskyy
{"title":"A Reference Architecture for Governance of Cloud Native Applications","authors":"William Pourmajidi;Lei Zhang;John Steinbacher;Tony Erwin;Andriy Miranskyy","doi":"10.1109/TCC.2025.3578557","DOIUrl":"https://doi.org/10.1109/TCC.2025.3578557","url":null,"abstract":"The evolution of cloud computing has given rise to Cloud Native Applications (CNAs), presenting new challenges in governance, particularly when faced with strict compliance requirements. This work explores the unique characteristics of CNAs and their impact on governance. We introduce a comprehensive reference architecture designed to streamline governance across CNAs, along with a sample implementation, offering insights for both single and multi-cloud environments. Our architecture seamlessly integrates governance within the CNA framework, adhering to a “battery-included” philosophy. Tailored for both expansive and compact CNA deployments across various industries, this design enables cloud practitioners to prioritize product development by alleviating the complexities associated with governance. In addition, it provides a building block for academic exploration of generic CNA frameworks, highlighting their relevance in the evolving cloud computing landscape.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 3","pages":"935-952"},"PeriodicalIF":5.0,"publicationDate":"2025-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144998014","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}