Journal of Cloud Computing最新文献

{"title":"Analysis and prediction of virtual machine boot time on virtualized computing environments","authors":"Ridlo Sayyidina Auliya, Yen-Lin Lee, Chia-Ching Chen, Deron Liang, Wei-Jen Wang","doi":"10.1186/s13677-024-00646-4","DOIUrl":"https://doi.org/10.1186/s13677-024-00646-4","url":null,"abstract":"Starting a virtual machine (VM) is a common operation in cloud computing platforms. In order to achieve better management of resource provisioning, a cloud platform needs to accurately estimate the VM boot time. In this paper, we have conducted several experiments to analyze the factors that could affect VM boot time in a computer cluster with shared storage. We also implemented four models for VM boot time prediction and evaluated the performance of the four models based on the datasets of four hosts and seven hosts in our environment, where the four models are the rule-based model, the regression tree model, the random forest regression model, and the linear regression model. According to our analysis, we found that host capability and maximal network bandwidth are two main factors that can influence VM boot time. We also found that VM boot time becomes harder to predict when booting VMs at different hosts concurrently due to competition between hosts to obtain resources. According to the experimental results, the proposed random forest regression is the best model for VM boot time prediction with an average accuracy of 94.76 $$%$$ and 96.59 $$%$$ in predicting VM boot time in two clusters with four and seven compute hosts, respectively.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140585886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"IoT workload offloading efficient intelligent transport system in federated ACNN integrated cooperated edge-cloud networks","authors":"Abdullah Lakhan, Tor-Morten Grønli, Paolo Bellavista, Sajida Memon, Maher Alharby, Orawit Thinnukool","doi":"10.1186/s13677-024-00640-w","DOIUrl":"https://doi.org/10.1186/s13677-024-00640-w","url":null,"abstract":"Intelligent transport systems (ITS) provide various cooperative edge cloud services for roadside vehicular applications. These applications offer additional diversity, including ticket validation across transport modes and vehicle and object detection to prevent road collisions. Offloading among cooperative edge and cloud networks plays a key role when these resources constrain devices (e.g., vehicles and mobile) to offload their workloads for execution. ITS used different machine learning and deep learning methods for decision automation. However, the self-autonomous decision-making processes of these techniques require significantly more time and higher accuracy for the aforementioned applications on the road-unit side. Thus, this paper presents the new offloading ITS for IoT vehicles in cooperative edge cloud networks. We present the augmented convolutional neural network (ACNN) that trains the workloads on different edge nodes. The ACNN allows users and machine learning methods to work together, making decisions for offloading and scheduling workload execution. This paper presents an augmented federated learning scheduling scheme (AFLSS). An algorithmic method called AFLSS comprises different sub-schemes that work together in the ITS paradigm for IoT applications in transportation. These sub-schemes include ACNN, offloading, scheduling, and security. Simulation results demonstrate that, in terms of accuracy and total time for the considered problem, the AFLSS outperforms all existing methods.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140585997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Intelligent code search aids edge software development","authors":"Fanlong Zhang, Mengcheng Li, Heng Wu, Tao Wu","doi":"10.1186/s13677-024-00629-5","DOIUrl":"https://doi.org/10.1186/s13677-024-00629-5","url":null,"abstract":"The growth of multimedia applications poses new challenges to software facilities in edge computing. Developers must effectively develop edge computing software to accommodate the rapid expansion of multimedia applications. Code search has become a prevalent practice to enhance the efficiency of the construction of edge software infrastructure. Researchers have proposed lots of approaches for code search, and employed deep learning technology to extract features from program representations, such as token, AST, graphs, method name, and API. Nevertheless, two prominent issues remain: 1) there are only a few studies on the effective use of graph representation for code search (especially in Java language), and 2) there is a lack of empirical study on the contributions of different program representations. To address these issues, we conduct an empirical study to explore program representations, especially program graphs. To the best of our knowledge, this is the first attempt to conduct code search with mixed graphs representation for Java language, containing the control flow graph and the program dependence graph. We also present a hybrid approach to capture and fuse the features of a program with representations of Token, AST, and Mixed Graphs (TAMG). The results of our experiment show that our approach possesses the best ability (R@1 with 37% and R@10 with 67.1%). Our graph representation exhibits a positive effect, and the token and AST also have a significant contribution to the code search. Our findings can aid developers in efficiently searching for the desired code while constructing the software infrastructure for edge computing, which is crucial for the rapid expansion of multimedia applications.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140585475","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"PMNet: a multi-branch and multi-scale semantic segmentation approach to water extraction from high-resolution remote sensing images with edge-cloud computing","authors":"Ziwen Zhang, Qi Liu, Xiaodong Liu, Yonghong Zhang, Zihao Du, Xuefei Cao","doi":"10.1186/s13677-024-00637-5","DOIUrl":"https://doi.org/10.1186/s13677-024-00637-5","url":null,"abstract":"In the field of remote sensing image interpretation, automatically extracting water body information from high-resolution images is a key task. However, facing the complex multi-scale features in high-resolution remote sensing images, traditional methods and basic deep convolutional neural networks are difficult to effectively capture the global spatial relationship of the target objects, resulting in incomplete, rough shape and blurred edges of the extracted water body information. Meanwhile, massive image data processing usually leads to computational resource overload and inefficiency. Fortunately, the local data processing capability of edge computing combined with the powerful computational resources of cloud centres can provide timely and efficient computation and storage for high-resolution remote sensing image segmentation. In this regard, this paper proposes PMNet, a lightweight deep learning network for edge-cloud collaboration, which utilises a pipelined multi-step aggregation method to capture image information at different scales and understand the relationships between remote pixels through horizontal and vertical spatial dimensions. Also, it adopts a combination of multiple decoding branches in the decoding stage instead of the traditional single decoding branch. The accuracy of the results is improved while reducing the consumption of system resources. The model obtained F1-score of 90.22 and 88.57 on Landsat-8 and GID remote sensing image datasets with low model complexity, which is better than other semantic segmentation models, highlighting the potential of mobile edge computing in processing massive high-resolution remote sensing image data.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140316269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Correction to: Advanced series decomposition with a gated recurrent unit and graph convolutional neural network for non‑stationary data patterns","authors":"Huimin Han, Harold Neira-Molina, Asad Khan, Meie Fang, Haitham A. Mahmoud, Emad Mahrous, Bilal Ahmed, Yazeed Yasin Ghadi","doi":"10.1186/s13677-024-00628-6","DOIUrl":"https://doi.org/10.1186/s13677-024-00628-6","url":null,"abstract":"<p>Following publication of the original article [1], we have been notified that one of the authors? names was published incorrectly.</p><p>Now it is:</p><p>Harold Neira-Molin 2</p><p>It should be:</p><p>Harold Neira-Molina 2</p><p>The original article was updated.</p><ol data-track-component=\"outbound reference\"><li data-counter=\"1.\"><p>Han et al (2024) Advanced series decomposition with a gated recurrent unit and graph convolutional neural network for non–stationary data patterns (2024). 13:20 https://doi.org/10.1186/s13677-023-00560-1</p></li></ol><p>Download references<svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" role=\"img\" width=\"16\"><use xlink:href=\"#icon-eds-i-download-medium\" xmlns:xlink=\"http://www.w3.org/1999/xlink\"></use></svg></p><h3>Authors and Affiliations</h3><ol><li><p>Mechanical and Electrical Engineering College, Hainan Vocational University of Science and Technology, 571126, Haikou, China</p><p>Huimin Han</p></li><li><p>Department of Computer Science and Electronics, Universidad de La Costa, CUC, 080002, Barranquilla, Colombia</p><p>Harold Neira-Molina</p></li><li><p>Metaverse Research Institute, School of Computer Science and Cyber Engineering, Guangzhou University, 510006, Guangzhou, Guangdong, People’s Republic of China</p><p>Asad Khan &amp; Meie Fang</p></li><li><p>Department of Industrial Engineering, College of Engineering, King Saud University, 11421, Riyadh, P.O. Box 800, Saudi Arabia</p><p>Haitham A. Mahmoud</p></li><li><p>Department of Electrical Engineering, College of Engineering, King Saud University, 11421, Riyadh, P.O. Box 800, Saudi Arabia</p><p>Emad Mahrous</p></li><li><p>Department of Computer Science, Al Ain University, Al Ain, UAE</p><p>Yazeed Yasin Ghadi</p></li><li><p>Department of Structural Engineering, Faculty of Civil Engineering, Doctoral School, Silesian University of Technology, Akademicka 2, 44‑100, Gliwice, Poland</p><p>Bilal Ahmed</p></li></ol><span>Authors</span><ol><li><span>Huimin Han</span>View author publications<p>You can also search for this author in <span>PubMed<span> </span>Google Scholar</span></p></li><li><span>Harold Neira-Molina</span>View author publications<p>You can also search for this author in <span>PubMed<span> </span>Google Scholar</span></p></li><li><span>Asad Khan</span>View author publications<p>You can also search for this author in <span>PubMed<span> </span>Google Scholar</span></p></li><li><span>Meie Fang</span>View author publications<p>You can also search for this author in <span>PubMed<span> </span>Google Scholar</span></p></li><li><span>Haitham A. Mahmoud</span>View author publications<p>You can also search for this author in <span>PubMed<span> </span>Google Scholar</span></p></li><li><span>Emad Mahrous</span>View author publications<p>You can also search for this author in <span>PubMed<span> </span>Google Scholar</span></p></li><li><span>Bilal Ahmed</span>View author publications<p>You can also search for this author in <span>PubMed<span> </span>Google Sch","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140316155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Correction: FLM-ICR: a federated learning model for classification of internet of vehicle terminals using connection records","authors":"Kai Yang, Jiawei Du, Jingchao Liu, Feng Xu, Ye Tang, Ming Liu, Zhibin Li","doi":"10.1186/s13677-024-00638-4","DOIUrl":"https://doi.org/10.1186/s13677-024-00638-4","url":null,"abstract":"<p><b>Correction: Journal of Cloud Computing (2024) 13:57 </b></p><p>https://doi.org/10.1186/s13677-024-00623-x</p><p>Following publication of the original article [1], we have been notified that there is duplicate of the body text in the published article.</p><p>Now the text is:</p><p>MLP ((model): Sequential ((0): Linear (in_features=3, out_features=200, bias=True)</p><ol>\u0000<li>\u0000<span>1.</span>\u0000<p>Dropout (p=0.2, inplace=False)</p>\u0000</li>\u0000<li>\u0000<span>2.</span>\u0000<p>ReLU ()</p>\u0000</li>\u0000<li>\u0000<span>3.</span>\u0000<p>Linear (in_features=200, out_features=2, bias=True)))</p>\u0000</li>\u0000</ol><p>The improved MLP comprises linear layers, Dropout, and the ReLU activation function. This architecture is established using the Sequential class to construct a feedforward neural network for sample classification.</p><p>Initially, the linear layer conducts linear transformations to augment the feature information of the samples, with an input dimension of 2 and an output dimension of 200. Dropout is then implemented with a probability of 0.2 for random Dropout, mitigating overfitting. Subsequently, the ReLU non-linear activation function is employed to enhance the network?s non-linear expressive capability. Finally, the linear layer is utilized for dimension reduction and classification purposes.</p><p>MLP ((model): Sequential ((0): Linear (in_features=3, out_features=200, bias=True)</p><ol>\u0000<li>\u0000<span>1.</span>\u0000<p>Dropout (p=0.2, inplace=False)</p>\u0000</li>\u0000<li>\u0000<span>2.</span>\u0000<p>ReLU ()</p>\u0000</li>\u0000<li>\u0000<span>3.</span>\u0000<p>Linear (in_features=200, out_features=2, bias=True)))</p>\u0000</li>\u0000</ol><p>It should be:</p><p>MLP ((model): Sequential ((0): Linear (in_features=3, out_features=200, bias=True)</p><ol>\u0000<li>\u0000<span>1.</span>\u0000<p>Dropout (p=0.2, inplace=False)</p>\u0000</li>\u0000<li>\u0000<span>2.</span>\u0000<p>ReLU ()</p>\u0000</li>\u0000<li>\u0000<span>3.</span>\u0000<p>Linear (in_features=200, out_features=2, bias=True)))</p>\u0000</li>\u0000</ol><p>The improved MLP comprises linear layers, Dropout, and the ReLU activation function. This architecture is established using the Sequential class to construct a feedforward neural network for sample classification.</p><p>Initially, the linear layer conducts linear transformations to augment the feature information of the samples, with an input dimension of 2 and an output dimension of 200. Dropout is then implemented with a probability of 0.2 for random Dropout, mitigating overfitting. Subsequently, the ReLU non-linear activation function is employed to enhance the network?s non-linear expressive capability. Finally, the linear layer is utilized for dimension reduction and classification purposes.</p><p>The original article was updated.</p><ol data-track-component=\"outbound reference\"><li data-counter=\"1.\"><p>Yang et al (2024) FLM-ICR: a federated learning model for classification of internet of vehicle terminals using connection records. 13:57 https://doi.org/10.1186/s13677-024-00623-x</p></li></ol><p>Download references<svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" role=\"img","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140316166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CG-PBFT: an efficient PBFT algorithm based on credit grouping","authors":"Juan Liu, Xiaohong Deng, Wangchun Li, Kangting Li","doi":"10.1186/s13677-024-00643-7","DOIUrl":"https://doi.org/10.1186/s13677-024-00643-7","url":null,"abstract":"Because of its excellent properties of fault tolerance, efficiency and availability, the practical Byzantine fault tolerance (PBFT) algorithm has become the mainstream consensus algorithm in blockchain. However, current PBFT algorithms have problems such as inadequate security of primary node selection, high communication overhead and network delay in the process of consensus. To address these problems, we design a novel efficient Byzantine fault tolerance algorithm based on credit grouping, called CG-PBFT. First, we propose a new credit evaluation model to obtain nodes’ credit values and introduce an optimized three-way quick sorting algorithm to divide nodes into the master-node group, the consensus-node group and the observation-node group, which have different privileges. The nodes in the observation-node group are restricted from participating in consensus, which reduces the communication overhead and improves consensus efficiency. Second, we propose an optimized selection method for the primary node based on a voting mechanism whereby the consensus-node group and observation-node group vote to produce the primary node, which reduces the probability of malicious nodes acting as the primary node and improves the security of primary node selection. Finally, the identity conversion mechanism between node groups is designed, and the actual behavior of nodes within different groups is given credit rewards or punishment, so as to keep an incentive for nodes to participate in appropriate system behavior and improve the working enthusiasm of nodes. The experimental simulation results show that compared with existing PBFT algorithms, the CG-PBFT algorithm improves the average throughput by 51.3% and reduces the average delay by 64.5%; it greatly improves the operating efficiency of the system and can be more suitable for application in the consortium blockchain scenarios.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140298524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Accurate and fast congestion feedback in MEC-enabled RDMA datacenters","authors":"Xin He, Feifan Liang, Weibei Fan, Junchang Wang, Lei Han, Fu Xiao, Wanchun Dou","doi":"10.1186/s13677-024-00642-8","DOIUrl":"https://doi.org/10.1186/s13677-024-00642-8","url":null,"abstract":"Mobile edge computing (MEC) is a novel computing paradigm that pushes computation and storage resources to the edge of the network. The interconnection of edge servers forms small-scale data centers, enabling MEC to provide low-latency network services for mobile users. Nowadays, Remote Direct Memory Access (RDMA) has been widely deployed in such data centers to reduce CPU overhead and network latency. Plenty of congestion control mechanisms have been proposed for RDMA data centers, aiming to provide low-latency data delivery and high throughput network services. However, our fine-grained experimental analysis reveals that existing congestion control mechanisms still have performance limitations due to inappropriate congestion notifications and the long congestion feedback cycle. In this paper, we propose Mercury, which is an accurate and fast congestion feedback mechanism. Mercury comprises two key components: (1) the state-driven congestion detection and (2) the window-based congestion notification. Specifically, the state-driven congestion detection monitors the queue length and the number of packets received at the switch egress port when the PFC is triggered. It determines the states of egress ports and identifies flows that really contribute to congestion. Then, window-based congestion notification calculates the window sizes for congested flows and rapidly returns Congestion Notification Packets (CNPs) with the window information to the sender. It facilitates the rate adjustment of congested flows. Mercury is compatible with existing RDMA CC mechanisms and can be easily implemented in switches. We employ real-world data sets and conduct both micro-benchmark and large-scale simulations to evaluate the performance of Mercury. The results indicate that, thanks to the accurate and fast congestion feedback, Mercury achieves a reduction in the 99th tail flow completion time by up to 45.1%, 41.8%, 38.7%, 30.9%, and 37.9% compared with Timely, DCQCN, DCQCN+TCD, PACC, and HPCC, respectively.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140298419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Time-aware outlier detection in health physique monitoring in edge-aided sport education decision-makings","authors":"Yanjie Li, Liqin Kang, Zhaojin Li, Fugao Jiang, Nan Bi, Tao Du, Maryam Abiri","doi":"10.1186/s13677-024-00636-6","DOIUrl":"https://doi.org/10.1186/s13677-024-00636-6","url":null,"abstract":"The increasing popularity of various intelligent sensor and mobile communication technologies has enabled quick health physique sensing, monitoring, collection and analyses of students, which significantly promoted the development of sport education. Through collecting the students’ physiological signals and transmitted them to edge servers, we can precisely analyze and judge whether a student is in poor health (e.g., an outlier). However, with time elapsing, the accumulated physiological signals of students become massive, which places a heavy burden on the quick storage and in-time processing of physiological data of students. In this situation, it is becoming a necessity to develop a time-aware outlier detection technique for health physique evaluation of students in a time-efficient way. Considering this challenge, we propose a novel time-aware outlier detection method named TOD based on Locality-Sensitive Hashing. TOD condenses extensive physiological student data into a concise set of health indices. Leveraging these indices, we can efficiently identify potential student outliers from a large pool of candidates with precision and speed. Finally, we have designed a group of simulated experiments based on WS-DREAM dataset. Experiment results prove the feasibility and superiority of the TOD method compared with other existing methods.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140298525","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimus: association-based dynamic system call filtering for container attack surface reduction","authors":"Seungyong Yang, Brent Byunghoon Kang, Jaehyun Nam","doi":"10.1186/s13677-024-00639-3","DOIUrl":"https://doi.org/10.1186/s13677-024-00639-3","url":null,"abstract":"While container adoption has witnessed significant growth in facilitating the operation of large-scale applications, this increased attention has also attracted adversaries who exploit numerous vulnerabilities present in contemporary containers. Unfortunately, existing security solutions largely overlooked the need to restrict container access to the shared host kernel, particularly exhibiting critical limitations in enforcing the least privilege for containers during runtime. Hence, we propose Optimus, an automated and comprehensive system that confines container operations and governs their interactions with the host kernel using an association-based system call filtering. Optimus efficiently identifies the essential system calls required by containers and enhances their security posture by dynamically enforcing the minimal set of system calls for each container during runtime. This is achieved through (1) lightweight system call monitoring leveraging eBPF, (2) system call validation via association analysis, and (3) dynamic system call filtering by adopting covert container renewal. Our evaluation shows that Optimus effectively minimizes the necessary system calls for containers while maintaining their serviceability and operational efficiency during runtime.","PeriodicalId":501257,"journal":{"name":"Journal of Cloud Computing","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140203573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}