Dijiang Huang

Arizona State University, Phoenix, Arizona, United States

Are you Dijiang Huang?

Claim your profile

Publications (93)21.3 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: A flexible, scalable, and robust framework that enables fine-grained flow control under fixed or dynamic policies while addressing trustworthiness as a built-in network level functionality is a desirable goal of the future Internet. Furthermore, the level of trustworthiness may possibly be different from one network to another. It is also desirable to provide user-centric or service-centric routing capabilities to achieve service-oriented traffic controls as well as trust and policy management for security. Addressing these aspects, we present the SeRViTR (Secure and Resilient Virtual Trust Routing) framework. In particular, we discuss the goal and scope of SeRViTR, its implementation details, and a testbed that enables us to demonstrate SeRViTR. We have designed protocols and mechanisms for policy and trust management for SeRViTR and show a validation on the functional implementation of several SeRViTR components to illustrate virtual domains and trust level changes between virtual domains that are achieved under SeRViTR protocols. Going from implementation to testbed, we demonstrate SeRViTR in a virtual network provisioning infrastructure called the Geo-distributed Programmable Layer-2 Networking Environment(G-PLaNE) that connects three institutions spanning the US and Japan.
    Computer Networks 04/2014; · 1.23 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Mobile cloud computing (MCC) enables mobile devices to outsource their computing, storage and other tasks onto the cloud to achieve more capacities and higher performance. One of the most critical research issues is how the cloud can efficiently handle the possible overwhelming requests from mobile users when the cloud resource is limited. In this paper, a novel MCC adaptive resource allocation model is proposed to achieve the optimal resource allocation in terms of the maximal overall system reward by considering both cloud and mobile devices. To achieve this goal, we model the adaptive resource allocation as a semi-Markov decision process (SMDP) to capture the dynamic arrivals and departures of resource requests. Extensive simulations are conducted to demonstrate that our proposed model can achieve higher system reward and lower service blocking probability compared to traditional approaches based on greedy resource allocation algorithm. Performance comparisons with various MCC resource allocation schemes are also provided.
    International Journal of Distributed Sensor Networks 04/2013; 2013. · 0.92 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: A secure network is considered to be an important goal of the Future Internet; one way which can be embodied is by having flexible and robust routing functionality with built-in security and trustworthy mechanisms. However, there is a fundamental and important challenge how to determine the trustworthiness to every traffic flow to realize trustable communications. In this paper, we propose a framework to manage the trustworthiness automatically based on the policy by administrator, hysteresis of the traffic, and/or behavior of end users. We describe the role and function on to manage policy and trustworthiness and illustrate the implementation of SeRViTR, which is a trust routing framework, with communication experiment.
    Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
    IEEE Transactions on Dependable and Secure Computing 01/2013; 99(PrePrints):1. · 1.06 Impact Factor
  • Dijiang Huang, Tianyi Xing, Huijun Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile devices are rapidly becoming the major service participants nowadays. However, traditional client-server based mobile service models are not able to meet the increasing demands from mobile users in terms of services diversity, user experience, security and privacy, and so on. Cloud computing enables mobile devices to offload complex operations of mobile applications, which are infeasible on mobile devices alone. In this article, we provide a comprehensive study to lay out existing mobile cloud computing service models and key achievements, and present a new user-centric mobile cloud computing service model to advance existing mobile cloud computing research.
    IEEE Network 01/2013; 27(5):6-11. · 2.85 Impact Factor
  • Source
    Li Li, Dijiang Huang, Zhidong Shen, S. Bouzefrane
    [Show abstract] [Hide abstract]
    ABSTRACT: With rapid growth of mobile devices and the emergency of mobile cloud services, it is a trend to use mobile devices for mobile-centric applications, and expand the mobile capabilities and provide needed security by mobile cloud services. However, due to the mobility of the device and the semitrust of the mobile cloud, how to build trust in the mobile applications is a big concern. In this paper, we propose a dual-root trust online transaction model that provides a dualroot trust model including both the user's mobile device and a delegation mobile cloud. We design a dual-root trust protocol by leveraging a modified CP-ABE cryptography and the trust execution environment embedded in a mobile device to provide device-specific transaction confirmations for online transactions initiated by the mobile user. The performance evaluation of the protocol demonstrates that it is a lightweight scheme for mobile devices since most cryptographic functions are delegated from users to the mobile cloud.
    Wireless Communications and Networking Conference (WCNC), 2013 IEEE; 01/2013
  • Le Xu, Li Li, V. Nagarajan, Dijiang Huang, Wei-Tek Tsai
    [Show abstract] [Hide abstract]
    ABSTRACT: Security has become a major concern for mobile devices when mobile users browsing malicious websites. Existed security solutions may rely on human factors to achieve a good result against phishing websites and SSL Strip-based Man-In-The-Middle (MITM) attack. This paper presents a secure web referral service, which is called Secure Search Engine (SSE) for mobile devices. The system uses mobile cloud-based virtual computing and provides each user a Virtual Machine (VM) as a personal security proxy where all Web traffics are redirected through it. Within the VM, the SSE uses web crawling technology with a set of checking services to validate IP addresses and certificate chains. A Phishing Filter is also used to check given URLs with an optimized execution time. The system also uses private and anonymously shared caches to protect user privacy and improve performance. The evaluation results show that SSE is non-intrusive and consumes no power or computation on the client device, while producing less false positive and false negative than existing web browser-based anti-phishing solutions.
    Service Oriented System Engineering (SOSE), 2013 IEEE 7th International Symposium on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
    9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Security has been one of the top concerns in clouds. It is challenging to construct a secure networking environment in clouds because the cloud is usually a hybrid networking system containing both physical and virtually overlaid networks. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been widely deployed to manipulate cloud security, with the latter providing additional prevention capabilities. This paper investigates into an OpenFlow and Snort based IPS called "SnortFlow", in which it enables the cloud system to detect intrusions and deploy countermeasures by reconfiguring the cloud networking system on-the-fly. The evaluation results demonstrate the feasibility of SnortFlow and provide the guidance for the future work.
    Research and Educational Experiment Workshop (GREE), 2013 Second GENI; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this article, a new mobile Cloud service model is presented. It offers a dynamic and efficient remote access to information services and resources for mobile devices. Mobile Cloud computing has been evolved as a distributed service model, where individual mobile users are Cloud service providers. Compared to traditional Internet-centric Cloud service models, the complexity of mobile service management in a dynamic and distributed service environment is increased dramatically. To address this challenge, we propose to establish an OSGi-based mobile Cloud service model — MCC-OSGi — that uses OSGi Bundles as the basic mobile Cloud service building components. The proposed solution supports OSGi bundles running on both mobile devices and Cloud-side virtual machine OS platforms, and the bundles can be transferred and run on different platforms without compatibility issues. The presented solution is achieved: 1) by incorporating OSGi into Android software development platform, 2) by setting up a Remote-OSGi on the Cloud and on mobile devices, and 3) by defining three service architecture models. The presented solution is validated through a demonstrative application with relevant performance measurements.
    Autonomous Decentralized Systems (ISADS), 2013 IEEE Eleventh International Symposium on; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Network virtualization is a promising solution that can prevent network ossification by allowing multiple heterogeneous virtual networks (VNs) to cohabit on a shared substrate network. It provides flexibility and promotes diversity. A key issue that ...
    Journal of Network and Systems Management 12/2012; 20(4). · 0.43 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A secure network is considered to be an important goal of the Future Internet; one way this can be embodied is by having flexible and robust routing functionalities with intrinsic security mechanisms. It is also desirable to provide user-centric or service-centric routing capabilities to achieve service-oriented traffic controls as well as trust and policy management for security. Based on these potential needs, a flexible, scalable, and robust routing framework that enables fine-grained flow control under fixed or dynamic policies called the Virtual Trusted Routing and Provisioning Domain (VTRouPD)[11] has been recently proposed. In this paper, we present a framework called the Secure and Resilient Virtual Trust Routing (SeRViTR) framework, which is a proof-of-concept model of VTRouPD at the implementation level. SeRViTR has particular entities that are designed for policy management and trust management between different VTRouPDs to enable a secure Internet. We define the roles of each entity within the SeRViTR framework as well as the messages exchanged between them. We also discuss how policy management and trust negotiation can be achieved. Moreover, we present validation on the functional implementation of several SeRViTR components to illustrate how to create virtual domains and change of trust levels between virtual domains.
    01/2012;
  • [Show abstract] [Hide abstract]
    ABSTRACT: With Internet environment is getting optimized and users preferring mobile communications, Cloud Service Providers (CSP) aim to provide services to users depending on their geographic locations with higher service availability and faster access speed. Mobile cloud computing falls into this category, where mobile users can move around and request cloud services at any given geographic locations. To build such a geographic-based mobile cloud services, an effective mobile cloud resource allocation and service request scheduling scheme is highly desired. To this end, the presented service request scheduling scheme takes a comprehensive approach by considering system parameters from both CSP and mobile users such as computation, energy, connectivity, service payment, mobile users' satisfaction, etc. Finally, the performance evaluation of the proposed scheduling scheme is evaluated through simulations where the results show that the presented scheme achieves better system overall gain compared to traditional over-provisioning approaches.
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on; 01/2012
  • Tianyi Xing, Dijiang Huang, S. Ata, D. Medhi
    [Show abstract] [Hide abstract]
    ABSTRACT: In a cloud computing environment, users prefer to migrate their locally processing workloads onto the cloud where more resources with better performance can be expected. ProtoGENI [1] and PlanetLab [17] have further improved the current Internet-based resource outsourcing by allowing end users to construct a virtual network system through virtualization and programmable networking technologies. However, to the best of our knowledge, there is no such general service or resource provisioning platform designated for mobile devices. In this paper, we present a new design and implementation of MobiCloud that is a geo-distributed mobile cloud computing platform. The discussions of the system components, infrastructure, management, implementation flow, and service scenarios are followed by an example on how to experience the MobiCloud system.
    Network and service management (cnsm), 2012 8th international conference and 2012 workshop on systems virtualiztion management (svm); 01/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Mobile cloud computing is a promising technique that shifts the data and computing service modules from individual devices to a geographically distributed cloud service architecture. A general mobile cloud computing system is comprised of multiple cloud domains, and each domain manages a portion of the cloud system resources, such as the Central Processing Unit, memory and storage, etc. How to efficiently manage the cloud resources across multiple cloud domains is critical for providing continuous mobile cloud services. In this paper, we propose a service decision making system for interdomain service transfer to balance the computation loads among multiple cloud domains. Our system focuses on maximizing the rewards for both the cloud system and the users by minimizing the number of service rejections that degrade the user satisfaction level significantly. To this end, we formulate the service request decision making process as a semi-Markov decision process. The optimal service transfer decisions are obtained by jointly considering the system incomes and expenses. Extensive simulation results show that the proposed decision making system can significantly improve the system rewards and decrease service disruptions compared with the greedy approach.
    IEEE Transactions on Vehicular Technology 01/2012; 61(5):2222-2232. · 2.06 Impact Factor
  • Yang Qin, Dijiang Huang, Xinwen Zhang
    [Show abstract] [Hide abstract]
    ABSTRACT: Establishing reliable routing among highly mobile vehicles is a challenging problem in vehicular networks. Towards this issue, we present VehiCloud, a novel cloud computing architecture that leverages emerging cloud computing technologies to deal with unreliable inter-vehicle communications and extend the restricted computational capabilities of mobile devices. A way-point information framework (WIF) is devised within the VehiCloud architecture, aiming to provide routing service for vehicular network, where each vehicle serves as a mobile service node and predicts its future locations by generating way point messages, which describe the trajectory of the vehicle's movement. A decision module in VehiCloud collects vehicles' way points and makes routing decisions for inter-vehicle communication. Selected paths of the routing are globally optimized in terms of message delivery ratio by respecting the constraints of end-to-end delay and communication cost. Our implementation of VehiCloud and real-road experiments demonstrate that it is practical and efficient to address fundamental routing problems for vehicular networks.
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on; 01/2012
  • Vijayakrishnan Nagarajan, Dijiang Huang
    [Show abstract] [Hide abstract]
    ABSTRACT: Security has become a major concern while browsing as the number of malicious sites keeps increasing with the cost for hosting a site decreasing. Though most of the web servers use Secure Socket Layer (SSL) over HTTP (Hyper Text Transfer Protocol) to ensure trust between consumers and providers, SSL is vulnerable to Man-In-The-Middle (MITM) attack and becoming very common these days. Phishing is another major problem, which has increased rapidly over the years. In this paper we present a novel secure web referral service using Secure Search Engine (SSE), which would resolve phishing and MITM attacks for web based applications. SSE is based on web crawling technology with a set of checking services to validate IP addresses and certificate chains. Additionally, we present a novel phishing filter that can be used to check any given URLs with minimal delay. Our solution is non-intrusive and reduces human factors, which are commonly in existing web-based services, in security verification processes. Our evaluation shows that our solutions produce less false positive and false negative than existing web browser-based anti-phishing solutions.
    01/2012;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: With Cloud Computing technology occupying the majority of future Internet research and development work, research on deploying and extending existing capabilities onto a newly emerging infrastructure becomes more significant. For example, extending the virtual network provisioning capability onto a Geo-distributed programmable layer-2 networking environment (G-PLaNE) is a novel attempt and is different from in a single domain system. In this paper, we aim to illustrate how to construct the virtual networking environment upon our self-designed resource provisioning system consisting of multiple clusters through G-PLaNE. Experimenters and researchers are able to develop and explore their own mechanisms in our platform. Furthermore, a concrete example named Secure and Resilient Virtual Trust Routing (SeRViTR) is given to illustrate how this can be constructed over G-PLaNE.
    Communications (ICC), 2012 IEEE International Conference on; 01/2012
  • Dijiang Huang, S.A. Williams, S. Shere
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we focus on congestion cheaters in vehicular networks who report non-existing high-way congestion information. In this solution, we require each vehicle to only detect its local highway traffic pattern to detect congestion and then identify cheaters. Vehicles can broadcast a congestion event to other vehicles. However, a rogue vehicle can also broadcast a bogus congestion message in order to get advantage over other vehicles for malicious purposes. To address this cheating problem, we develop a cheater detection protocol, in which each vehicle only depends on local velocity and distance measurements to validate the congestion event sent by a vehicle. Our presented protocol is based on the traffic flow theory to detect the Kinematic wave caused by congestion. The presented cheater detection solution is effective in that it only requires vehicles to communicate with its neighboring vehicles without relying on a centralized controlled congestion detection and prediction system.
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on; 01/2012
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a new privacy preservation scheme, named pseudonymous authentication-based conditional privacy (PACP), which allows vehicles in a vehicular ad hoc network (VANET) to use pseudonyms instead of their true identity to obtain provably good privacy. In our scheme, vehicles interact with roadside units to help them generate pseudonyms for anonymous communication. In our setup, the pseudonyms are only known to the vehicles but have no other entities in the network. In addition, our scheme provides an efficient revocation mechanism that allows vehicles to be identified and revoked from the network if needed. Thus, we provide conditional privacy to the vehicles in the system, that is, the vehicles will be anonymous in the network until they are revoked, at which point, they cease to be anonymous.
    IEEE Transactions on Intelligent Transportation Systems 10/2011; · 3.06 Impact Factor