CN115190131A - Node cooperation method based on edge cloud computing - Google Patents

Node cooperation method based on edge cloud computing Download PDF

Info

Publication number
CN115190131A
CN115190131A CN202110374467.2A CN202110374467A CN115190131A CN 115190131 A CN115190131 A CN 115190131A CN 202110374467 A CN202110374467 A CN 202110374467A CN 115190131 A CN115190131 A CN 115190131A
Authority
CN
China
Prior art keywords
application service
edge
data
code
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110374467.2A
Other languages
Chinese (zh)
Inventor
丁志勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110374467.2A priority Critical patent/CN115190131A/en
Publication of CN115190131A publication Critical patent/CN115190131A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a node cooperation method based on edge cloud computing, which comprises the following steps: receiving a first application service request and a second application service request; instantiating, in an isolation container, a first application service and a second application service based on a trusted computing environment; executing the first application service or the second application service in an isolation container; generating a first service key and a second service key, wherein the first service key is used for encryption of the first data or code and the second service key is used for encryption of the second data or code. The invention provides a node cooperation method based on edge cloud computing, wherein a hosting configuration file of a terminal is used for selecting available network resources, so that bandwidth requirements related to application services are met, waiting delay is reduced, and network bandwidth utilization rate in a network is improved.

Description

Node cooperation method based on edge cloud computing
Technical Field
The invention relates to cloud computing, in particular to a node cooperation method based on edge cloud computing.
Background
The system performance bottleneck of the traditional cloud computing architecture is limited in network bandwidth, and certain time is required for transmitting mass data and processing data at the cloud end, so that the request response time is increased, and the user experience is poor. With the development of the internet of things, all electronic devices can be connected with the internet, and the electronic devices can generate massive data. The traditional cloud computing model cannot process the data timely and effectively. And the processing of the data at the edge node brings about extremely small response time and lightens the network load. Cloud computing, software defined networks are therefore both exploring the provision of services and applications to a variety of terminals and end users in edge nodes. However, the security of the edge node is more complex for the person developing, deploying or operating the application, and the node may run multiple heterogeneous application services even if the platform operator is trusted by the application operator. However, the conventional edge cloud environment cannot ensure that the application services are separated from each other safely, so that the confidential information may be in an insecure environment.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a node cooperation method based on edge cloud computing, which comprises the following steps:
receiving a first application service request and a second application service request;
instantiating a first application service in an isolation container on an edge computing platform, using a trusted execution environment of the edge computing platform to prevent access to first data or code of the first application service from other environments hosted by the edge computing platform, wherein the trusted execution environment encrypts the first data or code prior to storing the first data or code in memory;
instantiating the second application service in the isolation container of the edge computing platform, using the trusted computing environment to prevent access to second data or code of the second application service from the first application service, the trusted computing environment encrypting the second data or code prior to storing the second data or code in the memory;
executing the first application service or the second application service in an isolation container;
wherein upon instantiation of a first application service and a second application service in an isolation container on an edge computing platform, the trusted computing environment generates a first service key and a second service key, wherein the first service key is used for encryption of the first data or code and the second service key is used for encryption of the second data or code.
Preferably, wherein the trusted computing environment uses virtual memory mapping to prevent memory access between sequestered containers.
Preferably, wherein the first application service request or the second application service request is routed to the edge computing platform through an edge coordination node, the routing based on a communication distance of a user equipment and the edge computing platform.
Preferably, wherein the application service request is from a first user equipment; the second application service request is from a second user equipment.
Compared with the prior art, the invention has the following advantages:
the invention provides a node cooperation method based on edge cloud computing, wherein a hosting configuration file of a terminal is used for selecting available network resources, so that bandwidth requirements related to application services are met, waiting delay is reduced, and network bandwidth utilization rate in a network is improved.
Drawings
Fig. 1 is a flowchart of a node cooperation method based on edge cloud computing according to an embodiment of the present invention.
Detailed Description
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details.
One aspect of the invention provides a node cooperation method based on edge cloud computing. Fig. 1 is a flowchart of a node cooperation method based on edge cloud computing according to an embodiment of the present invention.
Application services based on a hierarchical edge cloud platform are described, the application services being implemented in a hierarchical edge cloud environment comprising hierarchical edge cloud platforms, each layer network comprising edge nodes configurable to host services and applications. For example, in a split-three layer edge cloud environment, a first layer of the edge cloud platform may be implemented in edge devices such as cellular devices and base stations, a second layer may be implemented in an intermediate network between an access network and a core network, and a third layer may be implemented in the core network. According to another embodiment, for a hierarchical first tier edge cloud platform, the distance from the edge of the network or the location in the network may be different. For example, a first tier edge cloud platform may include a different network than the edge cloud platform, such as the internet, a packet data network.
The edge node in the invention uses the hosting configuration file of the terminal as a basis for selecting available networks or available virtual resources of the layered edge cloud platform to provide services or applications for the terminal. The hosting profile of the terminal may include a type of the terminal, a type of application service that the terminal is authorized to access, and other attributes of the terminal to identify available virtual resources based on the hosting profile.
The edge node computes a plurality of resource characteristics associated with the provision of the application service. The resource characteristics include, for example, bandwidth utilization associated with each free virtual resource, bandwidth utilization associated with the terminal location, and other bandwidth utilizations.
The edge node is further configured to determine whether the available virtual resources satisfy a bandwidth threshold. The bandwidth threshold may be a latency delay. The bandwidth threshold may include a plurality of bandwidths associated with the application service to be provided.
The edge node selects available virtual resources to provide and host application services such that bandwidth utilization is minimized while a bandwidth threshold is met. According to an exemplary embodiment, an available virtual resource is selected that yields a minimum resource usage while satisfying a bandwidth threshold.
The edge cloud environment comprises a collaborative deployment module used for realizing the edge node which provides a hierarchical edge cloud platform and application service based on bandwidth utilization. The co-deployment module may be implemented as a standalone edge node, or as an access device in an access network or a computing device in an edge cloud platform.
A first tier edge cloud platform may be integrated with access devices of a particular geographic region of an access network, a second tier edge cloud platform may be integrated with edge nodes of a backhaul network, and a third tier edge cloud platform may be integrated with core devices of a core network. In view of the above architecture, the first tier edge cloud platform may have lower latency than the second and third tiers. Additionally, the second tier edge cloud platform may have a lower latency than the third tier.
In performing a connection procedure by the terminal, the access network, and the core network, various types of connection messages may be exchanged between the terminal and the network. The core device may send the hosted configuration file to the collaborative deployment module through the access network or the first layer edge cloud platform, or send the hosted configuration file to the collaborative deployment module after the connection is completed.
For the hosted configuration file, attribute information and subscription information representing the terminal may be included, for example, representing the type of the terminal, including whether the terminal is an internet of things device or a mobile device. The subscription information may indicate a radio access type or class, and control parameters related to quality of service.
In response to the collaborative deployment module receiving the hosted configuration file, the collaborative deployment module determines access rights available to the terminal based on the hosted configuration file. For example, internet of things devices may not be allowed access to edge cloud platforms that are far away from the edge. Or the user device may be allowed access to any edge cloud platform, including, for example, tier one to tier three, and have priority to access the tier one edge cloud platform due to subscription level, application service type used by the user device, or terminal attribute information included in the hosting profile. Thus, the collaborative deployment module may determine which networks in the hierarchical edge cloud platform the endpoint may access based on the hosted configuration file.
The collaborative deployment module may also select available application services that the terminal may access based on the hosted configuration file. For example, the hosted profile represents a number of application services that the terminal may access. The hosted profile may include historical information related to the application or service used. The terminal may be restricted to accessing a collection of applications or services based on subscription information in the hosted profile. The co-deployment module further selects free virtual resources based on available primary network information, thereby enabling hosting of available services.
The collaborative deployment module is further configured to calculate a total bandwidth utilization of the idle virtual resources and determine whether the bandwidth demand satisfies a threshold service demand. For example, the bandwidth parameter value stored in the service requirement field is compared to a threshold service requirement. The threshold service requirement is a minimum service requirement parameter of the management configuration and a relevant value of the available service.
The cooperative deployment module of the present invention further supports node cooperative service delivery for delivering secure, geo-location and content-driven based services. The method may be run on a general purpose node. The general-purpose node can run a combination of a plurality of heterogeneous application services and a plurality of security domains, and the security isolation of the general-purpose node from each other is guaranteed.
In the edge cloud platform of the invention, the tenant application service is used for executing one part of the application service, and other parts can be executed by other edge nodes, particularly operated by an edge cooperative node. The access to the node resources is managed through the edge cloud platform, so that the safety and the stability of the host are improved. The edge node may be implemented as a rack-mounted blade integrated with a base station of a wireless provider. For example, in a wired network scenario, an edge node may be located at a wired network node with a cable service provider to provide edge computing resources to client user devices.
The application service first requests a set of life cycle data from the user equipment application. The data set may include a specification of, for example, secret-related data (e.g., personal information of the user), secret-related code (e.g., algorithms and programs that need protection), secret-related levels, security keys, or other information that may be used by the edge cloud platform manager or edge nodes to protect application services.
The edge collaboration node or edge cloud platform manager may include a security capabilities repository to enable analysis of application services, including comparing actual delays to predefined delays, testing communication security. Based on the analysis of the knowledge base, false indications of security or performance measures are avoided. The edge cloud environment application is configured to coordinate an edge cloud platform manager such that application services cannot be redirected to untrusted edge nodes.
The edge node provides secure location-based services to user equipment or other terminal units. The geographical location or other data is calculated and communicated to the user equipment application. The user equipment application may request the edge coordination node through the data set to deploy the application-specific virtual resource to the appropriate edge node.
In one embodiment, the trusted computing environment runs respective algorithms and logic in the secure partition using the security credentials of the tenants of the edge cloud platform. The trusted computing environment generates a key to encrypt data, thereby achieving privacy protection and transaction security. The edge cloud environment application may allocate storage to virtual resources of a particular application.
In a high availability scenario, such as a car networking service, the edge cloud platform manager may initiate virtual resource migration from the central data center to the edge. For example, interactions between neighboring vehicles on a road require lower latency. At this point, a new service virtual resource is instantiated at the edge node to provide the virtual resource closest to the user's particular geographic location without migrating the application service to the data center. In one embodiment, a root of trust for operating a cryptographically-related virtual network file system is based on a node in each virtual resource, and the node provides memory encryption, integrity, and replay protection services based on a node key.
In one embodiment, the application service request is routed to the edge cloud platform through the edge coordination node. Wherein routing the application service to the particular edge cloud platform may be based on a communication distance of the user device and the edge cloud platform. And application services are instantiated in an isolation container on the edge cloud platform. In one embodiment, the isolation container is a container or a virtual machine. In a preferred embodiment, instantiating the application service in the isolation container includes using the trusted execution environment of the edge cloud platform to prevent access to the data or code of the application service from other environments hosted by the edge cloud platform. For example, to prevent access to data or code, the trusted computing environment uses virtual memory mapping to prevent memory access between isolated containers.
To prevent access to the data or code, the trusted computing environment encrypts the data before storing the data in memory of the edge cloud platform. As part of the isolation container instantiation, the trusted computing environment generates a specific key for the application service.
According to a further embodiment, the collaborative deployment module provides a portion of an application hosted by the edge cloud environment. For example, for an application that provides multiple functional modules, at least one of the functional modules may be hosted by an edge cloud environment and the remaining functional modules may be hosted by an edge node outside of the edge cloud environment. The partitioned applications may include autonomous driving functions hosted by the edge cloud environment, while other functions, such as vehicle diagnostics, navigation, etc., are hosted by the outer edge nodes. The edge cloud environment may also host functionality of the partitioned target application based on criteria other than communication metrics. Thus, application function modules hosted by an edge cloud environment may require less latency or higher priority, service level, or throughput, while application function modules hosted outside of an edge cloud environment may not require the same degree of communication metrics.
According to a further embodiment, the co-deployment module further comprises a security service for authenticating edge nodes located outside the edge cloud environment. The collaborative deployment module acquires subscription information of service providers for dividing applications and provides the subscription information to the core network. In addition, the collaborative deployment module invokes creation of policy information related to another type of edge node.
In response to a triggering event, the collaborative deployment module verifies availability of network resources of the edge cloud environment for hosting the functional modules of the partitioned application. The co-deployment module provides functionality provided by the edge cloud environment when network resources are available. For example, the co-deployment module manages or edge communications between the cloud environment and the external edge nodes of the hosted partitioned application. The functionality of the partitioned application hosted by the edge cloud environment may be pushed from an external edge node or pulled by the edge cloud environment and executed by the allocated network resources of the edge cloud environment. The co-deployment module provides functionality hosted in the edge cloud environment according to the subscription and policy information. Finally, the divided application function modules can be provided to the end user through the edge cloud environment.
Therefore, the network bandwidth utilization rate in the network can be improved through the layered edge cloud platform and the application service based on the bandwidth utilization. For example, the application service may select and provide an application service with a minimum network resource usage and meeting bandwidth requirements associated with the application service. In addition, using the hosted profile of the terminal to select an available network may allow the application service to provide the application service in a predictive manner and reduce latency.
It should be apparent to those skilled in the art that the modules or steps of the present invention described above can be implemented in a general purpose computing system, centralized on a single computing system, or distributed across a network of multiple computing systems, and optionally implemented in program code that is executable by a computing system, such that the modules or steps can be stored in a storage system and executed by a computing system. Thus, the present invention is not limited to any particular node and software combination.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or illustrative of the principles of the present invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundary of the appended claims, or the equivalents of such scope and boundary.

Claims (4)

1. A node cooperation method based on edge cloud computing is characterized by comprising the following steps:
receiving a first application service request and a second application service request;
instantiating a first application service in an isolation container on an edge computing platform, using a trusted execution environment of the edge computing platform to prevent access to first data or code of the first application service from other environments hosted by the edge computing platform, wherein the trusted execution environment encrypts the first data or code prior to storing the first data or code in memory;
instantiating the second application service in the isolation container of the edge computing platform, using the trusted computing environment to prevent access to second data or code of the second application service from the first application service, the trusted computing environment encrypting the second data or code prior to storing the second data or code in the memory;
executing the first application service or the second application service in an isolation container;
wherein upon instantiation of a first application service and a second application service in an isolation container on an edge computing platform, the trusted computing environment generates a first service key and a second service key, wherein the first service key is used for encryption of the first data or code and the second service key is used for encryption of the second data or code.
2. The method of claim 1, wherein the trusted computing environment uses virtual memory mapping to prevent memory access between isolation containers.
3. The method of claim 1, wherein the first application service request or the second application service request is routed to the edge computing platform through an edge coordination node, the routing based on a communication distance of a user device and the edge computing platform.
4. The method of claim 1, wherein the application service request is from a first user equipment; the second application service request is from a second user equipment.
CN202110374467.2A 2021-04-07 2021-04-07 Node cooperation method based on edge cloud computing Pending CN115190131A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110374467.2A CN115190131A (en) 2021-04-07 2021-04-07 Node cooperation method based on edge cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110374467.2A CN115190131A (en) 2021-04-07 2021-04-07 Node cooperation method based on edge cloud computing

Publications (1)

Publication Number Publication Date
CN115190131A true CN115190131A (en) 2022-10-14

Family

ID=83512146

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110374467.2A Pending CN115190131A (en) 2021-04-07 2021-04-07 Node cooperation method based on edge cloud computing

Country Status (1)

Country Link
CN (1) CN115190131A (en)

Similar Documents

Publication Publication Date Title
US11272569B2 (en) System and method for sharing multi-access edge computing resources in a wireless network
EP3461087B1 (en) Network-slice resource management method and apparatus
US11095731B2 (en) System and methods for generating a slice deployment description for a network slice instance
CN110832827B (en) Network slicing method and system
US10824454B2 (en) 5G dynamic slice and network identity instantiation, termination, and access management system and method
CN115119331A (en) Reinforcement learning for multi-access traffic management
CN114567875A (en) Techniques for radio equipment network space security and multiple radio interface testing
US10575300B2 (en) Bandwidth control method and bandwidth control device
US11716627B2 (en) Trusted 5G network slices
US20220407890A1 (en) Security for 5g network slicing
US11855977B2 (en) Systems and methods for configuring a network function proxy for secure communication
US20220094690A1 (en) Trusted and connected multi-domain node clusters
CN113114656B (en) Infrastructure layout method based on edge cloud computing
Casetti et al. Arbitration among vertical services
CN110677838A (en) Service distribution method and device
CN115211159A (en) Allocation resources of network slices
US20230092245A1 (en) Resistance to side-channel attacks on 5g network slices
CN115190131A (en) Node cooperation method based on edge cloud computing
CN117322062A (en) 5G admission by validating sliced SLA guarantees
US11689447B2 (en) Enhanced dynamic encryption packet segmentation
CN115190034B (en) Service deployment method based on edge cloud computing
Nguyen et al. Location-aware dynamic network provisioning
US11973666B1 (en) Systems and methods for using blockchain to manage service-level agreements between multiple service providers
US11778041B1 (en) Systems and methods for preventing abuse of traffic categories and network slices by applications
US20230421472A1 (en) Systems and methods for monitoring performance of a network slice and mitigating load on the network slice

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination