Transparent Computing

A Multilevel Access Control Scheme for

Data Security in Transparent Computing

Tao Peng | Central South University, China

Qin Liu | Hunan University
Guojun Wang | Guangzhou University

The Multilevel Access Control Scheme in Transparent Computing (MACTC) can protect user data
by providing different security levels, while offering multilevel access control and valid identity
authentication. The proposed scheme is effective in multilevel data security, flexible in authorized
resource sharing, and secure against various malicious attacks.

I
n recent years, computing paradigms have evolved along with the rapid development of computer
networks and information technologies. Transparent computing1–3 is an emerging technology that
lets users enjoy user-controlled services by extending the stored program concept in the von Neumann
architecture spatiotemporally into networking environments. Transparent computing loads a variety
of heterogeneous OSs and applications dynamically on different devices. This feature lets users focus on
the available application services without worrying about which physical device will be used or on which
OS it should be run.
This new mechanism comes with many advantages for information security.4,5 Centralized manage-
ment on servers brings convenience to the protection of user data and reduces the risk of information
leakage and data theft. However, transparent computing also brings new challenges to service reliability
and security: OSs, applications, and data are centralized on servers and shared by all users. Imagine a
scenario in which an enterprise uses transparent computing as its office system. Some information (files,
tables, data, and so on) will be produced during day-to-day work and will have different security levels

46 Computing in Science & Engineering 1521-9615/17/$33.00 © 2017 IEEE Copublished by the IEEE CS and the AIP January/February 2017
and access permissions. For example, open files can
be shared with everyone, but some sensitive tables
might be revealed only to specific users and some
private personal information won’t be disclosed to
anyone. Thus, according to their sensitivity, users
will have to classify information into three catego-
ries: public information, sensitive information, or
private information. Users in transparent comput-
ing reserve zero storage space on their clients; all
execution results and data must be stored on trans-
parent servers (TSs). But without user consent,
the data stored on servers could be abused or mis-
used by unauthorized accesses or server managers.
Therefore, a secure protection scheme is imperative
to encrypt each user’s private information before
storing it on TSs, and that scheme should protect
user information with multilevel security, provid-
ing precise access control as well. Some existing
multiple-receiver encryption schemes use attribute-
based encryption (ABE)6,7 to achieve multilevel
confidentiality and fine-grained access control, but
these methods have high computation costs due
to bilinear map operations during encryption and
decryption. Moreover, effective user revocation is
an intractable issue in these schemes because the
data should be re-encrypted when privilege is re-
voked.8 How to protect multilevel data security
and achieve authorized resource sharing in an ef-
ficient and flexible way in such an environment has
become a problem.
In this article, we propose a Multilevel Ac-
cess Control Scheme in Transparent Computing
(MACTC) to protect user data with different se-
curity levels. The proposed scheme introduces an
authentication server (AS) that acts as an authenti-
cation authority to perform multilevel access con-
trol and identity authentication, dealing with user
data access, storage, transmission, and processing
in a transparent computing environment.
System Model
MACTC has three parts: the user/TC (transparent
client), the AS, and the TS; Figure 1 shows the pro-
posed scheme’s frame structure.
In our scheme, we regard a user and a TC as one
party after successful verification between them. We
introduce an AS, a third trust party (TTP)-based
entity, into the scheme, which is located in front of
the TSs. The AS’s task is to authenticate a legitimate
user and verify his or her read and write permissions
to the protected data. We assume that the AS is de-
ployed in a small- or medium-sized business that
does its general work in a transparent computing
www.computer.org/cise 
Personal DB
TC1
TC2
TS1 TS2
TC3
Network
communication
TCn AS
TS3 TSn
Figure 1. System configuration of our proposed Multilevel Access Control
Scheme in Transparent Computing (MACTC). MACTC has three parts:
the user/TC (transparent client), the authentication server (AS), and the
transparent server (TS).
environment. For ease of explanation, we only use
a single AS in this article, but multiple ASs can be
deployed as necessary.
In consideration of the diversification of user
demands in transparent computing environments
(users only need basic username/password authenti-
cation while using a personal desktop but could re-
quire different biometric information for enhanced
security while using mobile devices), we use a selec-
tive multimodality biometric strategy to validate an
individual’s identity, including fingerprint, palm-
print, voice, image, and so on. Users can choose a
biometric input modality for identity authentica-
tion according to their hardware and software plat-
forms or environments.
Technique Preliminaries
Transparent computing is aimed at providing a
cross-platform experience for users transparently and
seamlessly. All resources (including OSs) are stored
on remote TSs, with TCs acting as lightweight, al-
most bare-bones computers. Managed by the trans-
parent OS, META OS,9 the instance OS and other
resources can be delivered through the network and
requested on demand for local execution in a block-
streaming way.
According to sensitivity, users classify infor-
mation into one of three categories, A, B, or C, as
follows: A level is public information and is shared
with all legal users, so anyone in the system can
access it. B level is sensitive information, is partly
public, and is shared with authorized users, such
as authorized colleagues and team members; the B
level of information must be encrypted with dis-
tinctive encryption keys. C level is private informa-
tion, not public, and can’t be shared with anyone;
the C level of information can be protected with
47
Transparent Computing
Users can set up their routine daily information with the
fixed level in advance when they enroll in a transparent
computing office system (other information is optional). In
this way, users can control their own information themselves.
encryption and decryption by the user him- or
herself, and encryption keys shouldn’t be revealed
to anyone. The classifying standard is determined
by a user with a subjective standard. Users can set
up their routine daily information with the fixed
level in advance when they enroll in a transpar-
ent computing office system (other information is
optional). In this way, users can control their own
information themselves.
We use the polynomial generated by the AS
to verify the user’s privilege to access each file of
the corresponding security level in the database
(DB). Similar to other related work,10 we propose
the following access control polynomials for our
MACTC scheme:
LPi = ri1 + (x – Bi){ri2 + (x – Ci)},(1)
Bi = h(bi), Ci = h(ci) + h(BTi),(2)
BLi = LPi(Bi) = ri1, and (3)
CLi = LPi(Ci) = ri1 + ri2(Ci – Bi)2),(4)
where ri1, ri2 are random numbers, and BLi, CLi are
access control polynomials generated by the AS to
control a user i’s access to the B and C levels of
data. We define Bi, Ci as level authentication iden-
tifiers, which means they’re accessible to user i.
With the level authentication value bi, ci retrieved
from the AS, a user i has the chance to obtain the
correct Bi, Ci using Equation 2 to verify validity
and get privileges to the B and C levels of data. To
retrieve the private C level of data, a user has to
provide a biometric for the terminal device, and
the TC captures template information and com-
putes hash values of it, h(BTi). Only when the user
provides a biometric whose hash value matches the
one stored on the AS can he or she pass the valida-
tion process. In this way, the scheme can guarantee
security of the C level of data.
For each file in the B level of data for user i, de-
fined as BFij, the user can designate a set of l users
to share the file. The AS will generate the following
polynomial for file-level access control, when each
48 
file is successfully saved to the personal database on
the TS:
FPij = ri1(x – u1_BFij)(x – u2_BFij)…(x – ui_BFij)…
(x – ul_BFij) + ri2,(5)
where ri1, ri2 are random values, i, j (j < m, m is the
total number of B level of files), and l (l < n, n is
the total number of users) are positive integers. The
polynomial FPij is a l-degree polynomial, meaning
it controls the set of users who can access the jth file
for user i’s B level of information. We define ul_BFij
as the file authentication value, which user l can get
from the AS to access the jth file in the B-level data
of user i. For all 1 ≤ j ≤ m, we set ui_BFij = bi,
which means the user i can access all his or her own
files in the B level of data, just by providing the level
authentication value, bi.
Proposed Scheme
Now that we’ve described some of the background,
we can present more details about the MACTC
scheme, which includes the registration, login,
multilevel access control, and password or authori-
zation change phases.
Registration Phase
The process of registration phase is as follows:
■■ R1. User i chooses his or her identity (IDi) and
password (PWi) for registration, and then enters
a biometric (including image, fingerprint, or
palmprint information, denoted as (Ii, Fi, Pi))
into the scanner-embedded device or records
his or her voice (denoted as Vi) on the record-
ing equipment in the TC, which captures and
stores the biometric template as BTi.
■■ R2. User i encrypts the information with the AS’s
public key, pkas, which is E ∗pkas ( IDi , h( PWi ), h( BTi )),
where h(·) is a collision-resistant hash function.
■■ R3. User i sends registration information to
the AS. The message from the user to the AS is
MSGU 2 A = { E ∗pkas ( IDi , h( PWi ), h(BTi ))}.
■■ R4. The AS decrypts the message with its pri-
vate key, then checks its user list and confirms
January/February 2017
 the validity of the registration request. If i is
a fresh registrant, the AS encrypts the user’s
registration as E kas ( h( PWi ), h( BTi )) and then
creates a new entry, storing the registration
information of i. Otherwise, IDi exists in the
user list, and the AS returns the information
“IDi already exists” to user i.
Login Phase
After user i registers to the AS, when i wants to log
in to the server, the login and authentication phase
works as follows:
■■ L1. User i chooses the biometric modality
he or she wants to use according to the TC’s
hardware configuration and environment, and
then enters biometric information, such as
fingerprint, palmprint, voice, image, and so
on, which the TC captures as template infor-
mation I i*, Fi *, Pi *, and Vi *, respectively.
■■ L2. User i inputs his or her password PWi * and
biometric BTi *. The TC verifies the values of
them with the PWi and BTi, which were stored
during the registration phase, and checks whether
h( PWi ) = ? h( PWi * ), h( BT )i = ? h(BTi * ). If they
aren’t correct, i reenters them.
■■ L3. User i randomly generates a value, α, with the
same size as the hash value’s output, which will be used
as a session key and a masking value. The random
value should be generated every session and should
be different every time. Then, the TC computes
a = E ∗pkas (t ), b = h( PWi * )α + t , c = h( BTi * ) + α
and d = h(a|b|c), where pkas is the public key of
the AS. In the expression of b, we add the time-
stamp t to the value of h( PWi * )α. The reason
is that h( PWi * ) is a constant parameter, so if
b = h( PWi * )α, an attacker could obtain the
common factor from successive attacks on b.
■■ L4. User i sends his or her login request and re-
lated information to the AS. The message from
user to the AS is MSGU2A = {a, b, c, d}.
■■ L5. The AS performs an integrity check of the
message by d = ?h(a|b|c).
■■ L6. Upon receiving the message from user i,
the AS decrypts a = E ∗pkas (t ) with its private
key skas and checks t ∈ TTL (time to live).
■■ L7. If all verifications are successful, the AS
decrypts the user i’s registration information
E kas ( h( PWi ), h( BTi )), which is stored in the AS
database.
■■ L8. The AS computes the value of α by α = (b − t ) (h(PW )),
i ul, with which user l can access the jth file of the
where h(PWi    ) is the decrypted value from point L7.
As long as h( PWi * ) = h( PWi ), the AS can get the
www.computer.org/cise 
correct α. With this α, the AS computes h( BTi * ) by
h(BTi * ) = c − a. Then, the AS checks if the h( BTi * )
matches the biometric template in its database.
■■ L9. User i logs in successfully if he or she can
pass all of the above validation steps.
Multilevel Access Control Phase
We introduce multilevel access control from the
processes of writing, reading, and updating files in
three categories. For write files:
■■ MW1. If user i tries to save his or her data
into the remote TS, referring to the B and C
levels of files, he or she should encrypt them
on the TC before uploading the information,
E k BFij ( BFij ); E k CFij (CFij ),
where BFij, CFij are the jth files of i’s B and C levels of
data, and k _BFij and k_CFij are their secret keys. Here-
after, we assume x = E k BFij ( BFij ); y = E k CFij (CFij ).
■■ MW2. User i names the specific users to share
this B level of data. The set of privileged users
can be represented by Ui = u1, u2, …, ul .
■■ MW3. User i encrypts the requirement us-
ing session key α, which is generated dur-
ing the login phase, and sends the following
message to the AS: MSG U2A = {E α (w_B ij, x,
Ui ; w_C ij, y)}.
■■ MW4. The AS decrypts the message with α,
implements i’s demand, and then transfers the
queries to the corresponding TS in the form of
E kat ( x , y ), where kat is a secret key shared be-
tween the AS and the TS. The message from
the AS to TS is MSG A 2T = { E kat ( x , y )}.
■■ MW5. Upon receiving the message from the
AS, the TS decrypts it with kat and executes the
task of writing files in user i’s database. Dur-
ing this process, the data exists in the form of
encryption; neither the AS nor the TS can read
the plaintext file.
■■ MW6. Once the files are successfully saved in
the TS database, the AS will generate a multi-
level database access control polynomial LPi via
Equation 1 and file-level database access con-
trol polynomial FPij via Equation 5.
■■ MW7. The AS returns level authentication val-
ues bi and ci to user i and then distributes file
authentication values {ul_BFij} to users u1, u2, …,
B level of data from user i’s DB. The message
from the AS to the user is MSGA2U = {E α(bi, ci)}.
49
Transparent Computing
For read files, a user can access his or her own
personal DB with the level authentication values
and access other personal DBs with file authentica-
tion values. Let’s illustrate the process of reading
files with an example: user i tries to retrieve the jth
file of the B and C levels of information from his or
her own DB and another user o’s B level of data in
o’s personal DB:
■■ MR1. Using the session key α, user i encrypts
the query message, including the level authen-
tication values bi, ci and the file authentication
value ui_BFoj, which i can get from the AS once
i is appointed as one of the privileged users
for the jth file of o’s B level of data. For the C
level of data, i should also provide one piece of
biometric information, h( BTi * ). Then i sends a
message to the AS:
MSGU 2 A = { E α (r_Bij , bi ; r_C ij , ci , h( BTi * ); r_Boj , ui _BFoj )}.
■■ MR2. The AS decrypts the message, then
computes the level-authentication identifiers
Bi, Ci with the submitted bi, ci, and h( BTi * ):
Bi = h(bi ),C i = h(ci ) + h(BTi * ).
■■ MR3. The AS checks LPi(Bi) = ?BLi and LPi(Ci)
= ?CLi, where BLi, CLi are generated during the
write file phase in MW5. This access control
process is to verify whether or not user i has
permission to retrieve the corresponding level
of data in his or her own personal DB.
■■ MR4. The AS checks user i’s ability to access
someone else’s personal DB. The AS first checks
if IDi ∈ Uo, where Uo is the authorized user set
assigned by user o during his or her write file
phase in MW2. Then, the AS computes the
polynomial for file-level access control and
checks FPoj(ui_BFoj) = ?FPoj, where FPoj is gener-
ated when user o successfully saved his or her
jth file of the B level of data in a personal DB.
■■ MR5. If i has conformed to all the access
control rules, the AS queries the TS with
E kat (r_Bij , r_C ij , r_Boj ) , where kat is a secret key
shared between the AS and the TS.
■■ MR6. The TS decrypts the message with kat, con-
ducts the AS’s query, and returns results to the AS
with s, x, y, z, where s = h(x|y|z); x = E k BFij (BFij );
y = E k CFij (CFij ); and z = E k BFoj (BFoj ).The message
from the TS to the AS is MSGT2A = {x, y, z, s}.
■■ MR7. The AS checks information integrity with
s = ?h(x|y|z), then encrypts the results with a ses-
sion key and transfers them to i. The message
from the AS to the user is MSGA2U = {Eα(x, y, z)}.
■■ MR8. User i decrypts the message with α and
50 
gets the origin data with the encryption keys
k_BFij, k_CFij, k_BFoj, where the key k_BFoj
can be negotiated between user o and i. Fi-
nally, user i can obtain what he or she wants
as follows:
Dk_BFij ( E k_BFij ( x )) = BFij , C k_CFij ( E k_CFij ( y )) = CFij ,
Dk_BFoj ( E k_BFoj ( z )) = BFoj .
For update files, if the user wants to update his
or existing data in a personal DB with the B and C
levels of information, the user must first pass the
validation processing performed by the AS to get
permission to update files:
■■ MU1. User i sends a request and related au-
thentication values to the AS. Before submit-
ting the message, he or she encrypts it with a
session key. The message from the user to the
AS is MSGU2A = {E α(q)}, where
q = {u_Bij , E k_BFij (uBFij ), bi ; u_C ij , E k_CFij (uCFij ), ci , h(BTi * )},
and uBFij and uCFij are the updated files of i.
■■ MU2. The AS decrypts the message, then
computes the level-authentication identifiers
Bi, Ci with the submitted bi, ci, and h( BTi * ):
Bi = h(bi ),C i = h(ci ) + h( BTi * ).
■■ MU3. The AS checks LPi(Bi) = ?BLi and
LPi(Ci) = ?CLi, where BLi, CLi are generated
during the write file phase in MW5. This pro-
cess is to verify whether user i is allowed to
update the corresponding level of data in a per-
sonal DB or not.
■■ MU4. If the authentication is successful, the AS trans-
fers the encrypted latest information with kat to the TS.
We set x ' = E k_BFij (uBFij ); y ' = E k_CFij (uCFij ) .
The message from the AS to the TS is then
MSG A 2T = { E kat ( x ', y ')}.
■■ MU5. Upon receiving the message from the
AS, the TS decrypts it and performs the proce-
dure of updating files.
Password or Authorization Change Phase
For a password change,
■■ P1. User i presents a password change request
to the registration server AS, and then after
i logs in to the system, he or she has to pro-
vide the original password PWi and biomet-
ric information to authenticate on the AS:
MSGU 2 A = { E α ( h( PWi ' ), h( PWi * ), h(BTi * ))} .
■■ P2. The AS decrypts stored registration infor-
mation in his database and checks the hash
January/February 2017
 value of the password and biometric against the
stored one.
■■ P3. If the verification results are correct, the
AS conducts the update of i’s password and
encrypts the latest information with his or
her private key, then replaces the one in the
database.
When user i wants to revoke someone’s privi-
lege or change the set of authorized users for the
jth file of his or her B level of information, i should
negotiate with the AS:
■■ A1. User i presents the authorized user modi-
fication request for his or her B-level file, and
then after logging in to the system, provides
the level authentication value bi to pass the
verification procedure on the AS.
■■ A 2. The AS validates user i and checks
LPi(bi) = ?BL i .
■■ A3. If the verification is successful, the AS up-
dates the set of authorized users Ui and changes
the corresponding file-level access control poly-
nomial FPij for user i’s jth file. Disqualified us-
ers can’t access this file anymore because the
authorized user set and polynomial have been
changed.
Performance Analysis and Evaluation
Now let’s review our scheme’s performance analysis
and evaluation.
Performance Analysis
Our scheme has four phases, so we focus on
the performance of the login and access control
phases because they’re the principal parts of the
proposed protocol and should be implemented
for each session. Specifically, we focused on the
MACTC protocol’s performance from the TC,
AS, and TS angles. We believe that the most ex-
pensive computations are the asymmetric encryp-
tion E ∗(K, X ) and asymmetric decryption D ∗(K,
Y ), abbreviated as E ∗ and D ∗, then the symmetric
encryption E(K, X ) and the symmetric encryp-
tion D(K, Y ), abbreviated as E and D, and finally,
the one-way hash function h(·), abbreviated as H.
In the following analysis, we focus on these three
operations because the others, such as modular
multiplication, concatenation, XOR operation,
and so on, require very few computations; thus,
we ignore their computation costs here. The bio-
metric authentication process is much more af-
fected by environmental factors (such as diverse
www.computer.org/cise 
Table 1. Performance of login and access control phases.
Access control
Entity Login Write Read Update
Transparent client E* + 3H 2E + D E+D 2E
Authentication server D* + D + H 3E + D 2E + D + H E+D
Transparent server 0 D D+H D
TCs and extraction methods or matching algo-
rithms), rather than by the scheme we designed.
We didn’t develop a new biometric authentica-
tion algorithm but instead use a known efficient
method; thus, we exclude it from our perfor-
mance analysis.
During the login phase, the TC should submit
the encrypted timestamp, the user’s hashed pass-
word, and a biometric. From the AS side, it first
needs to conduct an integrity check on the mes-
sage, decrypt the timestamp to check the TTL, and
then decrypt the user’s stored registration informa-
tion to perform identity authentication. Hence, the
proposed protocol needs 3H + E ∗ computations on
the user side and H + D ∗ + D computations on the
AS side during the login phase.
During the access control phase, performance
depends on the attribute and amount of data that
a user wants to store or retrieve. We take as an
example a user trying to write, read, and update
his or her B-level file on the TSs to illustrate com-
putation performance. This level of information
should use encryption or decryption when up-
loading or downloading from the TSs. Messages
between the TC and the AS are encrypted by a
session key, and messages between the AS and
the TSs are encrypted by the shared key. When
getting results from the TSs, the AS and the TS
should check message integrity. Especially in
this phase, the AS needs to generate or verify LPi
and FPij to conduct access control for the B and
C levels. LPi is a three-degree polynomial whose
computation time is relatively low. The FPij is a
one-degree polynomial, if the number of autho-
rized users is one. We can build FPij based on the
Equation 5 and set each factor of the polynomial
as a distinct floating point number. The running
time of generating and calculating these polyno-
mials is negligible. Table 1 shows the computa-
tion overhead on the TC, the AS, and the TS.
The communication cost of authentication
includes the cost of transmitting the messages
involved, which in our scheme, relies to a large
extent on the information that users want to ac-
cess. For all implementations throughout the
51
Transparent Computing

Table 2. Computation costs.

Messages(bytes) Files (Kbytes)
Processing 32 64 128 512 1,024 1 100 500 1,000 5,000
E* (ms) 117 117 118 120 125 N/A N/A N/A N/A N/A
D* (ms) 7 17 20 50 93 N/A N/A N/A N/A N/A
E (ms) 83 85 88 93 98 97 147 253 386 1,482
D (ms) 0.8 0.8 1 2 3 3 28 92 176 862
H (ms) 7 8 9 11 16 13 17 21 30 101

MACTC’s four phases, the authentication and
access control methods such as password, biomet-
ric, audiovisual, and access control polynomials
are applied by only a one-round protocol. If one
of these verification processes fails, the protocol
would terminate. This is the minimum number
of rounds to achieve authentication, data sharing,
and access control processes, as well as all other
functions. Therefore, we can say that communica-
tion overheads for the TC, the AS, and the TS are
reasonable in the proposed scheme.
time. It takes 0.1 seconds of encryption time and
0.003 seconds of decryption time for a 1-Kbyte
message, and 0.4 seconds of encryption time and
0.2 seconds of decryption time for a 1,000-Kbyte
file. From the user side, the encryption and de-
cryption are performed once or twice each session
(depending on the operations used), so we can
say the computation overheads of our scheme are
reasonable.

Evaluation
We evaluated the MACTC scheme’s perfor-
O ur goal is to provide security management for
mance in terms of running time for various
operations in each phase. Our experiments are
implemented with Java Development Kit (JDK)-
1.7 and the Eclipse integrated development en-
vironment (IDE), running on a local machine
with an Intel Core-i5 2.5 GHz, 2 Gbytes R AM,
and Window7 OS. The performance of the in-
volved phases depends on the size of messages
and files, so we set message sizes to 32, 64, 128,
512, and 1,024 bytes and files sizes to 1, 100,
500, 1,000, and 5,000 Kbytes. We use the asym-
metric encryption algorithm RSA to treat short
messages. Specifically, the encryption data of
RSA includes two parts: MSGU2A in Step R3 and
the timestamp t in Step L3. We use the symmet-
ric encryption algorithm 256-bit AES to encrypt
messages and files, and hash function 256-bit
SHA to ensure data integrity. Table 2 shows the
computation costs.
From the evaluation, we found that the most
expensive operation is asymmetric encryption,
which takes about 0.1 to 0.2 seconds to encrypt a
short message, but Table 1 shows that this opera-
tion must be performed only once during the login
phase. The running time of a hash function (256-
bit SHA) is no more than 0.02 seconds for mes-
sages and about 0.03 seconds for a 1,000-Kbyte
file. The symmetric encryption and decryption
(256-bit AES) consume most of the computation
user data access, storage, transmission, and
processing in transparent computing. In future work,
we’ll improve our scheme by deploying multiple ASs
to avoid the potential bottleneck between users and
the TSs, and ensure high availability of the system.
Acknowledgments
This research was supported in part by the National
Natural Science Foundation of China under grant num-
bers 61632009, 61472451, 61272151, and 61402161, the
International Science & Technology Cooperation Pro-
gram of China under grant 2013DFB10070, the Hunan
Provincial Science Technology Program of China under
grant 2012GK4106, and the Hunan Provincial Natural
Science Foundation of China under grant 2015JJ3046.
Guojun Wang is the corresponding author of this
article.
References
1. Y. Zhang and Y. Zhou, “Transparent Computing:
Spatio-temporal Extension on von Neumann Ar-
chitecture for Cloud Services,” Tsinghua Science and
Technology, vol. 18, no. 1, 2013, pp. 10–21.
2. Y. Zhang and Y. Zhou, “Transparent Computing:
A New Paradigm for Pervasive Computing,” Proc.
Ubiquitous Intelligence and Computing Conf., 2006,
pp. 1–11.
3. Y. Zhang and Y. Zhou, “TransOS: A Transpar-
ent Computing-Based Operating System for the
Cloud,” Int’ l J. Cloud Computing, vol. 1, no. 4,
2012, pp. 287–301.

52  January/February 2017
 4. Y. Zhang et al., “Information Security Underly-
ing Transparent Computing: Impacts, Visions and
Challenges,” Web Intelligence and Agent Systems, vol.
8, no. 2, 2010, pp. 203–217.
5. G. Wang et al., “Security from the Transparent
Computing Aspect,” Proc. IEEE Conf. Comput-
ing, Networking and Communications, 2014, pp.
216–220.
6. Q. Liu, G. Wang, and J. Wu, “Time-Based Proxy
Re-encryption Scheme for Secure Data Sharing in a
Cloud Environment,” Information Sciences, vol. 258,
2014, pp. 355–370.
7. G. Wang et al., “Hierarchical Attribute-Based En-
cryption and Scalable User Revocation for Sharing
Data in Cloud Servers,” Computers & Security, vol.
30, no. 5, 2011, pp. 320–331.
8. Z. Xia et al., “A Secure and Dynamic Multi-key-
word Ranked Search Scheme over Encrypted Cloud
Data,” IEEE Trans. Parallel and Distributed Systems,
vol. 27, no. 2, 2015, pp. 340–352.
9. Y. Zhang and Y. Zhou, “4VP: A Novel Meta
OS Approach for Streaming Programs in Ubiq-
uitous Computing,” Proc. Int’ l Conf. Advanced
Information Networking and Applications, 2007,
pp. 394–403.
10. H.-A. Park et al., “Combined Authentication-Based
Multilevel Access Control in Mobile Application for
Daily Life Service,” IEEE Trans. Mobile Computing,
vol. 9, no. 6, 2010, pp. 824–837.
Tao Peng is working toward a PhD in the School
of Information Science and Engineering at Central
South University, Changsha, China. Her research
interests include network and information security
issues. Peng received an MSc in circuits and systems
from Hunan Normal University. Contact her at peng-
tao_work@163.com.
Qin Liu is an assistant professor in the College of
Computer Science and Electronic Engineering at Hu-
nan University, China. Her research interests include
security and privacy issues in cloud computing. Liu re-
ceived a PhD in computer science from Central South
University. Contact her at gracelq628@hnu.edu.cn.
Guojun Wang is a professor at Guangzhou University,
China. Before joining Guangzhou University, he was a
professor at Central South University, China. His re-
search interests include network and information secu-
rity, the Internet of Things, and cloud computing. Wang
received a PhD in computer science from Central South
University. He’s a distinguished member of the China
Computer Federation and a member of IEEE, ACM,
and IEICE. Contact him at csgjwang@gmail.com.
Read your subscriptions through the
myCS publications portal at http://
mycs.computer.org.

Recognizing Excellence in High Performance Computing

Nominations are Solicited for the
SEYMOUR CRAY, SIDNEY FERNBACH, & KEN KENNEDY AWARDS

SEYMOUR CRAY COMPUTER ENGINEERING AWARD

Established in late 1997 in memory of Seymour Cray, the Seymour Cray Award is awarded to recog-
nize innovative contributions to high performance computing systems that best exemplify the creative
spirit demonstrated by Seymour Cray. The award consists of a crystal memento and honorarium of Deadline: 1 July 2017
US$10,000. This award requires 3 endorsements.
All nomination details available at
http://awards.computer.org

SIDNEY FERNBACH MEMORIAL AWARD

Established in 1992 by the Board of Governors of the IEEE Computer Society. It honors the memory
of the late Dr. Sidney Fernbach, one of the pioneers on the development and application of high per-
formance computers for the solution of large computational problems. The award, which consists of
a certificate and a US$2,000 honorarium, is presented annually to an individual for “an outstanding
contribution in the application of high performance computers using innovative approaches.” This
award requires 3 endorsements.

ACM/IEEE-CS KEN KENNEDY AWARD

Established in memory of Ken Kennedy, the founder of Rice University’s
nationally ranked computer science program and one of the world’s foremost experts on high-perfor-
mance computing. A certificate and US$5,000 honorarium are awarded jointly by the ACM and the
IEEE Computer Society for outstanding contributions to programmability or productivity in high per-
formance computing together with significant community service or mentoring contributions. This
award requires 2 endorsements.

www.computer.org/cise 53