Appl. Math. Inf. Sci. 6, No. 3, 729-736 (2012) 729

Applied Mathematics & Information SciencesAn International Journal

c⃝ 2012 NSPNatural Sciences Publishing Cor.

An Efficient and Secure Cloud-Based DistributedSimulation SystemHeng He1,2, Ruixuan Li1, Xinhua Dong1, Zhi Zhang2 and Hongmu Han1

1 School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China2 School of Computer Science and Technology, Wuhan University of Science and Technology, Wuhan 430065, China

Received: Feb. 15, 2012; Revised Apr. 20, 2012; Accepted May 5, 2012Published online: 1 August 2012

Abstract: For the deficiency of High Level Architecture (HLA), it is not well suited for large-scale distributed simulation systems. Toenhance the capability of HLA and satisfy the new requirements of large-scale distributed simulations, an efficient and secure cloud-based distributed simulation system, namely CDS, based on the cloud computing technology and HLA is proposed. CDS provides aservice-oriented simulation support environment. It can provide users with on-demand simulation resources, run simulations on thewide area network efficiently, realize share and reuse of simulation resources, improve load balancing capability of the simulation, andprovide security guarantee. Compared with previous simulation grid systems, CDS is efficient, secure, universal and practical. Fromthe view of technical implementation, key technologies of CDS are described in details. These technologies include: (1) an agent-basedinvoking and callback strategy in simulation run-time infrastructure, (2) resource management and scheduling schemes in managementcenter, (3) an efficient security scheme. Through developing CDS and a practical simulation application on it, the performance of CDSis evaluated and the results demonstrate the proposed system functionalities.

Keywords: Cloud computing, HLA, Simulation grid, Identity-based cryptography.

1. Introduction

The High Level Architecture (HLA) is a U.S.DoD-wideinitiative to provide architecture for support interoperabil-ity and reusability of all types of models for distributedinteractive simulations. HLA has been adopted by IEEEas an open standard, the IEEE 1516 [1]. It has experi-enced tremendous growth over the past few years, playingan increasingly critical role in all areas of science and en-gineering. However, with the development of large-scale,fine-granularity and long-time distributed simulation ap-plications, HLA cannot be well suited for these simula-tions gradually for its inefficient utilization of simulationresources, lack of load balancing capability, weak fault tol-erance capability, and complicated simulation deploymentprocess. Recent studies show that a “model-centered or-ganization mode” is required for the efficient executionof these advanced simulations [2], which makes the sim-ulation models fixed, organizes simulations by providingmodels on demand and runs simulations on the wide areanetwork efficiently, also provides security guarantee for

the simulations. However, HLA can not satisfy the newrequirements.

Simulation grid technology [3] has provided a con-siderable solution. Many domestic and foreign institutionshave done a lot of relevant researches. Some well-knownprojects include CrossGrid [4], DS-Grid [5], FederationGrid [6] and Simulation Grid [3]. However, most of theseresearches are in the scope of concept study, architectureand prototype system design, or in the specialized fields.In our prior work [7], we proposed a grid-based distributedsimulation platform for large-scale simulations, which canbe further enhanced in the aspects of security and effi-ciency. Thus, it’s necessary to do research on more uni-versal and practical technologies for large-scale distributedsimulation systems.

Cloud computing [8,9] is becoming a hot research fieldof information science. It provides an advanced comput-ing platform in which network users can access comput-ing services on demand anytime and anywhere. IntegratingHLA with cloud computing technology, we propose an ef-

∗ Corresponding author: e-mail: willam1981@gmail.comc⃝ 2012 NSP

Natural Sciences Publishing Cor.

730 Heng He et al.: An Efficient and Secure Cloud-Based Distributed Simulation System

ficient and secure Cloud-based Distributed Simulation sys-tem (CDS), which can enhance the capability of HLA andsatisfy the new requirements of large-scale simulations ef-fectively. It can provide users with on-demand simulationresources, run simulations on the wide area network ef-ficiently, realize share and reuse of simulation resources,improve load balancing capability of the simulation, andprovide security guarantee. Comparing with the existingsimulation grid systems, CDS is efficient, secure, univer-sal and practical. In the rest of the paper, we first introducesome preliminaries related to the proposed research, andthen describe the architecture of CDS and its key technolo-gies in details. At last we evaluate the system performance.

2. Preliminaries

2.1. High Level Architecture

The HLA is a standard architecture upon which one maydesign and integrate application-specific simulators. Kuhlet al. [10] succinctly describe it as “. . . the glue that allowsyou to combine computer simulators into a larger simu-lation.” The HLA consists of a set of rules to which allcompliant applications must adhere, a common model forsharing data and documenting shared data, and an applica-tion program interface (API) for a Runtime Infrastructure(RTI) software system that integrates the individual simu-lators. RTI is the software that implements the HLA inter-face specification and runs the simulation. It contains sixmajor types of functions, based on which it can providemechanisms for managing time and data, and synchroniz-ing the interplaying simulators. The effort required to in-tegrate HLA-compliant simulators into larger simulationsystems is far less than that of integrating simulators thatare not designed in accordance with HLA specifications.More details of HLA and RTI can be found in [10].

In the HLA simulation, each individual simulator isnamed as a federate, which the HLA integrates togetherinto a collaborative simulation. All federates in the simu-lation form a federation.

2.2. Cloud computing

Cloud computing is the newly born Internet-based com-puting technique which integrates, optimizes and providescomputing ability, aiming to simplify the clients’ comput-ing jobs by the way of renting resources and services [8,9].Currently, there is no recognized authoritative definition ofcloud computing, for the agreement of the universal pro-tocol of cloud computing has not been reached. Generally,cloud computing is considered as the computing which isbased on the Internet and offers resources to the clients invirtualized, convenient, efficient, and underlying-process-acknowledgement-free ways.

Grid computing is also a popular distributed comput-ing technology which integrates resources to solve prob-lems over the Internet. Cloud computing is considered tobe the technology derived from grid computing with dif-ferent problem-dealing-aspects of processing but core con-cept unchanged. The paramount notion of grid comput-ing is collecting all available resources to solve problems(mainly scientific ones) that individual computing centercannot deal with. The most famous case of grid computing,SETI@HOME, searches for extra terrestrial intelligenceusing the spare resources from the volunteer computersconnected to Internet all over the world. On the other hand,cloud computing aims to supply efficient, qualified ser-vices with part of the available large scale of computingresources.

Cloud computing has many advantages in cost reduc-tion, resource sharing, time saving for new service deploy-ment. While in a cloud computing system, most data andsoftware that users use reside on the Internet, which bringsome new challenges for the system, especially securityand privacy. Since each application may use resource frommultiple servers. The servers are potentially based at mul-tiple locations and the services provided by the cloud mayuse different infrastructures across organizations. All thesecharacteristics of cloud computing make it complicated toprovide security in cloud computing.

2.3. Identity-based cryptography

Identity-based cryptographic (IBC) scheme [11] is a kindof public-key based approach, in which user’s identity isused as the public key. Compared with traditional public-key systems, such as PKI, IBC has some advantages, espe-cially for large-scale distributed applications. It can sim-plify the key management complexity significantly. Theencryption and decryption can be conducted offline with-out the key generation center (KGC). Hierarchical identity-based cryptography (HIBC) has been proposed in [12] toimprove the scalability of the standard IBC scheme, inwhich multiple KGCs are used to cooperatively allocatehierarchical identities to users in their domains. RecentlyIBC and HIBC have been proposed to provide security forsome Internet applications. For example, applying IBC inthe grid computing and cloud computing security has beenexplored in [13,14]. In the following, we briefly introducethe mathematical concepts that are required in this paper.

A. Bilinear pairingsBilinear pairings are the most commonly used primi-

tives in IBC and HIBC.Let G1 be an additive cyclic group of large prime order

q, G2 be a multiplicative cyclic group of the same orderand P be a generator of G1. A cryptographic bilinear mape is defined as e : G1 × G1 → G2 with the followingproperties:

Bilinear: e(aR, bS) = e(R,S)ab ∀R,S ∈ G1 and a, b∈ Z∗

q .

c⃝ 2012 NSPNatural Sciences Publishing Cor.

Appl. Math. Inf. Sci. 6, No. 3, 729-736 (2012) / www.naturalspublishing.com/Journals.asp 731

Non-degeneracy: For each R ̸= O ∈ G1, there existsS ∈ G1 such that e(R,S) ̸= 1, where O is the identityelement in G1 and 1 is the identity element in G2.

Computable: There exists an efficient algorithm to com-pute e(R,S) ∀R,S ∈ G1.

In general implementation, G1 is the group of pointson an elliptic curve and G2 denotes a multiplicative sub-group of a finite field. Typically, the mapping e is derivedfrom either the Weil or the Tate pairing on an elliptic curveover a finite field. We refer to [11] for more comprehensivedescription on how these groups, pairing and other param-eters are defined.

B. Computational problemsHere, we present some computational hard problems,

which will form the basis of security of IBC and HIBC.Discrete Logarithm Problem (DLP): Given two ele-

ments R,S ∈ G1, find an integer a ∈ Z∗q , such that

S = aR whenever such an integer exists.Computational Diffie-Hellman Problem (CDHP): For

any a, b ∈ Z∗q , given < P, aP, bP >, compute abP .

Decisional Diffie-Hellman Problem (DDHP): For anya, b, c ∈ Z∗

q , given < P, aP, bP, cP >, decide whetherc ≡ ab mod q.

Bilinear Diffie-Hellman Problem (BDHP): For any a, b,c ∈ Z∗

q , given < P, aP, bP, cP >, compute e(P, P )abc.Gap Diffie-Hellman Problem (GDHP): A class of prob-

lems, where DDHP can be solved in polynomial time butno probabilistic polynomial time algorithm exists whichcan solve CDHP.

3. System architecture

CDS extends HLA with cloud computing technology to re-alize the service-oriented simulation support environment.Figure 1 shows the system architecture of CDS. Simula-tion application layer includes various simulation appli-cations. Simulation cloud portal/tool layer provides inter-action environment between simulations and users. Sim-ulation model layer provides various simulation models,which are basic elements to construct simulations. The sim-ulation model is the abstract of a kind of simulators andmust be deployed to CDS. It is a cloud service and everyservice instance represents a federate. In this way, simula-tion models do not need to be placed on the local. Userscan invoke them on demand through service access overthe wide area network. And multi-users can access differ-ent instances of the same model service simultaneously.Services can communicate with each other in spite of thediversity of programming languages and platforms. Cloudinfrastructure layer exploits cloud platform [8,9] to inte-grate and operate various heterogeneous resources, and sup-ports the implementation of core service layer. Heteroge-neous resource layer includes various hardware and soft-ware resources like computing resources, storage resources,network resources, information resources, and so on. Theyare not directly exposed to the service layer, but discoveredand managed by the cloud platform. Core service layer

National economic

mobilization simulation

Simulation

application layerComplex logistics

command simulation

Various

military/civilian

simulation

Simulation application

portal

Simulation cloud

portal/tool layerSimulation

management portal

Simulation application

development

environment

CDS

Monitor

(CM)

Core service layer

Simulation

Fault Tolerance

and Migration

(T&M)

Data Collection

and Process

Replay (C&R)

Simulation

models

Simulation

model layer

Cloud

infrastructure

layer

Task managerResource

manager

Computing

resources

Heterogeneous

resource layer

Storage

resources

Network

resources

Information

resources

Other

resources

Resource

Requirement

Description

(RRD)

Simulation

Scene

Deployment

(SSD)

Cloud-RTIManagement

Center (MC)

User manager

Security

scheme

Security

manager

Service

container

Figure 1 CDS architecture.

is the most important part. It contains components thatcollaboratively implement the system functions, based onwhich CDS can support the entire simulation process ef-fectively. The core components work as follows.

The Cloud-RTI component encapsulates the functionsof the traditional RTI as cloud services to support large-scale simulations on CDS. CDS can also support simula-tions on traditional RTIs by connecting traditional feder-ates to the traditional RTI scheduled by Management Cen-ter. Thus CDS has good compatibility, which makes it uni-versal.

Management Center (MC) manages different versionsof RTIs and various types of simulation models. It providesregistration and query interfaces for them. MC also sched-ules appropriate RTIs and simulation model services forthe registered simulations. Using MC, we can realize shareand reuse of simulation resources effectively. The securityscheme provides efficient authentication and access con-trol solutions when users want to access simulation modelservices, thus protecting system security.

The CM component manages the whole simulation fed-eration effectively. The RRD component generates the re-source requirement document and the SSD component de-ploys model services to the appropriate cloud nodes ac-cording to the document. The C&R component can recordthe simulation data automatically and replay the process.The T&M component can implement the fault tolerant mech-anism, and migrate federates from overloaded nodes toother appropriate nodes to enhance the load balancing ca-pability of CDS.

4. Key technologies

The key technologies of CDS include the design of Cloud-RTI, MC and the security scheme, which make the sim-

c⃝ 2012 NSPNatural Sciences Publishing Cor.

732 Heng He et al.: An Efficient and Secure Cloud-Based Distributed Simulation System

ulation run efficiently and safely, and also support othercomponents in the core service layer effectively.

4.1. Cloud-RTI

Cloud-RTI adopts an agent-based invoking and callbackstrategy and encapsulates the traditional RTI (here we useCRTI [10]) to realize the cloud-based RTI using web ser-vice technology. Figure 2 shows the framework of Cloud-RTI. To explain the strategy of Cloud-RTI clearly, we alsodepict other relevant parts.

In Figure 2, users use the simulation cloud portal toregister simulation federation and federates at MC and startsimulation. During the simulation, the service-based feder-ates interact with Cloud-RTI effectively over the wide areanetwork. Cloud-RTI consists of four parts, which are HLAinvoking interface view, federate request agent, CRTI call-back agent and CRTI. HLA invoking interface view pro-vides cloud service interfaces, which implement the sixmajor types of functions of HLA specification. When afederate invokes the service interface of Cloud-RTI, fed-erate request agent delivers the request message to CRTI,invoking the CRTI function. CRTI callback agent receivesthe callback of CRTI, generates callback events and putsthem in the callback queue, which makes CRTI return fromcallback functions rapidly and improves the performanceof Cloud-RTI. Callback event processor executes the eventsand invokes the corresponding callback service interfacesof the federate. The federate request agent and CRTI call-back agent make the service-based federate interact withCloud-RTI effectively over the wide area network, thus,the whole simulation can run efficiently. The agent mecha-nism makes Cloud-RTI flexible and can integrate differenttraditional RTIs into Cloud-RTI for application require-ments, which makes CDS practical.

4.2. Management Center

MC is like glue in CDS. It contains resource integrationlayer and resource scheduling layer. The resource integra-tion layer interacts with simulation portals, various ver-sions of RTIs and simulation model services, accepting therequests of query or registration from these components.Users use simulation portals to register federations andfederates at MC and each federate has two different logicviews, which are a RTI-level view and an application-levelview. The two views describes the states of federates atRTI level and application level respectively. These statesare reported to MC by RTI and federates, and each viewhas three states: waiting, running, exit or finish. The re-source scheduling layer works as follows: when a user reg-isters a simulation federation, it refers to the provided pa-rameters and the current performance of RTIs, and thenadopts a scheduling mechanism based on the supported

Simulation cloud portal

Start and query views

HLA callback interface

view

FederateObject

HLA invoking interface

view

Federate request agent

CRTI callback agent

CallBack Queue

CRTI message

transmission

Ser

vic

e-b

ased

sim

ula

tio

n f

eder

ate

Clo

ud-R

TI

RTI Object

Reso

urce sch

edu

ling

layer

Reso

urce in

tegratio

n lay

er

Man

agem

ent C

enter (M

C)

Figure 2 The framework of Cloud-RTI.

federate number (SFN) to schedule an appropriate RTI dy-namically for the registered federation, thus achieving dy-namic load balance for the system. To implement the sim-ulation, the resource scheduling layer also schedules therequired simulation model services for the federation. TheSFN-based RTI schedule mechanism is described as fol-lows.

SFN refers to the number of federates which can bestill supported by RTI currently. SFN is calculated by thecurrent federate number (CFN) which is supported by RTInow, and the current performance of RTI, which includesmemory utilization α, CPU utilization β and network uti-lization γ. The sum of SFN and CFN is the maximumnumber of federates which can be supported by RTI.

Assume that when there are no federates running onthe RTI, the values of α, β, γ are α0, β0, γ0 respectively.To ensure that the system can run smoothly, the maximumvalue of α, β, γ are set to αmax, βmax, γmax. SFNα,SFNβ , SFNγ are the federate numbers which can be stillsupported by memory, CPU and network currently, whichare calculated as follows:

SFNα =αmax − α

α− α0× CFN (1)

SFNβ =βmax − β

β − β0× CFN (2)

SFNγ =γmax − γ

γ − γ0× CFN (3)

To ensure that the system can run smoothly, it’s re-quired that every resource cannot exceed its maximum.Thus, SFN is calculated by selecting the minimum amongSFNα, SFNβ , SFNγ , shown as follow:

SFN = MIN(SFNα, SFNβ , SFNγ) (4)

When the RTI first starts, there are no federates run-ning on it, then CNF = 0, α = α0, β = β0, γ = γ0, thusthe above formulas are not applicable in this case. Supposethat the numbers of federates which can be supported by

c⃝ 2012 NSPNatural Sciences Publishing Cor.

Appl. Math. Inf. Sci. 6, No. 3, 729-736 (2012) / www.naturalspublishing.com/Journals.asp 733

a unit of each resource are ∆α, ∆β , ∆γ respectively. Theinitial value SFN0 is calculated as follow:

SFN0 = MIN((αmax − α0)×∆α, (5)(βmax − β0)×∆β , (γmax − γ0)×∆γ)

To achieve dynamic load balance for the system, whenMC schedules a RTI for the simulation, it calculates SFNsof all registered RTIs according to their performance whichare reported by RTIs periodically, then selects the RTI withthe maximum SFN, and allots it to the simulation.

4.3. Simulation interaction flow

Figure 3 shows the interaction flow of a simulation carriedout in CDS. Firstly, various simulation model services andRTIs are registered at MC (step 1 and 2). Then a simula-tion client gets the registered information and registers asimulation federation. MC schedules an appropriate RTIfor registered federation (step 3). Next, the client queriesMC for the required simulation models and MC schedulesthe model services if the services agree (step 4). Then theclient registers federates at MC. A RTI-level view and anapplication-level view for each federates are established(step 5). The state of the views is waiting.

After that, the client starts the simulation through thesimulation portal. It gets instances from the factories ofthe model services (step 6), and then starts the instances(step 7). The instances inform MC to refresh the state ofthe application-level view. The state now is running (step8). Next, the instance of model service requests Cloud-RTIfactory for the instance of RTI ambassador service (step9), and then initializes the service instance (step 10). Theinstance of RTI ambassador service informs MC to refreshthe RTI-level view. The state now is running too (step 11).The two types of service instances interact with each other.They invoke the service interfaces of the other through theendpoint information of the other to implement the logicof the simulation (step 12).

At the end of the simulation, the instances of modelservices quit the federation (step 13) and inform MC torefresh the RTI-level view. The state now is exit (step 14).The client destroys federates (step 15). The state of theapplication-level view is refreshed to finish (step 16). Atlast, the client informs MC to destroy federation and deleteall views of federates (step 17).

4.4. An efficient security scheme

In CDS, various simulation model services, which are large-scale and dynamic, are provided by many service providerswhich belong to different organization domains. Becauseeach of these organizations has its own identity manage-ment and access control system, thus a user who wants to

Simulation model service Simulation model service

Cloud-RTI

Management

Center (MC)

Clients

Model

service A

instance

factory

Model

service

instance A

Model A

resource

3

Model A

resource

2

Model A

resource

1

Model

service B

instance

factory

Model

service

instance B

Model B

resource

2

Model B

resource

1

Cloud-RTI

factory

Cloud-RTI

ambassador

service

Cloud-RTI

resource

A

Cloud-RTI

resource

B

Figure 3 Simulation interaction flow of CDS.

access services from different organizations needs multi-ple digital identities from these organizations to authenti-cate itself for each service, which will bring great incon-venience for users. Meanwhile, different users also belongto different organization domains. Providing effective au-thentications for users when accessing services from dif-ferent organization domains would be difficult. In the cur-rent HLA standard and existing simulation grid systems,there are no efficient security solutions for large-scale dis-tributed simulations. To solve this problem, we propose asecurity scheme for CDS based on hierarchical identity-based cryptography (HIBC) together with role-based ac-cess control (RBAC) [15].

In CDS, there is a root KGC in the overall domain, andeach sub-level domain (organization domain) within CDSalso has its own KGC. The root KGC manages the wholeCDS, each organization domain is the first level and usersin these domains are the second level. The root KGC willallocate and authenticate identities for all the organizationdomains. Each organization domain uses its own domainKGC to allocate and manage the identities and roles ofall the users in its domain. Each user in this domain hasits own identity and this identity is a hierarchical identity,which includes the identity of the domain, the identity ofthe user and the identifiers of the user’s roles.

We assume there are n domain KGCs. The securityscheme consists of the following steps: setup, extraction,signing and verification, which are described as follows:

Setup:The root KGC:

1. generates groups G1, G2 of prime order q and a bilin-ear map e : G1 ×G1 → G2;

2. chooses an arbitrary generator P ∈ G1;3. picks a series of secret master keys s1, s2, . . . , sn from

Z∗q at random and computes the corresponding public

keys {Qi = siP |i = 1, 2, . . . , n};4. chooses cryptographic hash functions H1 : {0, 1}∗ →

G1 and H2 : {0, 1}∗ → G1;

c⃝ 2012 NSPNatural Sciences Publishing Cor.

734 Heng He et al.: An Efficient and Secure Cloud-Based Distributed Simulation System

5. publishes the system parameters (G1, G2, e, P , {Q1,Q2, . . . , Qn}, H1, H2).

Extraction:For the sub-level domain KGC with identity IDi (ab-

breviated as KGCi),1 ≤ i ≤ n, the root KGC:

1. computes its public key Pk = H1(IDi);2. computes its private key sk = siPk and gives sk to the

KGCi.

For a user with identity IDu in the domain, we assumeits roles are (R1, . . . , Rm). KGCi:

1. computes its public key Pu = H1(IDi, IDu||R1|| . . .||Rm);

2. computes its private key su = sk + skPu and gives suto the user;

3. computes Qk = skP and gives Qk to the user.

Signing:The user with identity IDu:

1. selects a random message m and computes hm = H2

(IDi, IDu||R1|| . . . ||Rm,m) ∈ G1;2. computes Sigm = su + suhm;3. sends Sigm, Qk and Qu = suP to the service provider.

Verification:Let (Sigm, Qk, Qu) be the signature for the user with

identity IDu and message m. The verifier confirms that:

e(P, Sigm) = e(Qi, Pk)e(Qu, hm)e(Qk, Pu)

For any service provider in some organization domain,it is easy to authenticate the users that access the servicesit provides by the proposed security scheme. After that,the service provider executes the authorization for usersaccording to RBAC, which is a general useful method forcommon resource access of enterprise level systems. It dis-tributes the permissions to each role and one user gets theresource access authorization through its roles. Note thatin the security scheme, the root KGC picks a series of se-cret keys s1, s2, . . . , sn at random. Each of them is for onesub-level domain KGC respectively. The method can en-hance the system security. If one secret key for a domainKGC is disclosed accidentally, other domains are still se-cure and the key refreshment will be done just in this do-main. The security of the scheme is based on the difficultyof the computational hard problems presented in section2.3, and the security proof can be derived from that of thehierarchical ID-based signature scheme in [12], which isstraightforward. Thus we omit the proof. Because of thetraits of HIBC and RBAC, the security scheme is efficientand scalable.

5. Performance evaluation

We developed CDS using Java and a practical simulationapplication, which is a sushi restaurant simulation [10],

based on CDS to effectively evaluate the performance ofCloud-RTI and MC. In our evaluation, we use one MCserver, seven RTI server, one simulation portal and fiveclients to construct the simulation. The experimental en-vironment is as follows: Intel CoreTM 2 Duo 1.83 GHzCPU, 2 GB memory, 100Mbps bandwidth and Linux sys-tem.

We developed the simulation federation based on Cloud-RTI and traditional CRTI respectively. The federation sim-ulates the process of sushis production, transportation andconsumption. It has five federates, which are manager, pro-duction, transport, consumption and viewer. Each federateis both time-constrained and time-regulating. During sim-ulation, the federation proceeds up to one thousand timeadvances, and the time interval between advances is onesecond. During every advance, when a federate finishesits task, it waits and performs the next advance when onesecond interval arrives. During each advance, the longerthe waiting time (or idle time) is, the better the perfor-mance is. Figure 4 represents the idle time of the feder-ation during each advance on Cloud-RTI and CRTI. Table1 compares their idle time in details. It can be seen thatthe peak performance of Cloud-RTI and CRTI is approxi-mate, while the overall performance of Cloud-RTI declinesslightly and the stability of Cloud-RTI needs to be im-proved further. The reason is that cloud-based federatescommunicate with Cloud-RTI through SOAP and HTTPprotocol, and data packets need extra packing and unpack-ing processes of protocol stacks before they are passed tothe encapsulated RTI. In our future work, we will adoptfaster SOAP message transmission to reduce the perfor-mance gap between Cloud-RTI and the traditional RTI.

MC can complete operations in milliseconds for all therequests in our evaluation, as shown in Table 2. The timeof federation registration is the longest, since during fed-eration registration, an appropriate RTI is scheduled forthe federation using the proposed RTI schedule mecha-nism. This operation involves the interaction of multipleservices. The time of federate scheduling is longer than therest operation time, because the proposed security schememust be enforced during federate scheduling process, whichwill cause extra time. However, the extra time is just tensof milliseconds, which has little impact on the efficiencyof the simulation. For the rest operations, MC can fin-ish them in the local rapidly. A resource discovery systemwas proposed in [16] for grid-based distributed simulation,and there is also a MC in this system. However, the MConly supports the registration of traditional RTIs. The RTIschedule mechanism in their scheme is also different fromour scheme. For example, in their scheme, when retriev-ing the information of RTIs, MC needs to interact with twoservices immediately and the current efficiency of RTIs arenot considered. In our scheme, MC makes optimization inthe process of registration operations. When a simulationfederation is registered, an effective RTI will be allottedto it immediately. In their scheme, the time spent in fed-eration registration and information retrieval is up to 10 s

c⃝ 2012 NSPNatural Sciences Publishing Cor.

Appl. Math. Inf. Sci. 6, No. 3, 729-736 (2012) / www.naturalspublishing.com/Journals.asp 735

500

600

700

800

900

1000

1100

0 200 400 600 800 1000

Idle

Tim

e (m

s)

Time Advancing Number

Cloud-RTI

CRTI

Figure 4 The idle time of the federation during advances.

Table 1 The comparison of idle time statistics (ms).

RTI Mean Maximum Minimum Fluctuation VarianceCloud-RTI 905.1 985 690 295 75.1

CRTI 950.2 998 801 197 47.3

Table 2 The operation time of MC (ms).

Operations TimeFederation registration 328Federation list retrieval 47

Federate scheduling 100Federation details retrieval 46

RTI list retrieval 47

totally. Besides, security issues are not considered in theirscheme.

6. Conclusion

Cloud computing technology can enhance the capabilityof HLA and provide an effective solution for large-scaledistributed simulation systems. In this paper, we proposean efficient and secure cloud-based distributed simulationsystem (CDS) and describe its key technologies in details.It provides a service-oriented simulation support environ-ment, which has some significant advantages for large-scale distributed simulations. For example, CDS can pro-vide users with on-demand simulation resources, run sim-ulations on the wide area network efficiently, realize shareand reuse of simulation resources, improve load balancingcapability of the simulation, and provide security guaran-tee. Compared with the previous simulation grid systems,CDS is efficient, secure, universal and practical. In the fu-ture work, we will focus on more effective RTI schedulemechanism and further improving the efficiency of Cloud-RTI.

Acknowledgement

This work is supported by the National Natural ScienceFoundation of China with grants 61173170 and 60873225,the National High Technology Research and DevelopmentProgram of China (863 Program) with grant 2007AA01Z403.

References

[1] IEEE Std 1516-2000, 1516.1-2000, 1516.2-2000, IEEEStandard for Modeling and Simulation (M&S) High LevelArchitecture (HLA)(2000).

[2] B. H. Li, X. D. Chai, B. C. Hou, T. Li, Y. B. Zhang, H. Y. Yu,J. Han, Y. Q. Di, J. J. Huang, C. F. Song, Z. Tang, P. Wang,G. Q. Shi and X. H. Wang, Networked modeling & simula-tion platform based on concept of cloud computing—cloudsimulation platform, J. Syst. Simulat. 21, 5292-5299(2009).

[3] C. F. Song, B. H. Li, X. D. Chai, T. Zhen and D. Xi, Re-search on developing modes of simulation system in sim-ulation grid, In Proc. of the 12th International Conferenceon Computer Supported Cooperative Work in Design, IEEEComputer Society, Los Alamitos, 535-541(2008).

[4] K. Zaajac, A. Tirado-ramos, Z. Zhao, P. Sloot and M. Bubak,Grid services for HLA-based distributed simulation frame-works, In Proc. of the 1st European Across Grids Confer-ence, Springer-Verlag, Heidelberg, 147-154(2003).

[5] D. Chen, G. Theodoropoulos, S. Turner, W. Cai, R. Min-son and Y. Zhang, Large scale agent-based simulation onthe grid, Future Gener. Comp. Sy. 24, 658-671(2008).

[6] M. Games, Federation grid, http://www.federationgrid.org(2004).

[7] H. He, L. Chen, P. P. Yuan, X. Xu and X. F. Wang, A securityarchitecture for grid-based distributed simulation platform,In Proc. of the IEEE Pacific-Asia Workshop on Computa-tional Intelligence and Industrial Application, IEEE Com-puter Society, Los Alamitos, 207-212(2008).

[8] R. Buyya, Cloud computing: The next revolution in infor-mation technology, In Proc. of the lst International Con-ference on Parallel Distributed and Grid Computing, IEEEComputer Society, Los Alamitos, 2-3(2010).

[9] K. Chen and W. M. Zheng, Cloud computing: System in-stances and current research, J. Softw. 20, 1337-1348(2009).

[10] F. Kuhl, J. Dahmann and R. Weatherly, Creating computersimulation systems: An introduction to High Level Archi-tecture, Prentice Hall PTR, Upper Saddle River, NJ(2000).

[11] D. Boneh and M. Franklin, Identity-based encryption fromthe Weil pairing, In Proc. of the 21st Annual Interna-tional Cryptology Conference on Advances in Cryptology,Springer-Verlag, Heidelberg, 213-229(2001).

[12] C. Gentry and A. Silverberg, Hierarchical ID-based cryp-tography, In Proc. of the 8th International Conference onthe Theory and Application of Cryptology and InformationSecurity, Springer-Verlag, Heidelberg, 548-566(2002).

[13] H. W. Lim and K. G. Paterson, Identity-based cryptographyfor grid security, In Proc. of the 1st IEEE International Con-ference on e-Science and Grid Computing, IEEE ComputerSociety, Los Alamitos, 394-404(2005).

[14] L. Yan, C. M. Rong and G. S. Zhao, Strengthen cloud com-puting security with federal identity management using hi-erarchical identity-based cryptography, In Proc. of the 1st

c⃝ 2012 NSPNatural Sciences Publishing Cor.

736 Heng He et al.: An Efficient and Secure Cloud-Based Distributed Simulation System

International Conference on Cloud Computing, Springer-Verlag, Heidelberg, 167-177(2009).

[15] R. S. Sandhu, E. J. Coyne, H. L. Feinstein and C. E.Youman, Role-based access control models, IEEE Com-puter 29, 38-47(1996).

[16] W. B. Zong, Y. Wang, W. T. Cai and S. J. Turner, Grid ser-vices and service discovery for HLA-based distributed sim-ulation, In Proc. of the 8th IEEE/ACM Distributed Simula-tion on Real Time Application Symposium, IEEE ComputerSociety, Los Alamitos, 116-124(2004).

Heng He received his M.S.degree from School of Com-puter Science and Technologyat Huazhong University of Sci-ence and Technology in 2007.Now he is a Ph.D. candidate inthe Intelligent and DistributedComputing Laboratory, Schoolof Computer Science and Tech-nology, Huazhong Universityof Science and Technology. His

research interests include cloud computing, distributed sim-ulation, and network security.

Ruixuan Li received the B.S.,M.S., and Ph.D. degrees fromSchool of Computer Science andTechnology at Huazhong Uni-versity of Science and Tech-nology in 1997, 2000, and 2004respectively. He is currently aprofessor of School of Com-puter Science and Technologyat Huazhong University of Sci-ence and Technology, and is the

director of the Intelligent and Distributed Computing Lab-oratory. His research interests include distributed systemsecurity, cloud computing, information retrieval, peer-to-peer computing, and social network.

Xinhua Dong received hisM.S. degree from School of Com-puter Science and Technologyat Huazhong University of Sci-ence and Technology in 2008.Now he is a Ph.D. candidate inthe Intelligent and DistributedComputing Laboratory, Schoolof Computer Science and Tech-nology, Huazhong Universityof Science and Technology. His

research interests include cloud computing, informationretrieval, and big data management.

Zhi Zhang received his M.S.degree from School of Com-puter Science and Technologyat Huazhong University of Sci-ence and Technology in 2005.Now he is a associate profes-sor of School of Computer Sci-ence and Technology at WuhanUniversity of Science and Tech-nology. His research interestsinclude semantic web, cloud com-

puting and social network.

Hongmu Han received hisM.S. degree from School of Com-puter Science and Engineeringat Wuhan Institute of Technol-ogy in 2007. Now he is a Ph.D.candidate in the Intelligent andDistributed Computing Labo-ratory, School of Computer Sci-ence and Technology, HuazhongUniversity of Science and Tech-nology. His research interests

include cloud security, and access control.

c⃝ 2012 NSPNatural Sciences Publishing Cor.