Jamie Cui,Chaochao Chen,Alex X. Liu,Li Wang

2021-01-01

Abstract:With the emerging popularity of cloud computing, the problem of how to query over cryptographically-protected data has been widely studied. However, most existing works focus on querying protected relational databases, few work has shown interests in graph databases. In this paper, we first investigate and summarize two single-instruction queries, namely Graph Pattern Matching (GPM) and Graph Navigation (GN). Then we follow their design intuitions and leverage secure Multi-Party Computation (MPC) to implement their functionalities in a privacy-preserving manner. Moreover, we propose a general framework for processing multi-instruction query on secret-shared graph databases and present a novel cryptographic primitive Oblivious Filter (OF) as a core building block. Nevertheless, we formalize the problem of OF and present its constructions using homomorphic encryption. Finally, we conduct an empirical study to evaluate the efficiency of our proposed OF protocol.

Lei Xu,Xingliang Yuan,Zhengxiang Zhou,Cong Wang,Chungen Xu

DOI: https://doi.org/10.1109/tsc.2021.3111208

IF: 11.019

2021-01-01

IEEE Transactions on Services Computing

Abstract:Edge computing brings data computation and storage closer to the mobile device to save response time for decision making. After being processed at the edge, commonly the data will be uploaded to the cloud for further enriched analysis. For privacy concerns, local devices may encrypt the collected data before sending it to the cloud server. However, this treatment increases the server's processing time and makes it hard to pick out the desired data. In this article, to address this problem, we design an encrypted data validation scheme, which enables the edge to clean the encrypted data to be uploaded. Because edge computing encompasses numerous edge devices from different service providers, we explore the public-key cryptographic mechanism to implement our secure data validation scheme. Considering potential risks from quantum computers, we propose to leverage ideal lattice to realize our protocol, which reaches better performance in both time and storage for edge devices. Extensive evaluation results show that our proposed proposal achieves considerable performance improvements in terms of communication and computation aspects. Particularly, compared to prior work, nearly 123×-238× speed up is achieved in our key derivation procedure and the storage cost of the secret key is reduced from 547MB to 1.7MB.

computer science, information systems, software engineering

Qinlong Huang,Chao Wang,Lixuan Chen

DOI: https://doi.org/10.1109/tsc.2022.3203378

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:With the popularity of cloud computing services, an increasing number of users begin to use subscription-based services. Due to the semi-trusted cloud servers that may access the outsourced data, and malicious senders who may publish unauthorized data or junk data, access control encryption (ACE) schemes have been studied recently to enforce secure data write control as well as read control. However, their access control policies are specified by the authority or publishers, which do not apply to the subscriptions. In this paper, we propose DSFlow, a secure and fine-grained flow control system for subscription-based data services. DSFlow is designed in the cloud-edge computing architecture, which employs edge nodes to control the communications between publishers and cloud servers by sanitizing the original ciphertexts to resist malicious publishers, and allows any valid subscriber to decrypt the sanitized ciphertexts in cloud. We introduce a receiver-policy attribute-based ACE (RA-ACE) scheme for DSFlow, which embeds the fine-grained access control policy within the receiver's decryption key. We give a concrete construction of RA-ACE from key-policy attribute-based encryption, structure-preserving signature and non-interactive zero-knowledge proof, and formally prove the no-read rule and no-write rule of RA-ACE. The experiments demonstrate the efficiency of DSFlow compared with existing schemes.

computer science, information systems, software engineering

Changsong Yang,Yueling Liu,Yong Ding

DOI: https://doi.org/10.1007/s12083-024-01818-4

IF: 3.488

2024-11-28

Peer-to-Peer Networking and Applications

Abstract:Due to the rapid increasing of the total amount of global digital data, cloud storage has gained wide attention from both academia and industry, since it can offer nearly measureless storage spaces to the resource-constraint clients. As a consequence, by employing cloud storage service, clients are able to store massive data on the remote cloud data center. That is, clients can migrate the local heavy storage burden and expensive computation overhead to the cloud data center. Despite plenty of attractive strengths, cloud storage service is consequentially subjected to a few new severe security problems and privacy challenges, such as data deletion, data insertion, and so on. In this article, we focus on a primary but quite important issue, i.e., fine-grained deletion supporting dynamic insertion over cloud data. Specifically, we improve the classical invertible Bloom filter (IBF) and construct a new data validation structure, namely, invertible Bloom filter tree (IBFT). Subsequently, we connect digital signature and IBFT to design a new scheme that can fulfill fine-grained data deletion as well as dynamic data insertion. In our new solution, only client and cloud data center are involved when inserting/deleting cloud data and validating the insertion/deletion consequences, which makes our new solution more practical. At last, we formally analyze the security and implement a prototype system, in which we implement our new proposed solution and evaluate its performance. The experimental consequences prove that contrasted to a few previous solutions, our new solution equipped with more attractive feasibility and efficiency in the real-world applications.

computer science, information systems,telecommunications

Li, ZiTong,Yan, Zhengmao,Liu, Yi,Zeng, Detian,Yu, Haoyang

DOI: https://doi.org/10.1007/s12083-024-01856-y

IF: 3.488

2024-12-01

Peer-to-Peer Networking and Applications

Abstract:The evolution of cloud computing towards X-as-a-Service models and the adoption of microservices architecture have significantly matured the field. As these technologies advance, they bring challenges such as data consistency, transaction traceability, and efficient information processing, particularly in edge computing environments. This paper explores the integration of microservices architecture, edge computing, and blockchain technology to address these challenges, with a focus on secure file sharing. We present a framework that uses identity authentication and leverages Ethereum blockchain, IPFS, and HDFS for decentralized, tamper-resistant file sharing. Our implementation in the FsMbe system fetches data using the DHT of the distributed network after authentication by Ethereum and employs multi-round AES encryption for data sharing. Extensive experiments were conducted to evaluate our framework's performance in various scenarios, including small data communication between microservices in edge groups and large file transfers between edge nodes in larger groups. The framework demonstrated stable data transfer performance, particularly for small payloads, even as the number of clients increased. This research contributes to secure and efficient data management in edge computing and microservice environments, providing a robust solution for decentralized file sharing with enhanced performance and security.

computer science, information systems,telecommunications

Zhuolin Mei,Huilai Zou,Jinzhou Huang,Caicai Zhang,Bin Wu,Jiaoli Shi,Zhengxiang Cheng

DOI: https://doi.org/10.4018/ijwsr.340391

2024-03-12

International Journal of Web Services Research

Abstract:In recent years, more and more data has been stored on the cloud to provide various services. These data often contain users' private information, which inevitably raises concerns about data security. Encryption before outsourcing is a direct solution to mitigate these concerns. However, traditional encryption schemes such as block encryption make basic data services hard to support. Therefore, this paper proposes a secure and fast range query scheme for encrypted multi-dimensional data, called SFRQ. The scheme constructs a secure index over the ciphertexts of multi-dimensional data, utilizing the R-tree index, Bloom filter, and 0-1 encoding techniques. This secure index enables the cloud to provide fast range query services over the ciphertexts of multi-dimensional data. The authors have evaluated SFRQ through extensive experiments, which demonstrate its high efficiency. Additionally, the security analysis shows that no external entity, including the cloud, can obtain additional information during the entire query process.

computer science, information systems, software engineering

Shufen Niu,Ying Hu,Siwei Zhou,Honglin Shao,Caifen Wang

DOI: https://doi.org/10.1109/jsyst.2023.3283389

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The development of the Internet has dramatically facilitated the present society. While a large amount of data is produced, private data security involves users' data rights. Traditionally, attribute-based encryption (ABE) still needs to improve efficiency in the face of a large amount of data. The introduction of edge computing environments reduces the operating costs of lightweight devices by outsourcing some encryption and decryption operations. Therefore, we design an efficient attribute-based encryption scheme under edge computing that supports keyword search. Data owners and users do not disclose private information to the cloud during the search phase. Our work considers the computational efficiency of ordinary and lightweight users, and partial operations can be outsourced according to the demand during decryption, which is more flexible and applicable to practical applications. The scheme also supports efficient attribute revocation and ciphertext update in the cloud environment. Moreover, the proposed algorithm has been proven to be IND-sCP-CPA security and IND-CKA security. The work compares our algorithm with some typical schemes in terms of storage overhead and computation cost in the end. The performance analysis results indicate that the proposed work is efficient and suitable for edge computing.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Jiale Zhang,Yue Liu,Di Wu,Shuai Lou,Bing Chen,Shui Yu

DOI: https://doi.org/10.1016/j.dcan.2022.05.010

IF: 6.348

2022-05-01

Digital Communications and Networks

Abstract:Federated learning for edge computing is a promising solution in the data booming era, which leverages the computation ability of each edge device to train local models and only shares the model gradients to the central server. However, the frequently transmitted local gradients could also leak the participants’ private data. To protect the privacy of local training data, lots of cryptographic-based Privacy-Preserving Federated Learning (PPFL) schemes have been proposed. However, due to the constrained resource nature of mobile devices and complex cryptographic operations, traditional PPFL schemes fail to provide efficient data confidentiality and lightweight integrity verification simultaneously. To tackle this problem, we propose a Verifiable Privacy-preserving Federated Learning scheme (VPFL) for edge computing systems to prevent local gradients from leaking over the transmission stage. Firstly, we combine the Distributed Selective Stochastic Gradient Descent (DSSGD) method with Paillier homomorphic cryptosystem to achieve the distributed encryption functionality, so as to reduce the computation cost of the complex cryptosystem. Secondly, we further present an online/offline signature method to realize the lightweight gradients integrity verification, where the offline part can be securely outsourced to the edge server. Comprehensive security analysis demonstrates the proposed VPFL can achieve data confidentiality, authentication, and integrity. At last, we evaluate both communication overhead and computation cost of the proposed VPFL scheme, the experimental results have shown VPFL has low computation costs and communication overheads while maintaining high training accuracy.

telecommunications

Yao Zhao,Youyang Qu,Yong Xiang,Md Palash Uddin,Dezhong Peng,Longxiang Gao

DOI: https://doi.org/10.1145/3680277

IF: 16.6

2024-10-09

ACM Computing Surveys

Abstract:Recent advances in edge computing (EC) have pushed cloud-based data caching services to edge; however, such emerging edge storage comes with numerous challenging and unique security issues. One of them is the problem of edge data integrity verification (EDIV), which coordinates multiple participants (e.g., data owners and edge nodes) to inspect whether data cached on edge is authentic. To date, various solutions have been proposed to address the EDIV problem, while there is no systematic review. Thus, we offer a comprehensive survey for the first time, aiming to show current research status, open problems, and potentially promising insights for readers to further investigate this under-explored field. Specifically, we begin by stating the significance of the EDIV problem, the integrity verification difference between data cached on cloud and edge, and three typical system models with corresponding inspection processes. To thoroughly assess prior research efforts, we synthesize a universal criteria framework that an effective verification approach should satisfy. On top of it, a schematic development timeline is developed to reveal the research advance on EDIV in a sequential manner, followed by a detailed review of the existing EDIV solutions. Finally, we highlight intriguing research challenges and possible directions for future work, along with a discussion on how forthcoming technology, e.g., machine learning and context-aware security, can augment security in EC. Given our findings, some major observations are: there is a noticeable trend to equip EDIV solutions with various functions and diversify study scenarios; completing EDIV within two types of participants (i.e., data owner and edge nodes) is garnering escalating interest among researchers; although the majority of existing methods rely on cryptography, emerging technology is being explored to handle the EDIV problem.

computer science, theory & methods

Jintao Ling,Huixian Gu,Haijiang Wang,Lei Zhang

DOI: https://doi.org/10.1109/access.2021.3061676

IF: 3.9

2021-01-01

IEEE Access

Abstract:With the rapid development of mobile applications, more and more traffic is generated at the network's edge and forwarded between many users. The explosive growth of network traffic has imposed massive pressure on traditional network architectures. At the same time, users have increasing data security requirements because of frequent data breaches. Mobile edge storage is an emerging computing framework that ensures users enjoy a high quality of experience when they access cloud services and is gradually becoming the key technology to solve the above problems. In this paper, by exploiting searchable encryption and cooperative edge computing, we proposed an efficient ciphertext index retrieval scheme to tackle three issues simultaneously in a secure and efficient data search service scenario: (1) reducing data transportation latency to improve mobile user's quality of experience; (2) mitigating data traffic pressure on the backbone network; (3) guaranteeing the security of the data when users search data in the edge network. Simulation results show that our scheme can save about 80% of backbone network traffic than the traditional cloud computing scheme. It can also reduce network latency by approximately 30% for users.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaolong Xu,Haoyuan Li,Zheng Li,Xiaokang Zhou

DOI: https://doi.org/10.1109/tii.2022.3195896

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the increasing data scale in the Industrial Internet of Things, edge computing coordinated with machine learning is regarded as an effective way to raise the novel latency-sensitive services. To ensure the data privacy for frequent service access, federated learning (FL), as a privacy-preserving distributed framework, is integrated into edge computing, enabling user data invisible to the training process. However, sophisticated network attacks threaten deep learning (DL) models by data poison and malicious reasoning, making the DL-based system untrustworthy. To this end, a synergic data filtering method, named Safe, is proposed to deal with the poisoning attacks. Specifically, considering that the distributed support vector machine is at risk of being attacked due to its distribution and openness to communication, edge-cloud empowered FL framework is designed. Then, the alternating direction method of multipliers is deployed to detect attacked devices whose training processes will be interrupted. Moreover, due to the untrustworthiness of label data, the poisoned data in the attacked devices are figured out and filtered by clustering the trusted data with K -means clustering algorithm. Eventually, extensive experiment results proved that the Safe outperforms correlation methods in detection accuracy and trustworthiness.

Zhenkui Shi,Xuemei Fu,Xianxian Li,Kai Zhu

DOI: https://doi.org/10.1109/tkde.2020.3025348

IF: 9.235

2020-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Symmetric Searchable Encryption(SSE) is deemed to tackle the privacy issue as well as the operability and confidentiality in data outsourcing. However, most SSE schemes assume that the cloud is honest but curious. This assumption is not always applicable. And even if some schemes supported verification, integrity or freshness checking in a malicious cloud, but the performance and security functionalities are not fully exploited. In this paper, we propose an efficient SSE scheme based on B+-Tree and Counting Bloom Filter (CBF) which supports secure verification, dynamic updating, and multi-user queries. Comparing with the previous state of the arts, we design the new data structure CBF to support dynamic updating and boost verification. We also leverage the timestamp mechanism in the scheme to prevent the malicious cloud from launching a replay attack. The new designed CBF is like a front-engine to save user's cost for query and verification. And it can achieve more efficient query and verification with negligible false positive when there is no value matching the queried keyword. The CBF supports efficient dynamic updating by combining Bloom Filter with a one-dimensional array that provides the counting capability. Furthermore, we design the authenticator for CBF. We adopt B+-Tree for it is widely used in many database engines and file systems. We also give a brief security proof of our scheme. Then we provide a detailed performance analysis. Finally, we evaluate our scheme through comprehensive experiments. The results are consistent with our analysis and show that our scheme is secure, and more efficient compared with the previous schemes with the same functionalities. The average performance can be improved by about 20 percent for both the cloud servers and users when the missing rate of the searching keywords is 20 percent. And the higher the missing rate is, the more the performance can be improved.

Chi-Hieu Nguyen,Yuris Mulya Saputra,Dinh Thai Hoang,Diep N. Nguyen,Van-Dinh Nguyen,Yong Xiao,Eryk Dutkiewicz

DOI: https://doi.org/10.1109/tnet.2024.3365815

2024-01-01

IEEE/ACM Transactions on Networking

Abstract:Federated Learning (FL) plays a pivotal role in enabling artificial intelligence (AI)-based mobile applications in mobile edge computing (MEC). However, due to the resource heterogeneity among participating mobile users (MUs), delayed updates from slow MUs may deteriorate the learning speed of the MEC-based FL system, commonly referred to as the straggling problem. To tackle the problem, this work proposes a novel privacy-preserving FL framework that utilizes homomorphic encryption (HE) based solutions to enable MUs, particularly resource-constrained MUs, to securely offload part of their training tasks to the cloud server (CS) and mobile edge nodes (MENs). Our framework first develops an efficient method for packing batches of training data into HE ciphertexts to reduce the complexity of HE-encrypted training at the MENs/CS. On that basis, the mobile service provider (MSP) can incentivize straggling MUs to encrypt part of their local datasets that are uploaded to certain MENs or the CS for caching and remote training. However, caching a large amount of encrypted data at the MENs and CS for FL may not only overburden those nodes but also incur a prohibitive cost of remote training, which ultimately reduces the MSP’s overall profit. To optimize the portion of MUs’ data to be encrypted, cached, and trained at the MENs/CS, we formulate an MSP’s profit maximization problem, considering all MUs’ and MENs’ resource capabilities and data handling costs (including encryption, caching, and training) as well as the MSP’s incentive budget. We then show that the problem is convex and can be efficiently solved using an interior point method. Extensive simulations on a real-world human activity recognition dataset show that our proposed framework can achieve much higher model accuracy (improving up to 24.29%) and faster convergence rate (by 2.86 times) than those of the conventional FedAvg approach when the straggling probability varies between 20% and 80%. Moreover, the proposed framework can improve the MSP’s profit up to 2.84 times compared with other baseline FL approaches without MEN-assisted training.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Qi Chen,Kai Fan,Kuan Zhang,Haoyang Wang,Hui Li,Yingtang Yang

DOI: https://doi.org/10.1016/j.comcom.2020.09.012

IF: 5.047

2020-12-01

Computer Communications

Abstract:<p>In intelligent edge computing, the private data of users are partly or entirely outsourced to the intelligent edge nodes for processing. To enforce security and privacy on edge network, data owners encrypt their private data and outsource it. It is particularly important to carry out efficient search and update on encrypted data. In this paper, we propose a searchable scheme to solve these problems on the intelligent edge network. Specially, we first propose S-HashMap index structure to make data update efficiently and safely while promising multi-keyword fuzzy ciphertext retrieval. Secondly, to measure the similarity between the query vector and the index nodes, we utilize the secure k-nearest neighbor to calculate the Euclidean distance. In addition to eliminating the necessity of pre-defined dictionaries, we achieve efficient multi-keyword fuzzy search and index updating without increasing search complexity. At the same time, this paper makes a thorough theoretical analysis and simulation of the proposed scheme. Compared with other schemes, we demonstrate that our scheme has better security and efficiency.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Kaifa Zheng,Caiyang Ding,Jinchen Wang

DOI: https://doi.org/10.3390/electronics12122737

IF: 2.9

2023-06-20

Electronics

Abstract:The node–edge–cloud collaborative computation paradigm has introduced new security challenges to data sharing. Existing data-sharing schemes suffer from limitations such as low efficiency and inflexibility and are not easily integrated with the node–edge–cloud environment. Additionally, they do not provide hierarchical access control or dynamic changes to access policies for data privacy preservation, leading to a poor user experience and lower security. To address these issues, we propose a data-sharing scheme using attribute-based encryption (ABE) that supports node–edge–cloud collaborative computation (DS-ABE-CC). Our scheme incorporates access policies into ciphertext, achieving fine-grained access control and data privacy preservation. Firstly, considering node–edge–cloud collaborative computation, it outsources the significant computational overhead of data sharing from the owner and user to the edge nodes and the cloud. Secondly, integrating deeply with the "node–edge–cloud" scenario, the key distribution and agreement between all entities embedded in the encryption and decryption process, with a data privacy-preserving mechanism, improve the efficiency and security. Finally, our scheme supports flexible and dynamic access control policies and realizes hierarchical access control, thereby enhancing the user experience of data sharing. The theoretical analysis confirmed the security of our scheme, while the comparison experiments with other schemes demonstrated the practical feasibility and efficiency of our approach in node–edge–cloud collaborative computation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Guangming Cui,Qiang He,Bo Li,Xiaoyu Xia,Feifei Chen,Hai Jin,Yang Xiang,Yun Yang

DOI: https://doi.org/10.1109/tsc.2021.3090173

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:The new edge computing paradigm extends cloud computing by allowing service vendors to deploy their service instances and data on distributed edge servers to serve their service users in close geographic proximity to those edge servers. Caching edge data on edge servers profoundly reduces the retrieval latency perceived by users. However, these edge data are subject to corruption due to intentional and/or accidental exceptions. This is a major challenge for service vendors but has been overlooked. Thus, verifying the integrity of edge data accurately and efficiently is a critical security problem in the edge computing environment. A unique characteristic of the edge computing environment is that edge servers suffer from constrained computing capacities. Thus, verifying data integrity on massive edge servers individually is computationally expensive and impractical. In this paper, we tackle this Edge Data Integrity (EDI) problem with an inspection and corruption localization scheme for EDI named ICL-EDI. This scheme allows service vendors to inspect data integrity and localize corrupted edge data cached on multiple edge servers accurately and efficiently. To evaluate its performance, we implement ICL-EDI and conduct extensive experiments to demonstrate its effectiveness and efficiency.

computer science, information systems, software engineering

Shengjun Zhang,Hang Zhou,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1109/iscc.2017.8024596

2017-01-01

Abstract:Data outsourcing has become quite popular in recent years. While the rapid development of cloud storage service, it brings about many new security challenges. One of the biggest concerns with cloud data storage is that of data integrity at untrusted cloud servers. For example, when individual users store important data files in cloud servers, the data files may be damaged or corrupted because of cloud server failures or malicious attackers. Our work focuses on the problem of ensuring the integrity of data storage in cloud computing. The prior approaches mainly solved static data and provide simple recovery method like PoRs or dealt with public verifiability of data integrity without recovery method like PDP. Our scheme proposed a novel Cross-encoding recovery (Cer) method based erasure code for reducing unnecessary network bandwidth cost and provided a new data structure named Dynamic Storage Table (DST) that supports dynamic data operations for cloud data storage applications. It is worth mentioning that we consider Counting Bloom Filter (CBF) in our solution which can verify the data integrity practically and efficiently. Meanwhile, we implemented a security system and performance analysis showing that the proposed scheme is highly efficient and provably secure.

Gaoyang Liu,Chen Wang,Xiaoqiang Ma,Yang Yang

DOI: https://doi.org/10.1109/mnet.011.2000215

IF: 10.294

2021-03-01

IEEE Network

Abstract:Recently, edge computing has attracted significant interest due to its ability to extend cloud computing utilities and services to the network edge with low response times and communication costs. In general, edge computing requires mobile users to upload their raw data to a centralized data server for further processing. However, these data usually contain sensitive information about mobile users that the users do not want to reveal, such as sexual orientation, political stance, health status, and service access history. The transmission of user data increases the leakage risk of data privacy since many extra devices can get access to these data. In this article, we attempt to keep the data of edge devices and end users on their local storage to resist the leakage of user privacy. To this end, we integrate federated learning and edge computing to propose P2FEC, a privacy-preserving framework that can construct a unified deep learning model across multiple users or devices without uploading their data to a centralized server. Furthermore, we use membership inference attacks as a case study for the privacy analysis of edge computing. The experiments show that the model constructed by our framework can achieve similar prediction performance and stricter protection of data privacy, compared to the model trained by standard edge computing.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Chao Yao,Xiaoyang Wang,Zijie Zheng,Guangyu Sun,Lingyang Song

DOI: https://doi.org/10.1109/mnet.2018.1800001

IF: 10.294

2019-01-01

IEEE Network

Abstract:Edge computing has evolved to be a promising avenue to enhance system computing capability by offloading processing tasks from the cloud to edge devices. In this article, we propose a multi-layer edge computing framework called EdgeFlow. In this framework, different nodes ranging from edge devices to cloud data centers are categorized into corresponding layers and cooperate for data processing. EdgeFlow can deal with the trade-off between the computing and communication capabilities so that the tasks can be assigned to each layer optimally. At the same time, resources are carefully allocated throughout the whole network to mitigate performance fluctuation. The proposed open-source data flow processing framework is implemented on a platform that can emulate various computing nodes in multiple layers and corresponding network connections. Evaluated on the face recognition scenario, EdgeFlow can significantly reduce task finish time and perform more tolerance to run-time variations, compared with pure cloud computing, pure edge computing, and Cloudlet. Potential applications of EdgeFlow, including network function virtualization, Internet of Things, and vehicular networks, are also discussed at the end of this article.