AN EMPIRICAL SOFTWARE DEVELOPMENT APPROACH TO U-HEALTHCARE IN MOBILE CLOUD COMPUTING ENVIRONMENT

Project Proposal

by CMPE 295A Ishita Shah Pinky Shah Snigdha Gulhati

Project Advisor Prof. Weider Yu

Weider Yu
October 25, 2011

Digitally signed by Weider Yu DN: cn=Weider Yu, o=Computer Engineering Department, SJSU, ou=CMPE, email=Weider.Yu@sjsu.edu, c=US Date: 2011.10.25 17:13:45 -07'00'

ABSTRACT AN EMPIRICAL SOFTWARE DEVELOPMENT APPROACH TO UHEALTHCARE IN MOBILE CLOUD COMPUTING ENVIRONMENT By Ishita Shah, Pinky Shah and Snigdha Gulhati Nowadays, mobile computers in form of smart phones and tablets are extensively used to obtain ubiquitous computing power making mobility the way of life. Taking the case of the healthcare industry, patients demand for anytime anywhere, easy-to-access healthcare information making mobile devices as the next generation service delivery platform for u-health care solution. However, mobile devices are typically constrained by limited memory, low processing power, restricted data network connection, small cache size and battery powered computing environment. As a result, these devices are inefficient to handle compute intensive applications involving large scale data management, security algorithms and so on. Cloud computing with its new delivery model can extend capabilities of these resource constrained devices. However, mobile cloud computing has its own limitations like network bandwidth, absence of standards, access schemes, security etc. Our basic intent in this project would be to study the various software development approaches in the area of Mobile cloud computing, exploring their limitations and shortcomings with focus on security, and defining an approach to overcome some of the security related issues, thereby developing secure personal healthcare applications using mobile cloud computing. We would define an approach, a process and an implementation in the form of a prototype, with results for validation.
ii

Table of Contents
Chapter 1 Introduction 1.1 Problem statement, motivation, and needs 1.2 Project application and impact 1.3 Expected project results and deliverables Chapter 2 Background and Related Work 2.1 Background and used technologies 2.2 State-of-the-art 2.3 Literature survey Chapter 3 Project Description 3.1 Project goals and objectives 3.2 Project approaches 3.3 Project solutions and justification 3.4 Project evaluation and validation Chapter 4 Project Plan and Schedule 4.1 Project tasks and schedule 4.2 Project resources, budget, and cost analysis

Reference

iii

Chapter 1 Introduction
1.1 Problem statement, project motivation, and needs Currently, mobile devices in the form of smart phones and tablets are vital sources of communication. They provide global connectivity to support large number of applications, providing anytime and anywhere access to reliable information. Health care industry is one of the most prominent industries where mobile devices are considered as the service delivery platform for u-health care solution which will enable people to access on-demand reliable health care information. However, mobile devices are resource constrained in terms of memory, processing power, cache size and battery life. As a result, they are unable to handle compute intensive applications like data mining, searching, multimedia processing and so on. Cloud computing with its new delivery model can be used with mobile devices to overcome the above mentioned limitations. But, mobile cloud computing is at its early stage and has some issues associated with it and, lack of security is one of the major issues. Security is a very broad term and there are various levels of security within a mobile cloud which are to be addressed. However, we consider Identity Access Management and Data Encryption to be the most important security issues that need to be addressed for enterprise level mobile applications on the cloud. And so, we are motivated to develop a secure development approach solving the above mentioned security threats in mobile cloud and validate it by developing a prototype of a u-healthcare application in cloud for mobile devices.

1.2

Project application and impact In this project, we aim to study various mobile cloud computing (MCC) development approaches and then propose an approach for developing secure mobile enterprise level applications on cloud that would address Identity Access Management and Data Encryption security issues. This would give an insight about the mobile cloud architecture as well as solve the identified security concerns. Moreover, the development approach could be used by developers to develop robust and secure enterprise-level applications on the cloud.

1.3

Expected project results and deliverables The major deliverables for this project are as follows: Development approach. Implementation of the development approach in the form of a prototype of u-health care solution with the aim of validating the development approach. Test cases used to verify the development approach and its results.

Chapter 2

Background and Related Work

2.1

Background and used technologies Cloud Computing enables on-demand network access to a shared pool of configurable computing resources (e.g. applications, networks, servers, storage and services) that can be released and provisioned with minimal management effort or service provider interaction. It is the most promising technology and is a mechanism to increase the overall IT capabilities of a company in real time without investing a huge amount in new infrastructure, training, software licenses and so on. It follows pay-as-per-use model wherein a company pays according to resources used in the cloud. There are three main models of using cloud architecture which are as follows: Software As A Service (SAAS) o Software is provided as a service by the vendor Platform As A Service (PAAS) o Programming tools are provided as a service by the vendor which can be used by the customers to build their applications. Infrastructure As A Service (IAAS) o Computing resources such as storage, processing, networking and so on are provided by the vendor as a service.

There are various benefits of Cloud Computing which are as follows:

Easy to deploy which reduces the overall time Pay-as-per-use model reduces infrastructure investment.
3

Ability to use scale up and down when needed. Ability to use latest functionalities. Increase the overall capabilities of resource constrained devices in real time.

A mobile device when used with Cloud architecture to store data or perform operations is known as Mobile Cloud Computing (a.k.a. MCC). Using mobile cloud computing architecture, consumers can access the services on-demand either through browser or a thin client on their mobile devices. This is different from thicker clients that are downloaded from application stores and reside on the mobile devices. Mobile cloud services are independent of the type of device and operating system on which they run. Moreover, the resource constrained nature of mobile devices could be overcome by MCC.

Figure 2.1: Mobile Cloud Cloud architecture is mostly provided by a third party infrastructure known as Cloud Service Providers (CSP) and each one of them has their own unique cloud architecture, features and standards. Some of the major CSPs are Amazon, Google, VMware, Rackspace, Salesforce.com, Microsoft and IBM.
4

Though MCC is highly beneficial, lack of security is a major concern with it. There is a security risk to confidential data residing in the cloud as the customer has to depend on the security measures provided by its CSP. Moreover, cloud is accessed over the network and so there is major threat of data being tampered during transfer on the network.

2.2

State-of-the-art technology As described in [5], mobile devices have brought about a revolution in the area of mobile computing. The model of exploiting the benefits of Cloud Computing has helped to overcome the many constraints of mobile devices related to data management, processing power, algorithms and many more, as discussed in previous sections. The area of Mobile Cloud Computing is new. According to experts, by 2015, more than 240 million customers are expected to be making use of the cloud computing services through mobile devices and the market is believed to grow to a whopping $5.2 billion. The reason for this growth is attributed to an evolving IT supply chain, adoption of cloud platforms for IT services and greater use of handsets and smart phones [6]. This has triggered a lot of research in this area and various mobile cloud development approaches have been suggested to improve the capacity and reliability of mobile devices. One approach proposes the use of RESTful Webservices [10] to access applications hosted as the cloud. This makes use of the SAAS deployment model of the Cloud. In this approach mobile devices rely over network node available in the cloud for more processing capabilities, storage and security via RESTful web services.

Another approach focuses on providing elastic applications [2]. In this, the application in divided into multiple components called weblets to provide elastic middleware. The decision to launch a weblet is based on application configuration and device status (like battery level). The architecture of elastic framework is provided in Figure 2.2 below. However there are certain areas in this approach which need to be considered like data and state synchronization, Communication between weblets, Weblet migration and Trust and Security.

Figure 2.2 Elastic framework architecture [2]

There is one more approach which introduces the concepts of cloudlets as shown in Figure 2.3 [7]. A Cloudlet is a virtual cloud, in the form of a resource-rich, secure computer or a cluster of computers. The mobile device, instead of sending data to or receiving data from a

distant cloud, could connect to a nearby cloudlet in order to reduce latency. If the request is not fulfilled by a cloudlet, the mobile device could then contact the distant cloud.

Figure 2.3 Cloudlet concept [7] Although cloudlet approach reduces the latency of requests, there could be issues related to it like dividing the storage between cloudlets, managing security etc. Also, more the number of cloudlets, more can there be points of attacks.

Our approach intents to address some of the security related issues like Identity Access Management and Data Encryption for mobile cloud application which are paramount in Healthcare applications.

2.3

Literature survey Various papers were studied and examined for this project. The paper in [9] discusses the architecture of mobile cloud computing in detail, along with its various applications, benefits, challenges and approaches. The usage of cloud computing in mobile healthcare
7

services is discussed in [8]. The various security related challenges in mobile cloud, and how to secure mobile cloud is provided in a paper presented in [1]. Cloud Alliances report on top cloud threats is provided in [12]. Also, there is a detailed Security Guidance published by Cloud Alliance which lists some security related guidelines that cloud providers should follow [13]. Paper in [11] covers a detailed discussion of the usage of SOA methodology in cloud. The mobile cloud development approaches are discussed in various papers. Details about RESTful approach are provided in [10]. The Elastic approach architecture is explained in detail in [2]. Paper [7] explains the Cloudlet approach and its benefits and challenges.

Chapter 3

Project Description

3.1

Project goals and objectives In order to overcome the limitations of mobile devices, a new Modern Mobile Architecture [1] is described which is a combination of Mobile and Cloud Computing technologies. However, introducing cloud in mobile internet results in more concerns to be addressed by currently used mobile architecture. As mentioned in previous sections there are various approaches proposed for mobile cloud computing. The goal of our project is: Study basic architecture of mobile cloud computing. Identify the security issues related to mobile and cloud technology. Propose a software development approach which can mitigate following security related issues : o Identity Access Management o Data Encryption Validate the proposed approach by developing prototype for personal u-health care.

3.2

Project approaches In order to have a working model of our approach, we will develop a prototype for personal health care management demonstrating our design/approach. Prototyping will help us to identify design flaws and make sure that our approach really works. It will not be a full fledged application but it will highlight all the aspects of the final solution.

We would like to use SOA based architecture for this project. SOA based architecture will help us to develop and design software components based on interoperable services. Its main concept is Service is Important. For Mobile applications service delivery is a key point. SOA architecture provides more flexibility and scalability.

3.3

Problem solutions and justification As from above discussion it clearly shows that cloud with its new delivery and cost model proves to be the best solution for mobile constrained devices to handle compute intensive applications. Mobile Cloud computing is a very new area and is currently in research. Our approach provides a new way for developing mobile cloud applications. This approach will help to increase the processing power, reduce security risk and provide better performance for mobile applications. This clearly justifies our solution to current problems faced by mobile applications. The high level system architecture diagram is shown in Figure 3.1. The main components of our design will be: Cloud Mobile devices Web Server and Webservices Device Manager. The role of Device Manager would be to fulfill client requests either from the local web server or send it to the Cloud server considering certain parameters like processing power and security.
10

Figure 3.1 High level System Architecture

The web service for our mobile application would be deployed on Cloud as well as a Web Server outside the cloud and its multiple copies would reside in the cloud to provide highly available and reliable environment to serve multiple requests from clients. The Web Server which is not on the cloud will be used to handle less compute intensive operations and highly confidential data.

11

3.4

Project evaluation and validation Various activities would be conducted to evaluate the outcome of the project and validate our results. In order to evaluate the project and verify that all the requirements have been met, we would be performing unit and integration testing of the various modules of the prototype. Testing would involve both Black box and White box testing techniques. Test cases would be carefully generated based on the requirements identified in Chapter 4 of the project report. A Requirement Traceability Matrix would be designed to make sure that all the test cases are traceable to the requirements, and a test execution report would be generated. To validate our approach, we would be using the developed prototype to check the efficiency and effectiveness of the new approach. Also, we would be making sure that the security issues identified by us are addressed.

12

Chapter 4

Project Plan and Schedule

4.1

Project Tasks and Schedule Preparing a high quality, realistic schedule is one of the most important activities in a project lifecycle. A good schedule helps in successful completion of the project with minimum budget overflows and deadline slippage. In order to come up with a good schedule, the first step is to understand the requirements correctly.

The schedule for this project is divided into various phases, as shown in Figure 4.1

Figure 4.1: Project phases

We have provided a detailed schedule for Part A and Part B of the project. Figure 4.2 shows a Gantt chart containing the detailed project schedule for Part A. Figure 4.3 shows a Gantt
13

chart containing the detailed project schedule for Part B. The task assignment details are also included in the chart. We have used GanttProject, an open source, cross-platform tool for project scheduling and management.

Figure 4.2: PART A - Detailed Task list

14

Figure 4.3: PART B Detailed Task List

15

4.2 Project Budget, Resources, and Cost Analysis 4.2.1 Budget AN EMPIRICAL SOFTWARE DEVELOPMENT APPROACH TO U HEALTHCARE IN MOBILE CLOUD COMPUTING Project Title : ENVIRONMENT Ishita Shah Pinky Shah Team Snigdha Gulhati Members Project Period 08/24/2011 - 05/31/2012 Items # Cost/item Semester 1 (8/24/2011 12/02/2012) $ 1500 $0 Approx. $100 $ 200 $100 $100 $2000 Semester 2 (01/25/2012 05/31/2012) $0 $0 $250 $150 Approx. $100 $ 200 $100 $200 $1000

Equipment

Laptops Software Licenses Tablet Android Phone Stationary and Printouts Internet Charges Telephone and calling charges Other hidden costs

3 1 1

$ 1500 $ 0 (open source s/w) $250 $150

Variable Variable

Indirect Costs Total Cost :

Variable Variable Variable Variable Variable Variable

There is a huge collection of good quality, well supported open source software solutions available in the market and most of the companies today are turning to these cost effective solutions. We would like to make use of this revolution by using open source software for this project as far as possible. So, there would be no cost associated with Software

16

Licensing. In case there is a need for a software or tool which is not available as open source, the budget would be revisited. The equipment needed for project design and coding, for example laptops/ desktops, and other devices are already available. So, that doesnt contribute to the budget. Tablets and/or Android phones required for testing the prototype would have to be purchased (if not available otherwise) and hence, would add to the budget during the second part of the project. Other costs like stationary and printouts, indirect costs like Internet and Telephone charges, and a few hidden costs are considered in the budget. Since no salary is paid as this is a Masters project, we have not included that cost in the budget. However, the Cost Analysis in terms of Effort in hours is provided in Section 4.2.3 below. Overall, the budget for the Part A of the project comes to an amount of about $2000, and the budget for Part B is about $1000.

4.2.2 Resources The resources required for this project are 1. Laptops 2. Android Emulator 3. Tablet and Android Phone for testing 4. A team of 3 people would be working on this project, and they would assume roles of Design Engineers, Developers and Testers as and when required.

17

4.2.3 Cost Analysis Following is a cost analysis of the resources required in terms of effort hours required during each phase. Here we have assumed that each person would be spending approximately 4 hours each project day. Since this is Masters project and there is no salary being paid, the cost analysis is only done in terms of Effort Hours. Phase Conception and Planning Requirement Gathering Design Development Testing Validation # of Resources 3 3 3 3 3 3 Duration 67 7 30 63 35 30 Effort per person per day 4 4 4 4 4 4 Total effort (in hours) 804 hours 84 hours 360 hours 756 hours 420 hours 360 hours 2784 person hours

Total Effort for the entire project

18

References [1] J. Christensen, How will we secure the Mobile Cloud? part 1: Mobile Cloud authentication and authorization, Cloud Computing Journal, Jun. 14, 2010 [cited Sep. 30,2011], available from World Wide Web: http://cloudcomputing.sys-con.com/node/1419017 [2] X.Zhang, A. Kunjithapatham, S. Jeong, and S. Gibbs, Towards an Elastic Application Model for Augmenting the Computing Capabilities of Mobile Devices with Cloud Computing , Mobile Networks and Applications, vol. 16, Issue 3, June 2011, pp. 270-284, doi: 10.1007/s11036-011-0305-7. [3] D. Huang; Z. Zhou; L.Xu, T.Xing, and Y. Zhong, "Secure data processing framework for mobile cloud computing," Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference, pp.614-618, April 10-15 2011, doi: 10.1109/INFCOMW.2011.5928886 [4] M. Spinola, A pragmatic, effective and hpye-free approach for strategic enterprise decision making [online], June 2009, [cited Oct . 19, 2011], available from World Wide Web: <http://www.gtsi.com/eblast/corporate/cn/09_09_2009/PDFs/Essential%20Guide%20for%20Clo ud%20Computing.pdf> [5] E. McLoughlin, D. O'Sullivan, M. Bertolotto, and D.C. Wilson, MEDIC: MobilE Diagnosis for Improved Care, In Proceedings of the 2006 ACM symposium on Applied computing (SAC '06). ACM New York, 2006, pp. 204-208, doi:10.1145/1141277.1141325. [6] M. Torrieri, Appliance deployment report: Enterprise mobile cloud computing market to grow to $5.2 billion by 2015[online], TMCnet, January 12, 2010[ Cited Oct 14, 2011], available from World Wide Web: <http://www.tmcnet.com/channels/appliancedeployment/articles/72476-appliance-deployment-report-enterprise-mobile-cloud-computingmarket.htm> [7] M. Satyanarayanan, P. Bahl, R. Caceres, and N. Davies, The Case for VM-Based Cloudlets in Mobile Computing, IEEE Pervasive Computing, vol. 8, no. 4, pp. 14-23, October 2009. [8] M. T. Nkosi and F. Mekuria, Cloud computing for enhanced mobile health applications, presented at Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference, Nov. 30 -Dec. 3, 2010, pp. 629 633, doi: 10.1109/CloudCom.2010.31 . [9] H.T. Dinh, C. Lee, D. Niyato, and P. Wang, A Survey of Mobile Cloud Computing: Architecture, Applications, and Approaches, Wireless Communications and Mobile Computing, to appear. [10] Jason H. Christensen, Using RESTful web-services and cloud computing to create next generation mobile applications, in Proceedings of the 24th ACM SIGPLAN conference
19

companion on Object oriented programming systems languages and applications (OOPSLA), pp. 627-634, October 2009. [11] Cloud Security Alliance, Top threats to cloud computing, version 1.0, March 2010, available from World Wide Web: <https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf> [12] Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing, version 2.1, December 2009, available from World Wide Web: <https://cloudsecurityalliance.org/csaguide.pdf>

20