Scientific workflow execution system based on mimic defense in the cloud environment Article First Online: 10 January 2019 Abstract
With more large-scale scientific computing tasks being delivered to cloud computing platforms, cloud workflow systems are designed for managing and arranging these complicated tasks. However, multi-tenant coexistence service mode of cloud computing brings serious security risks, which will threaten the normal execution of cloud workflows. To strengthen the security of cloud workflows, a mimic cloud computing task execution system for scientific workflows is proposed. The idea of mimic defense contains mainly three aspects: heterogeneity, redundancy, and dynamics. For heterogeneity, the diversities of physical servers, hypervisors, and operating systems are integrated to build a robust system framework. For redundancy, each sub-task of the workflow will be executed simultaneously by multiple executors. Considering efficiency and security, a delayed decision mechanism is proposed to check the results of task execution. For dynamics, a dynamic task scheduling mechanism is devised for switching workflow execution environment and shortening the life cycle of executors, which can confuse the adversaries and purify task executors. Experimental results show that the proposed system can effectively strengthen the security of cloud workflow execution.
Key words Scientific workflow Mimic defense Cloud security Intrusion tolerance
Project supported by the National Natural Science Foundation of China (Nos. 61521003 and 61602509), the National Key Technologies R&D Program of China (Nos. 2016YFB0800100 and 2016YFB0800101), and the Key Technologies R&D Program of Henan Province, China (No. 172102210615)
Ainapure B, Shah D, Rao AA, 2018. Adaptive multilevel fuzzy–based authentication framework to mitigate cache side channel attack in cloud computing.
Int J Model Simul Sci Comput
https://doi.org/10.1142/S1793962318500459 CrossRef Google Scholar
Aktas MF, Haldeman G, Parashar M, 2014. Flexible scheduling and control of bandwidth and in–transit services for end–to–end application workflows. 4th IEEE Int Workshop on Network–Aware Data Management, p.28–31.
https://doi.org/10.1109/NDM.2014.9 CrossRef Google Scholar
Casas I, Taheri J, Ranjan R, et al., 2017. A balanced scheduler with data reuse and replication for scientific workflows in cloud computing systems.
Fut Gener Comput Syst
, 74: 168–178.
https://doi.org/10.1016/j.future.2015.12.005 Google Scholar
Chen WW, Deelman E, 2012. Workflowsim: a toolkit for simulating scientific workflows in distributed environments. 8th IEEE Int Conf on E–Science, p.1–8.
https://doi.org/10.1109/eScience.2012.6404430 Google Scholar
Deldari A, Naghibzadeh M, Abrishami S, 2017. CCA: a deadline–constrained workflow scheduling algorithm for multicore resources on the cloud.
, 73(2): 756–781.
https://doi.org/10.1007/s11227-016-1789-5 Google Scholar
Ding YS, Yao GS, Hao KR, 2017. Fault–tolerant elastic scheduling algorithm for workflow in cloud systems.
https://doi.org/10.1016/j.ins.2017.01.035 CrossRef Google Scholar
Evans N, Thompson M, 2016.
Multiple operating system rotation environment moving target defense
. US Patent, 9 294 504.
Garcia M, Bessani A, Gashi I, et al., 2011.
OS diversity for intrusion tolerance: myth or reality?
41st IEEE Int Conf on Dependable Systems & Networks, p.383–394.
https://doi.org/10.1109/DSN.2011.5958251 Google Scholar
Garcia M, Bessani A, Gashi I, et al., 2014. Analysis of operating system diversity for intrusion tolerance.
Softw Pract Exp
https://doi.org/10.1002/spe.2180 CrossRef Google Scholar
Grobauer B, Walloschek T, Stocker E, 2011. Understanding cloud computing vulnerabilities.
IEEE Secur Priv
, 9(2): 50–57.
https://doi.org/10.1109/MSP.2010.115 Google Scholar
Guo MZ, Bhattacharya P, 2014. Diverse virtual replicas for improving intrusion tolerance in cloud. 9th Annual Cyber and Information Security Research Conf, p.41–44.
https://doi.org/10.1145/2602087.2602116 CrossRef Google Scholar
Gupta I, Kumar MS, Jana PK, 2016. Compute–intensive workflow scheduling in multi–cloud environment. Int Conf on Advances in Computing, Communications and Informatics, p.315–321.
https://doi.org/10.1109/ICACCI.2016.7732066 CrossRef Google Scholar
Hu HC, Wang ZP, Cheng GZ, et al., 2017. MNOS: a mimic network operating system for software defined networks.
IET Inform Secur
https://doi.org/10.1049/iet-ifs.2017.0085 CrossRef Google Scholar
Juve G, Deelman E, 2011. Scientific workflows in the cloud. In: Cafaro M, Aloisio G (Eds.), Grids, Clouds and Virtualization. Springer, London, p.71–91.
Lee YC, Han H, Zomaya AY, et al., 2015. Resource–efficient workflow scheduling in clouds.
, 80: 153–162.
https://doi.org/10.1016/j.knosys.2015.02.012 Google Scholar
Lv HW, Lin JY, Wang HQ, et al., 2015. Analyzing the service availability of mobile cloud computing systems by fluidflow approximation.
Front Inform Technol Electron Eng
https://doi.org/10.1631/FITEE.1400410 CrossRef Google Scholar
Pandey S, Wu LL, Guru SM, et al., 2010.
A particle swarm optimization–based heuristic for scheduling workflow applications in cloud computing environments
. 24th IEEE Int Conf on Advanced Information Networking and Applications, p.400–407.
https://doi.org/10.1109/AINA.2010.31 CrossRef Google Scholar
Peng W, Li F, Huang CT, et al., 2014.
A moving–target defense strategy for Cloud–based services with heterogeneous and dynamic attack surfaces
. IEEE Int Conf on Communications, p.804–809.
https://doi.org/10.1109/ICC.2014.6883418 CrossRef Google Scholar
Platania M, Obenshain D, Tantillo T, et al., 2014.
Towards a practical survivable intrusion tolerant replication system
. 33rd IEEE Int Symp on Reliable Distributed Systems, p.242–252.
https://doi.org/10.1109/SRDS.2014.16 CrossRef Google Scholar
Platania M, Obenshain D, Tantillo T, et al., 2016.
On choosing server–or client–side solutions for BFT
. ACM Comput Surv, 48(4), Article 61.
https://doi.org/10.1145/2886780 CrossRef Google Scholar
Stewin P, Bystrov I, 2012.
Understanding DMA malware
. 9th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.21–41.
https://doi.org/10.1007/978-3-642-37300-8_2 Google Scholar
Topcuoglu H, Hariri S, Wu MY, 2002. Performance–effective and low–complexity task scheduling for heterogeneous computing.
IEEE Trans Parall Distrib Syst
, 13(3): 260–274.
https://doi.org/10.1109/71.993206 Google Scholar
Verma A, Mittal M, Chhabra B, 2017. The mutual authentication scheme to detect virtual side channel attack in cloud computing.
Int J Comput Sci Inform Secur
Wang JW, Korambath P, Altintas I, et al., 2014. Workflow as a service in the cloud: architecture and scheduling algorithms.
Proc Comput Sci
https://doi.org/10.1016/j.procs.2014.05.049 CrossRef Google Scholar
Wu J, Dong MX, Ota K, et al., 2018. Big data analysis–based secure cluster management for optimized control plane in software–defined networks.
IEEE Trans Netw Serv Manag
https://doi.org/10.1109/TNSM.2018.2799000 CrossRef Google Scholar
Yadav T, Rao AM, 2015.
Technical aspects of cyber kill chain
. 3rd Int Symp on Security in Computing and Communication, p.438–452.
https://doi.org/10.1007/978-3-319-22915-7_40 CrossRef Google Scholar
Yao GS, Ding YS, Ren LH, et al., 2016. An immune systeminspired rescheduling algorithm for workflow in cloud systems.
https://doi.org/10.1016/j.knosys.2016.01.037 Google Scholar
Yao GS, Ding YS, Hao KR, 2017. Using imbalance characteristic for fault–tolerant workflow scheduling in cloud systems.
IEEE Trans Parall Distrib Syst
https://doi.org/10.1109/TPDS.2017.2687923 CrossRef Google Scholar
Yuan D, Yang Y, Liu X, et al., 2012. A data dependency based strategy for intermediate data storage in scientific cloud workflow systems.
Concurr Comput Pract Exp
, 24(9): 956–976.
https://doi.org/10.1002/cpe.1636 Google Scholar
Zheng ZB, Zhou TC, Lyu MR, et al., 2012. Component ranking for fault–tolerant cloud applications.
IEEE Trans Serv Comput
https://doi.org/10.1109/TSC.2011.42 CrossRef Google Scholar Copyright information
© Editorial Office of Journal of Zhejiang University Science and Springer-Verlag GmbH Germany, part of Springer Nature 2018