Scientific workflow execution system based on mimic defense in the cloud environment

  • Ya-wen Wang
  • Jiang-xing WuEmail author
  • Yun-fei Guo
  • Hong-chao Hu
  • Wen-yan Liu
  • Guo-zhen Cheng


With more large-scale scientific computing tasks being delivered to cloud computing platforms, cloud workflow systems are designed for managing and arranging these complicated tasks. However, multi-tenant coexistence service mode of cloud computing brings serious security risks, which will threaten the normal execution of cloud workflows. To strengthen the security of cloud workflows, a mimic cloud computing task execution system for scientific workflows is proposed. The idea of mimic defense contains mainly three aspects: heterogeneity, redundancy, and dynamics. For heterogeneity, the diversities of physical servers, hypervisors, and operating systems are integrated to build a robust system framework. For redundancy, each sub-task of the workflow will be executed simultaneously by multiple executors. Considering efficiency and security, a delayed decision mechanism is proposed to check the results of task execution. For dynamics, a dynamic task scheduling mechanism is devised for switching workflow execution environment and shortening the life cycle of executors, which can confuse the adversaries and purify task executors. Experimental results show that the proposed system can effectively strengthen the security of cloud workflow execution.

Key words

Scientific workflow Mimic defense Cloud security Intrusion tolerance 

CLC number



Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Ainapure B, Shah D, Rao AA, 2018. Adaptive multilevel fuzzy–based authentication framework to mitigate cache side channel attack in cloud computing. Int J Model Simul Sci Comput, 9(5):1850045. CrossRefGoogle Scholar
  2. Aktas MF, Haldeman G, Parashar M, 2014. Flexible scheduling and control of bandwidth and in–transit services for end–to–end application workflows. 4th IEEE Int Workshop on Network–Aware Data Management, p.28–31. CrossRefGoogle Scholar
  3. Casas I, Taheri J, Ranjan R, et al., 2017. A balanced scheduler with data reuse and replication for scientific workflows in cloud computing systems. Fut Gener Comput Syst, 74: 168–178. Google Scholar
  4. Chen WW, Deelman E, 2012. Workflowsim: a toolkit for simulating scientific workflows in distributed environments. 8th IEEE Int Conf on E–Science, p.1–8. Google Scholar
  5. Deldari A, Naghibzadeh M, Abrishami S, 2017. CCA: a deadline–constrained workflow scheduling algorithm for multicore resources on the cloud. J Supercomput, 73(2): 756–781. Google Scholar
  6. Ding YS, Yao GS, Hao KR, 2017. Fault–tolerant elastic scheduling algorithm for workflow in cloud systems. Inform Sci, 393:47–65. CrossRefGoogle Scholar
  7. Evans N, Thompson M, 2016. Multiple operating system rotation environment moving target defense. US Patent, 9 294 504.Google Scholar
  8. Garcia M, Bessani A, Gashi I, et al., 2011. OS diversity for intrusion tolerance: myth or reality? 41st IEEE Int Conf on Dependable Systems & Networks, p.383–394. Google Scholar
  9. Garcia M, Bessani A, Gashi I, et al., 2014. Analysis of operating system diversity for intrusion tolerance. Softw Pract Exp, 44(6):735–770. CrossRefGoogle Scholar
  10. Grobauer B, Walloschek T, Stocker E, 2011. Understanding cloud computing vulnerabilities. IEEE Secur Priv, 9(2): 50–57. Google Scholar
  11. Guo MZ, Bhattacharya P, 2014. Diverse virtual replicas for improving intrusion tolerance in cloud. 9th Annual Cyber and Information Security Research Conf, p.41–44. CrossRefGoogle Scholar
  12. Gupta I, Kumar MS, Jana PK, 2016. Compute–intensive workflow scheduling in multi–cloud environment. Int Conf on Advances in Computing, Communications and Informatics, p.315–321. CrossRefGoogle Scholar
  13. Hu HC, Wang ZP, Cheng GZ, et al., 2017. MNOS: a mimic network operating system for software defined networks. IET Inform Secur, 11(6):345–355. CrossRefGoogle Scholar
  14. Juve G, Deelman E, 2011. Scientific workflows in the cloud. In: Cafaro M, Aloisio G (Eds.), Grids, Clouds and Virtualization. Springer, London, p.71–91.
  15. Kallenberg C, Butterworth J, Kovah X, et al., 2013. Defeating Signed BIOS Enforcement. Google Scholar
  16. Lee YC, Han H, Zomaya AY, et al., 2015. Resource–efficient workflow scheduling in clouds. Knowl–Based Syst, 80: 153–162. Google Scholar
  17. Lv HW, Lin JY, Wang HQ, et al., 2015. Analyzing the service availability of mobile cloud computing systems by fluidflow approximation. Front Inform Technol Electron Eng, 16(7):553–567. CrossRefGoogle Scholar
  18. Pandey S, Wu LL, Guru SM, et al., 2010. A particle swarm optimization–based heuristic for scheduling workflow applications in cloud computing environments. 24th IEEE Int Conf on Advanced Information Networking and Applications, p.400–407. CrossRefGoogle Scholar
  19. Peng W, Li F, Huang CT, et al., 2014. A moving–target defense strategy for Cloud–based services with heterogeneous and dynamic attack surfaces. IEEE Int Conf on Communications, p.804–809. CrossRefGoogle Scholar
  20. Platania M, Obenshain D, Tantillo T, et al., 2014. Towards a practical survivable intrusion tolerant replication system. 33rd IEEE Int Symp on Reliable Distributed Systems, p.242–252. CrossRefGoogle Scholar
  21. Platania M, Obenshain D, Tantillo T, et al., 2016. On choosing server–or client–side solutions for BFT. ACM Comput Surv, 48(4), Article 61. CrossRefGoogle Scholar
  22. Stewin P, Bystrov I, 2012. Understanding DMA malware. 9th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.21–41. Google Scholar
  23. Topcuoglu H, Hariri S, Wu MY, 2002. Performance–effective and low–complexity task scheduling for heterogeneous computing. IEEE Trans Parall Distrib Syst, 13(3): 260–274. Google Scholar
  24. Verma A, Mittal M, Chhabra B, 2017. The mutual authentication scheme to detect virtual side channel attack in cloud computing. Int J Comput Sci Inform Secur, 15(3):83–98.Google Scholar
  25. Wang JW, Korambath P, Altintas I, et al., 2014. Workflow as a service in the cloud: architecture and scheduling algorithms. Proc Comput Sci, 29:546–556. CrossRefGoogle Scholar
  26. Wu J, Dong MX, Ota K, et al., 2018. Big data analysis–based secure cluster management for optimized control plane in software–defined networks. IEEE Trans Netw Serv Manag, 15(1):27–38. CrossRefGoogle Scholar
  27. Yadav T, Rao AM, 2015. Technical aspects of cyber kill chain. 3rd Int Symp on Security in Computing and Communication, p.438–452. CrossRefGoogle Scholar
  28. Yao GS, Ding YS, Ren LH, et al., 2016. An immune systeminspired rescheduling algorithm for workflow in cloud systems. Knowl–Based Syst, 99:39–50. Google Scholar
  29. Yao GS, Ding YS, Hao KR, 2017. Using imbalance characteristic for fault–tolerant workflow scheduling in cloud systems. IEEE Trans Parall Distrib Syst, 28(12):3671–3683. CrossRefGoogle Scholar
  30. Yuan D, Yang Y, Liu X, et al., 2012. A data dependency based strategy for intermediate data storage in scientific cloud workflow systems. Concurr Comput Pract Exp, 24(9): 956–976. Google Scholar
  31. Zheng ZB, Zhou TC, Lyu MR, et al., 2012. Component ranking for fault–tolerant cloud applications. IEEE Trans Serv Comput, 5(4):540–550. CrossRefGoogle Scholar

Copyright information

© Editorial Office of Journal of Zhejiang University Science and Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.National Digital Switching System Engineering Technology Research CenterZhengzhouChina

Personalised recommendations