Protecting scientific workflows in clouds with an intrusion tolerant system

Protecting scientific workflows in clouds with an intrusion tolerant system

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

With the development of cloud computing technology, more and more scientific workflows are delivered to cloud platforms to complete. However, there are many threats in clouds due to the multi-tenant coexistence. In order to protect scientific workflows in clouds, the authors propose an intrusion tolerant scientific workflow system. In this system, the task executors containing multiple virtual machines are used for workflow sub-task execution to enhance reliability. Then lagged decision mechanism is presented to ensure uninterrupted workflow execution while checking the intermediate data, and assessing the confidence of these data. Inspired by moving target defence, they propose a dynamic task scheduling strategy based on resource circulation to periodically generate and recycle task executors, keeping the clean state of the workflow execution environment. Furthermore, temporary workflow intermediate data backup mechanism is presented, the stored intermediate data can be used for the re-execution of workflow sub-tasks with low confidence. Experiments are conducted in both the actual test environment based on OpenStack and the simulated test environment based on WorkflowSim toolkit. Experimental results demonstrate that the proposed system can effectively enhance intrusion tolerance of scientific workflows.


    1. 1)
      • 1. Li, X., Du, J.: ‘Adaptive and attribute-based trust model for service-level agreement guarantee in cloud computing’, IET Inf. Sec., 2013, 7, (1), pp. 3950.
    2. 2)
      • 2. Almorsy, M, Grundy, J, Müller, I.: ‘An analysis of the cloud computing security problem’, arXiv preprint arXiv:1609.01107, 2016.
    3. 3)
      • 3. Shang, L., Petiton, S., Emad, N., et al: ‘YML-PC: a reference architecture based on workflow for building scientific private clouds’, in Antonopoulos, N., Gillam, L. (Eds): ‘Cloud Computing. Computer Communications and Networks’ (Springer, London, UK, 2010), pp. 145162.
    4. 4)
      • 4. Chameleon Cloud’. Available at
    5. 5)
      • 5. Yuan, D., Yang, Y., Liu, X., et al: ‘A data dependency based strategy for intermediate data storage in scientific cloud workflow systems’, Concurrency Comput. Pract. Exp., 2012, 24, (9), pp. 956976.
    6. 6)
      • 6. Rodriguez, M.A., Buyya, R.: ‘A taxonomy and survey on scheduling algorithms for scientific workflows in IaaS cloud computing environments’, Concurrency Comput. Pract. Exp., 2017, 29, (8), pp. 123.
    7. 7)
      • 7. Lin, C., Lu, S., Fei, X., et al: ‘Architecture for scientific workflow management systems and the VIEW SOA solution’, IEEE Trans. Serv. Comput., 2009, 2, (1), pp. 7992.
    8. 8)
      • 8. Zhao, Y., Li, Y., Raicu, I., et al: ‘Migrating scientific workflow management systems from the grid to the cloud’, in Li, X., Qiu, J. (Eds): ‘Cloud computing for data intensive applications’ (Springer, New York, NY, USA, 2014).
    9. 9)
      • 9. Atya, A.O.F., Qian, Z., Krishnamurthy, S.V., et al: ‘Malicious co-residency on the cloud: attacks and defense’. IEEE Conf. on Computer Communications, Chengdu, People's Republic of China, 2017, pp. 19.
    10. 10)
      • 10. Wang, Z., Wu, J., Guo, Z., et al: ‘Secure virtual network embedding to mitigate the risk of covert channel attacks’. IEEE INFOCOM on Computer Communications Workshops, San Francisco, CA, USA, 2016, pp. 144145.
    11. 11)
      • 11. Zhang, Y., Juels, A., Reiter, M.K., et al: ‘Cross-tenant side-channel attacks in PaaS clouds’. Proc. ACM SIGSAC Conf. on Computer and Communications Security, Scottsdale, AZ, USA, 2014, pp. 9901003.
    12. 12)
      • 12. Wu, J., Lei, Z., Chen, S., et al: ‘An access control model for preventing virtual machine escape attack’, Fut. Internet, 2017, 9, (2), pp. 119.
    13. 13)
      • 13. Zhuang, R., DeLoach, S.A., Ou, X.: ‘Towards a theory of moving target defense’. Proc. First ACM Workshop on Moving Target Defense, Scottsdale, AZ, USA, 2014, pp. 3140.
    14. 14)
      • 14. Wright, M., Venkatesan, S., Albanese, M., et al: ‘Moving target defense against DDoS attacks: an Empirical game-theoretic analysis’. Proc. 2016 ACM Workshop on Moving Target Defense, Vienna, Austria, 2016, pp. 93104.
    15. 15)
      • 15. Xu, J., Guo, P., Zhao, M., et al: ‘Comparing different moving target defense techniques’. Proc. First ACM Workshop on Moving Target Defense, Scottsdale, AZ, USA, 2014, pp. 97107.
    16. 16)
      • 16. Carroll, T.E., Crouse, M., Fulp, E.W., et al: ‘Analysis of network address shuffling as a moving target defense’. 2014 IEEE Int. Conf. on Communications (ICC), Sydney, NSW, Australia, 2014, pp. 701706.
    17. 17)
      • 17. Sousa, P., Bessani, A.N., Correia, M., et al: ‘Resilient intrusion tolerance through proactive and reactive recovery’. 13th Pacific Rim Int. Symp. on Dependable Computing (PRDC 2007), Melbourne, QLD, Australia, 2007, pp. 373380.
    18. 18)
      • 18. Zhu, Z., Zhang, G., Li, M., et al: ‘Evolutionary multi-objective workflow scheduling in cloud’, IEEE Trans. Parallel Distrib. Syst., 2015, 27, (5), pp. 13441357.
    19. 19)
      • 19. Wang, J., Korambath, P., Altintas, I., et al: ‘Workflow as a service in the cloud: architecture and scheduling algorithms’, Procedia Comput. Sci., 2014, 29, pp. 546556.
    20. 20)
      • 20. Zhou, A.C., He, B.: ‘Transformation-based monetary cost optimizations for workflows in the cloud’, IEEE Trans. Cloud Comput., 2014, 2, (1), pp. 8598.
    21. 21)
      • 21. Zhou, A.C., He, B., Liu, C.: ‘Monetary cost optimizations for hosting workflow-as-a-service in Iaas clouds’, IEEE Trans. Cloud Comput., 2015, 4, (1), pp. 3448.
    22. 22)
      • 22. Zhou, X., Zhang, G., Sun, J., et al: ‘Minimizing cost and makespan for workflow scheduling in cloud using fuzzy dominance sort based HEFT’, Future Gener. Comput. Syst., 2019, 93, pp. 278289.
    23. 23)
      • 23. Lee, Y.C., Han, H., Zomaya, A.Y., et al: ‘Resource-efficient workflow scheduling in clouds’, Knowl.-Based Syst., 2015, 80, pp. 153162.
    24. 24)
      • 24. Xu, X., Dou, W., Zhang, X., et al: ‘Enreal: an energy-aware resource allocation method for scientific workflow executions in cloud environment’, IEEE Trans. Cloud Comput., 2015, 4, (2), pp. 166179.
    25. 25)
      • 25. Guo, Z., Hui, S., Xu, Y., et al: ‘Dynamic flow scheduling for power-efficient data center networks’. 2016 IEEE/ACM 24th Int. Symp. on Quality of Service (IWQoS), Beijing, People's Republic of China, 2016, pp. 110.
    26. 26)
      • 26. Ding, Y., Yao, G., Hao, K.: ‘Fault-tolerant elastic scheduling algorithm for workflow in cloud systems’, Inf. Sci., 2017, 393, pp. 804809.
    27. 27)
      • 27. Yao, G., Ding, Y., Ren, L., et al: ‘An immune system-inspired rescheduling algorithm for workflow in cloud systems’, Knowl.-Based Syst., 2016, 99, (C), pp. 3950.
    28. 28)
      • 28. Yao, G., Ding, Y., Hao, K.: ‘Using imbalance characteristic for fault-tolerant workflow scheduling in cloud systems’, IEEE Trans. Parallel Distrib. Syst., 2017, 28, (12), pp. 36713683.
    29. 29)
      • 29. Poola, D., Ramamohanarao, K., Buyya, R.: ‘Enhancing reliability of workflow execution using task replication and spot instances’, ACM Trans. Auton. Adapt. Syst., 2016, 10, (4), pp. 121.
    30. 30)
      • 30. Chen, H., Zhu, X., Qiu, D., et al: ‘Scheduling for workflows with security-sensitive intermediate data by selective tasks duplication in clouds’, IEEE Trans. Parallel Distrib. Syst., 2017, 28, (9), pp. 26742688.
    31. 31)
      • 31. Wang, Y., Guo, Y., Guo, Z., et al: ‘Securing the intermediate data of scientific workflows in clouds with ACISO’, IEEE Access, 2019, 7, (1), pp. 126603126617.
    32. 32)
      • 32. Zhao, Y., Li, Y., Raicu, I., et al: ‘Enabling scalable scientific workflow management in the cloud’, Future Gener. Comput. Syst., 2015, 46, (C), pp. 316.
    33. 33)
      • 33. Chen, W., Deelman, E.: ‘WorkflowSim: a toolkit for simulating scientific workflows in distributed environments’. IEEE Int. Conf. on E-Science, Chicago, IL, USA, 2013, pp. 18.
    34. 34)
      • 34. Li, Z., Ge, J., Yang, H., et al: ‘A security and cost aware scheduling algorithm for heterogeneous tasks of scientific workflow in clouds’, Future Gener. Comput. Syst., 2016, 65, pp. 140152.
    35. 35)
      • 35. Narayana, K.S., Pasupuleti, S.K.: ‘Trusted model for virtual machine security in cloud computing’, in Pattnaik, P., Rautaray, S., Das, H., Nayak, J. (Eds): ‘Progress in computing, analytics and networking’ (Springer, Singapore, 2018), pp. 655665.
    36. 36)
      • 36. Wang, Y., Wu, J., Guo, Y., et al: ‘Scientific workflow execution system based on mimic defense in the cloud environment’, Front. Inf. Technol. Electron. Eng., 2018, 19, (12), pp. 15221536.
    37. 37)
      • 37. Liu, J., Wang, S., Zhou, A., et al: ‘Using proactive fault-tolerance approach to enhance cloud service reliability’, IEEE Trans. Cloud Comput., 2018, 6, pp. 11911202.
    38. 38)
      • 38. Garcia, M, Bessani, A, Gashi, I, et al: ‘OS diversity for intrusion tolerance: myth or reality?’. 2011 IEEE/IFIP 41st Int. Conf. on Dependable Systems & Networks (DSN), Hong Kong, 2011, pp. 383394.
    39. 39)
      • 39. ‘CVE details website’. Available at
    40. 40)
      • 40. Yadav, T., Rao, A.M.: ‘Technical aspects of cyber kill chain’. Int. Symp. on Security in Computing and Communication, Kochi, India, 2015, pp. 438452.
    41. 41)
      • 41. ILSVRC2012’. Available at
    42. 42)
      • 42. Topcuouglu, H., Hariri, S., Wu, M.Y.: ‘Performance-effective and low-complexity task scheduling for heterogeneous computing’, IEEE Trans. Parallel Distrib. Syst., 2002, 13, (3), pp. 260274.
    43. 43)
      • 43. Deelman, E., Vahi, K., Juve, G.: ‘Pegasus, a workflow management system for science automation’, Future Gener. Comput. Syst., 2015, 46, pp. 1735.

Related content

This is a required field
Please enter a valid email address