Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Protecting scientific workflows in clouds with an intrusion tolerant system

With the development of cloud computing technology, more and more scientific workflows are delivered to cloud platforms to complete. However, there are many threats in clouds due to the multi-tenant coexistence. In order to protect scientific workflows in clouds, the authors propose an intrusion tolerant scientific workflow system. In this system, the task executors containing multiple virtual machines are used for workflow sub-task execution to enhance reliability. Then lagged decision mechanism is presented to ensure uninterrupted workflow execution while checking the intermediate data, and assessing the confidence of these data. Inspired by moving target defence, they propose a dynamic task scheduling strategy based on resource circulation to periodically generate and recycle task executors, keeping the clean state of the workflow execution environment. Furthermore, temporary workflow intermediate data backup mechanism is presented, the stored intermediate data can be used for the re-execution of workflow sub-tasks with low confidence. Experiments are conducted in both the actual test environment based on OpenStack and the simulated test environment based on WorkflowSim toolkit. Experimental results demonstrate that the proposed system can effectively enhance intrusion tolerance of scientific workflows.

References

    1. 1)
      • 1. Li, X., Du, J.: ‘Adaptive and attribute-based trust model for service-level agreement guarantee in cloud computing’, IET Inf. Sec., 2013, 7, (1), pp. 3950.
    2. 2)
      • 20. Zhou, A.C., He, B.: ‘Transformation-based monetary cost optimizations for workflows in the cloud’, IEEE Trans. Cloud Comput., 2014, 2, (1), pp. 8598.
    3. 3)
      • 29. Poola, D., Ramamohanarao, K., Buyya, R.: ‘Enhancing reliability of workflow execution using task replication and spot instances’, ACM Trans. Auton. Adapt. Syst., 2016, 10, (4), pp. 121.
    4. 4)
      • 40. Yadav, T., Rao, A.M.: ‘Technical aspects of cyber kill chain’. Int. Symp. on Security in Computing and Communication, Kochi, India, 2015, pp. 438452.
    5. 5)
      • 9. Atya, A.O.F., Qian, Z., Krishnamurthy, S.V., et al: ‘Malicious co-residency on the cloud: attacks and defense’. IEEE Conf. on Computer Communications, Chengdu, People's Republic of China, 2017, pp. 19.
    6. 6)
      • 3. Shang, L., Petiton, S., Emad, N., et al: ‘YML-PC: a reference architecture based on workflow for building scientific private clouds’, in Antonopoulos, N., Gillam, L. (Eds): ‘Cloud Computing. Computer Communications and Networks’ (Springer, London, UK, 2010), pp. 145162.
    7. 7)
      • 25. Guo, Z., Hui, S., Xu, Y., et al: ‘Dynamic flow scheduling for power-efficient data center networks’. 2016 IEEE/ACM 24th Int. Symp. on Quality of Service (IWQoS), Beijing, People's Republic of China, 2016, pp. 110.
    8. 8)
      • 16. Carroll, T.E., Crouse, M., Fulp, E.W., et al: ‘Analysis of network address shuffling as a moving target defense’. 2014 IEEE Int. Conf. on Communications (ICC), Sydney, NSW, Australia, 2014, pp. 701706.
    9. 9)
      • 31. Wang, Y., Guo, Y., Guo, Z., et al: ‘Securing the intermediate data of scientific workflows in clouds with ACISO’, IEEE Access, 2019, 7, (1), pp. 126603126617.
    10. 10)
      • 33. Chen, W., Deelman, E.: ‘WorkflowSim: a toolkit for simulating scientific workflows in distributed environments’. IEEE Int. Conf. on E-Science, Chicago, IL, USA, 2013, pp. 18.
    11. 11)
      • 37. Liu, J., Wang, S., Zhou, A., et al: ‘Using proactive fault-tolerance approach to enhance cloud service reliability’, IEEE Trans. Cloud Comput., 2018, 6, pp. 11911202.
    12. 12)
      • 8. Zhao, Y., Li, Y., Raicu, I., et al: ‘Migrating scientific workflow management systems from the grid to the cloud’, in Li, X., Qiu, J. (Eds): ‘Cloud computing for data intensive applications’ (Springer, New York, NY, USA, 2014).
    13. 13)
      • 21. Zhou, A.C., He, B., Liu, C.: ‘Monetary cost optimizations for hosting workflow-as-a-service in Iaas clouds’, IEEE Trans. Cloud Comput., 2015, 4, (1), pp. 3448.
    14. 14)
      • 43. Deelman, E., Vahi, K., Juve, G.: ‘Pegasus, a workflow management system for science automation’, Future Gener. Comput. Syst., 2015, 46, pp. 1735.
    15. 15)
      • 34. Li, Z., Ge, J., Yang, H., et al: ‘A security and cost aware scheduling algorithm for heterogeneous tasks of scientific workflow in clouds’, Future Gener. Comput. Syst., 2016, 65, pp. 140152.
    16. 16)
      • 18. Zhu, Z., Zhang, G., Li, M., et al: ‘Evolutionary multi-objective workflow scheduling in cloud’, IEEE Trans. Parallel Distrib. Syst., 2015, 27, (5), pp. 13441357.
    17. 17)
      • 41. ILSVRC2012’. Available athttp://www.image-net.org/challenges/LSVRC/2012/.
    18. 18)
      • 42. Topcuouglu, H., Hariri, S., Wu, M.Y.: ‘Performance-effective and low-complexity task scheduling for heterogeneous computing’, IEEE Trans. Parallel Distrib. Syst., 2002, 13, (3), pp. 260274.
    19. 19)
      • 13. Zhuang, R., DeLoach, S.A., Ou, X.: ‘Towards a theory of moving target defense’. Proc. First ACM Workshop on Moving Target Defense, Scottsdale, AZ, USA, 2014, pp. 3140.
    20. 20)
      • 11. Zhang, Y., Juels, A., Reiter, M.K., et al: ‘Cross-tenant side-channel attacks in PaaS clouds’. Proc. ACM SIGSAC Conf. on Computer and Communications Security, Scottsdale, AZ, USA, 2014, pp. 9901003.
    21. 21)
      • 36. Wang, Y., Wu, J., Guo, Y., et al: ‘Scientific workflow execution system based on mimic defense in the cloud environment’, Front. Inf. Technol. Electron. Eng., 2018, 19, (12), pp. 15221536.
    22. 22)
      • 32. Zhao, Y., Li, Y., Raicu, I., et al: ‘Enabling scalable scientific workflow management in the cloud’, Future Gener. Comput. Syst., 2015, 46, (C), pp. 316.
    23. 23)
      • 2. Almorsy, M, Grundy, J, Müller, I.: ‘An analysis of the cloud computing security problem’, arXiv preprint arXiv:1609.01107, 2016.
    24. 24)
      • 6. Rodriguez, M.A., Buyya, R.: ‘A taxonomy and survey on scheduling algorithms for scientific workflows in IaaS cloud computing environments’, Concurrency Comput. Pract. Exp., 2017, 29, (8), pp. 123.
    25. 25)
      • 12. Wu, J., Lei, Z., Chen, S., et al: ‘An access control model for preventing virtual machine escape attack’, Fut. Internet, 2017, 9, (2), pp. 119.
    26. 26)
      • 38. Garcia, M, Bessani, A, Gashi, I, et al: ‘OS diversity for intrusion tolerance: myth or reality?’. 2011 IEEE/IFIP 41st Int. Conf. on Dependable Systems & Networks (DSN), Hong Kong, 2011, pp. 383394.
    27. 27)
      • 27. Yao, G., Ding, Y., Ren, L., et al: ‘An immune system-inspired rescheduling algorithm for workflow in cloud systems’, Knowl.-Based Syst., 2016, 99, (C), pp. 3950.
    28. 28)
      • 4. Chameleon Cloud’. Available athttps://www.chameleoncloud.org.
    29. 29)
      • 28. Yao, G., Ding, Y., Hao, K.: ‘Using imbalance characteristic for fault-tolerant workflow scheduling in cloud systems’, IEEE Trans. Parallel Distrib. Syst., 2017, 28, (12), pp. 36713683.
    30. 30)
      • 39. ‘CVE details website’. Available at http://www.cvedetails.com/.
    31. 31)
      • 14. Wright, M., Venkatesan, S., Albanese, M., et al: ‘Moving target defense against DDoS attacks: an Empirical game-theoretic analysis’. Proc. 2016 ACM Workshop on Moving Target Defense, Vienna, Austria, 2016, pp. 93104.
    32. 32)
      • 10. Wang, Z., Wu, J., Guo, Z., et al: ‘Secure virtual network embedding to mitigate the risk of covert channel attacks’. IEEE INFOCOM on Computer Communications Workshops, San Francisco, CA, USA, 2016, pp. 144145.
    33. 33)
      • 19. Wang, J., Korambath, P., Altintas, I., et al: ‘Workflow as a service in the cloud: architecture and scheduling algorithms’, Procedia Comput. Sci., 2014, 29, pp. 546556.
    34. 34)
      • 5. Yuan, D., Yang, Y., Liu, X., et al: ‘A data dependency based strategy for intermediate data storage in scientific cloud workflow systems’, Concurrency Comput. Pract. Exp., 2012, 24, (9), pp. 956976.
    35. 35)
      • 23. Lee, Y.C., Han, H., Zomaya, A.Y., et al: ‘Resource-efficient workflow scheduling in clouds’, Knowl.-Based Syst., 2015, 80, pp. 153162.
    36. 36)
      • 7. Lin, C., Lu, S., Fei, X., et al: ‘Architecture for scientific workflow management systems and the VIEW SOA solution’, IEEE Trans. Serv. Comput., 2009, 2, (1), pp. 7992.
    37. 37)
      • 26. Ding, Y., Yao, G., Hao, K.: ‘Fault-tolerant elastic scheduling algorithm for workflow in cloud systems’, Inf. Sci., 2017, 393, pp. 804809.
    38. 38)
      • 22. Zhou, X., Zhang, G., Sun, J., et al: ‘Minimizing cost and makespan for workflow scheduling in cloud using fuzzy dominance sort based HEFT’, Future Gener. Comput. Syst., 2019, 93, pp. 278289.
    39. 39)
      • 15. Xu, J., Guo, P., Zhao, M., et al: ‘Comparing different moving target defense techniques’. Proc. First ACM Workshop on Moving Target Defense, Scottsdale, AZ, USA, 2014, pp. 97107.
    40. 40)
      • 35. Narayana, K.S., Pasupuleti, S.K.: ‘Trusted model for virtual machine security in cloud computing’, in Pattnaik, P., Rautaray, S., Das, H., Nayak, J. (Eds): ‘Progress in computing, analytics and networking’ (Springer, Singapore, 2018), pp. 655665.
    41. 41)
      • 24. Xu, X., Dou, W., Zhang, X., et al: ‘Enreal: an energy-aware resource allocation method for scientific workflow executions in cloud environment’, IEEE Trans. Cloud Comput., 2015, 4, (2), pp. 166179.
    42. 42)
      • 17. Sousa, P., Bessani, A.N., Correia, M., et al: ‘Resilient intrusion tolerance through proactive and reactive recovery’. 13th Pacific Rim Int. Symp. on Dependable Computing (PRDC 2007), Melbourne, QLD, Australia, 2007, pp. 373380.
    43. 43)
      • 30. Chen, H., Zhu, X., Qiu, D., et al: ‘Scheduling for workflows with security-sensitive intermediate data by selective tasks duplication in clouds’, IEEE Trans. Parallel Distrib. Syst., 2017, 28, (9), pp. 26742688.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2018.5279
Loading

Related content

content/journals/10.1049/iet-ifs.2018.5279
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address