Full Text:  <1868>

Summary:  <1515>

CLC number: TN915.08

On-line Access: 2019-01-07

Received: 2018-10-07

Revision Accepted: 2018-11-17

Crosschecked: 2018-12-17

Cited: 0

Clicked: 4973

Citations:  Bibtex RefMan EndNote GB/T7714

 ORCID:

Ya-wen Wang

http://orcid.org/0000-0003-4783-0450

-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering 

Accepted manuscript available online (unedited version)


Scientific workflow execution system based on mimic defense in the cloud environment


Author(s):  Ya-wen Wang, Jiang-xing Wu, Yun-fei Guo, Hong-chao Hu, Wen-yan Liu, Guo-zhen Cheng

Affiliation(s):  National Digital Switching System Engineering Technology Research Center, Zhengzhou 450002, China

Corresponding email(s):  JiangXing_WU_NDSC@163.com

Key Words:  Scientific workflow, Mimic defense, Cloud security, ntrusion tolerance


Share this article to: More <<< Previous Paper|Next Paper >>>

Ya-wen Wang, Jiang-xing Wu, Yun-fei Guo, Hong-chao Hu, Wen-yan Liu, Guo-zhen Cheng. Scientific workflow execution system based on mimic defense in the cloud environment[J]. Frontiers of Information Technology & Electronic Engineering,in press.https://doi.org/10.1631/FITEE.1800621

@article{title="Scientific workflow execution system based on mimic defense in the cloud environment",
author="Ya-wen Wang, Jiang-xing Wu, Yun-fei Guo, Hong-chao Hu, Wen-yan Liu, Guo-zhen Cheng",
journal="Frontiers of Information Technology & Electronic Engineering",
year="in press",
publisher="Zhejiang University Press & Springer",
doi="https://doi.org/10.1631/FITEE.1800621"
}

%0 Journal Article
%T Scientific workflow execution system based on mimic defense in the cloud environment
%A Ya-wen Wang
%A Jiang-xing Wu
%A Yun-fei Guo
%A Hong-chao Hu
%A Wen-yan Liu
%A Guo-zhen Cheng
%J Frontiers of Information Technology & Electronic Engineering
%P 1522-1536
%@ 2095-9184
%D in press
%I Zhejiang University Press & Springer
doi="https://doi.org/10.1631/FITEE.1800621"

TY - JOUR
T1 - Scientific workflow execution system based on mimic defense in the cloud environment
A1 - Ya-wen Wang
A1 - Jiang-xing Wu
A1 - Yun-fei Guo
A1 - Hong-chao Hu
A1 - Wen-yan Liu
A1 - Guo-zhen Cheng
J0 - Frontiers of Information Technology & Electronic Engineering
SP - 1522
EP - 1536
%@ 2095-9184
Y1 - in press
PB - Zhejiang University Press & Springer
ER -
doi="https://doi.org/10.1631/FITEE.1800621"


Abstract: 
With more large-scale scientific computing tasks being delivered to cloud computing platforms, cloud workflow systems are designed for managing and arranging these complicated tasks. However, multi-tenant coexistence service mode of cloud computing brings serious security risks, which will threaten the normal execution of cloud workflows. To strengthen the security of cloud workflows, a mimic cloud computing task execution system for scientific workflows is proposed. The idea of mimic defense contains mainly three aspects: heterogeneity, redundancy, and dynamics. For heterogeneity, the diversities of physical servers, hypervisors, and operating systems are integrated to build a robust system framework. For redundancy, each sub-task of the workflow will be executed simultaneously by multiple executors. Considering efficiency and security, a delayed decision mechanism is proposed to check the results of task execution. For dynamics, a dynamic task scheduling mechanism is devised for switching workflow execution environment and shortening the life cycle of executors, which can confuse the adversaries and purify task executors. Experimental results show that the proposed system can effectively strengthen the security of cloud workflow execution.

云环境下基于拟态防御的科学工作流执行系统

摘要:随着越来越多大规模科学计算任务交付云计算平台,云工作流系统被设计用于管理和安排这些复杂任务。然而,云计算中多租户共存服务模式存在严重安全风险,可能威胁云工作流的正常执行。为加强云工作流安全性,提出一种面向科学工作流的拟态云计算任务执行系统。拟态防御的思想主要涉及3个方面:异构性、冗余性和动态性。在异构性方面,集成物理服务器、管理器和操作系统的多样性以创建鲁棒的系统架构。在冗余性方面,工作流中每个子任务由多个执行体同时执行。综合考虑效率和安全性,提出滞后裁决机制检查任务执行结果。在动态性方面,设计动态任务调度机制切换工作流执行环境并缩短执行体生命周期,以混淆攻击者并净化任务执行体。实验结果表明,该系统有效增强了云工作流执行的安全性。

关键词组:科学工作流;拟态防御;云安全;入侵容忍

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Reference

[1]Ainapure B, Shah D, Rao AA, 2018. Adaptive multilevel fuzzy-based authentication framework to mitigate cache side channel attack in cloud computing. Int J Model Simul Sci Comput, 9(5):1850045.

[2]Aktas MF, Haldeman G, Parashar M, 2014. Flexible scheduling and control of bandwidth and in-transit services for end-to-end application workflows. 4th IEEE Int Workshop on Network-Aware Data Management, p.28-31.

[3]Casas I, Taheri J, Ranjan R, et al., 2017. A balanced scheduler with data reuse and replication for scientific workflows in cloud computing systems. Fut Gener Comput Syst, 74: 168-178.

[4]Chen WW, Deelman E, 2012. Workflowsim: a toolkit for simulating scientific workflows in distributed environments. 8th IEEE Int Conf on E-Science, p.1-8.

[5]Deldari A, Naghibzadeh M, Abrishami S, 2017. CCA: a deadline-constrained workflow scheduling algorithm for multicore resources on the cloud. J Supercomput, 73(2): 756-781.

[6]Ding YS, Yao GS, Hao KR, 2017. Fault-tolerant elastic scheduling algorithm for workflow in cloud systems. Inform Sci, 393:47-65.

[7]Evans N, Thompson M, 2016. Multiple operating system rotation environment moving target defense. US Patent, 9 294 504.

[8]Garcia M, Bessani A, Gashi I, et al., 2011. OS diversity for intrusion tolerance: myth or reality? 41st IEEE Int Conf on Dependable Systems & Networks, p.383-394.

[9]Garcia M, Bessani A, Gashi I, et al., 2014. Analysis of operating system diversity for intrusion tolerance. Softw Pract Exp, 44(6):735-770.

[10]Grobauer B, Walloschek T, Stocker E, 2011. Understanding cloud computing vulnerabilities. IEEE Secur Priv, 9(2): 50-57.

[11]Guo MZ, Bhattacharya P, 2014. Diverse virtual replicas for improving intrusion tolerance in cloud. 9th Annual Cyber and Information Security Research Conf, p.41-44.

[12]Gupta I, Kumar MS, Jana PK, 2016. Compute-intensive workflow scheduling in multi-cloud environment. Int Conf on Advances in Computing, Communications and Informatics, p.315-321.

[13]Hu HC, Wang ZP, Cheng GZ, et al., 2017. MNOS: a mimic network operating system for software defined networks. IET Inform Secur, 11(6):345-355.

[14]Juve G, Deelman E, 2011. Scientific workflows in the cloud. In: Cafaro M, Aloisio G (Eds.), Grids, Clouds and Virtualization. Springer, London, p.71-91.

[15]Kallenberg C, Butterworth J, Kovah X, et al., 2013. Defeating Signed BIOS Enforcement. https://www.mitre.org/sites/default/files/publications/defeating-signed-bios-enforcement.pdf

[16]Lee YC, Han H, Zomaya AY, et al., 2015. Resource-efficient workflow scheduling in clouds. Knowl-Based Syst, 80: 153-162.

[17]Lv HW, Lin JY, Wang HQ, et al., 2015. Analyzing the service availability of mobile cloud computing systems by fluid- flow approximation. Front Inform Technol Electron Eng, 16(7):553-567.

[18]Pandey S, Wu LL, Guru SM, et al., 2010. A particle swarm optimization-based heuristic for scheduling workflow applications in cloud computing environments. 24th IEEE Int Conf on Advanced Information Networking and Applications, p.400-407.

[19]Peng W, Li F, Huang CT, et al., 2014. A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces. IEEE Int Conf on Communications, p.804-809.

[20]Platania M, Obenshain D, Tantillo T, et al., 2014. Towards a practical survivable intrusion tolerant replication system. 33rd IEEE Int Symp on Reliable Distributed Systems, p.242-252.

[21]Platania M, Obenshain D, Tantillo T, et al., 2016. On choosing server- or client-side solutions for BFT. ACM Comput Surv, 48(4), Article 61.

[22]Stewin P, Bystrov I, 2012. Understanding DMA malware. 9th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.21-41.

[23]Topcuoglu H, Hariri S, Wu MY, 2002. Performance-effective and low-complexity task scheduling for heterogeneous computing. IEEE Trans Parall Distrib Syst, 13(3): 260-274.

[24]Verma A, Mittal M, Chhabra B, 2017. The mutual authentication scheme to detect virtual side channel attack in cloud computing. Int J Comput Sci Inform Secur, 15(3):83-98.

[25]Wang JW, Korambath P, Altintas I, et al., 2014. Workflow as a service in the cloud: architecture and scheduling algorithms. Proc Comput Sci, 29:546-556.

[26]Wu J, Dong MX, Ota K, et al., 2018. Big data analysis-based secure cluster management for optimized control plane in software-defined networks. IEEE Trans Netw Serv Manag, 15(1):27-38.

[27]Yadav T, Rao AM, 2015. Technical aspects of cyber kill chain. 3rd Int Symp on Security in Computing and Communication, p.438-452.

[28]Yao GS, Ding YS, Ren LH, et al., 2016. An immune system- inspired rescheduling algorithm for workflow in cloud systems. Knowl-Based Syst, 99:39-50.

[29]Yao GS, Ding YS, Hao KR, 2017. Using imbalance characteristic for fault-tolerant workflow scheduling in cloud systems. IEEE Trans Parall Distrib Syst, 28(12):3671- 3683.

[30]Yuan D, Yang Y, Liu X, et al., 2012. A data dependency based strategy for intermediate data storage in scientific cloud workflow systems. Concurr Comput Pract Exp, 24(9): 956-976.

[31]Zheng ZB, Zhou TC, Lyu MR, et al., 2012. Component ranking for fault-tolerant cloud applications. IEEE Trans Serv Comput, 5(4):540-550.

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Please provide your name, email address and a comment





Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2024 Journal of Zhejiang University-SCIENCE