CLC number: TN915.08
On-line Access: 2024-08-27
Received: 2023-10-17
Revision Accepted: 2024-05-08
Crosschecked: 2018-12-17
Cited: 0
Clicked: 5854
Ya-wen Wang, Jiang-xing Wu, Yun-fei Guo, Hong-chao Hu, Wen-yan Liu, Guo-zhen Cheng. Scientific workflow execution system based on mimic defense in the cloud environment[J]. Frontiers of Information Technology & Electronic Engineering, 2018, 19(12): 1522-1536.
@article{title="Scientific workflow execution system based on mimic defense in the cloud environment",
author="Ya-wen Wang, Jiang-xing Wu, Yun-fei Guo, Hong-chao Hu, Wen-yan Liu, Guo-zhen Cheng",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="19",
number="12",
pages="1522-1536",
year="2018",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.1800621"
}
%0 Journal Article
%T Scientific workflow execution system based on mimic defense in the cloud environment
%A Ya-wen Wang
%A Jiang-xing Wu
%A Yun-fei Guo
%A Hong-chao Hu
%A Wen-yan Liu
%A Guo-zhen Cheng
%J Frontiers of Information Technology & Electronic Engineering
%V 19
%N 12
%P 1522-1536
%@ 2095-9184
%D 2018
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1800621
TY - JOUR
T1 - Scientific workflow execution system based on mimic defense in the cloud environment
A1 - Ya-wen Wang
A1 - Jiang-xing Wu
A1 - Yun-fei Guo
A1 - Hong-chao Hu
A1 - Wen-yan Liu
A1 - Guo-zhen Cheng
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 19
IS - 12
SP - 1522
EP - 1536
%@ 2095-9184
Y1 - 2018
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1800621
Abstract: With more large-scale scientific computing tasks being delivered to cloud computing platforms, cloud workflow systems are designed for managing and arranging these complicated tasks. However, multi-tenant coexistence service mode of cloud computing brings serious security risks, which will threaten the normal execution of cloud workflows. To strengthen the security of cloud workflows, a mimic cloud computing task execution system for scientific workflows is proposed. The idea of mimic defense contains mainly three aspects: heterogeneity, redundancy, and dynamics. For heterogeneity, the diversities of physical servers, hypervisors, and operating systems are integrated to build a robust system framework. For redundancy, each sub-task of the workflow will be executed simultaneously by multiple executors. Considering efficiency and security, a delayed decision mechanism is proposed to check the results of task execution. For dynamics, a dynamic task scheduling mechanism is devised for switching workflow execution environment and shortening the life cycle of executors, which can confuse the adversaries and purify task executors. Experimental results show that the proposed system can effectively strengthen the security of cloud workflow execution.
[1]Ainapure B, Shah D, Rao AA, 2018. Adaptive multilevel fuzzy-based authentication framework to mitigate cache side channel attack in cloud computing. Int J Model Simul Sci Comput, 9(5):1850045.
[2]Aktas MF, Haldeman G, Parashar M, 2014. Flexible scheduling and control of bandwidth and in-transit services for end-to-end application workflows. 4th IEEE Int Workshop on Network-Aware Data Management, p.28-31.
[3]Casas I, Taheri J, Ranjan R, et al., 2017. A balanced scheduler with data reuse and replication for scientific workflows in cloud computing systems. Fut Gener Comput Syst, 74: 168-178.
[4]Chen WW, Deelman E, 2012. Workflowsim: a toolkit for simulating scientific workflows in distributed environments. 8th IEEE Int Conf on E-Science, p.1-8.
[5]Deldari A, Naghibzadeh M, Abrishami S, 2017. CCA: a deadline-constrained workflow scheduling algorithm for multicore resources on the cloud. J Supercomput, 73(2): 756-781.
[6]Ding YS, Yao GS, Hao KR, 2017. Fault-tolerant elastic scheduling algorithm for workflow in cloud systems. Inform Sci, 393:47-65.
[7]Evans N, Thompson M, 2016. Multiple operating system rotation environment moving target defense. US Patent, 9 294 504.
[8]Garcia M, Bessani A, Gashi I, et al., 2011. OS diversity for intrusion tolerance: myth or reality? 41st IEEE Int Conf on Dependable Systems & Networks, p.383-394.
[9]Garcia M, Bessani A, Gashi I, et al., 2014. Analysis of operating system diversity for intrusion tolerance. Softw Pract Exp, 44(6):735-770.
[10]Grobauer B, Walloschek T, Stocker E, 2011. Understanding cloud computing vulnerabilities. IEEE Secur Priv, 9(2): 50-57.
[11]Guo MZ, Bhattacharya P, 2014. Diverse virtual replicas for improving intrusion tolerance in cloud. 9th Annual Cyber and Information Security Research Conf, p.41-44.
[12]Gupta I, Kumar MS, Jana PK, 2016. Compute-intensive workflow scheduling in multi-cloud environment. Int Conf on Advances in Computing, Communications and Informatics, p.315-321.
[13]Hu HC, Wang ZP, Cheng GZ, et al., 2017. MNOS: a mimic network operating system for software defined networks. IET Inform Secur, 11(6):345-355.
[14]Juve G, Deelman E, 2011. Scientific workflows in the cloud. In: Cafaro M, Aloisio G (Eds.), Grids, Clouds and Virtualization. Springer, London, p.71-91.
[15]Kallenberg C, Butterworth J, Kovah X, et al., 2013. Defeating Signed BIOS Enforcement. https://www.mitre.org/sites/default/files/publications/defeating-signed-bios-enforcement.pdf
[16]Lee YC, Han H, Zomaya AY, et al., 2015. Resource-efficient workflow scheduling in clouds. Knowl-Based Syst, 80: 153-162.
[17]Lv HW, Lin JY, Wang HQ, et al., 2015. Analyzing the service availability of mobile cloud computing systems by fluid- flow approximation. Front Inform Technol Electron Eng, 16(7):553-567.
[18]Pandey S, Wu LL, Guru SM, et al., 2010. A particle swarm optimization-based heuristic for scheduling workflow applications in cloud computing environments. 24th IEEE Int Conf on Advanced Information Networking and Applications, p.400-407.
[19]Peng W, Li F, Huang CT, et al., 2014. A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces. IEEE Int Conf on Communications, p.804-809.
[20]Platania M, Obenshain D, Tantillo T, et al., 2014. Towards a practical survivable intrusion tolerant replication system. 33rd IEEE Int Symp on Reliable Distributed Systems, p.242-252.
[21]Platania M, Obenshain D, Tantillo T, et al., 2016. On choosing server- or client-side solutions for BFT. ACM Comput Surv, 48(4), Article 61.
[22]Stewin P, Bystrov I, 2012. Understanding DMA malware. 9th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.21-41.
[23]Topcuoglu H, Hariri S, Wu MY, 2002. Performance-effective and low-complexity task scheduling for heterogeneous computing. IEEE Trans Parall Distrib Syst, 13(3): 260-274.
[24]Verma A, Mittal M, Chhabra B, 2017. The mutual authentication scheme to detect virtual side channel attack in cloud computing. Int J Comput Sci Inform Secur, 15(3):83-98.
[25]Wang JW, Korambath P, Altintas I, et al., 2014. Workflow as a service in the cloud: architecture and scheduling algorithms. Proc Comput Sci, 29:546-556.
[26]Wu J, Dong MX, Ota K, et al., 2018. Big data analysis-based secure cluster management for optimized control plane in software-defined networks. IEEE Trans Netw Serv Manag, 15(1):27-38.
[27]Yadav T, Rao AM, 2015. Technical aspects of cyber kill chain. 3rd Int Symp on Security in Computing and Communication, p.438-452.
[28]Yao GS, Ding YS, Ren LH, et al., 2016. An immune system- inspired rescheduling algorithm for workflow in cloud systems. Knowl-Based Syst, 99:39-50.
[29]Yao GS, Ding YS, Hao KR, 2017. Using imbalance characteristic for fault-tolerant workflow scheduling in cloud systems. IEEE Trans Parall Distrib Syst, 28(12):3671- 3683.
[30]Yuan D, Yang Y, Liu X, et al., 2012. A data dependency based strategy for intermediate data storage in scientific cloud workflow systems. Concurr Comput Pract Exp, 24(9): 956-976.
[31]Zheng ZB, Zhou TC, Lyu MR, et al., 2012. Component ranking for fault-tolerant cloud applications. IEEE Trans Serv Comput, 5(4):540-550.
Open peer comments: Debate/Discuss/Question/Opinion
<1>