Abstract
With more large-scale scientific computing tasks being delivered to cloud computing platforms, cloud workflow systems are designed for managing and arranging these complicated tasks. However, multi-tenant coexistence service mode of cloud computing brings serious security risks, which will threaten the normal execution of cloud workflows. To strengthen the security of cloud workflows, a mimic cloud computing task execution system for scientific workflows is proposed. The idea of mimic defense contains mainly three aspects: heterogeneity, redundancy, and dynamics. For heterogeneity, the diversities of physical servers, hypervisors, and operating systems are integrated to build a robust system framework. For redundancy, each sub-task of the workflow will be executed simultaneously by multiple executors. Considering efficiency and security, a delayed decision mechanism is proposed to check the results of task execution. For dynamics, a dynamic task scheduling mechanism is devised for switching workflow execution environment and shortening the life cycle of executors, which can confuse the adversaries and purify task executors. Experimental results show that the proposed system can effectively strengthen the security of cloud workflow execution.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ainapure B, Shah D, Rao AA, 2018. Adaptive multilevel fuzzy–based authentication framework to mitigate cache side channel attack in cloud computing. Int J Model Simul Sci Comput, 9(5):1850045. https://doi.org/10.1142/S1793962318500459
Aktas MF, Haldeman G, Parashar M, 2014. Flexible scheduling and control of bandwidth and in–transit services for end–to–end application workflows. 4th IEEE Int Workshop on Network–Aware Data Management, p.28–31. https://doi.org/10.1109/NDM.2014.9
Casas I, Taheri J, Ranjan R, et al., 2017. A balanced scheduler with data reuse and replication for scientific workflows in cloud computing systems. Fut Gener Comput Syst, 74: 168–178. https://doi.org/10.1016/j.future.2015.12.005
Chen WW, Deelman E, 2012. Workflowsim: a toolkit for simulating scientific workflows in distributed environments. 8th IEEE Int Conf on E–Science, p.1–8. https://doi.org/10.1109/eScience.2012.6404430
Deldari A, Naghibzadeh M, Abrishami S, 2017. CCA: a deadline–constrained workflow scheduling algorithm for multicore resources on the cloud. J Supercomput, 73(2): 756–781. https://doi.org/10.1007/s11227-016-1789-5
Ding YS, Yao GS, Hao KR, 2017. Fault–tolerant elastic scheduling algorithm for workflow in cloud systems. Inform Sci, 393:47–65. https://doi.org/10.1016/j.ins.2017.01.035
Evans N, Thompson M, 2016. Multiple operating system rotation environment moving target defense. US Patent, 9 294 504.
Garcia M, Bessani A, Gashi I, et al., 2011. OS diversity for intrusion tolerance: myth or reality? 41st IEEE Int Conf on Dependable Systems & Networks, p.383–394. https://doi.org/10.1109/DSN.2011.5958251
Garcia M, Bessani A, Gashi I, et al., 2014. Analysis of operating system diversity for intrusion tolerance. Softw Pract Exp, 44(6):735–770. https://doi.org/10.1002/spe.2180
Grobauer B, Walloschek T, Stocker E, 2011. Understanding cloud computing vulnerabilities. IEEE Secur Priv, 9(2): 50–57. https://doi.org/10.1109/MSP.2010.115
Guo MZ, Bhattacharya P, 2014. Diverse virtual replicas for improving intrusion tolerance in cloud. 9th Annual Cyber and Information Security Research Conf, p.41–44. https://doi.org/10.1145/2602087.2602116
Gupta I, Kumar MS, Jana PK, 2016. Compute–intensive workflow scheduling in multi–cloud environment. Int Conf on Advances in Computing, Communications and Informatics, p.315–321. https://doi.org/10.1109/ICACCI.2016.7732066
Hu HC, Wang ZP, Cheng GZ, et al., 2017. MNOS: a mimic network operating system for software defined networks. IET Inform Secur, 11(6):345–355. https://doi.org/10.1049/iet-ifs.2017.0085
Juve G, Deelman E, 2011. Scientific workflows in the cloud. In: Cafaro M, Aloisio G (Eds.), Grids, Clouds and Virtualization. Springer, London, p.71–91. https://doi.org/10.1007/978-0-85729-049-6_4
Kallenberg C, Butterworth J, Kovah X, et al., 2013. Defeating Signed BIOS Enforcement. https://doi.org/www.mitre.org/sites/default/files/publications/defeating-signed-bios-enforcement.pdf
Lee YC, Han H, Zomaya AY, et al., 2015. Resource–efficient workflow scheduling in clouds. Knowl–Based Syst, 80: 153–162. https://doi.org/10.1016/j.knosys.2015.02.012
Lv HW, Lin JY, Wang HQ, et al., 2015. Analyzing the service availability of mobile cloud computing systems by fluidflow approximation. Front Inform Technol Electron Eng, 16(7):553–567. https://doi.org/10.1631/FITEE.1400410
Pandey S, Wu LL, Guru SM, et al., 2010. A particle swarm optimization–based heuristic for scheduling workflow applications in cloud computing environments. 24th IEEE Int Conf on Advanced Information Networking and Applications, p.400–407. https://doi.org/10.1109/AINA.2010.31
Peng W, Li F, Huang CT, et al., 2014. A moving–target defense strategy for Cloud–based services with heterogeneous and dynamic attack surfaces. IEEE Int Conf on Communications, p.804–809. https://doi.org/10.1109/ICC.2014.6883418
Platania M, Obenshain D, Tantillo T, et al., 2014. Towards a practical survivable intrusion tolerant replication system. 33rd IEEE Int Symp on Reliable Distributed Systems, p.242–252. https://doi.org/10.1109/SRDS.2014.16
Platania M, Obenshain D, Tantillo T, et al., 2016. On choosing server–or client–side solutions for BFT. ACM Comput Surv, 48(4), Article 61. https://doi.org/10.1145/2886780
Stewin P, Bystrov I, 2012. Understanding DMA malware. 9th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.21–41. https://doi.org/10.1007/978-3-642-37300-8_2
Topcuoglu H, Hariri S, Wu MY, 2002. Performance–effective and low–complexity task scheduling for heterogeneous computing. IEEE Trans Parall Distrib Syst, 13(3): 260–274. https://doi.org/10.1109/71.993206
Verma A, Mittal M, Chhabra B, 2017. The mutual authentication scheme to detect virtual side channel attack in cloud computing. Int J Comput Sci Inform Secur, 15(3):83–98.
Wang JW, Korambath P, Altintas I, et al., 2014. Workflow as a service in the cloud: architecture and scheduling algorithms. Proc Comput Sci, 29:546–556. https://doi.org/10.1016/j.procs.2014.05.049
Wu J, Dong MX, Ota K, et al., 2018. Big data analysis–based secure cluster management for optimized control plane in software–defined networks. IEEE Trans Netw Serv Manag, 15(1):27–38. https://doi.org/10.1109/TNSM.2018.2799000
Yadav T, Rao AM, 2015. Technical aspects of cyber kill chain. 3rd Int Symp on Security in Computing and Communication, p.438–452. https://doi.org/10.1007/978-3-319-22915-7_40
Yao GS, Ding YS, Ren LH, et al., 2016. An immune systeminspired rescheduling algorithm for workflow in cloud systems. Knowl–Based Syst, 99:39–50. https://doi.org/10.1016/j.knosys.2016.01.037
Yao GS, Ding YS, Hao KR, 2017. Using imbalance characteristic for fault–tolerant workflow scheduling in cloud systems. IEEE Trans Parall Distrib Syst, 28(12):3671–3683. https://doi.org/10.1109/TPDS.2017.2687923
Yuan D, Yang Y, Liu X, et al., 2012. A data dependency based strategy for intermediate data storage in scientific cloud workflow systems. Concurr Comput Pract Exp, 24(9): 956–976. https://doi.org/10.1002/cpe.1636
Zheng ZB, Zhou TC, Lyu MR, et al., 2012. Component ranking for fault–tolerant cloud applications. IEEE Trans Serv Comput, 5(4):540–550. https://doi.org/10.1109/TSC.2011.42
Author information
Authors and Affiliations
Corresponding author
Additional information
Project supported by the National Natural Science Foundation of China (Nos. 61521003 and 61602509), the National Key Technologies R&D Program of China (Nos. 2016YFB0800100 and 2016YFB0800101), and the Key Technologies R&D Program of Henan Province, China (No. 172102210615)
Rights and permissions
About this article
Cite this article
Wang, Yw., Wu, Jx., Guo, Yf. et al. Scientific workflow execution system based on mimic defense in the cloud environment. Frontiers Inf Technol Electronic Eng 19, 1522–1536 (2018). https://doi.org/10.1631/FITEE.1800621
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/FITEE.1800621