Abstract
The multi-tenant coexistence service mode makes the cloud-based scientific workflow encounter the risks of being intruded. For this problem, we propose a CLoud scientific wOrkflow SchedUling algoRithm based on attack–defensE game model (CLOSURE). In the algorithm, attacks based on different operating system vulnerabilities are regarded as different “attack” strategies; and different operating system distributions in a virtual machine cluster executing the workflows are regarded as different “defense” strategies. The information of the attacker and defender is not balanced. In other words, the defender cannot obtain the information about the attacker's strategies, while the attacker can acquire information about the defender's strategies through a network scan. Therefore, we propose to dynamically switch the defense strategies during the workflow execution, which can weaken the network scan effects and transform the workflow security problem into an attack–defense game problem. Then, the probability distribution of the optimal mixed defense strategies can be achieved by calculating the Nash Equilibrium in the attack–defense game model. Based on this probability, diverse VMs are provisioned for workflow execution. Furthermore, a task-VM mapping algorithm based on dynamic Heterogeneous Earliest Finish Time (HEFT) is presented to accelerate the defense strategy switching and improve workflow efficiency. The experiments are conducted on both simulation and actual environment, experimental results demonstrate that compared with other algorithms, the proposed algorithm can reduce the attacker's benefits by around 15.23%, and decrease the time costs of the algorithm by around 7.86%.
| Original language | English |
|---|---|
| Pages (from-to) | 460-474 |
| Number of pages | 15 |
| Journal | Future Generation Computer Systems |
| Volume | 111 |
| DOIs | |
| Publication status | Published - 6 Nov 2019 |
Bibliographical note
Funding Information:This work was supported in part by the National Key Research and Development Program of China under Grants Grant 2018YFB1003700 and 2018YFB0804004 , in part by the Beijing Institute of Technology Research Fund Program for Young Scholars , in part by the Foundation for Innovative Research Groups of National Natural Science Foundation of China under Grant 61521003 , and in part by the Beijing Natural Science Foundation under Grant Z170003 . Yawen Wang was born in Zhengzhou, Henan, China, in 1990. He received the B.S. and M.S. degrees in computer science and technology from the National Digital Switching System Engineering and Technological Research Center (NDSC), Zhengzhou, Henan, China, in 2013 and 2016, respectively. He is currently pursuing the Ph.D. degree in cyberspace security at NDSC. His research interests include cloud computing security and scientific workflow security. Yunfei Guo was born in Zhengzhou, Henan, China, in 1963. He received the B.S. and M.S. degrees in communication and information system from the Beijing Institute of Technology, Beijing, China Since 2000, he has been a Professor at National Digital Switching System Engineering and Technological Research Center (NDSC), Zhengzhou, Henan, China. He has authored three books, 18 patents, and more than 190 articles. His research interests include next generation the Internet, secure telecommunication, and cloud computing. Zehua Guo received the B.S. degree from Northwestern Polytechnical University, Xi’an, China, the M.S. degree from Xidian University, Xi’an, China, and the Ph.D. degree from Northwestern Polytechnical University. He was a Research Fellow with the Department of Electrical and Computer Engineering, New York University Tandon School of Engineering, New York, NY, USA, and a Research Associate with the Department of Computer Science and Engineering, University of Minnesota Twin Cities, Minneapolis, MN, USA. His research interests include software-defined networking, network function virtualization, data center network, cloud computing, content delivery network, network security, green network, machine learning, and Internet exchange. Dr. Guo is an Associate Editor for IEEE ACCESS and the EURASIP Journal on Wireless Communications and Networking (Springer), and an Editor for the KSII Transactions on Internet and Information Systems. He was the Session Chair for the IEEE International Conference on Communications 2018 and the Technical Program Committee Member of Computer Communications (Elsevier). Thar Baker is currently a Senior Lecturer in software systems engineering, the Head of the Computer Science Research Group, and a member of the Applied Computing Research Group, Liverpool John Moores University, U.K. He has published numerous referred research papers in multidisciplinary research areas including: Cloud Computing, algorithm design, SDN, and IoT. He has been actively involved as a member of editorial board and review committees for a number international journals and conferences. Wenyan Liu was born in Luyi, Henan, China, in 1986. He received the B.S. degree in information engineering, M.S. and Ph.D. in information and communication engineering from the National University of Defense Technology, China. Since 2014, he has been an assistant researcher at National Digital Switching System Engineering and Technological Research Center (NDSC), Zhengzhou, Henan, China. He has authored one book, 10 patents, and more than 20 articles. His research interests include active cyber defense and cloud computing security.
Publisher Copyright:
© 2019 Elsevier B.V.
Keywords
- Attack–defense game
- Diverse operating systems
- Moving target defense
- Scientific workflow
- Workflow scheduling