CLOSURE: A cloud scientific workflow scheduling algorithm based on attack–defense game model

The multi-tenant coexistence service mode makes the cloud-based scientific workflow encounter the risks of being intruded. For this problem, we propose a CLoud scientific wOrkflow SchedUling algoRithm based on attack–defensE game model (CLOSURE). In the algorithm, attacks based on different operatin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Future generation computer systems Jg. 111; S. 460 - 474
Hauptverfasser: Wang, Yawen, Guo, Yunfei, Guo, Zehua, Baker, Thar, Liu, Wenyan
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier B.V 01.10.2020
Schlagworte:
Attack–defense game
Diverse operating systems
Moving target defense
Scientific workflow
Workflow scheduling
Moving target defense
Attack–defense game
Scientific workflow
Workflow scheduling
Diverse operating systems
ISSN:0167-739X, 1872-7115
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The multi-tenant coexistence service mode makes the cloud-based scientific workflow encounter the risks of being intruded. For this problem, we propose a CLoud scientific wOrkflow SchedUling algoRithm based on attack–defensE game model (CLOSURE). In the algorithm, attacks based on different operating system vulnerabilities are regarded as different “attack” strategies; and different operating system distributions in a virtual machine cluster executing the workflows are regarded as different “defense” strategies. The information of the attacker and defender is not balanced. In other words, the defender cannot obtain the information about the attacker’s strategies, while the attacker can acquire information about the defender’s strategies through a network scan. Therefore, we propose to dynamically switch the defense strategies during the workflow execution, which can weaken the network scan effects and transform the workflow security problem into an attack–defense game problem. Then, the probability distribution of the optimal mixed defense strategies can be achieved by calculating the Nash Equilibrium in the attack–defense game model. Based on this probability, diverse VMs are provisioned for workflow execution. Furthermore, a task-VM mapping algorithm based on dynamic Heterogeneous Earliest Finish Time (HEFT) is presented to accelerate the defense strategy switching and improve workflow efficiency. The experiments are conducted on both simulation and actual environment, experimental results demonstrate that compared with other algorithms, the proposed algorithm can reduce the attacker’s benefits by around 15.23%, and decrease the time costs of the algorithm by around 7.86%. •Workflow scheduling is used as a defense method to secure cloud scientific workflows.•CLOSURE can weaken reconnaissance effects by switching defense strategies.•Dynamic HEFT is proposed to speed-up the switching period of defense strategies.•We built a prototype system based on OpenStack.
ISSN:0167-739X
1872-7115
DOI:10.1016/j.future.2019.11.003