摘要
With more large-scale scientific computing tasks being delivered to cloud computing platforms, cloud workflow systems are designed for managing and arranging these complicated tasks. However, multi-tenant coexistence service mode of cloud computing brings serious security risks, which will threaten the normal execution of cloud workflows. To strengthen the security of cloud workflows, a mimic cloud computing task execution system for scientific workflows is proposed. The idea of mimic defense contains mainly three aspects: heterogeneity, redundancy, and dynamics. For heterogeneity, the diversities of physical servers, hypervisors, and operating systems are integrated to build a robust system framework. For redundancy, each sub-task of the workflow will be executed simultaneously by multiple executors. Considering efficiency and security, a delayed decision mechanism is proposed to check the results of task execution. For dynamics, a dynamic task scheduling mechanism is devised for switching workflow execution environment and shortening the life cycle of executors, which can confuse the adversaries and purify task executors. Experimental results show that the proposed system can effectively strengthen the security of cloud workflow execution.
随着越来越多大规模科学计算任务交付云计算平台,云工作流系统被设计用于管理和安排这些复杂任务。然而,云计算中多租户共存服务模式存在严重安全风险,可能威胁云工作流的正常执行。为加强云工作流安全性,提出一种面向科学工作流的拟态云计算任务执行系统。拟态防御的思想主要涉及3个方面:异构性、冗余性和动态性。在异构性方面,集成物理服务器、管理器和操作系统的多样性以创建鲁棒的系统架构。在冗余性方面,工作流中每个子任务由多个执行体同时执行。综合考虑效率和安全性,提出滞后裁决机制检查任务执行结果。在动态性方面,设计动态任务调度机制切换工作流执行环境并缩短执行体生命周期,以混淆攻击者并净化任务执行体。实验结果表明,该系统有效增强了云工作流执行的安全性。
基金
Project supported by the National Natural Science Foundation of China(Nos.61521003 and 61602509)
the National Key Technologies R&D Program of China(Nos.2016YFB0800100 and 2016YFB0800101)
the Key Technologies R&D Program of Henan Province,China(No.172102210615)
