Security-Aware Scheduling for Real-Time Parallel Applications on Clusters   Xiao Qin
Clusters
The PrairieFire Cluster at the University of Nebraska-Lincoln
Parallel Applications on Clusters
Security-Sensitive Real-Time Applications Online Transaction Stock Trading
Common Threats and Security Services <ul><li>Snooping </li></ul><ul><li>Alteration </li></ul><ul><li>Spoofing </li></ul>Co...
Scheduling Plays a Key Role <ul><li>Conventional scheduling algorithms are  inadequate  for security-sensitive real-time a...
Motivation Improve  Utilization Keep Load-Balancing Support Scalability Promote  Throughput Enable Security Awareness Redu...
Security-Aware System Architecture        OS Hardware Platform interface Platform interface OS Hardware Middleware Serv...
Quality of Security Control Manager -  QSCM Module Low Level Security Service APIs Application Task Application Task Appli...
Task Submission Structure DEFINE Task : flight_control { Input = (altitude: 1230, heading: 35, …); Output = (takeoff_dista...
Security Overhead Model <ul><li>Security is achieved at the cost of performance degradation </li></ul>P S Security Overhea...
Cryptographic Algorithms for Confidentiality Service 21.09 1.00 Rijndael 29.35 0.72 RC5 33.75 0.63 Knufu/Khafre 37.5 0.56 ...
Hash Functions for Integrity Service 4.36 1.00 Tiger 5.69 0.77 RIPEMD-160 6.88 0.63 SHA-1 9.73 0.45 RIPEMD-128 12.00 0.36 ...
Authentication Methods 163 0.9 CBC-MAC-AES 148 0.6 HMAC-SHA-1 90 0.3 HMAC-MD5 Computation Time (ms) Security Level Authent...
System Model   Rejected  Queue Dispatch Queue TAPADS Local Queue N 1 N 2 N m User  p User 2 User 1 Schedule Queue Admissio...
Parallel Application <ul><li>A single application (job) that has multiple processes that run concurrently  </li></ul>t1 t1...
Task Model <ul><li>Deadline Constraints </li></ul><ul><li>Security Constraints </li></ul><ul><li>Precedence Constraints </...
Directed Acyclic Graphs  (DAG) <ul><li>a parallel application is defined as a vector  (T, E, d) </li></ul><ul><li>T :  {t ...
A Task <ul><li>A task  t i  = (e i , l i , S i ) </li></ul><ul><li>e i  :execution time </li></ul><ul><li>l i  : amount of...
A DAG 10Sec., 500KB,  { [0.3,0.6],  [0.4,0.8],  [0.5,0.9] }  10KB,  { [0.4,0.8],  [0.5,0.9] }  e2 t1 t4 t9 t8 t3 t2 t11 t5...
Befpre Security Optimization PE3 Link PE1 Link PE2 deadline Slack Time t 6 t 8 t 9 e 5 e 7 e 9 t 1 t 10 t 7 t 4 t 3 t 2 e ...
After Security Optimization t 10 t 4 t 3 t 2 t 1 e 4 e 10 t 11 t 5 e 5 t 6 e 7 t 8 t 9 t 7 deadline 0  2  4  6  8  10  12 ...
Security Requirements for A Task T i S i  = (  ,…,  ,…,  ) Security level range of the  j  th security service  for task T...
Security Benefits Gained by Task T i Weight of the  j  th security service for task T i Security level of the  j  th secur...
Weights of Security Services > >
Security Benefits Gained by A Task Set    n i i SL 1 SL ) ( T The task set s ) (
Optimize Security Benefit of An Application   maximize subject to: i k SL 1 1 k s i The task set        n q k i k i...
Security Requirements of Message ( t i , t j )  The required  security level range of the  p  th security service   i j ( ...
Security Benefits Gained by One Message  ( t i , t j )  Security level of the  k  th security service   and
Security Benefits Gained by A Message Set .
Optimize Security Benefit of Message Set maximize subject to  The message set
Security Benefit of A Parallel Application The message set The task set Security Value
The TAPADS Task Allocation Algorithm Compute the critical path Slack time= d – f Allocate all  ti   subject to  minimal se...
Time Complexity of TAPADS The time complexity of TAPADS is  O(k(q|V|+p|E|)) where  k  : the number of times  Step 7  is re...
Performance Evaluation  <ul><li>LISTMIN :  Selects the  lowest  security level of each security service required by each t...
Experimental Parameters 0.2 (authentication), 0.5 (encryption), 0.3 (integrity) Weight of security services (min, top, max...
Performance Metrics <ul><li>Security Value   </li></ul><ul><li>Schedulability : a fraction of total submitted jobs that ar...
Experiment One: Overall Performance <ul><li>One job with  433 tasks </li></ul><ul><li>32 nodes in a cluster </li></ul><ul>...
Overall Performance Comparisons(1)
Overall Performance Comparisons(2) Improvement 97.7%   Improvement25 %
Overall Performance Comparisons(3) Improvement54 .5%   Improvement25.7 %
Experiment Two:  Adaptability <ul><li>1000 diverse task graphs (54 tasks ~ 543 tasks) </li></ul><ul><li>4 deadline ranges ...
Adaptability(1) TAPADS ties  with LISTMIN LISTMAX is the worst
Adaptability(2) TAPADS is  always the best TAPADS outperforms  LISTMAX significantly TAPADS outperforms  LISTMAX significa...
Adaptability(3) TAPADS noticeably  outperforms all others
Experiment Three:  Scalability  <ul><li>32 ~ 256 nodes in a cluster </li></ul><ul><li>A task graph with 520 tasks (nodes) ...
Scalability
Experiment Four: Degree of Task Parallelism <ul><li>A parallel application with 1074 tasks   </li></ul><ul><li>Deadline is...
Sensitivity to Degree of Task Parallelism
Experiment Five: Security Sensitive Data Size <ul><li>Size of security sensitive data is in a triangle distribution </li><...
Impact of Size of Security Sensitive Data
Evaluation in Digital Signal Processing (1) (a) Guarantee factor   (b)  Security value   (c) QSA   Performance impact of d...
Evaluation in Digital Signal Processing (2) ( a )  Security value   ( b ) QSA   (c) Job completion time Performance impact...
Conclusions <ul><li>TAPADS can generate optimal allocations that maximize quality of security for parallel applications ru...
Ph.D. Dissertation Projects <ul><li>Mais Nijim [Summer 2007] </li></ul><ul><ul><ul><ul><ul><li>Adaptive quality of securit...
Questions?
Real-Time Stock Quote System
Some Typical Security Levels  <ul><li>Routing + message security </li></ul><ul><li>Routing + SSL </li></ul><ul><li>Routing...
Related Work <ul><li>[Hou&Shin] A task allocation scheme to schedule periodic tasks with  precedence constraints  in distr...
Future Work   <ul><li>Extend our security overhead models to multi-dimensional computing resources   </li></ul><ul><li>Acc...
Selected Journal Publications  <ul><li>X. Qin  and T. Xie, “Allocation of Tasks with Availability Constraints in Heterogen...
Selected Conferences Publications <ul><li>X. Qin , M. Alghamdi, M. Nijim, and Z.-L. Zong, “Scheduling of Periodic Packets ...
Selected Conferences Publications (cont.) <ul><li>M. Nijim,  X. Qin , T. Xie, and M. Alghamdi, “Awards: An Adaptive Write ...
Adaptive Quality of Security Control  in Storage Systems   Xiao Qin
Outline <ul><li>Introduction to Storage Systems </li></ul><ul><li>Local Disk Systems </li></ul><ul><li>Parallel Disk Syste...
Data-Intensive Applications Video Surveillance Digital Libraries Radio Astronomy Observatory
Data-Intensive Applications (Cont.) long running simulations  remote-sensing database systems  biological sequence analysis
Motivation <ul><li>Existing storage systems fail to meet the security requirements of modern data- intensive applications ...
Common Threats and Security Services <ul><li>Snooping </li></ul><ul><li>Alteration </li></ul><ul><li>Spoofing </li></ul>Co...
<ul><li>Cache Partitioning Scheme </li></ul>Topics <ul><li>Security-Aware Local Disk Systems </li></ul><ul><li>Adaptive Qu...
System model of a Data Grid
Quality of Security Framework for Disk Systems
Security-Aware Local Disk Systems
Contributions <ul><li>A Security-Aware Adaptive Write Strategy (AWARDS) for Local Disk Systems  </li></ul><ul><li>AWARDS c...
The Architecture of AWARDS Security Service 1 Security Service m Adaptive Security Service Controller Disk Request Schedul...
Modeling Disk Requests <ul><li>Each disk request specifies  quality of service  requirement </li></ul><ul><li>A  security ...
<ul><li>Quality of security for each security service is measured by a  security level </li></ul><ul><li>For example:  </l...
<ul><li>r = (o, a, d, s, t) </li></ul><ul><li>o:  type of the request </li></ul><ul><li>a:  disk address </li></ul><ul><li...
Modeling Disk Requests (Cont.) Security Level Disk Request Desired response time Real response time Subject to Maximize
Security Overhead Model <ul><li>Eight encryption algorithms </li></ul><ul><li>In accordance with the cryptographic algorit...
The AWARDS Strategy <ul><li>To aim  at improving the quality of security for local disks (i.e.,  to  increase the security...
Example Sl = 0.1 Sl = 0.3 Sl = 0.2 Security level of  r 1  = 0.8 Response time  =17.7 ms Security level of  r 1  = 0.7 Res...
<ul><li>The AWARDS Algorithm </li></ul>
Start Insert  r i   into Q For each  r i  in  Q Initialize Security Level Sl < 1.0 For each r i  in the Q Sl = Sl + 0.1 Fo...
Property of AWARDS <ul><li>If the security level r i  is increased by 0.1, the following conditions must hold. </li></ul><...
Estimated Start Time (es)
Experimental Result <ul><li>Disk Parameters </li></ul>IBM Ultrastar 36Z15  Size 18.4 GB RPM 15000 Seek Time, T seek 7.18 m...
Experimental Result <ul><li>Workload Configurations </li></ul>Parameter Value (Fixed) - (Varied) Disk Bandwidth 30MB/Sec. ...
Performance Metrics <ul><li>Satisfied ratio : a fraction of total arrived disk requests that are found to be finished befo...
Impact of Arrival Rate Improvement138.2 %   Improvement125.6 %
Impact of Data Size
Impact of Disk Bandwidth
Sparse Cholesky Desired response time
Lu Decomposition Desired response time
Sparse Cholesky Bandwidth
Lu Decomposition Bandwidth
Adaptive Quality of Security Control  in Parallel Disk Systems
Parallel Disk Systems
Motivation <ul><li>Existing parallel disk systems lack the means to adaptively control quality of security for  dynamicall...
Contributions <ul><li>ASPAD  aims to adapt  to changing security requirements and workload conditions </li></ul><ul><li>AS...
Disk 1 Disk 2 Disk m Adaptive Security  Quality Controller Data Partitioning mechanism Security Service Middleware Securit...
Quality of Security <ul><li>The quality of security for each security service is measured by security level. </li></ul><ul...
Modeling Quality of Security Security level of the jth stripe unit of r i Parallelism degree No. of disks
Modeling Quality of Security (Cont.)
Optimize Quality of Security <ul><li>To maximize  security benefit  of the parallel disk system </li></ul>Maximize Where  ...
Optimize Quality of Security (Cont.) <ul><li>The response time of all stripe unit in request  r i  must be smaller than th...
The ASPAD Framework <ul><li>Data Partitioning </li></ul><ul><li>Response time estimator </li></ul><ul><li>Adaptive Quality...
Data Partitioning <ul><li>Determine the optimal parallelism degree for disk request </li></ul><ul><li>Reduces the response...
Data Partitioning (cont.) <ul><li>Expected disk service time </li></ul>Where  Expected values of seek time, rotational tim...
Data Partitioning (cont.)  Scheuermann et al., VLDB98 Where C: number of cylinders on disk a, b : two disk type independen...
Data Partitioning (cont.) <ul><li>The expected value of rotation time </li></ul><ul><li>The expected transfer time </li></ul>
Data Partitioning (cont.)   Scheuermann et al., VLDB98 <ul><li>Expected disk service time </li></ul><ul><li>Parallelism de...
Estimate Response Time <ul><li>Estimate the maximum response time of a disk request </li></ul><ul><li>Response time is the...
Estimate Response Time (cont.) <ul><li>The response time of a disk request is: </li></ul>p : is the parallelism degree : r...
<ul><li>The ASPAD Algorithm </li></ul>
Start Insert r into Q For each r in Q Calculate  p i  of  r i Partition ri into pi stripe unit For each stripe unit Initia...
Property of  ASPAD <ul><li>With respect to the  i th request, the following two conditions must hold if the  j th stripe u...
Experimental Results a) data size is 100KB and P = 3
Impact of Arrival Rate ASPAD is  always the best a) data size is 100KB and P = 3
Impact of Parallelism Degree ASPAD noticeably  outperforms the other   Add more slides for results!!! The impact of the pa...
A Caching Strategy to Improve Security of Cluster Storage Systems
Security Service 1 Security Service m Cache  (Volatile/Non-volatile memory) Adaptive Security Service Controller Security-...
Cache Partitioning <ul><li>The entire cache of the cluster storage system is divided into separate partitions, one for eac...
Total cache size is the partition size of the  d th disk
 
Conclusion <ul><li>AWARDS and ASPAD maximize the quality of security for local and parallel disk system </li></ul><ul><li>...
Future Work <ul><li>Security-Aware Load Balancing   </li></ul><ul><li>Energy-Efficient Mobile Storage Systems </li></ul>
<ul><li>StReD : A Quality of Security Framework for Storage Resources in Data Grids.  M. Nijim , Z.-L. Zong, and X. Qin,  ...
<ul><li>Awards: An Adaptive Write Scheme for Secure Local Disk Systems . M. Nijim , X. Qin, T. Xie, and M. Alghamdi,  Proc...
Questions?
AWARDS Complexity <ul><li>The complexity of AWARDS is  O(n 2 )  </li></ul><ul><li>Proof  : To increase the security level ...
Download the presentation slides http://www.slideshare.net/xqin74 Google:  slideshare Xiao Qin
Complexity of ASPAD <ul><li>The time complexity is  O(n 2 p) </li></ul><ul><ul><li>P: the maximum parallelism degree </li>...
Upcoming SlideShare
Loading in …5
×

Security-Aware Scheduling for Real-Time Parallel Applications on Clusters

1,420 views
1,313 views

Published on

Outline:
1. Motivation
Problem Statement
Motivations
2. A Security-Aware Middleware Model
Architecture of the Security Middleware Model
Quality of Security Control Manager
Security Service Requirements Specification
3. Security Overhead Models
Confidentiality Overhead
Integrity Overhead
Authentication Overhead
4. A Task Allocation Scheme
Mathematical Models
System Models
Task Models
The TAPADS Task Allocation Scheme
Performance Evaluation
5. Improving Security for Local Disk Systems
Motivation
Architecture and Disk Requests with Security Requirements
An Adaptive Write Strategy
Performance Evaluation
Synthetic Benchmarks
Real I/O-Intensive Applications
6. Quality of Security Adaptation for Cluster Storage Systems
System Architecture
The Framework
Data Partitioning
Estimating Response Times
The Quality of Security Control Algorithm
Performance Evaluation
7. Conclusions

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,420
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
55
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Lead in: Parallel applications are running on parallel computers or supercomputers. Structure commonly connected through fast local area networks Goal usually deployed to improve speed and/or reliability over that provided by a single computer Benefit cost-effective than single computer of comparable speed or reliability Myrinet and Infiniband
  • biological sequence analysis Radio Astronomy Observatory
  • A variety of real-time applications running on clusters require security protections Mention: real-time
  • Lead in: Threat is a potential violation of security Three services counter threats to the security of a system. Snooping: the unauthorized interception of information Alternation: an unauthorized change of information Spoofing: an impersonation of one entity by another.
  • The Goal of This Work: Developing and evaluating new scheduling mechanisms and algorithms for applications with timing and security constraints on clusters Drawbacks of current scheduling schemes Consider security without addressing timing constraints OR Consider real-time requirements without addressing security. To achieve high security for clusters while making the best effort to guarantee timing constraints.
  • Existing cluster computing systems lack the means to adaptively control quality of security for dynamically changing workloads To develop an adaptive quality of security control scheme for real-time applications running on clusters
  • One-two minutes!!! From bottom to up User Interface Framework Low-level Security Service APIs Quality of Security Control Manager ( QSCM ) Security Middleware Services
  • Global Security Optimization can migrate tasks to a remote cluster if local cluster cannot satisfy the security and timing constraints of a local task. In this research, I only focused on local security optimization.
  • SEAL&lt;RC4&lt;Blowfish&lt;Knufu/Khafre&lt;RC5&lt;Rijndael&lt;DES&lt;IDEA (?) AES(Rijndael)&gt;SEAL&gt;3DES&gt;RC5&gt;DES DES, 1 hour SEAL Explain security level and their speed (performance): In accordance to the cryptographic algorithms’ performance, each algorithm is assigned a corresponding security level in the range from 0.08 to 1. For example, we assign security level 1 to the strongest yet slowest encryption algorithm IDEA. Take SEAL and 3DES as examples to explain why we assign 0.9 for 3DES. DES (Data Encryption Standard): 1970s, 56-bit key, the strength is 2 55 (two to the 55 th power) TDES (Triple DES): 1974, the strength is 2 80 , It is three times slower than regular DES but more secure if used properly. IDEA (International Data Encryption Algorithm): 1992, the strength is 2 128
  • MD4: 1990, 128-bit hash value MD5: 1991, 128-bit hash value SHA-1: 1994, 160-bit hash value MD4 &lt; MD5 &lt; SHA-1 RIPEMD: 1992, 128-bit hash value RIPEMD128: RIPEMD160: 1996, 160-bit hash value RIPEMD &lt; RIPEMD128 &lt; RIPEMD160 Tiger: 1996, 192-bit hash value
  • Generally each process will run on a different processor Typically a parallel job would employ a message passing interface, such as MPI, to pass data between the processes
  • Originally, admission controller only meets each accepted task’s minimal security requirements and deadline;
  • This is a general security requirement expression, which includes q different security services; In this work, I only considered three Commonly used security services, namely, confidentiality, integrity, and authentication
  • The weight of a security service reflects its priority in a particular application domain. For example, in military applications, usually confidentiality is more important than integrity, thus, users can assign weight 0.7 for confidentiality and 0.3 for integrity; In other hand, in commercial banking system, integrity is more important than confidentiality; In this case, users can assign 0.7 for integrity and 0.3 for confidentiality; Add one more slide to show the priorities of different services.
  • Lead in: move forward; in order to improve security of applications, we need a way of measuring quality of security.
  • Task Allocation for Parallel Applications with Deadline and Security Constraints The TAPADS algorithm is outlined in Figure 2. TAPADS aims at achieving high quality of security under two conditions: (1) increasing security levels will not result in missing deadlines; and (2) precedence constraints are satisfied. In an effort to meet both deadline and precedence constraints, TAPADS assigns the tasks to each node in a way to maximize security measured as . Thus, TAPADS is capable of maintaining a high schedulability measured as .
  • Need to mention message as well. This three algorithms are variants of a well-known algorithm : List
  • The parameters of nodes in the clusters are chosen to resemble real-world workstations like Sun SPARC-20 and Sun Ultra 10 All synthetic parallel jobs used from Section 6.2 to Section 6.7 were created by TGFF [9], a randomized task graph generator.
  • To evaluate quality of security for parallel applications , we derive in this section the probability that all tasks and messages remain risk-free during the course of execution. Pc(x) is the probability that all tasks are free from being attacked ; PL(x) is the probability that all messages are free from being attacked; Psc(x) is the probability that all tasks and messages remain risk-free during the course of execution.
  • We tested one DAG (job) with 433 tasks on a cluster with 32 nodes ; three circles ( 170 second, 260 second and 575 second )
  • Circle the three points, one trend (an arrow) and three circles; The results clearly indicate that applications can gain more performance benefits from our TAPADS approach under the circumstance that real-time applications have relatively tight deadlines.
  • The first observation deduced from Figure 3(c) is that the quality of security of TAPADS increases with the deadline. This is because quality of security is partially derived from SV (see Equations 25 and 29), which becomes higher when the deadlines are looser. A second observation is that the performance improvement of TAPADS in terms of quality of security is not as pronounced as the performance improvement in terms of security value compared with LISTMIN algorithm. This can be explained by the negative natural exponential function (see Equations 22 and 26), which smooths the security value differences between LISTMIN and TAPADS.
  • We conducted four groups of experiments to test the performance of TAPADS using 1000 diverse task graphs. The smallest task graph has 54 tasks, and the largest task graph consists of 543 tasks. We assume that the number of nodes in the cluster is 32. For each group test, we set a deadline range from which a deadline is randomly selected for an incoming parallel job. The four deadline ranges for the four group experiments are [100, 200], [200, 300], [300, 400] and [400, 500], respectively.
  • Multiple DAGs, (1) TAPADS and LISTMIN deliver the best performance in schedulability under all four cases
  • Three observations among which the second one is interesting.
  • t he improvement of TAPADS over LISTMIN becomes more prominent with the increasing value of the node number. This result can be explained by the conservative nature of LISTMIN, which simply meets the minimal security requirements for parallel applications on the cluster. (2) LISTMAX can achieve the same performance as TAPADS when there are 256 nodes in the cluster. This is because LISTMAX can guarantee the maximal security requirements of the parallel jobs when more nodes are available in the cluster. (3) all the four algorithms can finish the job in a shorter time period when there is large number of available nodes; (4) TAPADS has the same performance in complete time as that of LISTMIN.
  • To verify the performance impact of degree of task parallelism, we evaluate the performance as functions of maximal number of out degree in task graphs. We define the degree of task parallelism of a task graph as the maximal possible out degree numbers in the graph TAPADS is the only algorithm that can continuously improve its performance in security value and quality of security with the increasing value of task parallelism The important conclusion drawn from this experiment is that TAPADS can gain greater performance improvement when a parallel application has a higher degree of parallelism
  • Firstly, when the security sensitive data size varies from config1 to config4, the security value of TAPADS drops, while those of LISTMIN and LISTRND remain the same Secondly, the quality of security for LISTMIN and LISTRND decreases when the size of security sensitive data goes up, although their security values keep unchanged. This interesting phenomena can be explained by Equations 25 and 29, which indicate long execution and communication times lower QSA values. Lastly, Figure 7(c) illustrates that the increasing size of security sensitive data enlarges the job completion time.
  • To validate the results from the synthetic simulations above, we evaluate the TAPADS algorithm in a real system – digital signal processing system (1) Performance patterns plotted in Figure 9 are similar to those reported in Section 6.2 (see Figure 3), thereby verifying that TAPADS can gain performance improvements for a real application.
  • Figure 10 shows that at least 12 nodes are required to make feasible scheduling decisions for the DSP application In summary, the strength of TAPADS can be fully exhibited when the application has a relatively tight deadline. When the deadline is extremely loose, TAPADS degrades to LISTMAX. The implication is that TAPADS can significantly improve security for real-time applications without increasing hardware cost. The results discussed in this subsection can be envisioned as a strong validation of our previous simulations. The salient feature of TAPADS is that it can be successfully deployed to secure real-time parallel applications on clusters.
  • Lead in: Let’s take a close look at a specific application. For example, in a real-time stock quote update and trading system, each incoming request from business partners and each outgoing response from an enterprise’s back-end application have deadlines and security quality requirements, which have to be met by a cluster located between the business partners and enterprise back-end applications.
  • Lead in: Flexible security requirements
  • TAPADS means …?
  • Lead in:
  • 1. Compared with Original, Aswards is more sensitive to data size
  • The same sensitivity
  • Fig. workload monitored from a real-world storage server.
  • Scheuermann, Northwestern University.
  • Security-Aware Scheduling for Real-Time Parallel Applications on Clusters

    1. 1. Security-Aware Scheduling for Real-Time Parallel Applications on Clusters Xiao Qin
    2. 2. Clusters
    3. 3. The PrairieFire Cluster at the University of Nebraska-Lincoln
    4. 4. Parallel Applications on Clusters
    5. 5. Security-Sensitive Real-Time Applications Online Transaction Stock Trading
    6. 6. Common Threats and Security Services <ul><li>Snooping </li></ul><ul><li>Alteration </li></ul><ul><li>Spoofing </li></ul>Confidentiality Authentication Integrity
    7. 7. Scheduling Plays a Key Role <ul><li>Conventional scheduling algorithms are inadequate for security-sensitive real-time applications on clusters </li></ul><ul><li>A process of assigning tasks to a set of resources </li></ul>Head Nodes Tasks Users
    8. 8. Motivation Improve Utilization Keep Load-Balancing Support Scalability Promote Throughput Enable Security Awareness Reduce Response Time
    9. 9. Security-Aware System Architecture    OS Hardware Platform interface Platform interface OS Hardware Middleware Services (including security services) Low-Level Security Service APIs User interface Framework Mapping to Middleware Services Framework Private Service Application Tool High-Level Security Service APIs Application Application       Quality of Security Control Manager (QSCM)
    10. 10. Quality of Security Control Manager - QSCM Module Low Level Security Service APIs Application Task Application Task Application Task    Global Security Optimization Local Security Optimization Security Optimization Resource Monitoring Security Service 1 Security Service n    Local Schedulability Analyzer Quality of Security Control Manager
    11. 11. Task Submission Structure DEFINE Task : flight_control { Input = (altitude: 1230, heading: 35, …); Output = (takeoff_distance, climb_rate); Type = “Real Time”; Deadline = 80; Completion_Time = 0; Owner = “Gary Xie”; Cmd = “flight_con”; Processor_num= 5; Data_secured=250; Constraint  Arch == “INTEL”;  OS == “UNIX”;  Disk >= 480;  Memory >=128;  Deadline = 80;  0.3 <= Authentication <=0.6;  0.4 <= Integrity <= 0.8;  0.5 <= Confidentiality <= 0.9; }
    12. 12. Security Overhead Model <ul><li>Security is achieved at the cost of performance degradation </li></ul>P S Security Overheads S P
    13. 13. Cryptographic Algorithms for Confidentiality Service 21.09 1.00 Rijndael 29.35 0.72 RC5 33.75 0.63 Knufu/Khafre 37.5 0.56 Blowfish 96.43 0.22 RC4 Performance (KB/ms) Security Level Cryptographic Algorithms
    14. 14. Hash Functions for Integrity Service 4.36 1.00 Tiger 5.69 0.77 RIPEMD-160 6.88 0.63 SHA-1 9.73 0.45 RIPEMD-128 12.00 0.36 RIPEMD 17.09 0.26 MD5 23.90 0.18 MD4 Performance (KB/ms) Security Level Hash Functions
    15. 15. Authentication Methods 163 0.9 CBC-MAC-AES 148 0.6 HMAC-SHA-1 90 0.3 HMAC-MD5 Computation Time (ms) Security Level Authentication Methods
    16. 16. System Model Rejected Queue Dispatch Queue TAPADS Local Queue N 1 N 2 N m User p User 2 User 1 Schedule Queue Admission Controller Security Level Optimizer
    17. 17. Parallel Application <ul><li>A single application (job) that has multiple processes that run concurrently </li></ul>t1 t11 e2 t4 t9 t8 t3 t2 t5 t6 t10 t7 e1 e3 e4 e5 e7 e6 e10 e8 e9
    18. 18. Task Model <ul><li>Deadline Constraints </li></ul><ul><li>Security Constraints </li></ul><ul><li>Precedence Constraints </li></ul>
    19. 19. Directed Acyclic Graphs (DAG) <ul><li>a parallel application is defined as a vector (T, E, d) </li></ul><ul><li>T : {t 1 , t 2 ,...,t n } </li></ul><ul><li>E : a set of weighted and directed edges used to represent communication among tasks, e.g., ( t i , t j )  E is a message transmitted from task t i to t j </li></ul><ul><li>d : Deadline </li></ul>
    20. 20. A Task <ul><li>A task t i = (e i , l i , S i ) </li></ul><ul><li>e i :execution time </li></ul><ul><li>l i : amount of data to be protected </li></ul><ul><li>S i : a vector of security requirements </li></ul>
    21. 21. A DAG 10Sec., 500KB, { [0.3,0.6], [0.4,0.8], [0.5,0.9] } 10KB, { [0.4,0.8], [0.5,0.9] } e2 t1 t4 t9 t8 t3 t2 t11 t5 t6 t10 t7 e1 e3 e4 e5 e7 e6 e10 e8 e9
    22. 22. Befpre Security Optimization PE3 Link PE1 Link PE2 deadline Slack Time t 6 t 8 t 9 e 5 e 7 e 9 t 1 t 10 t 7 t 4 t 3 t 2 e 4 e 10 t 5 t 11 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60
    23. 23. After Security Optimization t 10 t 4 t 3 t 2 t 1 e 4 e 10 t 11 t 5 e 5 t 6 e 7 t 8 t 9 t 7 deadline 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 e 9 PE3 Link PE1 Link PE2
    24. 24. Security Requirements for A Task T i S i = ( ,…, ,…, ) Security level range of the j th security service for task Ti [0.3,0.6] [0.4,0.8] [0.5,0.9]
    25. 25. Security Benefits Gained by Task T i Weight of the j th security service for task T i Security level of the j th security service for task T i and
    26. 26. Weights of Security Services > >
    27. 27. Security Benefits Gained by A Task Set    n i i SL 1 SL ) ( T The task set s ) (
    28. 28. Optimize Security Benefit of An Application maximize subject to: i k SL 1 1 k s i The task set        n q k i k i s w T k k ), max( ) min( i i i S S   SL s ) (
    29. 29. Security Requirements of Message ( t i , t j ) The required security level range of the p th security service i j ( t i , t j )
    30. 30. Security Benefits Gained by One Message ( t i , t j ) Security level of the k th security service and
    31. 31. Security Benefits Gained by A Message Set .
    32. 32. Optimize Security Benefit of Message Set maximize subject to The message set
    33. 33. Security Benefit of A Parallel Application The message set The task set Security Value
    34. 34. The TAPADS Task Allocation Algorithm Compute the critical path Slack time= d – f Allocate all ti subject to minimal security requirements Identify the best candidate in V and E that has the highest benefit-cost ratio Increase security levels of more important services at the minimal cost Update the schedule in accordance with the increased security level yes Slack time > 0 ? no Update slack time End
    35. 35. Time Complexity of TAPADS The time complexity of TAPADS is O(k(q|V|+p|E|)) where k : the number of times Step 7 is repeated q : the number of security services for computation p : the number of security services for communication
    36. 36. Performance Evaluation <ul><li>LISTMIN : Selects the lowest security level of each security service required by each task and message of a parallel job </li></ul><ul><li>LISTMAX : Chooses the highest security level for each security requirement posed by each task and message within a parallel job </li></ul><ul><li>LISTRND : Randomly picks a value within the security level range of each service required by a task and a message </li></ul>
    37. 37. Experimental Parameters 0.2 (authentication), 0.5 (encryption), 0.3 (integrity) Weight of security services (min, top, max)=(0.02, 0.1, 0.5), (0.2, 1, 5), (1, 5, 10), (10, 20, 30) MB Size of data to be secured (25, 50, 75, 100) Out degrees ([100, 200], [200, 300], [300, 400], [400, 500]) second Deadline ranges (100, 200, 300, 400, 500, 600) second Deadlines (32, 64,128, 256), (8, 12, 16, 20) Number of nodes (min, top, max)=(1, 5, 10), (10,20,40), (40,80,160), (160,320,640) second Task execution time 1Gbps Network bandwidth 1000 million instructions/second or MIPS CPU Speed Value (Fixed) - (Varied) Parameter
    38. 38. Performance Metrics <ul><li>Security Value </li></ul><ul><li>Schedulability : a fraction of total submitted jobs that are schedulable </li></ul><ul><li>Quality of security (QSA) : quality of security for applications </li></ul><ul><li>Guarantee factor : it is zero if a job’s deadline cannot be met. Otherwise, it is one. </li></ul><ul><li>Job completion time : earliest time that a job can finish its execution </li></ul>
    39. 39. Experiment One: Overall Performance <ul><li>One job with 433 tasks </li></ul><ul><li>32 nodes in a cluster </li></ul><ul><li>Deadline varies from 0 to 600 seconds </li></ul>
    40. 40. Overall Performance Comparisons(1)
    41. 41. Overall Performance Comparisons(2) Improvement 97.7% Improvement25 %
    42. 42. Overall Performance Comparisons(3) Improvement54 .5% Improvement25.7 %
    43. 43. Experiment Two: Adaptability <ul><li>1000 diverse task graphs (54 tasks ~ 543 tasks) </li></ul><ul><li>4 deadline ranges [100, 200], [200, 300], [300, 400] and [400, 500] </li></ul><ul><li>32 nodes clusters </li></ul>
    44. 44. Adaptability(1) TAPADS ties with LISTMIN LISTMAX is the worst
    45. 45. Adaptability(2) TAPADS is always the best TAPADS outperforms LISTMAX significantly TAPADS outperforms LISTMAX significantly
    46. 46. Adaptability(3) TAPADS noticeably outperforms all others
    47. 47. Experiment Three: Scalability <ul><li>32 ~ 256 nodes in a cluster </li></ul><ul><li>A task graph with 520 tasks (nodes) </li></ul><ul><li>Deadline is set to 400 Seconds </li></ul>
    48. 48. Scalability
    49. 49. Experiment Four: Degree of Task Parallelism <ul><li>A parallel application with 1074 tasks </li></ul><ul><li>Deadline is set to 400 Seconds </li></ul><ul><li>Number of nodes is 128 </li></ul><ul><li>Maximal number of out degree varies from 25 to 100 </li></ul>
    50. 50. Sensitivity to Degree of Task Parallelism
    51. 51. Experiment Five: Security Sensitive Data Size <ul><li>Size of security sensitive data is in a triangle distribution </li></ul><ul><li>(min, top, max)=(0.02, 0.1, 0.5), (0.2, 1, 5), (1, 5, 10), (10, 20, 30) MB </li></ul>
    52. 52. Impact of Size of Security Sensitive Data
    53. 53. Evaluation in Digital Signal Processing (1) (a) Guarantee factor (b) Security value (c) QSA Performance impact of deadline for DSP
    54. 54. Evaluation in Digital Signal Processing (2) ( a ) Security value ( b ) QSA (c) Job completion time Performance impact of number of nodes for DSP
    55. 55. Conclusions <ul><li>TAPADS can generate optimal allocations that maximize quality of security for parallel applications running on clusters. </li></ul><ul><li>A security overhead model is proposed. </li></ul><ul><li>Experimental results show that TAPADS significantly improves the performance in terms of quality of security and schedulability over three existing allocation schemes. </li></ul>
    56. 56. Ph.D. Dissertation Projects <ul><li>Mais Nijim [Summer 2007] </li></ul><ul><ul><ul><ul><ul><li>Adaptive quality of security control in storage systems.  </li></ul></ul></ul></ul></ul><ul><li>Ziliang Zong [Ph.D. Candidate, Spring 2008 Expected] </li></ul><ul><ul><li>Conserving energy in clusters through resource allocation </li></ul></ul>Mohammed Alghamdi [Ph.D. Student, Spring 2008 Expected] Energy-efficient packet transmissions in real-time wireless networks <ul><li>Kiranmai Bellam [Ph.D. Student, Spring 2009 Expected] </li></ul><ul><ul><li>Power, fault tolerance, and security issues in real-time systems </li></ul></ul>
    57. 57. Questions?
    58. 58. Real-Time Stock Quote System
    59. 59. Some Typical Security Levels <ul><li>Routing + message security </li></ul><ul><li>Routing + SSL </li></ul><ul><li>Routing + SSL + message security </li></ul><ul><li>Routing + SSL + client authentication </li></ul><ul><li>Routing + SSL + message security + client authentication </li></ul>
    60. 60. Related Work <ul><li>[Hou&Shin] A task allocation scheme to schedule periodic tasks with precedence constraints in distributed real-time systems. </li></ul><ul><li>[He et al. ] Dynamic scheduling of parallel real-time jobs executing on heterogeneous clusters. </li></ul><ul><li>[Yurcik et al. ] Tools for managing cluster security via process monitoring. </li></ul><ul><li>[Azzedin&Maheswaran] The notion of “trust” into resource management of a large-scale wide-area system. </li></ul>
    61. 61. Future Work <ul><li>Extend our security overhead models to multi-dimensional computing resources </li></ul><ul><li>Accommodate more security services into our security overhead model </li></ul><ul><li>Apply TAPADS scheme to heterogeneous clusters </li></ul>
    62. 62. Selected Journal Publications <ul><li>X. Qin and T. Xie, “Allocation of Tasks with Availability Constraints in Heterogeneous Systems,” IEEE Transactions on Computers . Accepted April 2007. </li></ul><ul><li>M. Nijim, X. Qin , and T. Xie, “Modeling and Improving Security of a Local Disk System for Write-Intensive Workloads,” ACM Transactions on Storage , vol. 2, no. 4, pp. 400-423, Nov. 2006. </li></ul><ul><li>T. Xie and X. Qin , “Improving Security for Periodic Tasks in Embedded Systems through Scheduling,” ACM Transactions on Embedded Computing Systems , vol. 6, no. 1, 2007. </li></ul><ul><li>T. Xie and X. Qin , “Scheduling Security-Critical Real-Time Applications on Clusters,” IEEE Transactions on Computers , vol. 55, no. 7, pp. 864-879, July 2006. </li></ul><ul><li>X. Qin , “Performance Comparisons of Load Balancing Algorithms for I/O-Intensive Workloads on Clusters,” Journal of Network and Computer Applications, 2007. Accepted </li></ul><ul><li>X. Qin , “Design and Analysis of a Load Balancing Strategy in Data Grids,” Future Generation Computer Systems: The Int'l Journal of Grid Computing , vol. 23, no. 1, pp. 132-137, Jan. 2007. </li></ul><ul><li>Z.-L. Zong, M. Nijim, and X. Qin , “Energy-Efficient Scheduling for Parallel Applications on Mobile Clusters,” Cluster Computing: The Journal of Networks, Software Tools and Applications, 2007. [In press] </li></ul><ul><li>M. Nijim, X. Qin , and Z.-L. Zong, “StReD: A Quality of Security Framework for Storage Resources in Data Grids,” Future Generation Computer Systems: The Int'l Journal of Grid Computing , 2007. [In press] </li></ul><ul><li>X. Qin and H. Jiang, “A Dynamic and Reliability-driven Scheduling Algorithm for Parallel Real-time Jobs on Heterogeneous Clusters,” Journal of Parallel and Distributed Computing , vol. 65, no. 8, pp.885-900, Aug. 2005. </li></ul>
    63. 63. Selected Conferences Publications <ul><li>X. Qin , M. Alghamdi, M. Nijim, and Z.-L. Zong, “Scheduling of Periodic Packets in Energy-Aware Wireless Networks,” Proc. the 26th IEEE Int'l Performance Computing and Communications Conf. (IPCCC'07), New Orleans, Louisiana, April 2007. </li></ul><ul><li>T. Xie and X. Qin , “A Security-Oriented Task Scheduler for Heterogeneous Distributed Systems,” Proc. 13th Annual IEEE Inter’l Conf. on High Performance Computing (HiPC), Bangalore, India, Dec. 18-21, 2006. ( Acceptance Rate: 15.5%, 52/335) </li></ul><ul><li>M. Nijim, X. Qin , and T. Xie, “Adaptive Quality of Security Control in Networked Parallel Disk Systems,” Proc. 15th Int’l Conf. Computer Communications and Networks (ICCCN'06), Arlington, Virginia, Oct. 2006. ( Acceptance Rate: 32%, 71/221) </li></ul><ul><li>Z.-L. Zong, A. Manzanares, B. Stinar, and X. Qin , “Energy-Efficient Duplication Strategies for Scheduling Precedence Constrained Parallel Tasks on Clusters,” Proc. IEEE 8th Int’l Conf. Cluster Computing (Cluster'06), Sept. 2006. ( Acceptance Rate: 33%, 42/127) </li></ul><ul><li>T. Xie and X. Qin , “Stochastic Scheduling with Availability Constraints in Heterogeneous Systems,” Proc. IEEE 8th Int’l Conf. Cluster Computing (Cluster'06), 2006. ( Acceptance Rate: 33%, 42/127) </li></ul><ul><li>T. Xie, X. Qin, and M. Nijim, “Solving Energy-Latency Dilemma: Task Allocation for Parallel Applications in Heterogeneous Embedded Systems,” Proc. 35th Int’l Conf. Parallel Processing (ICPP), Columbus, Ohio, Aug. 2006. ( Acceptance Rate: 32%, 64/200) </li></ul><ul><li>T. Xie and X. Qin, “ SAHA: A Scheduling Algorithm for security-Sensitive Jobs on Data Grids,” Proc.  IEEE/ACM 6th Int'l Symp. Cluster Computing and the Grid (CCGrid), 2nd Int'l Workshop on Cluster Security, May 2006. ( Acceptance Rate: 25% ) </li></ul><ul><li>T. Xie and X. Qin , “SHARP: A New Real-Time Scheduling Algorithm to Improve Security of Parallel Applications on Heterogeneous Clusters,” Proc. the 25th IEEE Int’l Performance Computing and Communications Conf. (IPCCC'06) , Phoenix, AZ, April 2006. ( Acceptance Rate: 35% ) </li></ul>
    64. 64. Selected Conferences Publications (cont.) <ul><li>M. Nijim, X. Qin , T. Xie, and M. Alghamdi, “Awards: An Adaptive Write Scheme for Secure Local Disk Systems,” Proc. the 25th IEEE Int’l Performance Computing and Communications Conf. (IPCCC'06) , April 2006. ( Acceptance Rate: 35% ) </li></ul><ul><li>T. Xie and X. Qin , “A New Allocation Scheme for Parallel Applications with Deadline and Security Constraints on Clusters,” Proc. the 7th IEEE Int’l Conf. Cluster Computing (Cluster 2005), 2005.  ( Acceptance Rate: 32%, 48/150) </li></ul><ul><li>T. Xie, X. Qin , and A. Sung, &quot;SAREC: A Security-Aware Scheduling Strategy for Real-Time Applications on Clusters ,&quot; Proc. the 34th Int’l Conf. Parallel Processing (ICPP 2005), pp.5-12, Norway, June 14-17, 2005. ( Acceptance Rate: 28%, 69/241) </li></ul><ul><li>X. Qin and Hong Jiang, “Improving Effective Bandwidth of Networks on Clusters using Load Balancing for Communication-Intensive Applications,” Proceedings of the 24th IEEE International Performance, Computing, and Communications Conference (IPCCC 2005), pp.27-34, Phoenix, Arizona, April 7-9, 2005. ( Acceptance Rate: 35%, 36/103) </li></ul><ul><li>X. Qin , “Improving Network Performance through Task Duplication for Parallel Applications on Clusters,” Proc. the 24th IEEE Int’l Performance, Computing, and Communications Conference (IPCCC 2005), 2005. ( Acceptance Rate: 35%, 36/103) </li></ul><ul><li>X. Qin , H. Jiang, Y. Zhu, and D. Swanson, &quot;Dynamic Load Balancing for I/O-Intensive Tasks on Heterogeneous Clusters,&quot; Proceedings of the 10th International Conference on High Performance Computing (HiPC 2003), pp.300-309, 2003 ( Acceptance Rate: 29% ) </li></ul><ul><li>X. Qin , H. Jiang, Y. Zhu, and D. Swanson, &quot;Towards Load Balancing Support for I/O-Intensive Parallel Jobs in a Cluster of Workstations,&quot; Proc. of the 5th IEEE International Conference on Cluster Computing (Cluster 2003), 2003. ( Acceptance Rate: 29% ) </li></ul>
    65. 65. Adaptive Quality of Security Control in Storage Systems Xiao Qin
    66. 66. Outline <ul><li>Introduction to Storage Systems </li></ul><ul><li>Local Disk Systems </li></ul><ul><li>Parallel Disk Systems </li></ul><ul><li>Security-Aware Cache Partitioning </li></ul><ul><li>Conclusion </li></ul><ul><li>Publications </li></ul>
    67. 67. Data-Intensive Applications Video Surveillance Digital Libraries Radio Astronomy Observatory
    68. 68. Data-Intensive Applications (Cont.) long running simulations remote-sensing database systems biological sequence analysis
    69. 69. Motivation <ul><li>Existing storage systems fail to meet the security requirements of modern data- intensive applications </li></ul><ul><li>There is no way to dynamically choose security services to meet disk requests flexible security requirements </li></ul><ul><li>Existing storage systems are not suitable to guarantee desired response times of disk requests </li></ul>
    70. 70. Common Threats and Security Services <ul><li>Snooping </li></ul><ul><li>Alteration </li></ul><ul><li>Spoofing </li></ul>Confidentiality Authentication Integrity
    71. 71. <ul><li>Cache Partitioning Scheme </li></ul>Topics <ul><li>Security-Aware Local Disk Systems </li></ul><ul><li>Adaptive Quality of Security Control in Parallel Disk Systems </li></ul>
    72. 72. System model of a Data Grid
    73. 73. Quality of Security Framework for Disk Systems
    74. 74. Security-Aware Local Disk Systems
    75. 75. Contributions <ul><li>A Security-Aware Adaptive Write Strategy (AWARDS) for Local Disk Systems </li></ul><ul><li>AWARDS can achieve high security for local disk systems while making the best effort to guarantee desired response times </li></ul>AWARDS Security Performance
    76. 76. The Architecture of AWARDS Security Service 1 Security Service m Adaptive Security Service Controller Disk Request Scheduler Disk Request Security Mechanism Disk Driver Untrusted Local Disk
    77. 77. Modeling Disk Requests <ul><li>Each disk request specifies quality of service requirement </li></ul><ul><li>A security requirement can be defined as a lower bound security level </li></ul><ul><li>The range is between 0.1 and 1.0 </li></ul><ul><li>A performance requirement is specified as a desired response time </li></ul>Disk Requests
    78. 78. <ul><li>Quality of security for each security service is measured by a security level </li></ul><ul><li>For example: </li></ul><ul><ul><li>An encryption service with high security level means the high quality of security provided by the service </li></ul></ul><ul><ul><li>A disk request specifies a lower bound security level as 0.4 </li></ul></ul><ul><ul><li>Encryption services with security levels higher than or equal to 0.4 can successfully meet the disk request’s security requirements </li></ul></ul>Modeling Disk Requests (Cont.)
    79. 79. <ul><li>r = (o, a, d, s, t) </li></ul><ul><li>o: type of the request </li></ul><ul><li>a: disk address </li></ul><ul><li>d: data size (KB) </li></ul><ul><li>s: lower security level bound </li></ul><ul><li>t: desired response time </li></ul>Modeling Disk Requests (Cont.)
    80. 80. Modeling Disk Requests (Cont.) Security Level Disk Request Desired response time Real response time Subject to Maximize
    81. 81. Security Overhead Model <ul><li>Eight encryption algorithms </li></ul><ul><li>In accordance with the cryptographic algorithms’ performance </li></ul><ul><li>Each cryptographic algorithm is assigned a security level from 0 to 1 </li></ul><ul><li>e.g., Assign security level 1 to the strongest yet slowest encryption algorithm (IDEA) </li></ul>
    82. 82. The AWARDS Strategy <ul><li>To aim at improving the quality of security for local disks (i.e., to increase the security levels ) </li></ul><ul><li>To guarantee timing constraints. (i.e., response time  desired response time ) </li></ul>
    83. 83. Example Sl = 0.1 Sl = 0.3 Sl = 0.2 Security level of r 1 = 0.8 Response time =17.7 ms Security level of r 1 = 0.7 Response time =40.7 ms Security level of r 1 = 0.9 Response time =54.5 ms Requests Data Size ( d i ) Minimal Security Level ( s i ) Desired Response Time ( t i ) Response Time (T) under AWARDS Security Level (  i ) under AWARDS r 1 90 KB 0.2 18 ms 17.7 ms 0.8 r 2 150 KB 0.1 41 ms 40.7 ms 0.7 r 3 30 KB 0.3 55 ms 54.5 ms 0.9 r 1 r 2 r 3 r 1 r 2 r 3 Time Time SO= 0.93ms SO= 0.89ms SO= 0.8ms
    84. 84. <ul><li>The AWARDS Algorithm </li></ul>
    85. 85. Start Insert r i into Q For each r i in Q Initialize Security Level Sl < 1.0 For each r i in the Q Sl = Sl + 0.1 For each r k r k can’t finsihed Sl = Sl - 0.1 END No END Yes Yes No
    86. 86. Property of AWARDS <ul><li>If the security level r i is increased by 0.1, the following conditions must hold. </li></ul><ul><ul><li>1. The current security level of r i is less than 1.0, i.e.,  i < 0.1 </li></ul></ul><ul><li>2. </li></ul>Start time processing time
    87. 87. Estimated Start Time (es)
    88. 88. Experimental Result <ul><li>Disk Parameters </li></ul>IBM Ultrastar 36Z15 Size 18.4 GB RPM 15000 Seek Time, T seek 7.18 ms Rotational Time, T rot 4.02 ms Disk Bandwidth, B disk 30 MB/Sec.
    89. 89. Experimental Result <ul><li>Workload Configurations </li></ul>Parameter Value (Fixed) - (Varied) Disk Bandwidth 30MB/Sec. Request Arrival Rate (0.1, 0.2, 0.3, 0.4, 0.5) No./Sec. Desired Response Time 10 Sec. Security Level (0.5) - (0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9) Write Ratio (100%) - (0%, 10%, 20%, 30%, … 100%) Data Size (500 KB) – (300, 400, 500, 600, 700) KB
    90. 90. Performance Metrics <ul><li>Satisfied ratio : a fraction of total arrived disk requests that are found to be finished before their desired response times </li></ul><ul><li>Average security level : measured by the average value of security levels of all disk requests issued </li></ul><ul><li>Average security overhead : measured in sec. </li></ul><ul><li>Overall performance : product of satisfied ratio and the average security level </li></ul>
    91. 91. Impact of Arrival Rate Improvement138.2 % Improvement125.6 %
    92. 92. Impact of Data Size
    93. 93. Impact of Disk Bandwidth
    94. 94. Sparse Cholesky Desired response time
    95. 95. Lu Decomposition Desired response time
    96. 96. Sparse Cholesky Bandwidth
    97. 97. Lu Decomposition Bandwidth
    98. 98. Adaptive Quality of Security Control in Parallel Disk Systems
    99. 99. Parallel Disk Systems
    100. 100. Motivation <ul><li>Existing parallel disk systems lack the means to adaptively control quality of security for dynamically changing workloads </li></ul><ul><li>To develop an adaptive quality of security control scheme for parallel disk systems ( ASPAD ) </li></ul>
    101. 101. Contributions <ul><li>ASPAD aims to adapt to changing security requirements and workload conditions </li></ul><ul><li>ASPAD endeavors to determine security services for disk requests while guaranteeing the desired response time for the requests </li></ul>ASPAD Security Performance
    102. 102. Disk 1 Disk 2 Disk m Adaptive Security Quality Controller Data Partitioning mechanism Security Service Middleware Security Service q Security Service 1 Clients Disk Requests Parallel Disk System Network Response Time Estimator Security Service 2 The ASPAD Framework
    103. 103. Quality of Security <ul><li>The quality of security for each security service is measured by security level. </li></ul><ul><li>0.1 to 1.0 </li></ul><ul><li>The quality of security can be quantitatively measured using seven levels </li></ul><ul><li>Extremely high, very high, high, medium, low, very low, and no security protection </li></ul><ul><li>Translation mechanism is implemented to make the conversions </li></ul>
    104. 104. Modeling Quality of Security Security level of the jth stripe unit of r i Parallelism degree No. of disks
    105. 105. Modeling Quality of Security (Cont.)
    106. 106. Optimize Quality of Security <ul><li>To maximize security benefit of the parallel disk system </li></ul>Maximize Where θ ij : the response time of jth strip unit of request r i Subject to a) b)
    107. 107. Optimize Quality of Security (Cont.) <ul><li>The response time of all stripe unit in request r i must be smaller than the desired response time </li></ul><ul><li>The parallelism degree of r i ≤ number of disks in the system </li></ul>
    108. 108. The ASPAD Framework <ul><li>Data Partitioning </li></ul><ul><li>Response time estimator </li></ul><ul><li>Adaptive Quality of Security Controller </li></ul>Adaptive control
    109. 109. Data Partitioning <ul><li>Determine the optimal parallelism degree for disk request </li></ul><ul><li>Reduces the response time of the disk request to increase the security level </li></ul><ul><li>Dynamically calculate the optimal parallelism degree of the request </li></ul>
    110. 110. Data Partitioning (cont.) <ul><li>Expected disk service time </li></ul>Where Expected values of seek time, rotational time, and transfer time
    111. 111. Data Partitioning (cont.) Scheuermann et al., VLDB98 Where C: number of cylinders on disk a, b : two disk type independent constants e, f : disk type dependent constants
    112. 112. Data Partitioning (cont.) <ul><li>The expected value of rotation time </li></ul><ul><li>The expected transfer time </li></ul>
    113. 113. Data Partitioning (cont.) Scheuermann et al., VLDB98 <ul><li>Expected disk service time </li></ul><ul><li>Parallelism degree </li></ul>The optimal parallelism degree is given by min(p i ,m)
    114. 114. Estimate Response Time <ul><li>Estimate the maximum response time of a disk request </li></ul><ul><li>Response time is the interval between the time a request sent by a client and the time the parallel disk system complete disk I/O operation </li></ul>
    115. 115. Estimate Response Time (cont.) <ul><li>The response time of a disk request is: </li></ul>p : is the parallelism degree : request vector of security level for p stripes unit T queue : queuing delay at the client side T partition : time spent in data partition : system processing delay
    116. 116. <ul><li>The ASPAD Algorithm </li></ul>
    117. 117. Start Insert r into Q For each r in Q Calculate p i of r i Partition ri into pi stripe unit For each stripe unit Initialize SL Estimate response time SL < 1.0 While est. < desired Y SL = SL + 0.1 Estimate response time END N EST >des. dec. SL Y N Apply the security service with level  ij to the j th stripe unit Phase1. Data Partitioning Phase2 response time
    118. 118. Property of ASPAD <ul><li>With respect to the i th request, the following two conditions must hold if the j th stripe unit’s security level is increased by 0.1: </li></ul><ul><li>The current security level  ij is less than 1.0; </li></ul><ul><li>, where T j is the response time of the j th stipe unit, t i is the desired response time of the request, and . </li></ul>
    119. 119. Experimental Results a) data size is 100KB and P = 3
    120. 120. Impact of Arrival Rate ASPAD is always the best a) data size is 100KB and P = 3
    121. 121. Impact of Parallelism Degree ASPAD noticeably outperforms the other Add more slides for results!!! The impact of the parallelism degree when arrival rate = 0.5 No./sec.
    122. 122. A Caching Strategy to Improve Security of Cluster Storage Systems
    123. 123. Security Service 1 Security Service m Cache (Volatile/Non-volatile memory) Adaptive Security Service Controller Security-aware cache management mechanism A Cluster Storage System Network Clients Disk Request Disk1 Disk 2 Disk n
    124. 124. Cache Partitioning <ul><li>The entire cache of the cluster storage system is divided into separate partitions, one for each disk, by a security-aware cache partitioning mechanism. </li></ul><ul><li>Each cache partition for a disk is managed separately using the conventional LRU replacement algorithm. </li></ul>
    125. 125. Total cache size is the partition size of the d th disk
    126. 127. Conclusion <ul><li>AWARDS and ASPAD maximize the quality of security for local and parallel disk system </li></ul><ul><li>Experimental result shows that AWARDS and ASPAD significantly increase the security level as well as the overall performance over an existing algorithm </li></ul><ul><li>A security-aware cache management mechanism (CaPaS) for cluster storage systems. CaPaS can achieve high security and desired performance for clusters. </li></ul>
    127. 128. Future Work <ul><li>Security-Aware Load Balancing </li></ul><ul><li>Energy-Efficient Mobile Storage Systems </li></ul>
    128. 129. <ul><li>StReD : A Quality of Security Framework for Storage Resources in Data Grids. M. Nijim , Z.-L. Zong, and X. Qin, Future Generation Computer Systems: The Int'l Journal of Grid Computing, 2007. (Forthcoming) </li></ul><ul><li>Modeling and Improving Security of a Local Disk System for Write-Intensive Workloads . M. Nijim , X. Qin, and T. Xie, ACM Transactions on Storage , vol. 2, no. 4, pp. 400-423, Nov. 2006 </li></ul><ul><li>Performance Analysis of an Admission Controller for CPU- and I/O-Intensive Applications in Self-Managing Computer Systems . M. Nijim , T. Xie, and X. Qin, ACM Operating Systems Review , vol. 39, no. 4, pp.37-45, October, 2005 </li></ul><ul><li>Energy-Efficient Scheduling for Parallel Applications on Mobile Clusters .  Z.-L. Zong, M. Nijim , and X. Qin, Cluster Computing: The Journal of Networks, Software Tools and Applications, 2007. (In press) </li></ul>Journal Publications
    129. 130. <ul><li>Awards: An Adaptive Write Scheme for Secure Local Disk Systems . M. Nijim , X. Qin, T. Xie, and M. Alghamdi, Proc. 25th IEEE Int'l Performance Computing and Communications Conference (IPCCC) , April 2006 (Acceptance rate 30%) </li></ul><ul><li>Integrating a Performance Model in Self-Managing Computer Systems under Mixed Workload Conditions . M. Nijim , T. Xie, and X. Qin, Proc. IEEE Int’l Conf. Information Reuse and Integration , Aug. 2005 </li></ul><ul><li>An Adaptive Strategy for Secure Distributed Disk Systems. M. Nijim , T. Xie, Z.-L. Zong, and X. Qin, NASA/IEEE Conference on Mass Storage Systems and Technologies , WIP Session, May 2006 </li></ul><ul><li>Sharp: A New Real-Time Scheduling Algorithm to Improve Security of Parallel Applications on Heterogeneous Clusters . T. Xie, X. Qin, and M. Nijim , Proc. 25th IEEE Int'l Performance Computing and Communications Conference (IPCCC) , April 2006. (Acceptance rate 30%) </li></ul><ul><li>Solving Energy-Latency Dilemma: Task Allocation for Parallel Applications in Heterogeneous Embedded Systems. T. Xie, X. Qin, and M. Nijim , Proc. 35th International Conference on Parallel Processing (ICPP), Columbus, Ohio, Aug. 2006. (Acceptance rate 28%) </li></ul><ul><li>Adaptive Quality of Security Control in Networked Parallel Disk Systems . M. Nijim , X. Qin, and T. Xie, Proc. 15th Int'l Conference on Computer Communications and Networks (ICCCN), Oct. 2006 (Acceptance rate 29%) </li></ul>Selected Conference Publications
    130. 131. Questions?
    131. 132. AWARDS Complexity <ul><li>The complexity of AWARDS is O(n 2 ) </li></ul><ul><li>Proof : To increase the security level of the request, it takes O(n). </li></ul><ul><li>There is O(n) number of write requests </li></ul>
    132. 133. Download the presentation slides http://www.slideshare.net/xqin74 Google: slideshare Xiao Qin
    133. 134. Complexity of ASPAD <ul><li>The time complexity is O(n 2 p) </li></ul><ul><ul><li>P: the maximum parallelism degree </li></ul></ul><ul><ul><li>n: is the number of disk requests </li></ul></ul>

    ×