Security-Aware Scheduling Maximizes Quality of Security
•Download as PPT, PDF•
2 likes•1,233 views
Outline: 1. Motivation Problem Statement Motivations 2. A Security-Aware Middleware Model Architecture of the Security Middleware Model Quality of Security Control Manager Security Service Requirements Specification 3. Security Overhead Models Confidentiality Overhead Integrity Overhead Authentication Overhead 4. A Task Allocation Scheme Mathematical Models System Models Task Models The TAPADS Task Allocation Scheme Performance Evaluation 5. Improving Security for Local Disk Systems Motivation Architecture and Disk Requests with Security Requirements An Adaptive Write Strategy Performance Evaluation Synthetic Benchmarks Real I/O-Intensive Applications 6. Quality of Security Adaptation for Cluster Storage Systems System Architecture The Framework Data Partitioning Estimating Response Times The Quality of Security Control Algorithm Performance Evaluation 7. Conclusions
Recommended
Recommended
More Related Content
What's hot
What's hot (12)
Similar to Security-Aware Scheduling Maximizes Quality of Security
Similar to Security-Aware Scheduling Maximizes Quality of Security (20)
More from Xiao Qin
More from Xiao Qin (20)
Recently uploaded
Recently uploaded (20)
Security-Aware Scheduling Maximizes Quality of Security
- 1. Security-Aware Scheduling for Real-Time Parallel Applications on Clusters Xiao Qin
- 2. Clusters
- 3. The PrairieFire Cluster at the University of Nebraska-Lincoln
- 4. Parallel Applications on Clusters
- 5. Security-Sensitive Real-Time Applications Online Transaction Stock Trading
- 8. Motivation Improve Utilization Keep Load-Balancing Support Scalability Promote Throughput Enable Security Awareness Reduce Response Time
- 9. Security-Aware System Architecture OS Hardware Platform interface Platform interface OS Hardware Middleware Services (including security services) Low-Level Security Service APIs User interface Framework Mapping to Middleware Services Framework Private Service Application Tool High-Level Security Service APIs Application Application Quality of Security Control Manager (QSCM)
- 10. Quality of Security Control Manager - QSCM Module Low Level Security Service APIs Application Task Application Task Application Task Global Security Optimization Local Security Optimization Security Optimization Resource Monitoring Security Service 1 Security Service n Local Schedulability Analyzer Quality of Security Control Manager
- 11. Task Submission Structure DEFINE Task : flight_control { Input = (altitude: 1230, heading: 35, …); Output = (takeoff_distance, climb_rate); Type = “Real Time”; Deadline = 80; Completion_Time = 0; Owner = “Gary Xie”; Cmd = “flight_con”; Processor_num= 5; Data_secured=250; Constraint Arch == “INTEL”; OS == “UNIX”; Disk >= 480; Memory >=128; Deadline = 80; 0.3 <= Authentication <=0.6; 0.4 <= Integrity <= 0.8; 0.5 <= Confidentiality <= 0.9; }
- 13. Cryptographic Algorithms for Confidentiality Service 21.09 1.00 Rijndael 29.35 0.72 RC5 33.75 0.63 Knufu/Khafre 37.5 0.56 Blowfish 96.43 0.22 RC4 Performance (KB/ms) Security Level Cryptographic Algorithms
- 14. Hash Functions for Integrity Service 4.36 1.00 Tiger 5.69 0.77 RIPEMD-160 6.88 0.63 SHA-1 9.73 0.45 RIPEMD-128 12.00 0.36 RIPEMD 17.09 0.26 MD5 23.90 0.18 MD4 Performance (KB/ms) Security Level Hash Functions
- 15. Authentication Methods 163 0.9 CBC-MAC-AES 148 0.6 HMAC-SHA-1 90 0.3 HMAC-MD5 Computation Time (ms) Security Level Authentication Methods
- 16. System Model Rejected Queue Dispatch Queue TAPADS Local Queue N 1 N 2 N m User p User 2 User 1 Schedule Queue Admission Controller Security Level Optimizer
- 21. A DAG 10Sec., 500KB, { [0.3,0.6], [0.4,0.8], [0.5,0.9] } 10KB, { [0.4,0.8], [0.5,0.9] } e2 t1 t4 t9 t8 t3 t2 t11 t5 t6 t10 t7 e1 e3 e4 e5 e7 e6 e10 e8 e9
- 22. Befpre Security Optimization PE3 Link PE1 Link PE2 deadline Slack Time t 6 t 8 t 9 e 5 e 7 e 9 t 1 t 10 t 7 t 4 t 3 t 2 e 4 e 10 t 5 t 11 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60
- 23. After Security Optimization t 10 t 4 t 3 t 2 t 1 e 4 e 10 t 11 t 5 e 5 t 6 e 7 t 8 t 9 t 7 deadline 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 e 9 PE3 Link PE1 Link PE2
- 24. Security Requirements for A Task T i S i = ( ,…, ,…, ) Security level range of the j th security service for task Ti [0.3,0.6] [0.4,0.8] [0.5,0.9]
- 25. Security Benefits Gained by Task T i Weight of the j th security service for task T i Security level of the j th security service for task T i and
- 26. Weights of Security Services > >
- 27. Security Benefits Gained by A Task Set n i i SL 1 SL ) ( T The task set s ) (
- 28. Optimize Security Benefit of An Application maximize subject to: i k SL 1 1 k s i The task set n q k i k i s w T k k ), max( ) min( i i i S S SL s ) (
- 29. Security Requirements of Message ( t i , t j ) The required security level range of the p th security service i j ( t i , t j )
- 30. Security Benefits Gained by One Message ( t i , t j ) Security level of the k th security service and
- 31. Security Benefits Gained by A Message Set .
- 32. Optimize Security Benefit of Message Set maximize subject to The message set
- 33. Security Benefit of A Parallel Application The message set The task set Security Value
- 34. The TAPADS Task Allocation Algorithm Compute the critical path Slack time= d – f Allocate all ti subject to minimal security requirements Identify the best candidate in V and E that has the highest benefit-cost ratio Increase security levels of more important services at the minimal cost Update the schedule in accordance with the increased security level yes Slack time > 0 ? no Update slack time End
- 35. Time Complexity of TAPADS The time complexity of TAPADS is O(k(q|V|+p|E|)) where k : the number of times Step 7 is repeated q : the number of security services for computation p : the number of security services for communication
- 37. Experimental Parameters 0.2 (authentication), 0.5 (encryption), 0.3 (integrity) Weight of security services (min, top, max)=(0.02, 0.1, 0.5), (0.2, 1, 5), (1, 5, 10), (10, 20, 30) MB Size of data to be secured (25, 50, 75, 100) Out degrees ([100, 200], [200, 300], [300, 400], [400, 500]) second Deadline ranges (100, 200, 300, 400, 500, 600) second Deadlines (32, 64,128, 256), (8, 12, 16, 20) Number of nodes (min, top, max)=(1, 5, 10), (10,20,40), (40,80,160), (160,320,640) second Task execution time 1Gbps Network bandwidth 1000 million instructions/second or MIPS CPU Speed Value (Fixed) - (Varied) Parameter
- 41. Overall Performance Comparisons(2) Improvement 97.7% Improvement25 %
- 42. Overall Performance Comparisons(3) Improvement54 .5% Improvement25.7 %
- 44. Adaptability(1) TAPADS ties with LISTMIN LISTMAX is the worst
- 45. Adaptability(2) TAPADS is always the best TAPADS outperforms LISTMAX significantly TAPADS outperforms LISTMAX significantly
- 46. Adaptability(3) TAPADS noticeably outperforms all others
- 48. Scalability
- 50. Sensitivity to Degree of Task Parallelism
- 52. Impact of Size of Security Sensitive Data
- 53. Evaluation in Digital Signal Processing (1) (a) Guarantee factor (b) Security value (c) QSA Performance impact of deadline for DSP
- 54. Evaluation in Digital Signal Processing (2) ( a ) Security value ( b ) QSA (c) Job completion time Performance impact of number of nodes for DSP
- 57. Questions?
- 58. Real-Time Stock Quote System
- 65. Adaptive Quality of Security Control in Storage Systems Xiao Qin
- 67. Data-Intensive Applications Video Surveillance Digital Libraries Radio Astronomy Observatory
- 68. Data-Intensive Applications (Cont.) long running simulations remote-sensing database systems biological sequence analysis
- 72. System model of a Data Grid
- 73. Quality of Security Framework for Disk Systems
- 74. Security-Aware Local Disk Systems
- 76. The Architecture of AWARDS Security Service 1 Security Service m Adaptive Security Service Controller Disk Request Scheduler Disk Request Security Mechanism Disk Driver Untrusted Local Disk
- 80. Modeling Disk Requests (Cont.) Security Level Disk Request Desired response time Real response time Subject to Maximize
- 83. Example Sl = 0.1 Sl = 0.3 Sl = 0.2 Security level of r 1 = 0.8 Response time =17.7 ms Security level of r 1 = 0.7 Response time =40.7 ms Security level of r 1 = 0.9 Response time =54.5 ms Requests Data Size ( d i ) Minimal Security Level ( s i ) Desired Response Time ( t i ) Response Time (T) under AWARDS Security Level ( i ) under AWARDS r 1 90 KB 0.2 18 ms 17.7 ms 0.8 r 2 150 KB 0.1 41 ms 40.7 ms 0.7 r 3 30 KB 0.3 55 ms 54.5 ms 0.9 r 1 r 2 r 3 r 1 r 2 r 3 Time Time SO= 0.93ms SO= 0.89ms SO= 0.8ms
- 85. Start Insert r i into Q For each r i in Q Initialize Security Level Sl < 1.0 For each r i in the Q Sl = Sl + 0.1 For each r k r k can’t finsihed Sl = Sl - 0.1 END No END Yes Yes No
- 87. Estimated Start Time (es)
- 91. Impact of Arrival Rate Improvement138.2 % Improvement125.6 %
- 92. Impact of Data Size
- 93. Impact of Disk Bandwidth
- 94. Sparse Cholesky Desired response time
- 95. Lu Decomposition Desired response time
- 98. Adaptive Quality of Security Control in Parallel Disk Systems
- 102. Disk 1 Disk 2 Disk m Adaptive Security Quality Controller Data Partitioning mechanism Security Service Middleware Security Service q Security Service 1 Clients Disk Requests Parallel Disk System Network Response Time Estimator Security Service 2 The ASPAD Framework
- 104. Modeling Quality of Security Security level of the jth stripe unit of r i Parallelism degree No. of disks
- 105. Modeling Quality of Security (Cont.)
- 111. Data Partitioning (cont.) Scheuermann et al., VLDB98 Where C: number of cylinders on disk a, b : two disk type independent constants e, f : disk type dependent constants
- 117. Start Insert r into Q For each r in Q Calculate p i of r i Partition ri into pi stripe unit For each stripe unit Initialize SL Estimate response time SL < 1.0 While est. < desired Y SL = SL + 0.1 Estimate response time END N EST >des. dec. SL Y N Apply the security service with level ij to the j th stripe unit Phase1. Data Partitioning Phase2 response time
- 119. Experimental Results a) data size is 100KB and P = 3
- 120. Impact of Arrival Rate ASPAD is always the best a) data size is 100KB and P = 3
- 121. Impact of Parallelism Degree ASPAD noticeably outperforms the other Add more slides for results!!! The impact of the parallelism degree when arrival rate = 0.5 No./sec.
- 122. A Caching Strategy to Improve Security of Cluster Storage Systems
- 123. Security Service 1 Security Service m Cache (Volatile/Non-volatile memory) Adaptive Security Service Controller Security-aware cache management mechanism A Cluster Storage System Network Clients Disk Request Disk1 Disk 2 Disk n
- 125. Total cache size is the partition size of the d th disk
- 131. Questions?
- 133. Download the presentation slides http://www.slideshare.net/xqin74 Google: slideshare Xiao Qin
Editor's Notes
- Lead in: Parallel applications are running on parallel computers or supercomputers. Structure commonly connected through fast local area networks Goal usually deployed to improve speed and/or reliability over that provided by a single computer Benefit cost-effective than single computer of comparable speed or reliability Myrinet and Infiniband
- biological sequence analysis Radio Astronomy Observatory
- A variety of real-time applications running on clusters require security protections Mention: real-time
- Lead in: Threat is a potential violation of security Three services counter threats to the security of a system. Snooping: the unauthorized interception of information Alternation: an unauthorized change of information Spoofing: an impersonation of one entity by another.
- The Goal of This Work: Developing and evaluating new scheduling mechanisms and algorithms for applications with timing and security constraints on clusters Drawbacks of current scheduling schemes Consider security without addressing timing constraints OR Consider real-time requirements without addressing security. To achieve high security for clusters while making the best effort to guarantee timing constraints.
- Existing cluster computing systems lack the means to adaptively control quality of security for dynamically changing workloads To develop an adaptive quality of security control scheme for real-time applications running on clusters
- One-two minutes!!! From bottom to up User Interface Framework Low-level Security Service APIs Quality of Security Control Manager ( QSCM ) Security Middleware Services
- Global Security Optimization can migrate tasks to a remote cluster if local cluster cannot satisfy the security and timing constraints of a local task. In this research, I only focused on local security optimization.
- SEAL<RC4<Blowfish<Knufu/Khafre<RC5<Rijndael<DES<IDEA (?) AES(Rijndael)>SEAL>3DES>RC5>DES DES, 1 hour SEAL Explain security level and their speed (performance): In accordance to the cryptographic algorithms’ performance, each algorithm is assigned a corresponding security level in the range from 0.08 to 1. For example, we assign security level 1 to the strongest yet slowest encryption algorithm IDEA. Take SEAL and 3DES as examples to explain why we assign 0.9 for 3DES. DES (Data Encryption Standard): 1970s, 56-bit key, the strength is 2 55 (two to the 55 th power) TDES (Triple DES): 1974, the strength is 2 80 , It is three times slower than regular DES but more secure if used properly. IDEA (International Data Encryption Algorithm): 1992, the strength is 2 128
- MD4: 1990, 128-bit hash value MD5: 1991, 128-bit hash value SHA-1: 1994, 160-bit hash value MD4 < MD5 < SHA-1 RIPEMD: 1992, 128-bit hash value RIPEMD128: RIPEMD160: 1996, 160-bit hash value RIPEMD < RIPEMD128 < RIPEMD160 Tiger: 1996, 192-bit hash value
- Generally each process will run on a different processor Typically a parallel job would employ a message passing interface, such as MPI, to pass data between the processes
- Originally, admission controller only meets each accepted task’s minimal security requirements and deadline;
- This is a general security requirement expression, which includes q different security services; In this work, I only considered three Commonly used security services, namely, confidentiality, integrity, and authentication
- The weight of a security service reflects its priority in a particular application domain. For example, in military applications, usually confidentiality is more important than integrity, thus, users can assign weight 0.7 for confidentiality and 0.3 for integrity; In other hand, in commercial banking system, integrity is more important than confidentiality; In this case, users can assign 0.7 for integrity and 0.3 for confidentiality; Add one more slide to show the priorities of different services.
- Lead in: move forward; in order to improve security of applications, we need a way of measuring quality of security.
- Task Allocation for Parallel Applications with Deadline and Security Constraints The TAPADS algorithm is outlined in Figure 2. TAPADS aims at achieving high quality of security under two conditions: (1) increasing security levels will not result in missing deadlines; and (2) precedence constraints are satisfied. In an effort to meet both deadline and precedence constraints, TAPADS assigns the tasks to each node in a way to maximize security measured as . Thus, TAPADS is capable of maintaining a high schedulability measured as .
- Need to mention message as well. This three algorithms are variants of a well-known algorithm : List
- The parameters of nodes in the clusters are chosen to resemble real-world workstations like Sun SPARC-20 and Sun Ultra 10 All synthetic parallel jobs used from Section 6.2 to Section 6.7 were created by TGFF [9], a randomized task graph generator.
- To evaluate quality of security for parallel applications , we derive in this section the probability that all tasks and messages remain risk-free during the course of execution. Pc(x) is the probability that all tasks are free from being attacked ; PL(x) is the probability that all messages are free from being attacked; Psc(x) is the probability that all tasks and messages remain risk-free during the course of execution.
- We tested one DAG (job) with 433 tasks on a cluster with 32 nodes ; three circles ( 170 second, 260 second and 575 second )
- Circle the three points, one trend (an arrow) and three circles; The results clearly indicate that applications can gain more performance benefits from our TAPADS approach under the circumstance that real-time applications have relatively tight deadlines.
- The first observation deduced from Figure 3(c) is that the quality of security of TAPADS increases with the deadline. This is because quality of security is partially derived from SV (see Equations 25 and 29), which becomes higher when the deadlines are looser. A second observation is that the performance improvement of TAPADS in terms of quality of security is not as pronounced as the performance improvement in terms of security value compared with LISTMIN algorithm. This can be explained by the negative natural exponential function (see Equations 22 and 26), which smooths the security value differences between LISTMIN and TAPADS.
- We conducted four groups of experiments to test the performance of TAPADS using 1000 diverse task graphs. The smallest task graph has 54 tasks, and the largest task graph consists of 543 tasks. We assume that the number of nodes in the cluster is 32. For each group test, we set a deadline range from which a deadline is randomly selected for an incoming parallel job. The four deadline ranges for the four group experiments are [100, 200], [200, 300], [300, 400] and [400, 500], respectively.
- Multiple DAGs, (1) TAPADS and LISTMIN deliver the best performance in schedulability under all four cases
- Three observations among which the second one is interesting.
- t he improvement of TAPADS over LISTMIN becomes more prominent with the increasing value of the node number. This result can be explained by the conservative nature of LISTMIN, which simply meets the minimal security requirements for parallel applications on the cluster. (2) LISTMAX can achieve the same performance as TAPADS when there are 256 nodes in the cluster. This is because LISTMAX can guarantee the maximal security requirements of the parallel jobs when more nodes are available in the cluster. (3) all the four algorithms can finish the job in a shorter time period when there is large number of available nodes; (4) TAPADS has the same performance in complete time as that of LISTMIN.
- To verify the performance impact of degree of task parallelism, we evaluate the performance as functions of maximal number of out degree in task graphs. We define the degree of task parallelism of a task graph as the maximal possible out degree numbers in the graph TAPADS is the only algorithm that can continuously improve its performance in security value and quality of security with the increasing value of task parallelism The important conclusion drawn from this experiment is that TAPADS can gain greater performance improvement when a parallel application has a higher degree of parallelism
- Firstly, when the security sensitive data size varies from config1 to config4, the security value of TAPADS drops, while those of LISTMIN and LISTRND remain the same Secondly, the quality of security for LISTMIN and LISTRND decreases when the size of security sensitive data goes up, although their security values keep unchanged. This interesting phenomena can be explained by Equations 25 and 29, which indicate long execution and communication times lower QSA values. Lastly, Figure 7(c) illustrates that the increasing size of security sensitive data enlarges the job completion time.
- To validate the results from the synthetic simulations above, we evaluate the TAPADS algorithm in a real system – digital signal processing system (1) Performance patterns plotted in Figure 9 are similar to those reported in Section 6.2 (see Figure 3), thereby verifying that TAPADS can gain performance improvements for a real application.
- Figure 10 shows that at least 12 nodes are required to make feasible scheduling decisions for the DSP application In summary, the strength of TAPADS can be fully exhibited when the application has a relatively tight deadline. When the deadline is extremely loose, TAPADS degrades to LISTMAX. The implication is that TAPADS can significantly improve security for real-time applications without increasing hardware cost. The results discussed in this subsection can be envisioned as a strong validation of our previous simulations. The salient feature of TAPADS is that it can be successfully deployed to secure real-time parallel applications on clusters.
- Lead in: Let’s take a close look at a specific application. For example, in a real-time stock quote update and trading system, each incoming request from business partners and each outgoing response from an enterprise’s back-end application have deadlines and security quality requirements, which have to be met by a cluster located between the business partners and enterprise back-end applications.
- Lead in: Flexible security requirements
- TAPADS means …?
- Lead in:
- 1. Compared with Original, Aswards is more sensitive to data size
- The same sensitivity
- Fig. workload monitored from a real-world storage server.
- Scheuermann, Northwestern University.