Outline:
1. Motivation
Problem Statement
Motivations
2. A Security-Aware Middleware Model
Architecture of the Security Middleware Model
Quality of Security Control Manager
Security Service Requirements Specification
3. Security Overhead Models
Confidentiality Overhead
Integrity Overhead
Authentication Overhead
4. A Task Allocation Scheme
Mathematical Models
System Models
Task Models
The TAPADS Task Allocation Scheme
Performance Evaluation
5. Improving Security for Local Disk Systems
Motivation
Architecture and Disk Requests with Security Requirements
An Adaptive Write Strategy
Performance Evaluation
Synthetic Benchmarks
Real I/O-Intensive Applications
6. Quality of Security Adaptation for Cluster Storage Systems
System Architecture
The Framework
Data Partitioning
Estimating Response Times
The Quality of Security Control Algorithm
Performance Evaluation
7. Conclusions
8. Motivation Improve Utilization Keep Load-Balancing Support Scalability Promote Throughput Enable Security Awareness Reduce Response Time
9. Security-Aware System Architecture OS Hardware Platform interface Platform interface OS Hardware Middleware Services (including security services) Low-Level Security Service APIs User interface Framework Mapping to Middleware Services Framework Private Service Application Tool High-Level Security Service APIs Application Application Quality of Security Control Manager (QSCM)
10. Quality of Security Control Manager - QSCM Module Low Level Security Service APIs Application Task Application Task Application Task Global Security Optimization Local Security Optimization Security Optimization Resource Monitoring Security Service 1 Security Service n Local Schedulability Analyzer Quality of Security Control Manager
16. System Model Rejected Queue Dispatch Queue TAPADS Local Queue N 1 N 2 N m User p User 2 User 1 Schedule Queue Admission Controller Security Level Optimizer
22. Befpre Security Optimization PE3 Link PE1 Link PE2 deadline Slack Time t 6 t 8 t 9 e 5 e 7 e 9 t 1 t 10 t 7 t 4 t 3 t 2 e 4 e 10 t 5 t 11 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60
23. After Security Optimization t 10 t 4 t 3 t 2 t 1 e 4 e 10 t 11 t 5 e 5 t 6 e 7 t 8 t 9 t 7 deadline 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 e 9 PE3 Link PE1 Link PE2
24. Security Requirements for A Task T i S i = ( ,…, ,…, ) Security level range of the j th security service for task Ti [0.3,0.6] [0.4,0.8] [0.5,0.9]
25. Security Benefits Gained by Task T i Weight of the j th security service for task T i Security level of the j th security service for task T i and
28. Optimize Security Benefit of An Application maximize subject to: i k SL 1 1 k s i The task set n q k i k i s w T k k ), max( ) min( i i i S S SL s ) (
29. Security Requirements of Message ( t i , t j ) The required security level range of the p th security service i j ( t i , t j )
30. Security Benefits Gained by One Message ( t i , t j ) Security level of the k th security service and
33. Security Benefit of A Parallel Application The message set The task set Security Value
34. The TAPADS Task Allocation Algorithm Compute the critical path Slack time= d – f Allocate all ti subject to minimal security requirements Identify the best candidate in V and E that has the highest benefit-cost ratio Increase security levels of more important services at the minimal cost Update the schedule in accordance with the increased security level yes Slack time > 0 ? no Update slack time End
35. Time Complexity of TAPADS The time complexity of TAPADS is O(k(q|V|+p|E|)) where k : the number of times Step 7 is repeated q : the number of security services for computation p : the number of security services for communication
36.
37. Experimental Parameters 0.2 (authentication), 0.5 (encryption), 0.3 (integrity) Weight of security services (min, top, max)=(0.02, 0.1, 0.5), (0.2, 1, 5), (1, 5, 10), (10, 20, 30) MB Size of data to be secured (25, 50, 75, 100) Out degrees ([100, 200], [200, 300], [300, 400], [400, 500]) second Deadline ranges (100, 200, 300, 400, 500, 600) second Deadlines (32, 64,128, 256), (8, 12, 16, 20) Number of nodes (min, top, max)=(1, 5, 10), (10,20,40), (40,80,160), (160,320,640) second Task execution time 1Gbps Network bandwidth 1000 million instructions/second or MIPS CPU Speed Value (Fixed) - (Varied) Parameter
76. The Architecture of AWARDS Security Service 1 Security Service m Adaptive Security Service Controller Disk Request Scheduler Disk Request Security Mechanism Disk Driver Untrusted Local Disk
77.
78.
79.
80. Modeling Disk Requests (Cont.) Security Level Disk Request Desired response time Real response time Subject to Maximize
81.
82.
83. Example Sl = 0.1 Sl = 0.3 Sl = 0.2 Security level of r 1 = 0.8 Response time =17.7 ms Security level of r 1 = 0.7 Response time =40.7 ms Security level of r 1 = 0.9 Response time =54.5 ms Requests Data Size ( d i ) Minimal Security Level ( s i ) Desired Response Time ( t i ) Response Time (T) under AWARDS Security Level ( i ) under AWARDS r 1 90 KB 0.2 18 ms 17.7 ms 0.8 r 2 150 KB 0.1 41 ms 40.7 ms 0.7 r 3 30 KB 0.3 55 ms 54.5 ms 0.9 r 1 r 2 r 3 r 1 r 2 r 3 Time Time SO= 0.93ms SO= 0.89ms SO= 0.8ms
84.
85. Start Insert r i into Q For each r i in Q Initialize Security Level Sl < 1.0 For each r i in the Q Sl = Sl + 0.1 For each r k r k can’t finsihed Sl = Sl - 0.1 END No END Yes Yes No
102. Disk 1 Disk 2 Disk m Adaptive Security Quality Controller Data Partitioning mechanism Security Service Middleware Security Service q Security Service 1 Clients Disk Requests Parallel Disk System Network Response Time Estimator Security Service 2 The ASPAD Framework
103.
104. Modeling Quality of Security Security level of the jth stripe unit of r i Parallelism degree No. of disks
111. Data Partitioning (cont.) Scheuermann et al., VLDB98 Where C: number of cylinders on disk a, b : two disk type independent constants e, f : disk type dependent constants
112.
113.
114.
115.
116.
117. Start Insert r into Q For each r in Q Calculate p i of r i Partition ri into pi stripe unit For each stripe unit Initialize SL Estimate response time SL < 1.0 While est. < desired Y SL = SL + 0.1 Estimate response time END N EST >des. dec. SL Y N Apply the security service with level ij to the j th stripe unit Phase1. Data Partitioning Phase2 response time
120. Impact of Arrival Rate ASPAD is always the best a) data size is 100KB and P = 3
121. Impact of Parallelism Degree ASPAD noticeably outperforms the other Add more slides for results!!! The impact of the parallelism degree when arrival rate = 0.5 No./sec.
123. Security Service 1 Security Service m Cache (Volatile/Non-volatile memory) Adaptive Security Service Controller Security-aware cache management mechanism A Cluster Storage System Network Clients Disk Request Disk1 Disk 2 Disk n
Lead in: Parallel applications are running on parallel computers or supercomputers. Structure commonly connected through fast local area networks Goal usually deployed to improve speed and/or reliability over that provided by a single computer Benefit cost-effective than single computer of comparable speed or reliability Myrinet and Infiniband
biological sequence analysis Radio Astronomy Observatory
A variety of real-time applications running on clusters require security protections Mention: real-time
Lead in: Threat is a potential violation of security Three services counter threats to the security of a system. Snooping: the unauthorized interception of information Alternation: an unauthorized change of information Spoofing: an impersonation of one entity by another.
The Goal of This Work: Developing and evaluating new scheduling mechanisms and algorithms for applications with timing and security constraints on clusters Drawbacks of current scheduling schemes Consider security without addressing timing constraints OR Consider real-time requirements without addressing security. To achieve high security for clusters while making the best effort to guarantee timing constraints.
Existing cluster computing systems lack the means to adaptively control quality of security for dynamically changing workloads To develop an adaptive quality of security control scheme for real-time applications running on clusters
One-two minutes!!! From bottom to up User Interface Framework Low-level Security Service APIs Quality of Security Control Manager ( QSCM ) Security Middleware Services
Global Security Optimization can migrate tasks to a remote cluster if local cluster cannot satisfy the security and timing constraints of a local task. In this research, I only focused on local security optimization.
SEAL<RC4<Blowfish<Knufu/Khafre<RC5<Rijndael<DES<IDEA (?) AES(Rijndael)>SEAL>3DES>RC5>DES DES, 1 hour SEAL Explain security level and their speed (performance): In accordance to the cryptographic algorithms’ performance, each algorithm is assigned a corresponding security level in the range from 0.08 to 1. For example, we assign security level 1 to the strongest yet slowest encryption algorithm IDEA. Take SEAL and 3DES as examples to explain why we assign 0.9 for 3DES. DES (Data Encryption Standard): 1970s, 56-bit key, the strength is 2 55 (two to the 55 th power) TDES (Triple DES): 1974, the strength is 2 80 , It is three times slower than regular DES but more secure if used properly. IDEA (International Data Encryption Algorithm): 1992, the strength is 2 128
MD4: 1990, 128-bit hash value MD5: 1991, 128-bit hash value SHA-1: 1994, 160-bit hash value MD4 < MD5 < SHA-1 RIPEMD: 1992, 128-bit hash value RIPEMD128: RIPEMD160: 1996, 160-bit hash value RIPEMD < RIPEMD128 < RIPEMD160 Tiger: 1996, 192-bit hash value
Generally each process will run on a different processor Typically a parallel job would employ a message passing interface, such as MPI, to pass data between the processes
Originally, admission controller only meets each accepted task’s minimal security requirements and deadline;
This is a general security requirement expression, which includes q different security services; In this work, I only considered three Commonly used security services, namely, confidentiality, integrity, and authentication
The weight of a security service reflects its priority in a particular application domain. For example, in military applications, usually confidentiality is more important than integrity, thus, users can assign weight 0.7 for confidentiality and 0.3 for integrity; In other hand, in commercial banking system, integrity is more important than confidentiality; In this case, users can assign 0.7 for integrity and 0.3 for confidentiality; Add one more slide to show the priorities of different services.
Lead in: move forward; in order to improve security of applications, we need a way of measuring quality of security.
Task Allocation for Parallel Applications with Deadline and Security Constraints The TAPADS algorithm is outlined in Figure 2. TAPADS aims at achieving high quality of security under two conditions: (1) increasing security levels will not result in missing deadlines; and (2) precedence constraints are satisfied. In an effort to meet both deadline and precedence constraints, TAPADS assigns the tasks to each node in a way to maximize security measured as . Thus, TAPADS is capable of maintaining a high schedulability measured as .
Need to mention message as well. This three algorithms are variants of a well-known algorithm : List
The parameters of nodes in the clusters are chosen to resemble real-world workstations like Sun SPARC-20 and Sun Ultra 10 All synthetic parallel jobs used from Section 6.2 to Section 6.7 were created by TGFF [9], a randomized task graph generator.
To evaluate quality of security for parallel applications , we derive in this section the probability that all tasks and messages remain risk-free during the course of execution. Pc(x) is the probability that all tasks are free from being attacked ; PL(x) is the probability that all messages are free from being attacked; Psc(x) is the probability that all tasks and messages remain risk-free during the course of execution.
We tested one DAG (job) with 433 tasks on a cluster with 32 nodes ; three circles ( 170 second, 260 second and 575 second )
Circle the three points, one trend (an arrow) and three circles; The results clearly indicate that applications can gain more performance benefits from our TAPADS approach under the circumstance that real-time applications have relatively tight deadlines.
The first observation deduced from Figure 3(c) is that the quality of security of TAPADS increases with the deadline. This is because quality of security is partially derived from SV (see Equations 25 and 29), which becomes higher when the deadlines are looser. A second observation is that the performance improvement of TAPADS in terms of quality of security is not as pronounced as the performance improvement in terms of security value compared with LISTMIN algorithm. This can be explained by the negative natural exponential function (see Equations 22 and 26), which smooths the security value differences between LISTMIN and TAPADS.
We conducted four groups of experiments to test the performance of TAPADS using 1000 diverse task graphs. The smallest task graph has 54 tasks, and the largest task graph consists of 543 tasks. We assume that the number of nodes in the cluster is 32. For each group test, we set a deadline range from which a deadline is randomly selected for an incoming parallel job. The four deadline ranges for the four group experiments are [100, 200], [200, 300], [300, 400] and [400, 500], respectively.
Multiple DAGs, (1) TAPADS and LISTMIN deliver the best performance in schedulability under all four cases
Three observations among which the second one is interesting.
t he improvement of TAPADS over LISTMIN becomes more prominent with the increasing value of the node number. This result can be explained by the conservative nature of LISTMIN, which simply meets the minimal security requirements for parallel applications on the cluster. (2) LISTMAX can achieve the same performance as TAPADS when there are 256 nodes in the cluster. This is because LISTMAX can guarantee the maximal security requirements of the parallel jobs when more nodes are available in the cluster. (3) all the four algorithms can finish the job in a shorter time period when there is large number of available nodes; (4) TAPADS has the same performance in complete time as that of LISTMIN.
To verify the performance impact of degree of task parallelism, we evaluate the performance as functions of maximal number of out degree in task graphs. We define the degree of task parallelism of a task graph as the maximal possible out degree numbers in the graph TAPADS is the only algorithm that can continuously improve its performance in security value and quality of security with the increasing value of task parallelism The important conclusion drawn from this experiment is that TAPADS can gain greater performance improvement when a parallel application has a higher degree of parallelism
Firstly, when the security sensitive data size varies from config1 to config4, the security value of TAPADS drops, while those of LISTMIN and LISTRND remain the same Secondly, the quality of security for LISTMIN and LISTRND decreases when the size of security sensitive data goes up, although their security values keep unchanged. This interesting phenomena can be explained by Equations 25 and 29, which indicate long execution and communication times lower QSA values. Lastly, Figure 7(c) illustrates that the increasing size of security sensitive data enlarges the job completion time.
To validate the results from the synthetic simulations above, we evaluate the TAPADS algorithm in a real system – digital signal processing system (1) Performance patterns plotted in Figure 9 are similar to those reported in Section 6.2 (see Figure 3), thereby verifying that TAPADS can gain performance improvements for a real application.
Figure 10 shows that at least 12 nodes are required to make feasible scheduling decisions for the DSP application In summary, the strength of TAPADS can be fully exhibited when the application has a relatively tight deadline. When the deadline is extremely loose, TAPADS degrades to LISTMAX. The implication is that TAPADS can significantly improve security for real-time applications without increasing hardware cost. The results discussed in this subsection can be envisioned as a strong validation of our previous simulations. The salient feature of TAPADS is that it can be successfully deployed to secure real-time parallel applications on clusters.
Lead in: Let’s take a close look at a specific application. For example, in a real-time stock quote update and trading system, each incoming request from business partners and each outgoing response from an enterprise’s back-end application have deadlines and security quality requirements, which have to be met by a cluster located between the business partners and enterprise back-end applications.
Lead in: Flexible security requirements
TAPADS means …?
Lead in:
1. Compared with Original, Aswards is more sensitive to data size
The same sensitivity
Fig. workload monitored from a real-world storage server.