Tao Xie,Xiao Qin

DOI: https://doi.org/10.1109/tc.2006.110

2006-01-01

Abstract:Security-critical real-time applications such as military aircraft flight control systems have mandatory security requirements in addition to stringent timing constraints. Conventional real-time scheduling algorithms, however, either disregard applications' security needs and thus expose the applications to security threats or run applications at inferior security levels without optimizing security performance. In recognition that many applications running on clusters demand both real-time performance and security, we investigate the problem of scheduling a set of independent real-time tasks with various security requirements. We build a security overhead model that can be used to reasonably measure security overheads incurred by the security-critical tasks. Next, we propose a security-aware real-time heuristic strategy for clusters (SAREC), which integrates security requirements into the scheduling for real-time applications on clusters. Further, to evaluate the performance of SAREC, we incorporate the earliest deadline first (EDF) scheduling policy into SAREC to implement a novel security-aware real-time scheduling algorithm (SAEDF). Experimental results from both real-world traces and a real application show that SAEDF significantly improves security over three existing scheduling algorithms (EDF, Least Laxity First, and First Come First Serve) by up to 266.7 percent while achieving high schedulability.

Tao Xie,Andrew H. Sung,Xiao Qin

DOI: https://doi.org/10.1109/ipdps.2005.185

2005-01-01

Abstract:An increasing number of real-time applications, such as aircraft control and medical electronics systems, require high quality of security to assure confidentiality, authenticity and integrity of information. However, most existing algorithms for scheduling independent tasks in real-time systems do not adequately consider security requirements of real-time tasks. In recognition of this problem we propose a novel dynamic scheduling algorithm with security awareness, which is capable of achieving high quality of security for real-time tasks while improving resource utilization. We have conducted extensive simulation experiments to quantitatively evaluate the performance of our approach. Specifically, experimental results show that compared with three heuristic algorithms, the proposed algorithm can consistently improve overall system performance in terms of quality of security and system guarantee ratio under a wide range of workload characteristics.

Cq Huang,Gh Song,Y Zheng

DOI: https://doi.org/10.1007/978-3-540-30207-0_91

2004-01-01

Abstract:To make full use of grid resources and to meet users' requirements, efficient scheduling is a key concern in grid environments. Aiming at grid-based engineering computation applications, this paper proposes a Quality of Service (QoS) driven user-centric scheduling strategy. Firstly, degree of credit and degree of guarantee are defined, and aggregate utility ratio is modeled as a composite QoS; Secondly, for different types of grid users, two scheduling methods and steering-enabled visual interfaces are presented, respectively; Thirdly, four performance metrics and aggregate utility ratio are visualized to facilitate the user's interaction with scheduling; Finally, corresponding post-scheduling mechanisms are designed to cope with scenarios where scheduled tasks could not obtain expected QoS. This study is part of a grid project, MASSIVE, and the experiments show that the visual scheduling strategy presented is suitable for computational grids.

Ke Xu,Yuexuan Wang,Cheng Wu

DOI: https://doi.org/10.1007/11745693_53

2006-01-01

Abstract:Ensuring the reliability and robustness of complex scientific grid applications is a critical issue for managing and sharing expensive scientific instruments. However, guaranteeing the correct processing of grid applications under all circumstances is difficult and not fully addressed by existing grid infrastructure. Hidden flaws in the applications including unexpected internal behaviors, dissatisfaction of real-time constraints, incompatibility in service interactions, etc may lead to subtle failures in grid systems. This work tries to enhance the trustworthiness of grid applications by investigating existing formal techniques and their extensions. A formal framework based on extensions of Pi calculus is proposed which also integrates formal techniques of model checking and bisimulation analysis to enable the reasoning of grid applications from three perspectives: data, time and behavior. In addition, both application examples and our current implementation architecture are also concluded.

Man Lin,Li Xu,Laurence T. Yang,Xiao Qin,Nenggan Zheng,Zhaohui Wu,Meikang Qiu

DOI: https://doi.org/10.1109/tii.2009.2014055

IF: 12.3

2009-01-01

IEEE Transactions on Industrial Informatics

Abstract:An increasing number of real-time applications like railway signaling control systems and medical electronics systems require high quality of security to assure confidentiality and integrity of information. Therefore, it is desirable and essential to fulfill security requirements in security-critical real-time systems. This paper addresses the issue of optimizing quality of security in real-time systems. To meet the needs of a wide variety of security requirements imposed by real-time systems, a group-based security service model is used in which the security services are partitioned into several groups depending on security types. While services within the same security group provide the identical type of security service, the services in the group can achieve different quality of security. Security services from a number of groups can be combined to deliver better quality of security. In this study, we seamlessly integrate the group-based security model with a traditional real-time scheduling algorithm, namely earliest deadline first (EDF). Moreover, we design and develop a security-aware EDF schedulability test. Given a set of real-time tasks with chosen security services, our scheduling scheme aims at optimizing the combined security value of the selected services while guaranteeing the schedulability of the real-time tasks. We study two approaches to solve the security-aware optimization problem. Experimental results show that the combined security values are substantially higher than those achieved by alternatives for real-time tasks without violating real-time constraints.

Tao Xie,Xiao Qin,Andrew Sung

2005-01-01

Abstract:Existing scheduling algorithms for periodic tasks ignore security requirements posed by sensitive applications and are consequently unable to perform properly in high performance embedded systems with security constraints. In this paper we present an approach to scheduling periodic tasks in high performance embedded systems subject to security and timing constraints. We propose a scheduling algorithm, or SASES (Security-Aware Scheduling for Embedded Systems), which accounts for both security and timing requirements. SASES judiciously distributes slack times among a variety of security services for a set of periodic tasks, thereby optimizing security for high-performance embedded systems without sacrificing schedulability. We show through extensive simulations that SASES is able to maximize security for high- performance embedded systems while guaranteeing timeliness. In particular, SASES significantly improves security over three baseline algorithms by up to 93.4%.

Haolin Feng,Guanghua Song,Yao Zheng,Jun Xia

DOI: https://doi.org/10.1007/978-3-540-24680-0_15

2004-01-01

Abstract:Computational grid has a promising future in large-scale computing, because it enables the sharing of widely distributed computing resources. Good managements with excellent scheduling algorithms are in great demand to take full advantage of it. Many scheduling algorithms in grid computing are for independent tasks. However, communications are very common in scientific computing programs. In this paper, we will propose an easy-implemented algorithm to schedule the tasks with some communications. Our algorithm is suitable for a large proportion of scientific computing programs, and is based on Binary Integer Programming. It is able to meet the users' quality of service (QoS) requirements, and to minimize the combination of costs and time consumed by the users' programs. We will give an example of scheduling a typical scientific computing task to show the power of our algorithm. In our experiment, the grid resource consists of an SGI Onyx 3900 supercomputer, four SGI Octane workstations, four Intel P4-2.OGHz PCs and four Intel P4-1.8GHz PCs.

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

Junlong Zhou,Yufan Shen,Liying Li,Cheng Zhuo,Mingsong Chen

DOI: https://doi.org/10.1109/tcad.2022.3207328

IF: 2.9

2023-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Due to the great advancement in computation, communication, and control technologies, the Internet of Things (IoT) can provide ubiquitous connectivity for anyone and anything at any time and any place, leading to a revolution in an information society. Protecting devices against various security threats is one of the most important challenges in IoT since IoT applications are generally security-critical systems while IoT devices are often poorly secured. For IoT devices, employing security services provided by smart gateways or edge/cloud servers to defend against various threats is an effective way to enhance their security. However, the finite battery energy of devices and the limited fund of device users hinder the wide application of security services in IoT. This necessitates the demand for designing new methodologies to tackle the tradeoff among security, energy, and fund of IoT devices. Therefore, this article attempts to optimize system security of IoT devices under energy and fund constraints. Specifically, to formulate the energy and fund constrained security optimization problem, we first propose a pricing model for the security services provided by the smart gateway. We then formulate the problem as a mixed-integer linear programming (MILP) problem. Since using a solver to address the MILP problem may be time consuming, we leverage the swarm intelligence technique to design a new task scheduling scheme that can efficiently solve the optimization problem. Extensive experiments are conducted to validate our proposed MILP and swarm intelligence-based task scheduling algorithms. Simulation results show that our scheme outperforms two state-of-the-art methods in improving system quality of security and guaranteeing schedule feasibility.

Yuexuan Wang,Jie Yin,Meizhi Hu

DOI: https://doi.org/10.1109/services-i.2009.74

2009-01-01

Abstract:Equipment grid aims to facilitate easy access to expensive scientific instruments by, grid services and consists of the following, three components: service pool alliance, service pool, and geographically distributed physical instruments. When users submit experiments to equipment grid, service pool alliance will allocate instruments in related service pools to conduct the experiments, which may need coordination and cooperation of several physical instruments that constitute service chains. After experiments have finished and results have returned, users evaluate the performance of related service chains. In this work, a scheduling algorithm using provenance information is proposed to enhance performance of equipment grid by increasing dispatch probability of instruments with high QoS. In this algorithm, we express QoS of instruments and user appraisals in fuzzy linguistic values, taking the vagueness of user opinions on experiment results and various criteria to evaluate instrument QoS into account. Simulation results show that with this algorithm, equipment grid can better satisfy the users.

CQ Huang,DR Chen,HL Hu

DOI: https://doi.org/10.1109/icmlc.2004.1380592

2004-01-01

Abstract:Load balancing and fault tolerance are two key concerns when developing distributed computing applications. The emergence of grid computing environments extends this problem. Based on distributed scheduling architecture, a grid service oriented scheduling model is proposed to enable load balancing in this paper. In this model, the functionalities are characterized by fault tolerance, and implemented by applying intelligent agent technology. Degree of credit is introduced to make that a decision of grid service selection, service instance selection/migration and service instance redundancy, context agents are responsible for sensing the context of grid, and balance agents are enforced to automatically serve the scheduler for dynamic load adjustment and service-level fault tolerance. Between agents, information exchange is conducted via an agent communication language.

Tao Xie,Xiao Qin

DOI: https://doi.org/10.1007/11945918_10

2006-01-01

Abstract:High quality of security is increasingly critical for applications running on heterogeneous distributed systems, where processors operate at different speeds and communication channels have different bandwidths. Although there are a few scheduling algorithms in the literature for heterogeneous distributed systems, they generally do not take into account of security requirements of applications. In this paper, we propose a novel heuristic scheduling algorithm, or SATS, which is conducive to improving security of heterogeneous distributed systems. First, we formalize a concept of security heterogeneity for our scheduling model in the context of distributed systems. Next, we devise the SATS algorithm aiming at scheduling tasks to maximize the probability that all tasks are executed without any risk of being attacked. Empirical results demonstrate that with respect to security and performance, the proposed scheduling algorithm outperforms existing approaches for heterogeneous distributed systems.

Yuexuan Wang,Jie Yin

DOI: https://doi.org/10.1007/s10796-013-9437-6

2013-01-01

Information Systems Frontiers

Abstract:Scheduling resources in grid is an open difficult problem due to resource fluctuations. A fuzzy scheduling method using provenance information is proposed. In this method, resource dispatch probability is dynamically adjusted according to user feedback information, which is user appreciation information represented by fuzzy variables. To minimize the influence of cheating, collusive and decrying of user appreciations, provenance information is used to estimate trust factor of each user appreciation during resource dispatch probability adjustment process. Simulation results confirm capability of the proposed method to effectively reduce impacts of malicious user appreciations and increase user satisfactions.

Jie Yin,Junwei Cao,Yuexuan Wang,Lianchen Liu,Cheng Wu

DOI: https://doi.org/10.1109/ccgrid.2007.103

2007-01-01

Abstract:While a grid represents a computing infrastructure for cross domain sharing of computational resources, the cyberinfrastructure, proposed by the US NSF Blue-Ribbon advisory panel, is expected to revolutionizing science and engineering by including more computer integrated resources, e.g. telescopes and observatories. As a part of the China national cyberinfrastructure for education and research, resource sharing of expensive scientific instruments is discussed in this work. A layered model of instrument pools is introduced and the process from submitting a job to instrument pools to obtaining results is analyzed. Fuzzy random scheduling algorithms are proposed in instrument pools when a job is submitted to one of instruments within a pool. The randomness lies in the probability which instrument could be chosen for an experiment and the fuzziness origins from vagueness of users' feedback opinions on experimental results. Users' feedback information is utilized to improve overall quality of service (QoS) of an instrument cyberinfrastructure. Several algorithms are provided to increase utilization of instruments providing higher QoS and decrease utilization of those with poor QoS. This is demonstrated in details using quantitative simulation results included in this paper.

Xing-zhi WANG,Zheng YAN,Chen SHEN,Nai-hu LI,Lei JING,Hui-jie LI

DOI: https://doi.org/10.3969/j.issn.1674-3415.2011.24.015

2011-01-01

Abstract:The diversity of operation scheduling business with security constraint has posed a great challenge for the power system dispatching and information technology.By analyzing the characteristics of the loosely coupled integration of service-orientedarchitecture and grid computing,a smart grid operation scheduling with security constraint and its key technologies are proposed.First,the framework and detailed design of this system are described.Second,the simulation sections are generated using smart data parallelism to ensure the convergence of exchange power and AC flow of power grid in section areas.Third,time parallel simulation method is adopted to scan the day ahead scheduling sections with security constraint,by which the fast and intelligent calculation is implemented.The simulation results of large scale power system show that this algorithm is feasible and has a high computational efficiency.It provides a viable approach for the operation scheduling with security constraint in grid computing research.

P. Radha Krishna Reddy,Ashim Roy,G. Sireesha,Ismatha Begum,S. Siva Ramaiah

DOI: https://doi.org/10.48550/arXiv.1207.1591

2012-07-06

Abstract:Grid computing is a computation methodology using group of clusters connected over high-speed networks that involves coordinating and sharing computational power, data storage and network resources. Integrating a set of clusters of workstations into one large computing environment can improve the availability of computing power. The goal of scheduling is to achieve highest possible system throughput and to match the application need with the available computing resources. A secure scheduling model is presented, that performs job grouping activity at runtime. In a Grid environment, security is necessary because grid is a dynamic environment and participates are independent bodies with different policies, objectives and requirements. Authentication should be verified for Grid resource owners as well as resource requesters before they are allowed to join in scheduling activities. In order to achieve secure resource and job scheduling including minimum processing time and maximum resource utilization, A Secure Resource by using RSA algorithm on Networking and Job Scheduling model with Job Grouping strategy(JGS) in Grid Computing has been proposed. The result shows significant improvement in the processing time of jobs and resource utilization as compared to dynamic job grouping (DJG) based scheduling on smart grids (SG).

Operating Systems

Yonghui Huang,Yan Ma,Zhaowen Lin,Shuyue Wang,Bowen Xie

DOI: https://doi.org/10.1142/s0218126622500426

2021-01-01

Abstract:By endowing network with the ability of reliable scheduling of security resources, it can realize the dynamic deployment of security resources as well as the efficient configuration of protection resources, and further can quickly respond to network security threats and emergencies timely. Furthermore, due to the network is increasingly complex, it is of great importance to make it reliable by invoking appropriate security resources. However, the security mechanism and response speed of traditional network based on security domain division, network boundary protection are hard to meet the requirements of the virtual network. In this paper, we propose the SDN-empowered reliable and dynamic scheduling scheme for security resources. In the scheme, we use network security resource virtualization technology to virtualize and modularize network security software and hardware resources; at the SDN control layer, we propose meta-security function combination technology to provide on-demand customization for various security applications’ security service; by using role-based conflict detection and conflict resolution technology, we can detect and handle security rule conflicts. The experiments show that the scheme is reliable and efficient with low latency and great throughput.

Yuanzhuo Wang,Chuang Lin,Zhengli Zhai,Yang

DOI: https://doi.org/10.1007/s11704-007-0032-1

2007-01-01

Frontiers of Computer Science in China

Abstract:The grid provides an integrated computer platform composed of differentiated and distributed systems. These resources are dynamic and heterogeneous. In this paper, a novel fault-tolerant grid-scheduling model is presented based on Stochastic Petri Nets (SPN) to assure the heterogeneity and dynamism of the grid system. Also, a new grid-scheduling strategy, the dependable strategy for the shortest expected accomplishing time (DSEAT), is put forward, in which the dependability factor is introduced in the task-dispatching strategy. In the end, the performance of the scheduling strategy based on the fault-tolerant grid-scheduling model is analyzed by an software package, named SPNP. The numerical results show that dynamic resources will increase the response time for all classes of tasks in differing degrees. Compared with shortest expected accomplishing time (SEAT) strategy, the DSEAT strategy can reduce the negative effects of dynamic and autonomic resources to some extent so as to guarantee a high quality of service (QoS).

Monowar Hasan,Ashish Kashinath,Chien-Ying Chen,Sibin Mohan

DOI: https://doi.org/10.1145/3649499

IF: 16.6

2024-02-26

ACM Computing Surveys

Abstract:Security is an increasing concern for real-time systems (RTS). Over the last decade or so, researchers have demonstrated attacks and defenses aimed at such systems. In this paper, we identify , classify and measure the effectiveness of the security research in this domain. We provide a high-level summary [ identification ] and a taxonomy [ classification ] of this existing body of work. Furthermore, we carry out an in-depth analysis [ measurement ] of scheduler-based security techniques — the most common class of real-time security mechanisms. For this purpose, we developed a common metric, “ attacker’s burden ”, used to measure the effectiveness of (existing as well as future) scheduler-based real-time security measures.

computer science, theory & methods

Wen Zhang,Junwei Cao,Yisheng Zhong,Lianchen Liu,Cheng Wu

DOI: https://doi.org/10.1109/grid.2008.4662807

2008-01-01

Abstract:Grid data streaming applications are novel from others in that they require real-time data supply while the processing is going on, which necessitates harmonious collaborations among processors, bandwidth and storage. Traditional scheduling approaches may not be sufficient for such applications, for they usually focus on only one aspect of resources, mainly computational resources. A resource management and scheduling system for such applications is developed in this paper, which is responsible for enabling their running based on Globus toolkit. An integrated scheme is proposed, including admission control, application selecting, processor assigning, allocation of bandwidth and storage, with corresponding algorithms elaborated. Evaluation results show excellent performance and scalability of this system.