Security policy verification for multi-domains in cloud systems

The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided.     

Transparent access to Grid resources for user software

Grid computing promises access to large amounts of computing power, but so far adoption of Grid computing has been limited to highly specialized experts for three reasons. First, users are used to batch systems, and interfaces to Grid software are often complex and different to those in batch systems. Second, users are used to having transparent file access, which Grid software does not conveniently provide. Third, efforts to achieve wide‐spread coordination of computers while solving the first two problems is hampered when clusters are on private networks. Here we bring together a variety of software that allows users to almost transparently use Grid resources as if they were local resources while providing transparent access to files, even when private networks intervene. As a motivating example, the BaBar Monte Carlo production system is deployed on a truly distributed environment, the European DataGrid, without any modification to the application itself. Copyright © 2005 John Wiley & Sons, Ltd.     

Recent Advances in Mobile Grid and Cloud Computing

Grid and cloud computing systems have been extensively used to solve large and complex problems in science and engineering fields. These systems include powerful computing resources that are connected through high-speed networks. Due to the recent advances in mobile computing and networking technologies, it has become feasible to integrate various mobile devices, such as robots, aerial vehicles, sensors, and smart phones, with grid and cloud computing systems. This integration enables the design and development of the next generation of applications by sharing of resources in mobile environments and introduces several challenges due to a dynamic and unpredictable network. This paper discusses applications, research challenges involved in the design and development of mobile grid and cloud computing systems, and recent advances in the field.     

G‐BLAST: a Grid‐based solution for mpiBLAST on computational Grids

Over the past few years, research and development in bioinformatics (e.g. genomic sequence alignment) has grown with each passing day fueling continuing demands for vast computing power to support better performance. This trend usually requires solutions involving parallel computing techniques because cluster computing technology reduces execution times and increases genomic sequence alignment efficiency. One example, mpiBLAST is a parallel version of NCBI BLAST that combines NCBI BLAST with message passing interface (MPI) standards. However, as most laboratories cannot build up powerful cluster computing environments, Grid computing framework concepts have been designed to meet the need. Grid computing environments coordinate the resources of distributed virtual organizations and satisfy the various computational demands of bioinformatics applications. In this paper, we report on designing and implementing a BioGrid framework, called G‐BLAST, that performs genomic sequence alignments using Grid computing environments and accessible mpiBLAST applications. G‐BLAST is also suitable for cluster computing environments with a server node and several client nodes. G‐BLAST is able to select the most appropriate work nodes, dynamically fragment genomic databases, and self‐adjust according to performance data. To enhance G‐BLAST capability and usability, we also employ a WSRF Grid Service Portal and a Grid Service GUI desk application for general users to submit jobs and host administrators to maintain work nodes. Copyright © 2008 John Wiley & Sons, Ltd.     

On development of an efficient parallel loop self-scheduling for grid computing environments

The approaches to deal with scheduling and load balancing on PC-based cluster systems are famous and well-known. Self-scheduling schemes, which are suitable for parallel loops with independent iterations on cluster computer system, they have been designed in the past. In this paper, we propose a new scheme that can adjust the scheduling parameter dynamically on an extremely heterogeneous PC-based cluster and Grid computing environments in order to improve system performance. A Grid computing environment consists of multiple PC-based clusters is constructed using Globus Toolkit and MPICH-G2 middleware. The experimental results show that our scheduling can result in higher performance than other similar schemes on Grid computing environments.     

云计算集群服务器系统监控方法的研究

随着云计算技术越来越多地应用到信息产业的各个领域,云计算环境下集群服务器系统的监控与管理的需求越来越大。云计算下的集群服务器系统主要是通过一系列基于分布式架构的服务器集群组成,其下的服务器数量可能多达上万台。要管理好数量如此大的云计算集群服务器系统,保证其高性能运行,必然需要一套有效的云计算集群监控系统对其进行监测与调控。但是,传统的集群监测系统存在一些不足与弊端。本文对于云计算集群系统的高性能监测调度方案进行了研究,从云监控系统的架构、数据采集、负载均衡调度方面进行了探讨,构建了一个保证云计算集群系统高性能运营的云系统方案。     

Evaluation of messaging middleware for high-performance cloud computing

Cloud computing is posing several challenges, such as security, fault tolerance, access interface singularity, and network constraints, both in terms of latency and bandwidth. In this scenario, the performance of communications depends both on the network fabric and its efficient support in virtualized environments, which ultimately determines the overall system performance. To solve the current network constraints in cloud services, their providers are deploying high-speed networks, such as 10 Gigabit Ethernet. This paper presents an evaluation of high-performance computing message-passing middleware on a cloud computing infrastructure, Amazon EC2 cluster compute instances, equipped with 10 Gigabit Ethernet. The analysis of the experimental results, confronted with a similar testbed, has shown the significant impact that virtualized environments still have on communication performance, which demands more efficient communication middleware support to get over the current cloud network limitations.     

Contract RBAC in cloud computing

Cloud computing is a fast growing field, which is arguably a new computing paradigm. In cloud computing, computing resources are provided as services over the Internet and users can access resources based on their payments. The issue of access control is an important security scheme in the cloud computing. In this paper, a Contract RBAC model with continuous services for user to access various source services provided by different providers is proposed. The Contract RBAC model extending from the well-known RBAC model in cloud computing is shown. The extending definitions in the model could increase the ability to meet new challenges. The Contract RBAC model can provide continuous services with more flexible management in security to meet the application requirements including Intra-cross cloud service and Inter-cross cloud service. Finally, the performance analyses between the traditional manner and the scheme are given. Therefore, the proposed Contract RBAC model can achieve more efficient management for cloud computing environments.     

Ontology-based access control model for security policy reasoning in cloud computing

There are many security issues in cloud computing service environments, including virtualization, distributed big-data processing, serviceability, traffic management, application security, access control, authentication, and cryptography, among others. In particular, data access using various resources requires an authentication and access control model for integrated management and control in cloud computing environments. Cloud computing services are differentiated according to security policies because of differences in the permitted access right between service providers and users. RBAC (Role-based access control) and C-RBAC (Context-aware RBAC) models do not suggest effective and practical solutions for managers and users based on dynamic access control methods, suggesting a need for a new model of dynamic access control that can address the limitations of cloud computing characteristics. This paper proposes Onto-ACM (ontology-based access control model), a semantic analysis model that can address the difference in the permitted access control between service providers and users. The proposed model is a model of intelligent context-aware access for proactively applying the access level of resource access based on ontology reasoning and semantic analysis method.     

Digital Preservation in Grids and Clouds: A Middleware Approach

Digital preservation is the persistent archiving of digital assets for future access and reuse, irrespective of the underlying platform and software solutions. Existing preservation systems have a strong focus on Grids, but the advent of cloud technologies offers an attractive option. We describe a middleware system that enables a flexible choice between a Grid and a cloud for ad-hoc computations that arise during the execution of a preservation workflow and also for archiving digital objects. The choice between different infrastructures remains open during the lifecycle of the archive, ensuring a smooth switch between different solutions to accommodate the changing requirements of the organization that needs its digital assets preserved. We also offer insights on the costs, running times, and organizational issues of cloud computing, proving that the cloud alternative is particularly attractive for smaller organizations without access to a Grid or with limited IT infrastructure.     

基于Storm平台的多任务分组调度策略与实现

随着大数据与人工智能技术的飞速发展,高性能,实时性的流式计算系统逐渐取代传统基于数据仓库的批量计算系统.Apache storm作为一款开源,高容错,实时处理的分布式大数据流式计算平台,支持任务平均分配策略,单机任务指定策略等多种任务分配方案.当任务拓扑结构中存在多个任务时,且集群中只有某些机器支持某一任务执行时,传统的任务调度方法只能实现将单一的任务分配给单一指定的机器,使得整个集群的资源没有充分的利用.通过调整任务调度策略,获得满足条件的机器队列,查看机器队列中可用工作节点,将指定任务均匀分配给可用工作节点,其他任务仍通过默认策略分配给集群中的剩余机器,实现多任务的分组调度策略.     

网格环境下的集群系统作业管理研究

网格计算已经逐渐形成一个重要的新领域。相对于传统的分布式计算，它的显著之处在于它能够共享网络上的各种资源，包括地理上分布的各种计算资源。PBS是广泛应用于并行计算机的作业管理系统，它可以按照用户定义的配置参数相对公平地为每个作业分配系统资源。但是在网格环境范围内对集群系统进行管理仍然是一门有待研究的课题。利用网格系统软件和集群系统管理软件，实现了一种在网格环境下对集群系统作业进行管理的方法。     

Preemptive cloud resource allocation modeling of processing jobs

Cloud computing allows execution and deployment of different types of applications such as interactive databases or web-based services which require distinctive types of resources. These applications lease cloud resources for a considerably long period and usually occupy various resources to maintain a high quality of service (QoS) factor. On the other hand, general big data batch processing workloads are less QoS-sensitive and require massively parallel cloud resources for short period. Despite the elasticity feature of cloud computing, fine-scale characteristics of cloud-based applications may cause temporal low resource utilization in the cloud computing systems, while process-intensive highly utilized workload suffers from performance issues. Therefore, ability of utilization efficient scheduling of heterogeneous workload is one challenging issue for cloud owners. In this paper, addressing the heterogeneity issue impact on low utilization of cloud computing system, conjunct resource allocation scheme of cloud applications and processing jobs is presented to enhance the cloud utilization. The main idea behind this paper is to apply processing jobs and cloud applications jointly in a preemptive way. However, utilization efficient resource allocation requires exact modeling of workloads. So, first, a novel methodology to model the processing jobs and other cloud applications is proposed. Such jobs are modeled as a collection of parallel and sequential tasks in a Markovian process. This enables us to analyze and calculate the efficient resources required to serve the tasks. The next step makes use of the proposed model to develop a preemptive scheduling algorithm for the processing jobs in order to improve resource utilization and its associated costs in the cloud computing system. Accordingly, a preemption-based resource allocation architecture is proposed to effectively and efficiently utilize the idle reserved resources for the processing jobs in the cloud paradigms. Then, performance metrics such as service time for the processing jobs are investigated. The accuracy of the proposed analytical model and scheduling analysis is verified through simulations and experimental results. The simulation and experimental results also shed light on the achievable QoS level for the preemptively allocated processing jobs.     

国家高性能计算环境资源评价规范研究

高性能计算资源作为科技创新的重要手段,是当代科技竞争的战略制高点,能集中体现一个国家的综合实力。国家高性能计算环境聚合了国内优秀的高性能计算资源,面向用户提供高效、便捷的高性能计算服务。为加强环境建设、提高服务质量,本文提出了一套可以量化网络服务水平和集群计算服务水平的规范,为高性能计算环境的准入提供理论依据,支持和引导用户合理使用资源,形成全局统筹的资源布局。本文首先提出对高性能计算资源服务水平的评价标准,针对资源的性能、可用性、安全性、可靠性、需求管理、技术支持和服务响应这些内容分别展开介绍。然后介绍了这些评价标准的计算方法,为评价标准的确立提供理论基础。最后以提出的资源评价标准为依据,对资源的分级标准进行制定并提出高性能计算环境的准入标准。     

A semantic interoperability framework for software as a service systems in cloud computing environments

In cloud computing environments in software as a service (SaaS) level, interoperability refers to the ability of SaaS systems on one cloud provider to communicate with SaaS systems on another cloud provider. One of the most important barriers to the adoption of SaaS systems in cloud computing environments is interoperability. A common tactic for enabling interoperability is the use of an interoperability framework or model. During the past few years, in cloud SaaS level, various interoperability frameworks and models have been developed to provide interoperability between systems. The syntactic interoperability of SaaS systems have already been intensively researched. However, not enough consideration has been given to semantic interoperability issues. Achieving semantic interoperability is a challenge within the world of SaaS in cloud computing environments. Therefore, a semantic interoperability framework for SaaS systems in cloud computing environments is needed. We develop a semantic interoperability framework for cloud SaaS systems. The capabilities and value of service oriented architecture for semantic interoperability within cloud SaaS systems have been studied and demonstrated. This paper is accomplished through a number of steps (research methodology). It begins with a study on related works in the literature. Then, problem statement and research objectives are explained. In the next step, semantic interoperability requirements for SaaS systems in cloud computing environments that are needed to support are analyzed. The details of the proposed semantic interoperability framework for SaaS systems in cloud computing environments are presented. It includes the design of the proposed semantic interoperability framework. Finally, the evaluation methods of the semantic interoperability framework are elaborated. In order to evaluate the effectiveness of the proposed semantic interoperability framework for SaaS systems in cloud computing environments, extensive experimentation and statistical analysis have been performed. The experiments and statistical analysis specify that the proposed semantic interoperability framework for cloud SaaS systems is able to establish semantic interoperability between cloud SaaS systems in a more efficient way. It is concluded that using the proposed framework, there is a significant improvement in the effectiveness of semantic interoperability of SaaS systems in cloud computing environments.     

网格计算安全模型的研究

网格计算是一种新型的计算模式,具有数据处理能力强和运行成本低的特点。近年来,有关网格计算系统的安全性设计越发受到关注,但现有的网络安全技术在处理复杂的、动态的网格计算系统时,在访问控制、权限授予等环节的效果并不理想。首先分析了网格计算系统的安全性需求,其次研究并借鉴了现有颇具代表性的网络安全架构,最后我们从网格安全设计和实现的角度,对网格计算系统提出一种新的安全体系结构模型,并深入讨论了网格计算系统中各实体间交互时所采取的相应安全策略。     

Riding Out the Storm: How to Deal with the Complexity of Grid and Cloud Management

Over the last decade, Grid computing paved the way for a new level of large scale distributed systems. This infrastructure made it possible to securely and reliably take advantage of widely separated computational resources that are part of several different organizations. Resources can be incorporated to the Grid, building a theoretical virtual supercomputer. In time, cloud computing emerged as a new type of large scale distributed system, inheriting and expanding the expertise and knowledge that have been obtained so far. Some of the main characteristics of Grids naturally evolved into clouds, others were modified and adapted and others were simply discarded or postponed. Regardless of these technical specifics, both Grids and clouds together can be considered as one of the most important advances in large scale distributed computing of the past ten years; however, this step in distributed computing has came along with a completely new level of complexity. Grid and cloud management mechanisms play a key role, and correct analysis and understanding of the system behavior are needed. Large scale distributed systems must be able to self-manage, incorporating autonomic features capable of controlling and optimizing all resources and services. Traditional distributed computing management mechanisms analyze each resource separately and adjust specific parameters of each one of them. When trying to adapt the same procedures to Grid and cloud computing, the vast complexity of these systems can make this task extremely complicated. But large scale distributed systems complexity could only be a matter of perspective. It could be possible to understand the Grid or cloud behavior as a single entity, instead of a set of resources. This abstraction could provide a different understanding of the system, describing large scale behavior and global events that probably would not be detected analyzing each resource separately. In this work we define a theoretical framework that combines both ideas, multiple resources and single entity, to develop large scale distributed systems management techniques aimed at system performance optimization, increased dependability and Quality of Service (QoS). The resulting synergy could be the key to address the most important difficulties of Grid and cloud management.     

QoS guaranteeing robust scheduling in attack resilient cloud integrated cyber physical system

In this paper, we propose a security framework based on the semi-network form game in unison with a robust and attack resilient scheduling mechanism for a cloud integrated Cyber Physical System (CPS). As CPS moves from the traditional Sensing Control and Data Acquisition (SCADA) systems with limited on-board processing units, the need to use cloud computing arises owing to the ever increasing processing demands of heterogeneous CPS applications. In such systems, system stability and critical operational capability have the highest priority. This multi-system coupling can have security vulnerabilities which can cripple the speed and effectiveness of data processing, which is unacceptable in time and resource critical CPS applications owing to the need for satisfying the stringent Quality of Service (QoS) requirements. Therefore, a robust scheduling mechanism invulnerable to security attacks is needed to efficiently utilize the scalable processing components as provided by a cloud computing platform. However, scalability brought in by the cloud integration and data migration increases the attack space of an attacker due to an increase in available access points. To address this issue, we developed a new method of learning procedure using Bayesian Networks for the semi-network form game to aid our scheduling algorithm. We employ game theoretic principles to proactively understand the behavior of an attacker based on the strategic decisions made by the defender. This helps us in building a robust scheduling mechanism that schedules tasks based on the decisions made from the output of the game.     

A hybrid heuristic workflow scheduling algorithm for cloud computing environments

Cloud computing is a relatively new concept in the distributed systems and is widely accepted as a new solution for high performance and distributed computing. Its dynamisms in providing virtual resources for organisations and laboratories and its pay-per-use policy make it very popular. A workflow models a process consisting of a series of steps that shape an application. Workflow scheduling is the method for assigning each workflow task to a processing resource in a way that specific workflow rules are satisfied. Some scheduling algorithms for workflows may assume some quality of service parameter such as cost and deadline. Some efforts have been done on workflow scheduling on cloud computing environments with different service level agreements. But most of them suffer from low speed. Here, we introduce a new hybrid heuristic algorithm based on particle swarm optimisation (PSO) and gravitation search algorithms. The proposed algorithm, in addition to processing cost and transfer cost, takes deadline limitations into account. The proposed workflow scheduling approach can be used by both end-users and utility providers. The CloudSim toolkit is used as a cloud environment simulator and the Amazon EC2 pricing is the reference pricing used. Our experimental result shows about 70% cost reduction, in comparison to non-heuristic implementations, 30% cost reduction in comparison to PSO, 30% cost reduction in comparison to gravitational search algorithm and 50% cost reduction in comparison to hybrid genetic-gravitational algorithm.     

云计算与网格计算的比较研究

网格计算是一种能够整合零散资源并实现资源共享和协同工作的计算模式;云计算是网格计算、并行计算、分布式计算的发展,是一种新兴的商业计算模式。它具有与网格计算不同的新的特点。该文在研究网格计算与云计算概念的基础上从体系结构、专注方向、资源管理、作业调度等多种角度对网格计算与云计算进行了分析和研究。云计算所采用的商业理念、成熟的资源虚拟化技术以及非标准化的规范,使其体系结构、资源管理、作业调度等方面呈现出了不同的特点,也更适宜于为用户提供按需服务的目标,但在安全方面仍需不断完善。