一种新型的网格行为信任模型

网格计算系统是一个分布式的高性能计算机环境,由广域分布的异构的计算机和资源组成,旨在使用户可以透明地共享使用这些资源,而且彼此可以进行区域间的紧密合作。为了保证这种共享合作更加安全可靠、更具吸引力,在网格系统中提出了信任的概念,具体又可划分为身份信任与行为信任。其中身份信任主要负责身份验证以及用户权限等问题,而行为信任关注的是更广泛意义上的可信赖性问题,用户可根据过去相互间行为接触经验而及时动态地调整更新彼此间的信任关系。该文着重描述行为信任的含义和计算方法,并在此基础上提出了一种新型网格行为信任体系模型,最后通过举例具体讨论说明了它的应用过程。     

Towards supporting multiple virtual private computing environments on computational Grids

Grid computing now becomes a practical computing paradigm and solution for distributed systems and applications. Currently increasing resources are involved in Grid environments and a large number of applications are running on computational Grids. Unfortunately Grid computing technologies are still far away from reach of inexperienced application users, e.g., computational scientists and engineers. A software layer is required to provide an easy interface of Grids to end users.To meet this requirement HEAVEN (Hosting European Application Virtual ENvironment) upperware is proposed to build on top of Grid middleware. This paper presents HEAVEN philosophy of virtual computing for Grids – a combinational idea of simulation and emulation approaches. The concept of Virtual Private Computing Environment (VPCE) is thereafter proposed and defined. The design and current implementation of HEAVEN upperware are discussed in detail. Use case of Ag2D application justifies the philosophy of HEAVEN virtual computing methodology and the design/implementation of HEAVEN upperware.     

网格环境下的集群系统作业管理研究

网格计算已经逐渐形成一个重要的新领域。相对于传统的分布式计算，它的显著之处在于它能够共享网络上的各种资源，包括地理上分布的各种计算资源。PBS是广泛应用于并行计算机的作业管理系统，它可以按照用户定义的配置参数相对公平地为每个作业分配系统资源。但是在网格环境范围内对集群系统进行管理仍然是一门有待研究的课题。利用网格系统软件和集群系统管理软件，实现了一种在网格环境下对集群系统作业进行管理的方法。     

Clayworks: Toward user-oriented software for collaborative modeling and simulation

We consider the development of software systems that integrate collaborative real-time modeling and distributed computing. Our main goal is user-orientation: we need a collaborative workspace for geographically dispersed users with a seamless access of every user to high-performance servers. This paper presents a particular prototype, Clayworks, that allows modeling of virtual clay objects and running computation-intensive deformation simulations for objects crashing into each other. In order to integrate heterogeneous computational resources, we adopt modern Grid middleware and provide the users with an intuitive graphical interface. Simulations are parallelized using a higher-order component (HOC) which abstracts over the web service resource framework (WSRF) used to interconnect our worksuite to the computation server. Clayworks is a representative of a large class of demanding systems which combine collaborative, user-oriented modeling with performance-critical computations, e.g., crash-tests or simulations of biological population evolution.     

Development of Science Gateways Using QCG — Lessons Learned from the Deployment on Large Scale Distributed and HPC Infrastructures

Today, various Science Gateways created in close collaboration with scientific communities provide access to remote and distributed HPC, Grid and Cloud computing resources and large-scale storage facilities. However, as we have observed there are still many entry barriers for new users and various limitations for active scientists. In this paper we present our latest achievements and software solutions that significantly simplify the use of large scale and distributed computing. We describe several Science Gateways that have been successfully created with the help of our application tools and the QCG (Quality in Cloud and Grid) middleware, in particular Vine Toolkit, QCG-Portal and QCG-Now, and make the use of HPC, Grid and Cloud more straightforward and transparent. Additionally, we share the best practices and lessons learned after creating jointly with user communities many domain-specific Science Gateways, e.g. dedicated for physicists, medical scientists, chemists, engineers and external communities performing multi-scale simulations. As our deployed software solutions have reached recently a critical mass of active users in the PLGrid e-infrastructure in Poland, we also discuss in this paper how changing technologies, visual design and user experience could impact the way we should re-design Science Getaways or even develop new attractive tools, e.g. desktop or mobile-based applications in the future. Finally, we present information and statistics regarding the behaviour of users to help readers understand how new capabilities and functionalities may influence the growth of user interest in Science Gateways and HPC technologies.     

Integrate software agents and CORBA in computational grid

This paper presents an Agent-based Computational Grid (ACG), which applies the concept of CORBA and agent to computational grid. The ACG system is used to implement a uniform higher level management of the computing resources and services on the Grid, and provide users with a consistent and transparent interface for accessing such services. In ACG grid, grid services are implemented by CORBA or by grid agent. Grid agents and CORBA objects will interact with each other to achieve user's service request. Our solution is the creation of a bridge between the CORBA and grid agents. The solution provides with the opportunity of considering an agent as a CORBA service and accessing CORBA services even from a grid agent. Thus, in AGC grid, existing legacy systems can be easily exploited as grid services. In this paper, firstly, the features of ACG grid are described, and then the design and implementation are given. Finally, some conclusions are given.     

Using a Simple Prioritisation Mechanism to Effectively Interoperate Service and Opportunistic Grids in the EELA-2 e-Infrastructure

Grids currently in production can be broadly classified as either service Grids, composed of dedicated resources, or opportunistic Grids that harvest the computing power of non-dedicated resources when they are idle. While a service Grid provides high and well defined levels of quality of service, an opportunistic Grid provides only a best-effort service. Nevertheless, since opportunistic Grids do not require resources to be fully dedicated to the Grid, they have the potential to assemble a much larger number of resources. Moreover, these Grids cater very well to the execution of the so-called embarrassingly parallel applications, a type of application that is frequently found in practice, and that comprises the largest portion of the typical workload processed in production Grid systems. The EELA-2 e-infrastructure is comprised of a service Grid and an opportunistic Grid that federates computing resources from scientific institutions in both Europe and Latin America. Due to the complementary characteristics of these two types of Grids, a lot of attention has recently been placed in how to interoperate them. In this paper we focus on the less studied problem of assessing the feasibility of such interoperation. We analyse different prioritisation policies that define when the resources of one Grid can be used to run jobs originating from the other. Our results show that in the absence of a suitable prioritisation policy, the benefits that the users of one Grid may have, frequently come with an important negative impact on the users of the other Grid. We also show that a simple reciprocation mechanism is capable of arbitrating the interoperation in such a way that, whenever possible, users profit from the interoperation and, in no case, this benefit leads to a noticeable reduction on the quality of service that the users would experience were the Grids not to interoperate. We conclude discussing how we have implemented, in the context of the EELA-2 project, this prioritisation mechanism, allowing the effective interoperation of a service Grid based on the gLite middleware with an opportunistic Grid that uses the OurGrid middleware.     

Extending software component models with the master–worker paradigm

Recent advances in computing and networking technologies—such as multi-core processors and high bandwidth wide area networks—lead parallel infrastructures to reach a higher degree of complexity. Programmers have to face with both parallel and distributed programming paradigms when designing an application. This is especially true when dealing with e-Science applications. Moreover, as parallel processing is moving to the mainstream, it does not seem appropriate to rely on low-level solutions requiring expert knowledge. This paper studies how to combine modern programming practices such as those based on software components and one of the most important parallel programming paradigms which is the well-known master–worker paradigm. The goal is to provide a simple and resource transparent model while enabling an efficient utilization of resources. The paper proposes a generic approach to embed the master–worker paradigm into software component models and describes how this generic approach can be implemented within an existing software component model. The overall approach is validated with synthetic experiments on clusters and the Grid’5000 testbed.     

Trust-based security in pervasive computing environments

Traditionally, stand-alone computers and small networks rely on user authentication and access control to provide security. These physical methods use system-based controls to verify the identity of a person or process, explicitly enabling or restricting the ability to use, change, or view a computer resource. However, these strategies are inadequate for the increased flexibility that distributed networks such as the Internet and pervasive computing environments require because such systems lack central control and their users are not all predetermined. Mobile users expect to access locally hosted resources and services anytime and anywhere, leading to serious security risks and access control problems. We propose a solution based on trust management that involves developing a security policy, assigning credentials to entities, verifying that the credentials fulfill the policy, delegating trust to third parties, and reasoning about users' access rights. This architecture is generally applicable to distributed systems but geared toward pervasive computing environments     

Grid Computing in China

Grid computing presents a new trend to distributed computation and Internet applications, which can construct a virtual single image of heterogeneous resources, provide uniform application interface and integrate widespread computational resources into super, ubiquitous and transparent aggregation. In the adoption of Grid computing, China, who is facing more resource heterogeneity and other specific demands, has put much effort on both research and practical utilization. In this paper, we introduce the major China Grid research projects and their perspective applications. First we give the overview of the four government-sponsored programs in Grid, namely the China National Grid, ChinaGrid, NSFC Grid, and ShanghaiGrid. Then we present six representative ongoing Grid systems in details, which are categorized into Grid middleware and Grid application. This paper provides the general picture of Grid computing in China, and shows the great efforts, devotion and confidence in China to use Grid technology to boost the society, economics and scientific research.     

Speeding up systems biology simulations of biochemical pathways using condor

Systems biology is a scientific field that uses computational modelling to study biological and biochemical systems. The simulation and analysis of models of these systems typically explore behaviour over a wide range of parameter values; as such, they are usually characterised by the need for nontrivial amounts of computing power. Grid computing provides access to such computational resources. In previous research, we created the grid‐enabled biochemical networks simulation environment to attempt to speed up system biology simulations over a grid (the UK National Grid Service and ScotGrid). Following on from this work, we have created the simulation modelling of the epidermal growth factor receptor microtubule‐associated protein kinase pathway utility, a standalone simulation tool dedicated to the modelling and analysis of the epidermal growth factor receptor microtubule‐associated protein kinase pathway. This builds on experiences from biochemical networks simulation environment by decoupling the simulation modelling elements from the Grid middleware. This new utility enables us to interface with different grid technologies. This paper therefore describes the new SIMAP utility and an empirical investigation of its performance when deployed over a desktop grid based on the high throughput computing middleware Condor. We present our results based on a case study with a model of the mammalian ErbB signalling pathway, a pathway strongly linked to cancer. Copyright © 2013 John Wiley & Sons, Ltd.     

Zorilla: a peer‐to‐peer middleware for real‐world distributed systems

The inherent complex nature of current distributed computing architectures hinders the widespread adoption of these systems for mainstream use. In general, users have access to a highly heterogeneous set of compute resources, which may include clusters, grids, desktop grids, clouds, and other compute platforms. This heterogeneity is especially problematic when running parallel and distributed applications. Software is needed which easily combines as many resources as possible into one coherent computing platform. In this paper, we introduce Zorilla: peer‐to‐peer (P2P) middleware that creates a single distributed environment from any available set of compute resources. Zorilla imposes minimal requirements on the resource used, is platform independent, and does not rely on central components. In addition to providing functionality on bare resources, Zorilla can exploit locally available middleware. Zorilla explicitly supports distributed and parallel applications, and allows resources from multiple sites to cooperate in a single computation. Zorilla makes extensive use of both virtualization and P2P techniques. We will demonstrate how virtualization and P2P combine into a simple design, while enhancing functionality and ease of use. Together, these techniques bring our goal a step closer: transparent, easy use of resources, even on very heterogeneous distributed systems. Copyright © 2011 John Wiley & Sons, Ltd.     

透明计算系统中基于BitMap的共享镜像存储管理

透明计算是一种将操作系统、应用程序和用户数据都作为资源存储在服务器端,资源以流块的方式调度到客户端执行的计算模式。针对透明计算系统中透明服务器端多用户的操作系统及应用程序资源冗余问题,设计并实现了一种基于BitMap的共享镜像存储管理方法BM-SISMS,该方法采用链式存储方法将系统数据和用户数据分离开来,多用户通过链式结构共享系统镜像,根据BitMap存储方法查找定位用户请求的各种资源。测试结果表明BM-SISMS方法能够完成多个客户端请求的实例操作系统加载和使用,在数据读写方面,BM-SISMS方法读数据速度约11.05 MB/s,写数据速度为4.01 MB/s,具有很高的性能,能够满足透明计算系统中镜像存储管理的需求。     

Websigns: hyperlinking physical locations to the Web

HP researchers are developing handheld devices that combine wireless technology and ubiquitous computing to provide a transparent linkage between physical entities in the environment and resources available on the Web. First-generation mobile computing technologies typically use protocols such as WAP and i-mode to let PDAs, smart phones, and other wireless devices with Web browsers access the Internet, thereby freeing users from the shackles of their desktops. We believe, in addition, users would benefit from having access to devices that combine the advantages of wireless technology and ubiquitous computing to provide a transparent linkage between the physical world around them and the resources available on the Web. We are developing devices that augment users' reality with Web services related to the physical objects they see     

Enhancing grid security by fine-grained behavioral control and negotiation-based authorization

Nowadays, Grid has become a leading technology in distributed computing. Grid poses a seamless sharing of heterogeneous computational resources belonging to different domains and conducts efficient collaborations between Grid users. The core Grid functionality defines computational services which allocate computational resources and execute applications submitted by Grid users. The vast models of collaborations and openness of Grid system require a secure, scalable, flexible and expressive authorization model to protect these computational services and Grid resources. Most of the existing authorization models for Grid have granularity to manage access to service invocations while behavioral monitoring of applications executed by these services remains a responsibility of a resource provider. The resource provider executes an application under a local account, and acknowledges all permissions granted to this account to the application. Such approach poses serious security threats to breach system functionality since applications submitted by users could be malicious. We propose a flexible and expressive policy-driven credential-based authorization system to protect Grid computational services against a malicious behavior of applications submitted for the execution. We split an authorization process into two levels: a coarse-grained level that manages access to a computational service; and a fine-grained level that monitors the behavior of applications executed by the computational service. Our framework guarantees that users authorized on a coarse-grained level behave as expected on the fine-grained level. Credentials obtained on the coarse-grained level reflect on fine-grained access decisions. The framework defines trust negotiations on coarse-grained level to overcome scalability problem, and preserves privacy of credentials and security policies of, both, Grid users and providers. Our authorization system was implemented to control access to the Globus Computational GRAM service. A comprehensive performance evaluation shows the practical scope of the proposed system.

Securing next-generation grids

Grid computing poses tough security challenges. What do we have - and what do we still need - to make grids safe for tomorrow? Grid computing harnesses existing self contained systems - from personal computers to supercomputers to let users share processing cycles and data across geographical and organizational boundaries. This emerging technology can transform the computational infrastructure into an integrated, pervasive virtual environment. However, although commercial and research organizations might have collaborative or monetary reasons to share resources, they are unlikely to adopt such a distributed infrastructure until they can rely on the confidentiality of the communication, the integrity of their data and resources, and the privacy of the user information. In other words, large-scale deployment of grids will occur when users can count on their security.     

TIRIAC: A trust-driven risk-aware access control framework for Grid environments

The infrastructure provided by a Grid enables researchers to collaboratively solve various research problems through sharing their resources and establishing virtual organizations (VOs). However, the distributed and dynamic nature of a Grid VO is a challenge for access control systems. All users in a VO have responsibilities which correspond to their rights. While they should be able to make use of all VO resources, irresponsibility and permission misuse (insider attack) impose costs and losses on the affected resources. Hence, the history of users’ behavior and the possibility of misuse need to be considered in the resource providers’ risk management process. In this paper, we propose the TIRIAC framework for Grid access control. TIRIAC is the first trust-driven risk-aware access control framework which uses obligations to seamlessly monitor users and mitigate risks. In the TIRIAC framework, trust evaluation and risk management are added to the base Grid access control services. Thereafter, site administrators can explicitly specify users’ responsibilities in form of obligations alongside access control rules. In addition, obligation-specific policies can be specified to mitigate risks according to their severity. We study the adoption of our framework by the European Grid Infrastructure (EGI), and demonstrate its superiority in comparison with the related work using multiple criteria. Moreover, we evaluate the performance of the framework and demonstrate its scalability in simulation experiments.     

Service level agreement based adaptive Grid superscheduling

Grid computing brings heterogeneity and decentralization to the world of science and technology. It leverages every bit of idle computing resources and provides a straightforward middleware for integrating cross-domain scientific devices and legacy systems. In a super big Grid, job scheduling is challenging specifically when it needs to have access to vast amount of resources. The process of mapping jobs onto Grid resources requires significant consideration in terms of Grid architecture design, consumer demands and provider revenues. In this paper, we simultaneously utilize the legacy architecture of superscheduling, forwarding strategy, service level, success rate, and service pricing strategies and finally propose a service level agreement based on adaptive superscheduling (SAS) algorithm. SAS algorithm presents unified connectivity via efficient diffusion of jobs through the Grid infrastructure that is fueled from the previous scheduling events across the Grid. Moreover, by enforcing the service level agreement terms from a rich set of ask and bid prices, system performance, and load statistics, SAS successfully boosts revenue and utilization statistics. We perform an extensive experimental analysis for different Grid scales. Based on our experimental result, the SAS algorithm maximizes revenue while guarantees quality of service. More specifically, the quality of service is achieved through a high ratio of completed jobs and remarkable utilization of resources.