1 / 133

Security-Aware Scheduling for Real-Time Parallel Applications on Clusters

Security-Aware Scheduling for Real-Time Parallel Applications on Clusters. Xiao Qin. Clusters. The PrairieFire Cluster at the University of Nebraska-Lincoln. Parallel Applications on Clusters. Stock Trading. Online Transaction. Security-Sensitive Real-Time Applications. Confidentiality.

phale
Download Presentation

Security-Aware Scheduling for Real-Time Parallel Applications on Clusters

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security-Aware Scheduling for Real-Time Parallel Applications on Clusters Xiao Qin Department of Computer Science and Software Engineering Auburn University

  2. Clusters Department of Computer Science and Software Engineering Auburn University

  3. The PrairieFire Cluster at the University of Nebraska-Lincoln Department of Computer Science and Software Engineering Auburn University

  4. Parallel Applications on Clusters Department of Computer Science and Software Engineering Auburn University

  5. Stock Trading Online Transaction Security-Sensitive Real-Time Applications Department of Computer Science and Software Engineering Auburn University

  6. Confidentiality Integrity Authentication Common Threats and Security Services • Snooping • Alteration • Spoofing Department of Computer Science and Software Engineering Auburn University

  7. Users Tasks Head Nodes Scheduling Plays a Key Role • A process of assigning tasks to a set of resources • Conventional scheduling algorithms are inadequate for security-sensitive real-time applications on clusters Department of Computer Science and Software Engineering Auburn University

  8. Enable Security Awareness Reduce Response Time SupportScalability Improve Utilization Promote Throughput Keep Load-Balancing Motivation Department of Computer Science and Software Engineering Auburn University

  9. Framework Application Tool High-Level Security Service APIs User interface  Mapping to Middleware Services Framework Private Service Application Application  Low-Level Security Service APIs Platform interface Platform interface OS Hardware OS Hardware  Quality of Security Control Manager (QSCM) Middleware Services (including security services) Security-Aware System Architecture Department of Computer Science and Software Engineering Auburn University

  10. Application Task Application Task Application Task  Quality of Security Control Manager Security Optimization Local Security Optimization Global Security Optimization Local Schedulability Analyzer Security Service 1 Security Service n Resource Monitoring  Quality of Security Control Manager - QSCM Module Low Level Security Service APIs Department of Computer Science and Software Engineering Auburn University

  11. Task Submission Structure DEFINE Task : flight_control { Input = (altitude: 1230, heading: 35, …); Output = (takeoff_distance, climb_rate); Type = “Real Time”; Deadline = 80; Completion_Time = 0; Owner = “Gary Xie”; Cmd = “flight_con”; Processor_num= 5; Data_secured=250; Constraint  Arch == “INTEL”;  OS == “UNIX”;  Disk >= 480;  Memory >=128;  Deadline = 80;  0.3 <= Authentication <=0.6;  0.4 <= Integrity <= 0.8;  0.5 <= Confidentiality <= 0.9; } Department of Computer Science and Software Engineering Auburn University

  12. P S Security Overheads P S Security Overhead Model Security is achieved at the cost of performance degradation Department of Computer Science and Software Engineering Auburn University

  13. Cryptographic Algorithms for Confidentiality Service Department of Computer Science and Software Engineering Auburn University

  14. Hash Functions for Integrity Service Department of Computer Science and Software Engineering Auburn University

  15. Authentication Methods Department of Computer Science and Software Engineering Auburn University

  16. User 1 Local Queue N1 Admission Controller User 2 Security Level Optimizer N2 Schedule Queue User p Nm System Model TAPADS Dispatch Queue Rejected Queue Department of Computer Science and Software Engineering Auburn University

  17. e1 t2 e5 e2 e3 e4 t3 t5 t6 t4 e6 e10 e7 t8 t7 e9 e8 t9 t10 Parallel Application A single application (job) that has multiple processes that run concurrently t1 t11 Department of Computer Science and Software Engineering Auburn University

  18. Task Model • Deadline Constraints • Security Constraints • Precedence Constraints Department of Computer Science and Software Engineering Auburn University

  19. Directed Acyclic Graphs (DAG) • a parallel application is defined as a vector (T, E, d) • T: {t1, t2,...,tn} • E : a set of weighted and directed edges used to represent communication among tasks, e.g., (ti, tj)E is a message transmitted from task ti to tj • d : Deadline Department of Computer Science and Software Engineering Auburn University

  20. A Task • A task ti = (ei, li, Si) • ei :execution time • li : amount of data to be protected • Si: a vector of security requirements Department of Computer Science and Software Engineering Auburn University

  21. t1 e1 t2 e5 e3 e4 e2 t3 t5 t6 t4 e10 e6 e7 t8 t11 t7 e9 e8 t9 t10 A DAG 10Sec., 500KB, { [0.3,0.6], [0.4,0.8], [0.5,0.9] } 10KB, { [0.4,0.8], [0.5,0.9] } Department of Computer Science and Software Engineering Auburn University

  22. Befpre Security Optimization t6 t8 t9 e5 e7 e9 t1 t2 t3 t4 t7 t10 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 t5 t11 e4 e10 deadline PE3 Link Slack Time PE1 Link PE2 Department of Computer Science and Software Engineering Auburn University

  23. PE3 Link e9 PE1 Link PE2 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 After Security Optimization deadline t6 t9 t8 e5 e7 t10 t3 t4 t2 t7 t1 e4 e10 t5 t11 Department of Computer Science and Software Engineering Auburn University

  24. [0.3,0.6] [0.5,0.9] [0.4,0.8] Security Requirements for A Task Ti Security level range of the j th security service for task Ti Si = ( ,…, ,…, ) Department of Computer Science and Software Engineering Auburn University

  25. and Security Benefits Gained by Task Ti Weight of the j th security service for task Ti Security level of the j th security service for task Ti Department of Computer Science and Software Engineering Auburn University

  26. Weights of Security Services > > Department of Computer Science and Software Engineering Auburn University

  27. ( s ) Security Benefits Gained by A Task Set n å = ( ) SL T SL i i = 1 The task set Department of Computer Science and Software Engineering Auburn University

  28. q n SL ( s ) ( ) å å = k k T w s i i = = £ £ k k min( S ) max( S ), i i i Optimize Security Benefit of An Application The task set i maximize SL 1 1 i k subject to: k s Department of Computer Science and Software Engineering Auburn University

  29. (ti, tj) i j Security Requirements of Message (ti, tj) The required security level range of the p th security service Department of Computer Science and Software Engineering Auburn University

  30. and Security Benefits Gained by One Message (ti, tj) Security level of the k th security service Department of Computer Science and Software Engineering Auburn University

  31. Security Benefits Gained by A Message Set . Department of Computer Science and Software Engineering Auburn University

  32. Optimize Security Benefit of Message Set The message set maximize subject to Department of Computer Science and Software Engineering Auburn University

  33. Security Benefit of A Parallel Application Security Value The message set The task set Department of Computer Science and Software Engineering Auburn University

  34. The TAPADS Task Allocation Algorithm Compute the critical path no Slack time > 0 ? End yes Identify the best candidate in V and E that has the highest benefit-cost ratio Increase security levels of more important services at the minimal cost Allocate all tisubject to minimal security requirements Update the schedule in accordance with the increased security level Slack time= d – f Update slack time Department of Computer Science and Software Engineering Auburn University

  35. Time Complexity of TAPADS The time complexity of TAPADS is O(k(q|V|+p|E|)) where k : the number of times Step 7 is repeated q : the number of security services for computation p : the number of security services for communication Department of Computer Science and Software Engineering Auburn University

  36. Performance Evaluation • LISTMIN: Selects the lowest security level of each security service required by each task and message of a parallel job • LISTMAX: Chooses the highest security level for each security requirement posed by each task and message within a parallel job • LISTRND:Randomly picks a value within the security level range of each service required by a task and a message Department of Computer Science and Software Engineering Auburn University

  37. Experimental Parameters Department of Computer Science and Software Engineering Auburn University

  38. Performance Metrics • Security Value • Schedulability: a fraction of total submitted jobs that are schedulable • Quality of security (QSA):quality of security for applications • Guarantee factor:it is zero if a job’s deadline cannot be met. Otherwise, it is one. • Job completion time: earliest time that a job can finish its execution Department of Computer Science and Software Engineering Auburn University

  39. Experiment One: Overall Performance • One job with 433 tasks • 32 nodes in a cluster • Deadline varies from 0 to 600 seconds Department of Computer Science and Software Engineering Auburn University

  40. Overall Performance Comparisons(1) Department of Computer Science and Software Engineering Auburn University

  41. Improvement25% Improvement97.7% Overall Performance Comparisons(2) Department of Computer Science and Software Engineering Auburn University

  42. Improvement25.7% Improvement54.5% Overall Performance Comparisons(3) Department of Computer Science and Software Engineering Auburn University

  43. Experiment Two: Adaptability • 1000 diverse task graphs (54 tasks ~ 543 tasks) • 4 deadline ranges [100, 200], [200, 300], [300, 400] and [400, 500] • 32 nodes clusters Department of Computer Science and Software Engineering Auburn University

  44. Adaptability(1) TAPADS ties with LISTMIN LISTMAX is the worst Department of Computer Science and Software Engineering Auburn University

  45. Adaptability(2) TAPADS is always the best TAPADS outperforms LISTMAX significantly TAPADS outperforms LISTMAX significantly Department of Computer Science and Software Engineering Auburn University

  46. Adaptability(3) TAPADS noticeably outperforms all others Department of Computer Science and Software Engineering Auburn University

  47. Experiment Three: Scalability • 32 ~ 256 nodes in a cluster • A task graph with 520 tasks (nodes) • Deadline is set to 400 Seconds Department of Computer Science and Software Engineering Auburn University

  48. Scalability Department of Computer Science and Software Engineering Auburn University

  49. Experiment Four: Degree of Task Parallelism • A parallel application with 1074 tasks • Deadline is set to 400 Seconds • Number of nodes is 128 • Maximal number of out degree varies from 25 to 100 Department of Computer Science and Software Engineering Auburn University

  50. Sensitivity to Degree of Task Parallelism Department of Computer Science and Software Engineering Auburn University

More Related