1.33k likes | 1.35k Views
Security-Aware Scheduling for Real-Time Parallel Applications on Clusters. Xiao Qin. Clusters. The PrairieFire Cluster at the University of Nebraska-Lincoln. Parallel Applications on Clusters. Stock Trading. Online Transaction. Security-Sensitive Real-Time Applications. Confidentiality.
E N D
Security-Aware Scheduling for Real-Time Parallel Applications on Clusters Xiao Qin Department of Computer Science and Software Engineering Auburn University
Clusters Department of Computer Science and Software Engineering Auburn University
The PrairieFire Cluster at the University of Nebraska-Lincoln Department of Computer Science and Software Engineering Auburn University
Parallel Applications on Clusters Department of Computer Science and Software Engineering Auburn University
Stock Trading Online Transaction Security-Sensitive Real-Time Applications Department of Computer Science and Software Engineering Auburn University
Confidentiality Integrity Authentication Common Threats and Security Services • Snooping • Alteration • Spoofing Department of Computer Science and Software Engineering Auburn University
Users Tasks Head Nodes Scheduling Plays a Key Role • A process of assigning tasks to a set of resources • Conventional scheduling algorithms are inadequate for security-sensitive real-time applications on clusters Department of Computer Science and Software Engineering Auburn University
Enable Security Awareness Reduce Response Time SupportScalability Improve Utilization Promote Throughput Keep Load-Balancing Motivation Department of Computer Science and Software Engineering Auburn University
Framework Application Tool High-Level Security Service APIs User interface Mapping to Middleware Services Framework Private Service Application Application Low-Level Security Service APIs Platform interface Platform interface OS Hardware OS Hardware Quality of Security Control Manager (QSCM) Middleware Services (including security services) Security-Aware System Architecture Department of Computer Science and Software Engineering Auburn University
Application Task Application Task Application Task Quality of Security Control Manager Security Optimization Local Security Optimization Global Security Optimization Local Schedulability Analyzer Security Service 1 Security Service n Resource Monitoring Quality of Security Control Manager - QSCM Module Low Level Security Service APIs Department of Computer Science and Software Engineering Auburn University
Task Submission Structure DEFINE Task : flight_control { Input = (altitude: 1230, heading: 35, …); Output = (takeoff_distance, climb_rate); Type = “Real Time”; Deadline = 80; Completion_Time = 0; Owner = “Gary Xie”; Cmd = “flight_con”; Processor_num= 5; Data_secured=250; Constraint Arch == “INTEL”; OS == “UNIX”; Disk >= 480; Memory >=128; Deadline = 80; 0.3 <= Authentication <=0.6; 0.4 <= Integrity <= 0.8; 0.5 <= Confidentiality <= 0.9; } Department of Computer Science and Software Engineering Auburn University
P S Security Overheads P S Security Overhead Model Security is achieved at the cost of performance degradation Department of Computer Science and Software Engineering Auburn University
Cryptographic Algorithms for Confidentiality Service Department of Computer Science and Software Engineering Auburn University
Hash Functions for Integrity Service Department of Computer Science and Software Engineering Auburn University
Authentication Methods Department of Computer Science and Software Engineering Auburn University
User 1 Local Queue N1 Admission Controller User 2 Security Level Optimizer N2 Schedule Queue User p Nm System Model TAPADS Dispatch Queue Rejected Queue Department of Computer Science and Software Engineering Auburn University
e1 t2 e5 e2 e3 e4 t3 t5 t6 t4 e6 e10 e7 t8 t7 e9 e8 t9 t10 Parallel Application A single application (job) that has multiple processes that run concurrently t1 t11 Department of Computer Science and Software Engineering Auburn University
Task Model • Deadline Constraints • Security Constraints • Precedence Constraints Department of Computer Science and Software Engineering Auburn University
Directed Acyclic Graphs (DAG) • a parallel application is defined as a vector (T, E, d) • T: {t1, t2,...,tn} • E : a set of weighted and directed edges used to represent communication among tasks, e.g., (ti, tj)E is a message transmitted from task ti to tj • d : Deadline Department of Computer Science and Software Engineering Auburn University
A Task • A task ti = (ei, li, Si) • ei :execution time • li : amount of data to be protected • Si: a vector of security requirements Department of Computer Science and Software Engineering Auburn University
t1 e1 t2 e5 e3 e4 e2 t3 t5 t6 t4 e10 e6 e7 t8 t11 t7 e9 e8 t9 t10 A DAG 10Sec., 500KB, { [0.3,0.6], [0.4,0.8], [0.5,0.9] } 10KB, { [0.4,0.8], [0.5,0.9] } Department of Computer Science and Software Engineering Auburn University
Befpre Security Optimization t6 t8 t9 e5 e7 e9 t1 t2 t3 t4 t7 t10 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 t5 t11 e4 e10 deadline PE3 Link Slack Time PE1 Link PE2 Department of Computer Science and Software Engineering Auburn University
PE3 Link e9 PE1 Link PE2 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 After Security Optimization deadline t6 t9 t8 e5 e7 t10 t3 t4 t2 t7 t1 e4 e10 t5 t11 Department of Computer Science and Software Engineering Auburn University
[0.3,0.6] [0.5,0.9] [0.4,0.8] Security Requirements for A Task Ti Security level range of the j th security service for task Ti Si = ( ,…, ,…, ) Department of Computer Science and Software Engineering Auburn University
and Security Benefits Gained by Task Ti Weight of the j th security service for task Ti Security level of the j th security service for task Ti Department of Computer Science and Software Engineering Auburn University
Weights of Security Services > > Department of Computer Science and Software Engineering Auburn University
( s ) Security Benefits Gained by A Task Set n å = ( ) SL T SL i i = 1 The task set Department of Computer Science and Software Engineering Auburn University
q n SL ( s ) ( ) å å = k k T w s i i = = £ £ k k min( S ) max( S ), i i i Optimize Security Benefit of An Application The task set i maximize SL 1 1 i k subject to: k s Department of Computer Science and Software Engineering Auburn University
(ti, tj) i j Security Requirements of Message (ti, tj) The required security level range of the p th security service Department of Computer Science and Software Engineering Auburn University
and Security Benefits Gained by One Message (ti, tj) Security level of the k th security service Department of Computer Science and Software Engineering Auburn University
Security Benefits Gained by A Message Set . Department of Computer Science and Software Engineering Auburn University
Optimize Security Benefit of Message Set The message set maximize subject to Department of Computer Science and Software Engineering Auburn University
Security Benefit of A Parallel Application Security Value The message set The task set Department of Computer Science and Software Engineering Auburn University
The TAPADS Task Allocation Algorithm Compute the critical path no Slack time > 0 ? End yes Identify the best candidate in V and E that has the highest benefit-cost ratio Increase security levels of more important services at the minimal cost Allocate all tisubject to minimal security requirements Update the schedule in accordance with the increased security level Slack time= d – f Update slack time Department of Computer Science and Software Engineering Auburn University
Time Complexity of TAPADS The time complexity of TAPADS is O(k(q|V|+p|E|)) where k : the number of times Step 7 is repeated q : the number of security services for computation p : the number of security services for communication Department of Computer Science and Software Engineering Auburn University
Performance Evaluation • LISTMIN: Selects the lowest security level of each security service required by each task and message of a parallel job • LISTMAX: Chooses the highest security level for each security requirement posed by each task and message within a parallel job • LISTRND:Randomly picks a value within the security level range of each service required by a task and a message Department of Computer Science and Software Engineering Auburn University
Experimental Parameters Department of Computer Science and Software Engineering Auburn University
Performance Metrics • Security Value • Schedulability: a fraction of total submitted jobs that are schedulable • Quality of security (QSA):quality of security for applications • Guarantee factor:it is zero if a job’s deadline cannot be met. Otherwise, it is one. • Job completion time: earliest time that a job can finish its execution Department of Computer Science and Software Engineering Auburn University
Experiment One: Overall Performance • One job with 433 tasks • 32 nodes in a cluster • Deadline varies from 0 to 600 seconds Department of Computer Science and Software Engineering Auburn University
Overall Performance Comparisons(1) Department of Computer Science and Software Engineering Auburn University
Improvement25% Improvement97.7% Overall Performance Comparisons(2) Department of Computer Science and Software Engineering Auburn University
Improvement25.7% Improvement54.5% Overall Performance Comparisons(3) Department of Computer Science and Software Engineering Auburn University
Experiment Two: Adaptability • 1000 diverse task graphs (54 tasks ~ 543 tasks) • 4 deadline ranges [100, 200], [200, 300], [300, 400] and [400, 500] • 32 nodes clusters Department of Computer Science and Software Engineering Auburn University
Adaptability(1) TAPADS ties with LISTMIN LISTMAX is the worst Department of Computer Science and Software Engineering Auburn University
Adaptability(2) TAPADS is always the best TAPADS outperforms LISTMAX significantly TAPADS outperforms LISTMAX significantly Department of Computer Science and Software Engineering Auburn University
Adaptability(3) TAPADS noticeably outperforms all others Department of Computer Science and Software Engineering Auburn University
Experiment Three: Scalability • 32 ~ 256 nodes in a cluster • A task graph with 520 tasks (nodes) • Deadline is set to 400 Seconds Department of Computer Science and Software Engineering Auburn University
Scalability Department of Computer Science and Software Engineering Auburn University
Experiment Four: Degree of Task Parallelism • A parallel application with 1074 tasks • Deadline is set to 400 Seconds • Number of nodes is 128 • Maximal number of out degree varies from 25 to 100 Department of Computer Science and Software Engineering Auburn University
Sensitivity to Degree of Task Parallelism Department of Computer Science and Software Engineering Auburn University