Non-deterministic security driven meta scheduler for distributed cloud organizations

Abstract Security is a very complex and challenging problem in Cloud organizations. Ensuring the security of operations within the cloud by also enforcing the users’ own security requirements, usually results in a complex tradeoff with the efficiency of the overall system. In this paper, we developed a novel architectural model enforcing cloud security, based on a multi-agent scheme and a security aware non-deterministic Meta Scheduler driven by genetic heuristics. Such model is explicitly designed to prevent Denial of Service and Timing Attacks over the cloud and has been demonstrated to be integrable within the well-known OpenStack platform. Additionally, we proposed two different models for assuring users security demands. The first is a scoring model that allows scheduling tasks only on the Virtual Machines offering proper security level. The second model takes into account the time spent on the necessary cryptographic operations dedicated to particular task. The above scheduling system has been simulated in order to assess the effectiveness of the proposed security architecture, resulting in an increased system safety and resiliency against attacks, without sensibly impacting the performance of the whole cloud environment.

[1]  Horacio González-Vélez,et al.  Towards Secure Non-Deterministic Meta-Scheduling For Clouds , 2016, ECMS.

[2]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  Richard Hill,et al.  Guide to Security Assurance for Cloud Computing , 2016, Computer Communications and Networks.

[4]  Fatos Xhafa,et al.  Integration of task abortion and security requirements in GA-based meta-heuristics for independent batch grid scheduling , 2012, Comput. Math. Appl..

[5]  Fatos Xhafa,et al.  Secure and Task Abortion Aware GA-Based Hybrid Metaheuristics for Grid Scheduling , 2010, PPSN.

[6]  Massimo Torquati,et al.  Parallel patterns for heterogeneous CPU/GPU architectures: Structured parallelism from cluster to cloud , 2014, Future Gener. Comput. Syst..

[7]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[8]  Peter Desnoyers,et al.  Scheduler vulnerabilities and coordinated attacks in cloud computing , 2013, J. Comput. Secur..

[9]  Fatos Xhafa,et al.  Meeting security and user behavior requirements in Grid scheduling , 2011, Simul. Model. Pract. Theory.

[10]  Michael Wooldridge,et al.  Intelligent agents: theory and practice The Knowledge Engineering Review , 1995 .

[11]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[12]  Xiaorong Li,et al.  SABA: A security-aware and budget-aware workflow scheduling strategy in clouds , 2015, J. Parallel Distributed Comput..

[13]  Samee Ullah Khan,et al.  Future Generation Computer Systems ( ) – Future Generation Computer Systems towards Secure Mobile Cloud Computing: a Survey , 2022 .

[14]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[15]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[16]  Borja Sotomayor,et al.  Enabling Cost-Effective Resource Leases with Virtual Machines , 2007 .

[17]  R. Bala Chandar,et al.  Towards reliable and secure resource scheduling in clouds , 2014, 2014 International Conference on Computer Communication and Informatics.

[18]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[19]  Daniel Grzonka,et al.  The Analysis of OpenStack Cloud Computing Platform: Features and Performance , 2015 .

[20]  Agnieszka Jakóbik A Cloud-aided Group RSA Scheme in Java 8 Environment and OpenStack Software , 2016 .

[21]  Angelo Furfaro,et al.  Towards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[22]  Michael Wooldridge,et al.  Introduction to multiagent systems , 2001 .

[23]  Francesco Palmieri,et al.  Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures , 2014, The Journal of Supercomputing.

[24]  Zaina Afoulki A Security-Aware Scheduler for Virtual Machines on IaaS Clouds , 2011 .

[25]  LiGuo Huang,et al.  A security and cost aware scheduling algorithm for heterogeneous tasks of scientific workflow in clouds , 2016, Future Gener. Comput. Syst..

[26]  Francesco Palmieri,et al.  Introducing Fraudulent Energy Consumption in Cloud Infrastructures: A New Generation of Denial-of-Service Attacks , 2017, IEEE Systems Journal.

[27]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[28]  Martin Gilje Jaatun,et al.  Reference deployment models for eliminating user concerns on cloud security , 2010, The Journal of Supercomputing.

[29]  Md. Rafiqul Islam,et al.  Data Intensive Dynamic Scheduling Model and Algorithm for Cloud Computing Security , 2014, J. Comput..

[30]  Douglas R. Stinson,et al.  Pseudo-random Number Generation , 2005 .

[31]  Samee Ullah Khan,et al.  Artificial Neural Network support to monitoring of the evolutionary driven security aware scheduling in computational distributed environments , 2015, Future Gener. Comput. Syst..

[32]  Fei Teng,et al.  Cloud Computing: Data-Intensive Computing and Scheduling , 2012 .

[33]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[34]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[35]  Jinjun Chen,et al.  CCBKE - Session key negotiation for fast and secure scheduling of scientific applications in cloud computing , 2013, Future Gener. Comput. Syst..

[36]  Joanna Koodziej,et al.  Evolutionary Hierarchical Multi-Criteria Metaheuristics for Scheduling in Large-Scale Grid Systems , 2012 .

[37]  Helen D. Karatza,et al.  A Simulation Study of Multi-criteria Scheduling in Grid Based on Genetic Algorithms , 2012, 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications.

[38]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .