Security-Aware Scheduling for Real-Time Parallel Applications on Clusters

Security-Aware Scheduling for Real-Time Parallel Applications on Clusters Xiao Qin

The PrairieFire Cluster at the University of Nebraska-Lincoln

Parallel Applications on Clusters

Security-Sensitive Real-Time Applications Online Transaction Stock Trading

Common Threats and Security Services Snooping Alteration Spoofing Confidentiality Authentication Integrity

Scheduling Plays a Key Role Conventional scheduling algorithms are inadequate for security-sensitive real-time applications on clusters A process of assigning tasks to a set of resources Head Nodes Tasks Users

Motivation Improve Utilization Keep Load-Balancing Support Scalability Promote Throughput Enable Security Awareness Reduce Response Time

Security-Aware System Architecture    OS Hardware Platform interface Platform interface OS Hardware Middleware Services (including security services) Low-Level Security Service APIs User interface Framework Mapping to Middleware Services Framework Private Service Application Tool High-Level Security Service APIs Application Application       Quality of Security Control Manager (QSCM)

Quality of Security Control Manager - QSCM Module Low Level Security Service APIs Application Task Application Task Application Task    Global Security Optimization Local Security Optimization Security Optimization Resource Monitoring Security Service 1 Security Service n    Local Schedulability Analyzer Quality of Security Control Manager

Task Submission Structure DEFINE Task : flight_control { Input = (altitude: 1230, heading: 35, …); Output = (takeoff_distance, climb_rate); Type = “Real Time”; Deadline = 80; Completion_Time = 0; Owner = “Gary Xie”; Cmd = “flight_con”; Processor_num= 5; Data_secured=250; Constraint  Arch == “INTEL”;  OS == “UNIX”;  Disk >= 480;  Memory >=128;  Deadline = 80;  0.3 <= Authentication <=0.6;  0.4 <= Integrity <= 0.8;  0.5 <= Confidentiality <= 0.9; }

Security Overhead Model Security is achieved at the cost of performance degradation P S Security Overheads S P

Cryptographic Algorithms for Confidentiality Service 21.09 1.00 Rijndael 29.35 0.72 RC5 33.75 0.63 Knufu/Khafre 37.5 0.56 Blowfish 96.43 0.22 RC4 Performance (KB/ms) Security Level Cryptographic Algorithms

Hash Functions for Integrity Service 4.36 1.00 Tiger 5.69 0.77 RIPEMD-160 6.88 0.63 SHA-1 9.73 0.45 RIPEMD-128 12.00 0.36 RIPEMD 17.09 0.26 MD5 23.90 0.18 MD4 Performance (KB/ms) Security Level Hash Functions

Authentication Methods 163 0.9 CBC-MAC-AES 148 0.6 HMAC-SHA-1 90 0.3 HMAC-MD5 Computation Time (ms) Security Level Authentication Methods

System Model Rejected Queue Dispatch Queue TAPADS Local Queue N 1 N 2 N m User p User 2 User 1 Schedule Queue Admission Controller Security Level Optimizer

Parallel Application A single application (job) that has multiple processes that run concurrently t1 t11 e2 t4 t9 t8 t3 t2 t5 t6 t10 t7 e1 e3 e4 e5 e7 e6 e10 e8 e9

Task Model Deadline Constraints Security Constraints Precedence Constraints

Directed Acyclic Graphs (DAG) a parallel application is defined as a vector (T, E, d) T : {t 1 , t 2 ,...,t n } E : a set of weighted and directed edges used to represent communication among tasks, e.g., ( t i , t j )  E is a message transmitted from task t i to t j d : Deadline

A Task A task t i = (e i , l i , S i ) e i :execution time l i : amount of data to be protected S i : a vector of security requirements

A DAG 10Sec., 500KB, { [0.3,0.6], [0.4,0.8], [0.5,0.9] } 10KB, { [0.4,0.8], [0.5,0.9] } e2 t1 t4 t9 t8 t3 t2 t11 t5 t6 t10 t7 e1 e3 e4 e5 e7 e6 e10 e8 e9

Befpre Security Optimization PE3 Link PE1 Link PE2 deadline Slack Time t 6 t 8 t 9 e 5 e 7 e 9 t 1 t 10 t 7 t 4 t 3 t 2 e 4 e 10 t 5 t 11 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60

After Security Optimization t 10 t 4 t 3 t 2 t 1 e 4 e 10 t 11 t 5 e 5 t 6 e 7 t 8 t 9 t 7 deadline 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 e 9 PE3 Link PE1 Link PE2

Security Requirements for A Task T i S i = ( ,…, ,…, ) Security level range of the j th security service for task Ti [0.3,0.6] [0.4,0.8] [0.5,0.9]

Security Benefits Gained by Task T i Weight of the j th security service for task T i Security level of the j th security service for task T i and

Weights of Security Services > >

Security Benefits Gained by A Task Set    n i i SL 1 SL ) ( T The task set s ) (

Optimize Security Benefit of An Application maximize subject to: i k SL 1 1 k s i The task set        n q k i k i s w T k k ), max( ) min( i i i S S   SL s ) (

Security Requirements of Message ( t i , t j ) The required security level range of the p th security service i j ( t i , t j )

Security Benefits Gained by One Message ( t i , t j ) Security level of the k th security service and

Security Benefits Gained by A Message Set .

Optimize Security Benefit of Message Set maximize subject to The message set

Security Benefit of A Parallel Application The message set The task set Security Value

The TAPADS Task Allocation Algorithm Compute the critical path Slack time= d – f Allocate all ti subject to minimal security requirements Identify the best candidate in V and E that has the highest benefit-cost ratio Increase security levels of more important services at the minimal cost Update the schedule in accordance with the increased security level yes Slack time > 0 ? no Update slack time End

Time Complexity of TAPADS The time complexity of TAPADS is O(k(q|V|+p|E|)) where k : the number of times Step 7 is repeated q : the number of security services for computation p : the number of security services for communication

Performance Evaluation LISTMIN : Selects the lowest security level of each security service required by each task and message of a parallel job LISTMAX : Chooses the highest security level for each security requirement posed by each task and message within a parallel job LISTRND : Randomly picks a value within the security level range of each service required by a task and a message

Experimental Parameters 0.2 (authentication), 0.5 (encryption), 0.3 (integrity) Weight of security services (min, top, max)=(0.02, 0.1, 0.5), (0.2, 1, 5), (1, 5, 10), (10, 20, 30) MB Size of data to be secured (25, 50, 75, 100) Out degrees ([100, 200], [200, 300], [300, 400], [400, 500]) second Deadline ranges (100, 200, 300, 400, 500, 600) second Deadlines (32, 64,128, 256), (8, 12, 16, 20) Number of nodes (min, top, max)=(1, 5, 10), (10,20,40), (40,80,160), (160,320,640) second Task execution time 1Gbps Network bandwidth 1000 million instructions/second or MIPS CPU Speed Value (Fixed) - (Varied) Parameter

Performance Metrics Security Value Schedulability : a fraction of total submitted jobs that are schedulable Quality of security (QSA) : quality of security for applications Guarantee factor : it is zero if a job’s deadline cannot be met. Otherwise, it is one. Job completion time : earliest time that a job can finish its execution

Experiment One: Overall Performance One job with 433 tasks 32 nodes in a cluster Deadline varies from 0 to 600 seconds

Overall Performance Comparisons(1)

Overall Performance Comparisons(2) Improvement 97.7% Improvement25 %

Overall Performance Comparisons(3) Improvement54 .5% Improvement25.7 %

Experiment Two: Adaptability 1000 diverse task graphs (54 tasks ~ 543 tasks) 4 deadline ranges [100, 200], [200, 300], [300, 400] and [400, 500] 32 nodes clusters

Adaptability(1) TAPADS ties with LISTMIN LISTMAX is the worst

Adaptability(2) TAPADS is always the best TAPADS outperforms LISTMAX significantly TAPADS outperforms LISTMAX significantly

Adaptability(3) TAPADS noticeably outperforms all others

Experiment Three: Scalability 32 ~ 256 nodes in a cluster A task graph with 520 tasks (nodes) Deadline is set to 400 Seconds

Experiment Four: Degree of Task Parallelism A parallel application with 1074 tasks Deadline is set to 400 Seconds Number of nodes is 128 Maximal number of out degree varies from 25 to 100

Sensitivity to Degree of Task Parallelism

Experiment Five: Security Sensitive Data Size Size of security sensitive data is in a triangle distribution (min, top, max)=(0.02, 0.1, 0.5), (0.2, 1, 5), (1, 5, 10), (10, 20, 30) MB

Impact of Size of Security Sensitive Data

Evaluation in Digital Signal Processing (1) (a) Guarantee factor (b) Security value (c) QSA Performance impact of deadline for DSP

Evaluation in Digital Signal Processing (2) ( a ) Security value ( b ) QSA (c) Job completion time Performance impact of number of nodes for DSP

Conclusions TAPADS can generate optimal allocations that maximize quality of security for parallel applications running on clusters. A security overhead model is proposed. Experimental results show that TAPADS significantly improves the performance in terms of quality of security and schedulability over three existing allocation schemes.

Ph.D. Dissertation Projects Mais Nijim [Summer 2007] Adaptive quality of security control in storage systems. Ziliang Zong [Ph.D. Candidate, Spring 2008 Expected] Conserving energy in clusters through resource allocation Mohammed Alghamdi [Ph.D. Student, Spring 2008 Expected] Energy-efficient packet transmissions in real-time wireless networks Kiranmai Bellam [Ph.D. Student, Spring 2009 Expected] Power, fault tolerance, and security issues in real-time systems

Some Typical Security Levels Routing + message security Routing + SSL Routing + SSL + message security Routing + SSL + client authentication Routing + SSL + message security + client authentication

Related Work [Hou&Shin] A task allocation scheme to schedule periodic tasks with precedence constraints in distributed real-time systems. [He et al. ] Dynamic scheduling of parallel real-time jobs executing on heterogeneous clusters. [Yurcik et al. ] Tools for managing cluster security via process monitoring. [Azzedin&Maheswaran] The notion of “trust” into resource management of a large-scale wide-area system.

Future Work Extend our security overhead models to multi-dimensional computing resources Accommodate more security services into our security overhead model Apply TAPADS scheme to heterogeneous clusters

Selected Journal Publications X. Qin and T. Xie, “Allocation of Tasks with Availability Constraints in Heterogeneous Systems,” IEEE Transactions on Computers . Accepted April 2007. M. Nijim, X. Qin , and T. Xie, “Modeling and Improving Security of a Local Disk System for Write-Intensive Workloads,” ACM Transactions on Storage , vol. 2, no. 4, pp. 400-423, Nov. 2006. T. Xie and X. Qin , “Improving Security for Periodic Tasks in Embedded Systems through Scheduling,” ACM Transactions on Embedded Computing Systems , vol. 6, no. 1, 2007. T. Xie and X. Qin , “Scheduling Security-Critical Real-Time Applications on Clusters,” IEEE Transactions on Computers , vol. 55, no. 7, pp. 864-879, July 2006. X. Qin , “Performance Comparisons of Load Balancing Algorithms for I/O-Intensive Workloads on Clusters,” Journal of Network and Computer Applications, 2007. Accepted X. Qin , “Design and Analysis of a Load Balancing Strategy in Data Grids,” Future Generation Computer Systems: The Int'l Journal of Grid Computing , vol. 23, no. 1, pp. 132-137, Jan. 2007. Z.-L. Zong, M. Nijim, and X. Qin , “Energy-Efficient Scheduling for Parallel Applications on Mobile Clusters,” Cluster Computing: The Journal of Networks, Software Tools and Applications, 2007. [In press] M. Nijim, X. Qin , and Z.-L. Zong, “StReD: A Quality of Security Framework for Storage Resources in Data Grids,” Future Generation Computer Systems: The Int'l Journal of Grid Computing , 2007. [In press] X. Qin and H. Jiang, “A Dynamic and Reliability-driven Scheduling Algorithm for Parallel Real-time Jobs on Heterogeneous Clusters,” Journal of Parallel and Distributed Computing , vol. 65, no. 8, pp.885-900, Aug. 2005.

Selected Conferences Publications X. Qin , M. Alghamdi, M. Nijim, and Z.-L. Zong, “Scheduling of Periodic Packets in Energy-Aware Wireless Networks,” Proc. the 26th IEEE Int'l Performance Computing and Communications Conf. (IPCCC'07), New Orleans, Louisiana, April 2007. T. Xie and X. Qin , “A Security-Oriented Task Scheduler for Heterogeneous Distributed Systems,” Proc. 13th Annual IEEE Inter’l Conf. on High Performance Computing (HiPC), Bangalore, India, Dec. 18-21, 2006. ( Acceptance Rate: 15.5%, 52/335) M. Nijim, X. Qin , and T. Xie, “Adaptive Quality of Security Control in Networked Parallel Disk Systems,” Proc. 15th Int’l Conf. Computer Communications and Networks (ICCCN'06), Arlington, Virginia, Oct. 2006. ( Acceptance Rate: 32%, 71/221) Z.-L. Zong, A. Manzanares, B. Stinar, and X. Qin , “Energy-Efficient Duplication Strategies for Scheduling Precedence Constrained Parallel Tasks on Clusters,” Proc. IEEE 8th Int’l Conf. Cluster Computing (Cluster'06), Sept. 2006. ( Acceptance Rate: 33%, 42/127) T. Xie and X. Qin , “Stochastic Scheduling with Availability Constraints in Heterogeneous Systems,” Proc. IEEE 8th Int’l Conf. Cluster Computing (Cluster'06), 2006. ( Acceptance Rate: 33%, 42/127) T. Xie, X. Qin, and M. Nijim, “Solving Energy-Latency Dilemma: Task Allocation for Parallel Applications in Heterogeneous Embedded Systems,” Proc. 35th Int’l Conf. Parallel Processing (ICPP), Columbus, Ohio, Aug. 2006. ( Acceptance Rate: 32%, 64/200) T. Xie and X. Qin, “ SAHA: A Scheduling Algorithm for security-Sensitive Jobs on Data Grids,” Proc. IEEE/ACM 6th Int'l Symp. Cluster Computing and the Grid (CCGrid), 2nd Int'l Workshop on Cluster Security, May 2006. ( Acceptance Rate: 25% ) T. Xie and X. Qin , “SHARP: A New Real-Time Scheduling Algorithm to Improve Security of Parallel Applications on Heterogeneous Clusters,” Proc. the 25th IEEE Int’l Performance Computing and Communications Conf. (IPCCC'06) , Phoenix, AZ, April 2006. ( Acceptance Rate: 35% )

Selected Conferences Publications (cont.) M. Nijim, X. Qin , T. Xie, and M. Alghamdi, “Awards: An Adaptive Write Scheme for Secure Local Disk Systems,” Proc. the 25th IEEE Int’l Performance Computing and Communications Conf. (IPCCC'06) , April 2006. ( Acceptance Rate: 35% ) T. Xie and X. Qin , “A New Allocation Scheme for Parallel Applications with Deadline and Security Constraints on Clusters,” Proc. the 7th IEEE Int’l Conf. Cluster Computing (Cluster 2005), 2005. ( Acceptance Rate: 32%, 48/150) T. Xie, X. Qin , and A. Sung, "SAREC: A Security-Aware Scheduling Strategy for Real-Time Applications on Clusters ," Proc. the 34th Int’l Conf. Parallel Processing (ICPP 2005), pp.5-12, Norway, June 14-17, 2005. ( Acceptance Rate: 28%, 69/241) X. Qin and Hong Jiang, “Improving Effective Bandwidth of Networks on Clusters using Load Balancing for Communication-Intensive Applications,” Proceedings of the 24th IEEE International Performance, Computing, and Communications Conference (IPCCC 2005), pp.27-34, Phoenix, Arizona, April 7-9, 2005. ( Acceptance Rate: 35%, 36/103) X. Qin , “Improving Network Performance through Task Duplication for Parallel Applications on Clusters,” Proc. the 24th IEEE Int’l Performance, Computing, and Communications Conference (IPCCC 2005), 2005. ( Acceptance Rate: 35%, 36/103) X. Qin , H. Jiang, Y. Zhu, and D. Swanson, "Dynamic Load Balancing for I/O-Intensive Tasks on Heterogeneous Clusters," Proceedings of the 10th International Conference on High Performance Computing (HiPC 2003), pp.300-309, 2003 ( Acceptance Rate: 29% ) X. Qin , H. Jiang, Y. Zhu, and D. Swanson, "Towards Load Balancing Support for I/O-Intensive Parallel Jobs in a Cluster of Workstations," Proc. of the 5th IEEE International Conference on Cluster Computing (Cluster 2003), 2003. ( Acceptance Rate: 29% )

Adaptive Quality of Security Control in Storage Systems Xiao Qin

Outline Introduction to Storage Systems Local Disk Systems Parallel Disk Systems Security-Aware Cache Partitioning Conclusion Publications

Data-Intensive Applications Video Surveillance Digital Libraries Radio Astronomy Observatory

Data-Intensive Applications (Cont.) long running simulations remote-sensing database systems biological sequence analysis

Motivation Existing storage systems fail to meet the security requirements of modern data- intensive applications There is no way to dynamically choose security services to meet disk requests flexible security requirements Existing storage systems are not suitable to guarantee desired response times of disk requests

Cache Partitioning Scheme Topics Security-Aware Local Disk Systems Adaptive Quality of Security Control in Parallel Disk Systems

Quality of Security Framework for Disk Systems

Security-Aware Local Disk Systems

Contributions A Security-Aware Adaptive Write Strategy (AWARDS) for Local Disk Systems AWARDS can achieve high security for local disk systems while making the best effort to guarantee desired response times AWARDS Security Performance

The Architecture of AWARDS Security Service 1 Security Service m Adaptive Security Service Controller Disk Request Scheduler Disk Request Security Mechanism Disk Driver Untrusted Local Disk

Modeling Disk Requests Each disk request specifies quality of service requirement A security requirement can be defined as a lower bound security level The range is between 0.1 and 1.0 A performance requirement is specified as a desired response time Disk Requests

Quality of security for each security service is measured by a security level For example: An encryption service with high security level means the high quality of security provided by the service A disk request specifies a lower bound security level as 0.4 Encryption services with security levels higher than or equal to 0.4 can successfully meet the disk request’s security requirements Modeling Disk Requests (Cont.)

r = (o, a, d, s, t) o: type of the request a: disk address d: data size (KB) s: lower security level bound t: desired response time Modeling Disk Requests (Cont.)

Modeling Disk Requests (Cont.) Security Level Disk Request Desired response time Real response time Subject to Maximize

Security Overhead Model Eight encryption algorithms In accordance with the cryptographic algorithms’ performance Each cryptographic algorithm is assigned a security level from 0 to 1 e.g., Assign security level 1 to the strongest yet slowest encryption algorithm (IDEA)

The AWARDS Strategy To aim at improving the quality of security for local disks (i.e., to increase the security levels ) To guarantee timing constraints. (i.e., response time  desired response time )

Example Sl = 0.1 Sl = 0.3 Sl = 0.2 Security level of r 1 = 0.8 Response time =17.7 ms Security level of r 1 = 0.7 Response time =40.7 ms Security level of r 1 = 0.9 Response time =54.5 ms Requests Data Size ( d i ) Minimal Security Level ( s i ) Desired Response Time ( t i ) Response Time (T) under AWARDS Security Level (  i ) under AWARDS r 1 90 KB 0.2 18 ms 17.7 ms 0.8 r 2 150 KB 0.1 41 ms 40.7 ms 0.7 r 3 30 KB 0.3 55 ms 54.5 ms 0.9 r 1 r 2 r 3 r 1 r 2 r 3 Time Time SO= 0.93ms SO= 0.89ms SO= 0.8ms

Start Insert r i into Q For each r i in Q Initialize Security Level Sl < 1.0 For each r i in the Q Sl = Sl + 0.1 For each r k r k can’t finsihed Sl = Sl - 0.1 END No END Yes Yes No

Property of AWARDS If the security level r i is increased by 0.1, the following conditions must hold. 1. The current security level of r i is less than 1.0, i.e.,  i < 0.1 2. Start time processing time

Experimental Result Disk Parameters IBM Ultrastar 36Z15 Size 18.4 GB RPM 15000 Seek Time, T seek 7.18 ms Rotational Time, T rot 4.02 ms Disk Bandwidth, B disk 30 MB/Sec.

Experimental Result Workload Configurations Parameter Value (Fixed) - (Varied) Disk Bandwidth 30MB/Sec. Request Arrival Rate (0.1, 0.2, 0.3, 0.4, 0.5) No./Sec. Desired Response Time 10 Sec. Security Level (0.5) - (0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9) Write Ratio (100%) - (0%, 10%, 20%, 30%, … 100%) Data Size (500 KB) – (300, 400, 500, 600, 700) KB

Performance Metrics Satisfied ratio : a fraction of total arrived disk requests that are found to be finished before their desired response times Average security level : measured by the average value of security levels of all disk requests issued Average security overhead : measured in sec. Overall performance : product of satisfied ratio and the average security level

Impact of Arrival Rate Improvement138.2 % Improvement125.6 %

Sparse Cholesky Desired response time

Lu Decomposition Desired response time

Adaptive Quality of Security Control in Parallel Disk Systems

Motivation Existing parallel disk systems lack the means to adaptively control quality of security for dynamically changing workloads To develop an adaptive quality of security control scheme for parallel disk systems ( ASPAD )

Contributions ASPAD aims to adapt to changing security requirements and workload conditions ASPAD endeavors to determine security services for disk requests while guaranteeing the desired response time for the requests ASPAD Security Performance

Disk 1 Disk 2 Disk m Adaptive Security Quality Controller Data Partitioning mechanism Security Service Middleware Security Service q Security Service 1 Clients Disk Requests Parallel Disk System Network Response Time Estimator Security Service 2 The ASPAD Framework

Quality of Security The quality of security for each security service is measured by security level. 0.1 to 1.0 The quality of security can be quantitatively measured using seven levels Extremely high, very high, high, medium, low, very low, and no security protection Translation mechanism is implemented to make the conversions

Modeling Quality of Security Security level of the jth stripe unit of r i Parallelism degree No. of disks

Modeling Quality of Security (Cont.)

Optimize Quality of Security To maximize security benefit of the parallel disk system Maximize Where θ ij : the response time of jth strip unit of request r i Subject to a) b)

Optimize Quality of Security (Cont.) The response time of all stripe unit in request r i must be smaller than the desired response time The parallelism degree of r i ≤ number of disks in the system

The ASPAD Framework Data Partitioning Response time estimator Adaptive Quality of Security Controller Adaptive control

Data Partitioning Determine the optimal parallelism degree for disk request Reduces the response time of the disk request to increase the security level Dynamically calculate the optimal parallelism degree of the request

Data Partitioning (cont.) Expected disk service time Where Expected values of seek time, rotational time, and transfer time

Data Partitioning (cont.) Scheuermann et al., VLDB98 Where C: number of cylinders on disk a, b : two disk type independent constants e, f : disk type dependent constants

Data Partitioning (cont.) The expected value of rotation time The expected transfer time

Data Partitioning (cont.) Scheuermann et al., VLDB98 Expected disk service time Parallelism degree The optimal parallelism degree is given by min(p i ,m)

Estimate Response Time Estimate the maximum response time of a disk request Response time is the interval between the time a request sent by a client and the time the parallel disk system complete disk I/O operation

Estimate Response Time (cont.) The response time of a disk request is: p : is the parallelism degree : request vector of security level for p stripes unit T queue : queuing delay at the client side T partition : time spent in data partition : system processing delay

Start Insert r into Q For each r in Q Calculate p i of r i Partition ri into pi stripe unit For each stripe unit Initialize SL Estimate response time SL < 1.0 While est. < desired Y SL = SL + 0.1 Estimate response time END N EST >des. dec. SL Y N Apply the security service with level  ij to the j th stripe unit Phase1. Data Partitioning Phase2 response time

Property of ASPAD With respect to the i th request, the following two conditions must hold if the j th stripe unit’s security level is increased by 0.1: The current security level  ij is less than 1.0; , where T j is the response time of the j th stipe unit, t i is the desired response time of the request, and .

Experimental Results a) data size is 100KB and P = 3

Impact of Arrival Rate ASPAD is always the best a) data size is 100KB and P = 3

Impact of Parallelism Degree ASPAD noticeably outperforms the other Add more slides for results!!! The impact of the parallelism degree when arrival rate = 0.5 No./sec.

A Caching Strategy to Improve Security of Cluster Storage Systems

Security Service 1 Security Service m Cache (Volatile/Non-volatile memory) Adaptive Security Service Controller Security-aware cache management mechanism A Cluster Storage System Network Clients Disk Request Disk1 Disk 2 Disk n

Cache Partitioning The entire cache of the cluster storage system is divided into separate partitions, one for each disk, by a security-aware cache partitioning mechanism. Each cache partition for a disk is managed separately using the conventional LRU replacement algorithm.

Total cache size is the partition size of the d th disk

Conclusion AWARDS and ASPAD maximize the quality of security for local and parallel disk system Experimental result shows that AWARDS and ASPAD significantly increase the security level as well as the overall performance over an existing algorithm A security-aware cache management mechanism (CaPaS) for cluster storage systems. CaPaS can achieve high security and desired performance for clusters.

Future Work Security-Aware Load Balancing Energy-Efficient Mobile Storage Systems

StReD : A Quality of Security Framework for Storage Resources in Data Grids. M. Nijim , Z.-L. Zong, and X. Qin, Future Generation Computer Systems: The Int'l Journal of Grid Computing, 2007. (Forthcoming) Modeling and Improving Security of a Local Disk System for Write-Intensive Workloads . M. Nijim , X. Qin, and T. Xie, ACM Transactions on Storage , vol. 2, no. 4, pp. 400-423, Nov. 2006 Performance Analysis of an Admission Controller for CPU- and I/O-Intensive Applications in Self-Managing Computer Systems . M. Nijim , T. Xie, and X. Qin, ACM Operating Systems Review , vol. 39, no. 4, pp.37-45, October, 2005 Energy-Efficient Scheduling for Parallel Applications on Mobile Clusters . Z.-L. Zong, M. Nijim , and X. Qin, Cluster Computing: The Journal of Networks, Software Tools and Applications, 2007. (In press) Journal Publications

Awards: An Adaptive Write Scheme for Secure Local Disk Systems . M. Nijim , X. Qin, T. Xie, and M. Alghamdi, Proc. 25th IEEE Int'l Performance Computing and Communications Conference (IPCCC) , April 2006 (Acceptance rate 30%) Integrating a Performance Model in Self-Managing Computer Systems under Mixed Workload Conditions . M. Nijim , T. Xie, and X. Qin, Proc. IEEE Int’l Conf. Information Reuse and Integration , Aug. 2005 An Adaptive Strategy for Secure Distributed Disk Systems. M. Nijim , T. Xie, Z.-L. Zong, and X. Qin, NASA/IEEE Conference on Mass Storage Systems and Technologies , WIP Session, May 2006 Sharp: A New Real-Time Scheduling Algorithm to Improve Security of Parallel Applications on Heterogeneous Clusters . T. Xie, X. Qin, and M. Nijim , Proc. 25th IEEE Int'l Performance Computing and Communications Conference (IPCCC) , April 2006. (Acceptance rate 30%) Solving Energy-Latency Dilemma: Task Allocation for Parallel Applications in Heterogeneous Embedded Systems. T. Xie, X. Qin, and M. Nijim , Proc. 35th International Conference on Parallel Processing (ICPP), Columbus, Ohio, Aug. 2006. (Acceptance rate 28%) Adaptive Quality of Security Control in Networked Parallel Disk Systems . M. Nijim , X. Qin, and T. Xie, Proc. 15th Int'l Conference on Computer Communications and Networks (ICCCN), Oct. 2006 (Acceptance rate 29%) Selected Conference Publications

AWARDS Complexity The complexity of AWARDS is O(n 2 ) Proof : To increase the security level of the request, it takes O(n). There is O(n) number of write requests

Download the presentation slides http://www.slideshare.net/xqin74 Google: slideshare Xiao Qin

Complexity of ASPAD The time complexity is O(n 2 p) P: the maximum parallelism degree n: is the number of disk requests

Security-Aware Scheduling for Real-Time Parallel Applications on Clusters

More Related Content

What's hot (12)

Similar to Security-Aware Scheduling for Real-Time Parallel Applications on Clusters (20)

More from Xiao Qin (20)

Recently uploaded (20)

Security-Aware Scheduling for Real-Time Parallel Applications on Clusters

Editor's Notes