ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (6): 1180-1189.doi: 10.7544/issn1000-1239.2018.20170425

• 信息安全 • 上一篇    下一篇

面向云工作流安全的任务调度方法

王亚文,郭云飞,刘文彦,扈红超,霍树民,程国振   

  1. (国家数字交换系统工程技术研究中心 郑州 450002) (15738321455@163.com)
  • 出版日期: 2018-06-01
  • 基金资助: 
    国家自然科学基金创新群体项目(61521003);国家自然科学基金项目(61602509);国家重点研发计划项目(2016YFB0800100,2016YFB0800101);河南省科技攻关计划项目(172102210615)

A Task Scheduling Method for Cloud Workflow Security

Wang Yawen, Guo Yunfei, Liu Wenyan, Hu Hongchao, Huo Shumin, Cheng Guozhen   

  1. (National Digital Switching System Engineering and Technology Research Center, Zhengzhou 450002)
  • Online: 2018-06-01

摘要: 现有的云工作流大多工作在静态化、同质化的系统环境中,不仅易导致故障传播、降低系统容错度,而且易于攻击者获取系统环境信息,便于发动准确攻击.针对此问题,提出一种面向云工作流安全的任务调度方法.该方法以工作流系统多层次任务划分模式为基础,阶段性地对任务进行调度,避免针对特定任务的持续攻击.为有效防范攻击者针对任务执行环境的探测,利用多样化的系统镜像构建异构的任务执行体,并基于异构执行体动态变换任务执行环境,保证云工作流系统环境的随机性.此外,为进一步提高异构系统的安全效益,对执行体异构程度进行量化,并根据量化结果映射成调度选择概率,提高调度前后任务执行环境的差异.实验模拟3种攻击方法对改进的云工作流系统安全性进行测试,测试结果表明:该方法能有效提高云工作流系统的安全性.

关键词: 云工作流, 异构任务执行体, 任务调度, 云安全, 多样化操作系统

Abstract: Most of the cloud workflow systems work in the static and homogeneous environment, which will not only lead to fault propagation, reducing the fault tolerant capability of the system, but also make it easier for attackers to acquire the system environment information, helping them to launch accurate attacks. To solve the problem, the task scheduling method for cloud workflow security is proposed. On the basis of the multi-level task division mode in the workflow system, this method employs the task scheduling to avoid the consistent attacks on specific tasks. In order to effectively prevent the attackers from detecting the task execution environment, the diverse operating system images are used to build the heterogeneous task executors, and then the task execution environment is switched dynamically based on these heterogeneous executors, ensuring the randomness of the system environment of cloud workflow. Furthermore, in order to improve the security gain of the heterogeneous systems, the heterogeneity degrees of the executors are quantified, and the quantization results are mapped to the scheduling selection probability, ensuring a significant difference in task execution environments before and after the scheduling. In the experiment, three kinds of attack methods are simulated to test the security of the improved cloud workflow system, and experimental results demonstrate that this method can effectively improve the security of the cloud workflow systems.

Key words: cloud workflow, heterogeneous task executors, task scheduling, cloud security, diverse operating systems

中图分类号: