摘要:
现有的云工作流大多工作在静态化、同质化的系统环境中,不仅易导致故障传播、降低系统容错度,而且易于攻击者获取系统环境信息,便于发动准确攻击.针对此问题,提出一种面向云工作流安全的任务调度方法.该方法以工作流系统多层次任务划分模式为基础,阶段性地对任务进行调度,避免针对特定任务的持续攻击.为有效防范攻击者针对任务执行环境的探测,利用多样化的系统镜像构建异构的任务执行体,并基于异构执行体动态变换任务执行环境,保证云工作流系统环境的随机性.此外,为进一步提高异构系统的安全效益,对执行体异构程度进行量化,并根据量化结果映射成调度选择概率,提高调度前后任务执行环境的差异.实验模拟3种攻击方法对改进的云工作流系统安全性进行测试,测试结果表明:该方法能有效提高云工作流系统的安全性.
Abstract:
Most of the cloud workflow systems work in the static and homogeneous environment, which will not only lead to fault propagation, reducing the fault tolerant capability of the system, but also make it easier for attackers to acquire the system environment information, helping them to launch accurate attacks. To solve the problem, the task scheduling method for cloud workflow security is proposed. On the basis of the multi-level task division mode in the workflow system, this method employs the task scheduling to avoid the consistent attacks on specific tasks. In order to effectively prevent the attackers from detecting the task execution environment, the diverse operating system images are used to build the heterogeneous task executors, and then the task execution environment is switched dynamically based on these heterogeneous executors, ensuring the randomness of the system environment of cloud workflow. Furthermore, in order to improve the security gain of the heterogeneous systems, the heterogeneity degrees of the executors are quantified, and the quantization results are mapped to the scheduling selection probability, ensuring a significant difference in task execution environments before and after the scheduling. In the experiment, three kinds of attack methods are simulated to test the security of the improved cloud workflow system, and experimental results demonstrate that this method can effectively improve the security of the cloud workflow systems.
本站查看
下载:
