Secure Grid Computing - GridSec Project - University of Southern ...

More documents

Recommendations

Info

NPC-2004 Oct. 18, 2004 Trust Integration over a VPN Ring Aggregate costs in Single Sign-on operation over VPN vs. PKI Services V V Site S 2 Site S 1 Site S 4 V SeGO Server VPN Gateway Hosts Site S 3 Physical backbone VPN tunnel ring V Trust Vector Trust vector propagation User application and SeGO server negotiation Cooperating gateways working together to establish VPN tunnels for trust integration V Aggregate Service Cost 10 8 6 4 GSI based VPN based 2 0 10 20 30 40 50 60 70 80 90 100 Grid Size October 18, 2004, Kai Hwang http://GridSec.usc.edu 7 October 18, 2004, Kai Hwang http://GridSec.usc.edu 8 Global GridSec Testing Environment International Collaborators in USA, France, China, and Australia USC NetShield Intrusion Defense System for Protecting Local Network of Grid Computing Resources INRIA, Sophia Antipolis, France ICT of CAS Beijing, China Melbourne University, Australia The GridSec over Internet USC Gateway, Los Angeles Trojan Cluster in IGC Lab. USC/ISD Supercluster USC NetShield Defense System and Testing Facilities Security Policy Manager Security Database ISP The Internet Network Router The NetShield System Firewall Datamining for Anomaly Intrusion Detection (IDS) Risk Assessment System (RAS) Intrusion Response System (IRS) Victim’s Internal Network October 18, 2004, Kai Hwang http://GridSec.usc.edu 9 October 18, 2004, Kai Hwang http://GridSec.usc.edu 10 Security-Driven Heuristics for Trusted Job Scheduling on Risky Grids • Min-min heuristics: ‣ For each job, the resource site that gives the earliest completion time is selected first. The job that has the minimum earliest completion time is assigned to the selected resource site. • Sufferage heuristics: ‣ The Sufferage heuristic is based on the idea that better mappings are generated by assigning a site to a job that would “suffer” most in terms of expected completion time • Three secure and risky scheduling modes: ‣ Secure mode – Allocate jobs only to those Grid sites with security level exceeding the job requirement (SD < SL) ‣ Risky mode – Allocate jobs to any available Grid sites without checking the risk level or the job demand ‣ f-risky mode – Allocate jobs to those Grid sites taking at most f % risk Risk scale: 0 f 100% ( ) 0 P fail = P( fail) f P( fail )
NPC-2004 Oct. 18, 2004 The bad things always happen --- Murphy’s Law Historical database We are scared. Let us just wait … ☺☺ ☺ ☺ ☺ ☺ ☺ ☺ ☺ ☺ ☺☺ ☺☺☺☺☺☺☺ We don’t care, just do it. I am courageous, not a kid anymore,…. ☺ ☺ ☺ ☺ ☺ ☺ ☺ ☺ ☺ ☺ Decreasing security demands (SD) from user jobs Decreasing security level (SL), assured by Grid sits or increasing risk levels I will run a calculated risk, but wait a while … ☺ ☺ ☺ ☺ ☺ ☺ ☺ ☺ ☺ October 18, 2004, Kai Hwang http://GridSec.usc.edu 13 ☺ I calculate too, maybe I am lucky … (a) Secure Mode (b) Risky mode (c) f-risky mode NAS and PSA Workloads : • Parameters in Two Real Workloads: ‣ NAS (Numerical Aerodynamic Simulation) Workload: • Resource sites: 12 sites (8: 8 nodes/site, 4: 16 nodes/site) • Jobs: arrival time and workload from the trace file • N = 16,000 jobs running on M = 12 Grid sites ‣ Parameter Sweep Application (PSA) Workload: • Site processing speed:10 levels, M = 20 sites • Job workload: 20 levels, N = 5,000 jobs • Job arrival: Poisson distribution 0.008 jobs/sec October 18, 2004, Kai Hwang http://GridSec.usc.edu 14 Difference between Traditional GA and Space-Time Genetic Algorithms (STGA) in Term of Solution Quality --- Fast scheduling and easy to implement Solution Quality Generate random initial population STGA starting point GA STGA Good solution is found Evolution Iterations The starting point is based on prior solution database. Genetic Algorithms (GA) • Genetic Algorithms (GAs) are a popular technique used in search of large solution spaces. • GA is studied for job scheduling in heterogeneous computing and Grid environments. ‣ It is powerful for generating some good solutions. ‣ It is not widely used for its long computational time (overhead) How GA works 0 1 0 1 0 1 1 0 0 1 0 0 0 1 0 0 1 0 0 1 0.3 0.6 0.9 0.6 Initial Population 0 0 0 1 0 1 1 0 0 1 0 0 0 1 0 0 1 0 0 1 0.9 0.6 0.9 0.6 After selection 0 0 0 0 1 1 1 0 1 0 0 0 0 1 0 0 1 0 0 1 1.0 0.4 0.9 0.6 After crossover 0 0 0 0 1 1 1 0 1 0 1 0 0 1 0 0 1 0 0 1 1.0 0.4 0.8 0.6 After mutation October 18, 2004, Kai Hwang http://GridSec.usc.edu 15 October 18, 2004, Kai Hwang http://GridSec.usc.edu 16 Simulation of The Space-Time Genetic Algorithm (STGA) • STGA parameters: ‣ Training data: 500 jobs ‣ Look table size = 150 ‣ Initial population size = 200 ‣ Evolution times = 100 iterations • Compared with 1000 used in traditional GA ‣ Crossover probability = 0.8 ‣ Mutation probability = 0.01 The Total Execution Time of 16,000 jobs on 12 Grid sites with 8 or 16 nodes per site --- Makespan in seconds under the NAS Workload with uniform distributions on site security level (0.4 – 1.0) and on job security demand (0.6 – 0.9) Makespan (seconds) 7x10 6 6x10 6 5x10 6 4x10 6 3x10 6 2x10 6 1x10 6 0 1 2 3 4 5 6 7 Min-min Secure Min-Min f-Risky Min-min Risky Sufferage Secure Sufferage f-Risky Sufferage Risky STGA October 18, 2004, Kai Hwang http://GridSec.usc.edu 17 October 18, 2004, Kai Hwang http://GridSec.usc.edu 18 Keynote Presentation at the IFIP International Conference on Network and Parallel Computing, (NPC 2004), Wuhan, China, Oct. 18, 2004 3
Page 1: NPC-2004 Oct. 18, 2004 Secure Grid
Page 5 and 6: NPC-2004 Oct. 18, 2004 Internet Dat

Secure Grid Computing - GridSec Project - University of Southern ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?