Security-aware data replica selection strategy for Bag-of-Tasks application in cloud computing

Abstract

As a typical distributed network computing environment, cloud computing has been growing tremendously recently. Although it could provide a convenient environment for the execution of data-intensive application, the primary challenge for it is how to choose the security date replica for data-intensive application from different storage resources. Considering that the security has the characteristic of fuzziness and randomness, it is quantified using the cloud model in this paper. On this basis, taking the constraints of time, cost, and security into account, a scheduling algorithm of data-intensive application based on weighted set covering problem (WSCP) is proposed. Simulation results demonstrate that the security-aware data replica selection strategy performs better than traditional selection strategy on time, cost, security utility value and load balancing deviation (LBD).

Keywords

Cloud computing Bag-of-Task application cloud model data replica selection security utility value

1. Introduction

Due to requirements of collaborative research, the large-scale scientific applications, such as the Compact Muon Solenoid Data Grid, astronomy and biology, have been received more and more attention. For generating huge amounts of data usually, they are typical data-intensive applications [12]. Meanwhile, with the rapid development of cloud computing, customers begin to migrate data-intensive applications to the cloud computing platform [8], which uses virtualization technology to integrate computing resources, storage resources and network resources as a resource pool, and enables consumers to utilize cloud resources with pay-on-demand regardless of the time and place. Consumers could get needed resources in different development phases by buying cloud service, without spending more time or energy [22]. To enhance the reliability and availability of large volumes of data stored as data files, they are divided into chunks, and replicated on different storage resources [7], usually located in different sites scattered throughout the network, which make customers face the challenge of how to select appropriate data replica for their data-intensive application. Although in the era of grid data, there was a lot of research on data replica selection [17,19], the cost-free, best-effort model, also in network aware scenarios [16], made the traditional optimization goal mainly focus on time, which was obviously not suitable for the business model in cloud computing. In addition, the cloud service model provided by cloud service providers had the advantage of high efficiency, economy and strong extensibility, which can attract many businesses and users. However, it also faced great challenge to deal with information security and privacy protection [23,26,31]. Aguiar et al. [2] pointed out that cloud service selection strategy without security-aware would cause the problem of poor performance, high risk, information leakage and even failure, etc. Because of the security problem existed in cloud computing [28], consumers start to worry about data security, namely it is important to choose security storage resources to prevent data from breaching or tampering. Let us assume the following scenario in real life. Suppose that a huge log files of the bank customers’ behavior need to be analyzed on the cloud computing platform, the bank is concerned not only with the efficiency of the log file processing, but also with the security of data in the process of storage or transmission.

In this paper, a data-intensive application is regard as Bag of Tasks (BoT) consisted of many independent tasks, each of which requires a number of data sets replicated on multiple storage resources. For the problems mentioned above, we put forward a novel security-aware data replica selection strategy. The contribution of this paper contains three parts: (1) We quantify the security of data replica using the cloud model; (2) The problem of BoT scheduling is formalized by considering time, cost, security and load balancing deviation; (3) We present a heuristic algorithm to solve the problem of BoT scheduling.

The structure of this paper is arranged as follows. Related research on data replica selection is reviewed in the next section. The formalized BoT is introduced in Section 3. The criteria of data replica selection are given in Section 4. The heuristic scheduling algorithm for BoT is described in Section 5. Section 6 discusses the performances of the algorithm through simulation experiments. Finally, conclusions and suggestions for future research are presented in Section 7.

2. Related works

Because the data replica selection strategy used to select appropriate data replica played an important role in the process of BoT scheduling, there were many algorithms listed in the literature [11]. The process of data replica selection was abstracted into set covering problem (SCP) by Venugopal and Buyya [27], and minimizing the total time was chose as the optimization objective. Al-Mistarihi and Yong [3] had two optimizing objectives: one was to determine fairness among customers, the other was to choose the best data replica by maximizing reliability and security, in which security was computed with the arithmetic mean method according to the historical data file. According to the criteria of data replica selection including of availability, security and time, the best data replica was chose through the Euclidean distance in [13]. Considering security and availability needed to be quantified by linguistic variables, Almuttairi et al. [4] selected rough set theory to describe the multiple attributes data replica selection problem, which could gain grey numbers used for data replica decision-making. Wang et al. [29] presented the scheduling policy subsumed trust mechanism, it described the credibility of the resource provider through trust mechanism based on the theory of the probability, and preferred to select reliable resource in order to improve the robustness and predictability of the scheduling policy. Considering the commercialization of cloudy computing environment, different cloud service providers may not provide true service information for their own interests, Fard et al. [10] put forward trusted scheduling mechanism, which incentivized cloud service providers to provide real price according to their quality of the services through auction mechanism. Similarly, selfish strategy dynamics in distributed scheduling, when multiple cloud providers compete, had been explored in [18]. Abbadi and Ruan [1] proposed a credible scheduling strategy that was used to establish the mapping relationship between the virtual machine and the physical resource. For the potential uncertainty and reliability issues existed in the process of the scheduling, Tan et al. [25] measured the trust of cloud services by the synthesis of direct trust and indirect trust, and put forward the scheduling algorithm by considering time, cost and trust. Leveraging multi-source parallel data-retrieval technique, Pandey and Buyya [20] proposed a novel method named enhanced static mapping heuristic (ESMH) for selecting data sources. Rahman et al. [21] proposed a replica selection algorithm based on access latency and bandwidth consumption. A novel hierarchical scheduling algorithm was presented by Mansouri et al. [15] to reduce the search time. To minimize the data access time and avoid unnecessary replication, Sashi and Thanamani [24] presented a Modified Bandwidth Hierarchy Replication (BHR) algorithm based on the standard BHR algorithm. A secure requirement (SRP) prioritized task-scheduling algorithm was proposed by Bhatia et al. [6], which could stop intruders modifying the resource requirement of the jobs.

From these data replica selection strategies given in literatures above, we can see that their optimizing goals mainly focus on time, cost, fairness, security, and so forth. Because of not reflecting security’s features of fuzziness and randomness, it is not quantified effectively. To address the issues, we describe the security of data replica using the cloud model, and put forward security-aware data replica selection strategy for BoT applications.

3. Formalization and framework of BoT

In this section, we formalize the components of cloud computing environment, BoT and the resource set of the task in detail, and design a framework of BoT, which is used to select appropriate resource set to execute BoT.

Definition 1 (Cloud computing environment).

Suppose that there are Q different data centers $DC = {{dc}_{1}, {dc}_{2}, \dots, {dc}_{Q}}$ connected by different bandwidths, in which they include M computing resources denoted as $CR = {{cr}_{1}, {cr}_{2}, \dots, {cr}_{M}}$ with the corresponding computing capacity vector $C = {c_{1}, c_{2}, \dots, c_{M}}$ , and P available storage resources denoted as $SR = {{sr}_{1}, {sr}_{2}, \dots, {sr}_{P}}$ with different security levels.

Definition 2 (BoT).

Suppose that BoT includes a set of N independent tasks denoted as $BoT = {T_{1}, T_{2}, \dots, T_{N}}$ . For task $T_{i}$ ( $1 ⩽ i ⩽ N$ ), its processing length is denoted as $l_{i}$ , and it requires a set of q data sets denoted as $D^{T_{i}} = {d_{1}, d_{2}, \dots, d_{q}}$ , for each data set $d_{j} \in D^{T_{i}}$ , ${SR}_{d_{j}}^{T_{i}} = {{sr}_{1}, {sr}_{2}, \dots, {sr}_{h}} \subseteq SR$ ( $1 ⩽ j ⩽ q$ ) is the set of storage resources on which $d_{j}$ is replicated.

Definition 3 (Resource set).

For each task $T_{i}$ , the resource set $S^{T_{i}} = {{cr}^{T_{i}}, {SR}^{T_{i}}}$ contains selected computing resource and storage resources, in which ${cr}^{T_{i}} \in CR$ represents the computing resource selected for executing the task $T_{i}$ and ${SR}^{T_{i}} \subseteq ⋃_{d_{j} \in D^{T_{i}}} {SR}_{d_{j}}^{T_{i}}$ is the set of storage resources chosen for obtaining the data sets required by $T_{i}$ .

An example of BoT is depicted in Fig. 1. Assume that task $T_{i}$ require four data sets denoted as $d_{1}$ , $d_{2}$ , $d_{3}$ and $d_{4}$ , respectively, in which the data replica of $d_{1}$ is replicated on data centers ${dc}_{1}$ and ${dc}_{2}$ , $d_{2}$ is replicated on data centers ${dc}_{2}$ and ${dc}_{3}$ , $d_{3}$ is replicated on data centers ${dc}_{3}$ , ${dc}_{4}$ and ${dc}_{5}$ , $d_{4}$ is replicated on data centers ${dc}_{4}$ and ${dc}_{5}$ . According to Definition 3, there are sixty-four methods of data replica selections for $T_{i}$ .

Fig. 1.

An example of BoT.

The framework of BoT is designed in Fig. 2. Firstly, BoT submits tasks needed to perform to the cloud broker. Then, the cloud broker sends requests of BoT to the module of resource set selection, and also feeds back the information of resource set meeted the demand to BoT. The module of resource set selection is responsible for obtaining informations of resource set from the information registry of cloud resource, and evaluating and selecting different resource set. The evaluation criteria for resource set is introduced in Section 4, and the algorithm used to select the resource set is discussed in Section 5. The information registry of cloud resource collects informations of resource set from different cloud service providers.

Fig. 2.

A framework of BoT.

4. Criteria for selecting resource set

Considering the economic characteristic of cloud computing and its dynamic and heterogeneous nature, the criteria including time, cost and security are considered in the process of resource set selection.

4.1. Completion time

Assume that computing resource ${cr}_{t} \in CR$ is used to execute task $T_{i} \in T$ . The completion time for implementing task $T_{i}$ is denoted as $Time (T_{i})$ , which is composed of three parts: the time $W_{T_{i}}$ required for waiting computing resource ${cr}_{t}$ ; the time $T_{T_{i}}$ required for transferring data sets from selected storage resources to ${cr}_{t}$ ; and the time $E_{T_{i}}$ required for executing task $T_{i}$ on ${cr}_{t}$ . It can be computed by Eq. (1). $\begin{matrix} (1) & Time (T_{i}) = Max (W_{T_{i}} + Max (T_{T_{i}} (d_{j}, {sr}_{d_{j}}, {cr}_{t}))) + E_{T_{i}}, \end{matrix}$ where $T_{T_{i}} (d_{j}, {sr}_{d_{j}}, {cr}_{t})$ is the time required for transferring the required data sets $d_{j} \in D^{T_{i}}$ retrieved from selected storage resource ${sr}_{d_{j}}$ to assigned computing resource ${cr}_{t}$ and is estimated using Eq. (2). $\begin{matrix} (2) & T_{T_{i}} (d_{j}, {sr}_{d_{j}}, {cr}_{t}) = W_{d_{j}} + Size (d_{j}) / BW ({dc}_{{sr}_{d_{j}}}, {dc}_{{cr}_{t}}) . \end{matrix}$

In Eq. (2), $W_{d_{j}}$ is the waiting time from making the request to receive the first byte of the data set $d_{j}$ ; $Size (d_{j})$ represents the amount of data set $d_{j}$ ; $BW ({dc}_{{sr}_{d_{j}}}, {dc}_{{cr}_{t}})$ represents the bandwidth between data centers containing storage resource ${sr}_{d_{j}}$ and computing resource ${cr}_{t}$ . $T_{T_{i}} (d_{j}, {sr}_{d_{j}}, {cr}_{t})$ becomes zero when storage resource ${sr}_{d_{j}}$ and computing resource ${cr}_{t}$ are in the same data center. The desired execution time of task $T_{i}$ on computing resource ${cr}_{t}$ is given by Eq. (3). $\begin{matrix} (3) & T_{e} (T_{i}, {cr}_{t}) = l_{i} / c_{t}, \end{matrix}$ where $l_{i}$ and $c_{t}$ are denoted as the processing length of task $T_{i}$ and the computing capacity of ${cr}_{t}$ , respectively.

4.2. Economic cost

Let $Cost (T_{i})$ be the economic cost of implementing task $T_{i}$ , which includes the cost of retrieving data sets from the selected storage resource, and the cost of executing task $T_{i}$ on assigned computing resource ${cr}_{t}$ . It is computed by Eq. (4). $\begin{matrix} (4) & Cost (T_{i}) = \sum C_{t} (d_{j}, {sr}_{d_{j}}, {cr}_{t} | d_{j} \in D^{T_{i}}) + C_{e} (T_{i}, {cr}_{t}), \end{matrix}$ where the transfer cost of data set $d_{j}$ from selected storage resource ${sr}_{d_{j}}$ to allocated computing resource ${cr}_{t}$ is computed by Eq. (5). $\begin{matrix} (5) & C_{t} (d_{j}, {sr}_{d_{j}}, {cr}_{t} | d_{j} \in D^{T_{i}}) = Size (d_{j}) * Price ({sr}_{d_{j}}, {cr}_{t}), \end{matrix}$ where $Price ({sr}_{d_{j}}, {cr}_{t})$ denotes the cost of transferring unit data from storage resource ${sr}_{d_{j}}$ to computing resource ${cr}_{t}$ . The cost of executing task $T_{i}$ on computing resource ${cr}_{t}$ is computed by Eq. (6). $\begin{matrix} (6) & C_{e} (T_{i}, {cr}_{t}) = T_{e} (T_{i}, {cr}_{t}) * Price ({cr}_{t}), \end{matrix}$ where $Price (c s_{t})$ is the cost of computing resource ${cr}_{t}$ per unit time.

4.3. Security

As the security belongs to an uncertain concept with fuzziness and randomness, it is difficult to describe. We quantify it with the cloud model proposed by Li et al. [14], which describes the fuzziness and randomness of linguistic concepts, and implements uncertain transformation between the qualitative concept and the quantitative value. To facilitate understanding of research ideas in this paper, this subsection introduces related concept firstly, then presents the method of describing security using the cloud model.

Definition 4 (Cloud model and cloud drops).

Let A be a qualitative concept defined over a universe of discourse U, and a random instantiation of concept A is denoted as $x \in U$ . The certainty degree of x belonging to concept A satisfies is expressed as $y = μ_{C} (x) \in [0, 1]$ . If it is a random number with a steady tendency, namely: $\begin{matrix} μ_{C} (x) : U \to [0, 1] \forall x \in U, x \to μ_{C} (x) . \end{matrix}$

Then the distribution of x in the universe U is called a cloud model, and x is called a cloud drop.

The cloud model describes qualitative features of an uncertain concept using three numerical characteristics, namely, expectation $Ex$ , entropy $En$ and hyper entropy $He$ , respectively, in which $Ex$ is regarded as the most representative sample of the uncertain concept. The distance to $Ex$ is closer, the concentrations of cloud drops is greater. $En$ is uncertainty degree of the uncertain concept. The greater the value of $En$ is, the greater the scope accepted by the concept is. $He$ is the uncertain measurement of entropy $En$ . The larger $He$ is, the greater thickness of the cloud.

Although there are several kinds of clouds, such as trapezium cloud, triangular cloud, normal cloud et al. According to the central limit theorem, we discuss the normal cloud model, which is described in Definition 5. Given three numerical characteristics $(Ex, En, He)$ , forward normal cloud generator [14] showed in Algorithm 1 is used to realize the transformation from qualitative concepts to quantitative values, while backward normal cloud generator [14] listed in Algorithm 2 is a model of transforming quantitative values to qualitative concepts. The normal cloud $(0.5, 0.1, 0.01)$ [30] generated using forward cloud generator is given in Fig. 3.

Algorithm 1.

Forward normal cloud generator

Definition 5 (Normal cloud model).

Let A be a qualitative concept defined over a universe of discourse U. If $x \in U$ is a random instantiation of concept A, which satisfies $x \sim N (Ex, {En}^{' 2})$ , ${En}^{'} \sim N (En, {He}^{2})$ , and the certainty degree of x belonging to concept A satisfies $μ = e^{- {(x - Ex)}^{2} / (2 {(En)}^{2})}$ , then the distribution of x in the universe U is called a normal cloud.

Algorithm 2.

Backward normal cloud generator

Fig. 3.

Three numerical characteristics of the normal cloud model $(0.5, 0.1, 0.01)$ .

The process of quantifying security based on the cloud model is shown as follows: firstly, security is divided into five levels, which are shown in Table 1, and the corresponding standard security cloud [33] is generated using a standard security cloud generator, which is given in Algorithm 3; then, according to the historical information of storage resources, their security clouds are generated by backward cloud generator; thirdly, the synthetic security cloud is generated using Eq. (7) [32], which is used to quantify the security of the storage resources chosen for obtaining the data sets required by the ith task; at last, the security level of synthetic security cloud is determined and its security score is calculated accordance with Algorithm 4.

Table 1

Security level, concepts and range

Security level	Security concept	Security range	Standard security cloud
1	Insecure	$[0, 1)$	${TBC}_{1} (0.0, 0.33, 0.1)$
2	Low security	$[1, 2)$	${TBC}_{2} (1.5, 0.33, 0.1)$
3	Medium security	$[2, 3)$	${TBC}_{3} (2.5, 0.33, 0.1)$
4	Very secure	$[3, 4)$	${TBC}_{4} (3.5, 0.33, 0.1)$
5	High security	$[4, 5]$	${TBC}_{5} (5.0, 0.33, 0.1)$

In Algorithm 3, considering the lower limit and upper limit of the interval $TD = [0, 5]$ are used to denote “insecure” and “completely secure”, respectively. So, the expectation $Ex$ of the insecurity cloud and the completely secure are set to $R_{1}^{min}$ and $R_{n}^{max}$ , the expectation ${Ex}_{i}$ of other standard security cloud is equal to the average of lower limit and upper limit of the corresponding interval. In order to depict the cross between different security level, according to the “ $3 En$ rules” of the normal cloud, the lower limit and upper limit of the corresponding interval and ${Ex}_{i}$ of the corresponding standard security cloud are used to compute the entropy ${En}_{i}$ . Because hyper entropy ${He}_{i}$ is used to fine-tune entropy ${En}_{i}$ , its value is not too high, so it is set to constant 0.1.

Algorithm 3.

Standard security cloud generator

There are P available storage resources denoted as $SR = {{sr}_{1}, {sr}_{2}, \dots, {sr}_{P}}$ , their security clouds are denoted as $C ({Ex}_{i}, {En}_{i}, {He}_{i})$ ( $1 ⩽ i ⩽ P$ ). Suppose that task $T_{i}$ requires m storage resources to gain its required data sets. The synthetic cloud $C ({Ex}_{T_{i}}, {En}_{T_{i}}, {He}_{T_{i}})$ of task $T_{i}$ is used to quantify the security of m storage resources and can be calculated by Eq. (7). $\begin{matrix} (7) & \{\begin{matrix} {Ex}_{s} = \frac{1}{m} \sum_{i = 1}^{m} {Ex}_{i}, \\ {En}_{s} = \frac{1}{6} [{max}_{i} {{Ex}_{i} + 3 {En}_{i}} - {min}_{j} {{Ex}_{j} + 3 {En}_{j}}], \\ {He}_{s} = \frac{1}{m} \sum_{i = 1}^{m} {He}_{i} . \end{matrix} \end{matrix}$

5. A heuristic algorithm for BoT

For $T_{i} \in T$ , $D^{T_{i}} = {d_{1}, d_{2}, \dots, d_{q}}$ is denoted as a set of data sets required by task $T_{i}$ . $d r_{{sr}_{j}} \subseteq D^{T_{i}}$ ( $1 ⩽ j ⩽ P$ ) is expressed as a subset of $D^{T_{i}}$ contained in storage resource ${sr}_{j}$ . To obtain a subset of required data sets $d r_{{sr}_{j}}$ from storage resource ${sr}_{j}$ in cloud computing need to pay a certain cost $w (d r_{{sr}_{j}})$ . The process of data replica selection for task $T_{i}$ in BoT is translated into the weighted set covering problem, the goal is to find a subset of the available storage resources C, which need to satisfy $⋃_{{sr}_{j} \in C} d r_{{sr}_{j}} = D^{T_{i}}$ , and minimize the cost $\sum_{{sr}_{j} \in C} w (d r_{{sr}_{j}})$ . Firstly, the cost expressed by utility function is described in detail Section 5.1, then, the algorithm for BoT scheduling is given in Section 5.2.

Algorithm 4.

Calculate the score of synthetic cloud

5.1. The utility function

To evaluate multi-objective utility function included multi-dimensional QoS, we use a multiple attribute decision making approach, which can map each QoS attribute into a value between 0 and 1, by compared it with the minimum and maximum possible value according to the available QoS information of all scheduling schemes. Because there are two kinds of QoS attributes, one is positive attributes with maximizing their values, the other one is negative attributes with minimizing their values [5]. They are calculated according to Eqs (8) and (9), respectively. $\begin{array}{rcl} (8) & U (P) = \frac{Q_{P} - Q_{P}^{min}}{Q_{P}^{max} - Q_{P}^{min}}, \\ (9) & U (N) = \frac{Q_{N}^{max} - Q_{N}}{Q_{N}^{max} - Q_{N}^{min}}, \end{array}$ where $Q_{P}^{max}$ ( $Q_{P}^{min}$ ) is the maximal (minimal) value of positive attribute, and $Q_{N}^{max}$ ( $Q_{N}^{min}$ ) is the maximal (minimal) value of negative criteria. Suppose that there are K scheduling schemes, for a certain scheme $S_{i}$ ( $1 ⩽ i ⩽ K$ ), the value of it is computed by Eq. (10). $\begin{matrix} (10) & Value (S_{i}) = w_{1} \frac{T^{'} (S_{i}) - T_{min}}{T_{max} - T_{min}} + w_{2} \frac{C^{'} (S_{i}) - C_{\max}}{C_{max} - C_{min}} + w_{3} \frac{S_{max} - S^{'} (S_{i})}{S_{max} - S_{min}} . \end{matrix}$

In Eq. (10), $T_{max}$ ( $T_{min}$ ) is the maximal (minimal) makespan of all scheduling schemes; $C_{max}$ ( $C_{min}$ ) is the maximal (minimal) cost of all scheduling schemes; $S_{max}$ ( $S_{min}$ ) is the maximal (minimal) security similarity of all scheduling schemes. $T^{'} (S_{i})$ , $C^{'} (S_{i})$ and $S^{'} (S_{i})$ are the makespan, cost and degree of security satisfaction of the scheduling scheme $S_{i}$ . $w_{k} \in R^{+}$ ( $\sum_{k = 1}^{3} w_{k} = 1$ ) is a non-negative weight of the kth objective function. $w_{1} = 0.3$ , $w_{2} = 0.3$ and $w_{3} = 0.4$ are adopted in this paper.

5.2. The heuristic algorithm for BoT scheduling

A heuristic algorithm based on the utility function is presented for solving the problem of BoT scheduling, which is given in Algorithm 5.

Algorithm 5.

A heuristic algorithm for BoT scheduling

In Algorithm 5, the trust score of each storage resource is calculated, and the minimum utility value $MinU$ is set as $+ \infty$ (Line 1). For each task $T_{i} \in T$ in BoT (Lines 2–17), firstly, ${DR}^{T_{i}} = {d r_{{sr}_{1}}, d r_{{sr}_{2}}, \dots, d r_{{sr}_{P}}}$ is generated according to ${SR}_{d_{n}}^{T_{i}} = {{sr}_{1}, {sr}_{2}, \dots, {sr}_{h}} \subseteq SR$ ( $1 ⩽ n ⩽ q$ ), and Z is used to express the number of all available storage resources, which contain the subset of $D^{T_{i}}$ (Line 3). Then, suppose that computing resource ${cr}_{j} \in CR$ is used to execute task $T_{i}$ . For ${cr}_{j} \in CR$ , the corresponding storage resources to gain data sets $D^{T_{i}}$ is found: the set C denotes the data sets covered by the set $D^{T_{i}}$ , and $result$ is used to keep the storage resources needed for $T_{i}$ , they are initialized as $C = \emptyset$ and $result = \emptyset$ (Line 5); While C does not contain all elements in set $D^{T_{i}}$ , it need to calculate the cost of set $d r_{{sr}_{k}}$ ( $1 ⩽ k ⩽ Z$ ), set $d r_{{sr}_{l}}$ is selected, which has the minimum cost, and set $result$ and C are updated according to the set $d r_{{sr}_{l}}$ , meanwhile, set $d r_{{sr}_{l}}$ is remove from set ${DR}^{T_{i}}$ , the counter Z is updated, and element x contained in set C is removed from $d r_{{sr}_{m}}$ ( $1 ⩽ m ⩽ Z$ ). The iterative process is repeated until all elements in set $D^{T_{i}}$ are covered by set C (Lines 6–10). The synthetic cloud of $result$ is generated by Eq. (7), and its security score is computed according to Algorithm 4 (Line 11). The utility value U of the current resource set $S^{T_{i}} = {{cr}_{j}, result}$ is computed according to Eq. (10) (Line 12). If the current utility value is better, the minimum utility value $MinU$ and the resource set of task $T_{i}$ are needed to update (Lines 13–15).

6. Simulation experiment

6.1. Experimental settings

To evaluate the proposed algorithm, we develop an extended simulation platform based on Cloudsim [9]. The data used in the experiment are all generated randomly. The number of data centers is initialized between 5 and 15 with the network bandwidth from 1 to 2 GB/s. The computing capacity of computing resources is set from 1000 to 1500 MIPS (Million Instructions Per second, MIPS), the security cloud’s digital characteristic $Ex$ , $En$ and $He$ of storage resources are initialized as a random number in $[0, 5]$ , $[0, 1]$ , and $[0, 1]$ , respectively. The cost of the computing resources and unit data transfer between resource sets are set from 1 to 2. The number of tasks included in BoT applications is between 100 to 1000 with the processing length from 100 to 150 MI (Million Instructions, MI), each of which has its security requirement and the number of data sets required initialized in $[1, 5]$ , $[5, 15]$ , respectively. The size of data set is set to between 1 to 2 GB with the number of replicated in the range of 1–3.

6.2. Performance analysis

We adopt makespan, cost, security utility and LBD for performance evaluation. Makespan is the time of completing all the tasks of the BoT application and can be computed by Eq. (11). The cost is the sum of the costs of completing all tasks and can be computed by Eq. (12). Security utility function $SecU (c s_{t}, t_{i})$ is defined as Eq. (13). $\begin{array}{rcl} (11) & Makespan (BoT) = Max (Time (T_{i}) | T_{i} \in BoT), \\ (12) & Cost (BoT) = \sum (Cost (T_{i}) | T_{i} \in BoT) . \end{array}$

Assume that there are N tasks in BoT, then the security utility value BoT is calculated according to Eq. (13). The higher the security utility value is, the higher the security performance. $\begin{matrix} (13) & Security (BoT) = \frac{1}{N} (\sum_{i = 1}^{N} {score}_{T_{i}}) . \end{matrix}$

LBD calculated by Eq. (14) is used to measure the fair utilization of computing resources. The smaller the value of LBD is, the better the load balance of computing resources. $\begin{matrix} (14) & σ = \sqrt{\frac{\sum_{j = 1}^{m} {({LB}_{j} - {\overline{LB}}_{j})}^{2}}{m - 1}} . \end{matrix}$

In Eq. (14), ${LB}_{j}$ calculated by Eq. (15) is denoted as load balancing factor, and is ${\overline{LB}}_{j}$ is the average of ${LB}_{j}$ , $\begin{matrix} (15) & {LB}_{j} = \frac{C_{e} (T_{i}, {cr}_{j})}{\sum_{i = 1}^{N} \sum_{j = 1}^{M} C_{e} (T_{i}, {cr}_{j})} / \frac{l_{i}}{\sum_{i = 1}^{N} l_{i}} . \end{matrix}$

In the experiment, we compare security-aware data replica selection (SDRS) in the paper with SCP in [27] and ESMH in [13] using performance indicators of time, cost and security. 50 BOT applications are generated according to Section 6.1, and the average performance indicators of four algorithms are computed. The experimental results are shown in Figs 4, 5, 6 and 7, respectively. It can be seen that the values of makespan and cost generated by SDRS is lower than those generated by SCP and ESMH, the value of security utility generated by SDRS is higher than those generated by SCP and ESMH. Meanwhile, the growth rate of LBD generated by SDRS is slower than those generated by SCP and ESMH. It can verify the validity and feasibility of SDRS.

Fig. 4.

The time of BoT.

Fig. 5.

The cost of BoT.

Fig. 6.

The security utility value of BoT.

Fig. 7.

The LBD of BoT.

7. Conclusions and future work

For data-intensive applications based on the architecture of cloud computing, we choose BoT as the research subjects in the paper, describe the security of data replica using the cloud model, and propose the security-aware data replica selection algorithm for BoT scheduling. The simulation experiments show that the proposed selection strategy has good performance in time, cost, security utility value and LBD. Considering that the security-aware heuristic algorithm belongs to greedy algorithm, which is easy to fall into local optimal solution, how to select the effective methods to solve the problem is the next research work in the future.

References

[1]

I.M.

Abbadi and

Ruan, Towards trustworthy resource scheduling in clouds, IEEE Transactions on Information Forensics and Security 8(6) (2013), 973–984.

[2]

Aguiar,

Zhang and

Blanton, An overview of issues and recent developments in cloud computing and storage security, in: High Performance Cloud Auditing and Applications, Springer, New York, 2014, pp. 3–33.

[3]

H.H.E.

Al-Mistarihi and

C.H.

Yong, On fairness, optimizing replica selection in data grids, Parallel and Distributed Systems, IEEE Transactions on 20(8) (2009), 1102–1111.

[4]

R.M.

Almuttairi,

Wankar,

Negi and

C.R.

Rao, Smart replica selection for data grids using rough set approximations (RSDG), in: 2010 International Conference on Computational Intelligence and Communication Networks (CICN), IEEE, 2010, pp. 466–471.

[5]

Alrifai and

Risse, Combining global optimization with local selection for efficient QoS-aware service composition, in: Proceedings of the 18th International Conference on World Wide Web, ACM, 2009, pp. 881–890.

[6]

Bhatia,

S.K.

Muttoo and

M.P.S.

Bhatia, Secure requirement prioritized grid scheduling model, International Journal Network Security 15(6) (2013), 478–483.

[7]

Borthakur, The hadoop distributed file system: Architecture and design, Hadoop Project Website, 11, 21, 2007.

[8]

Buyya,

C.S.

Yeo,

Venugopal,

Broberg and

Brandic, Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Computer Systems 25(6) (2009), 599–616.

[9]Cloudsim, The Clouds Lab, (2012). Cloudsim: A framework for modeling and simulation of cloud computing infrastructures and services, available at: http://www.cloudbus.org/cloudsim/, accessed 28/02/2012.

10.

[10]

Fard,

Prodan and

Fahringer, A truthful dynamic workflow scheduling mechanism for commercial multicloud environments, IEEE Transactions on Parallel and Distributed Systems 24(6) (2013), 1203–1212.

11.

[11]

R.K.

Grace and

Manimegalai, Dynamic replica placement and selection strategies in data grids – A comprehensive survey, Journal of Parallel and Distributed Computing 74(2) (2014), 2099–2108.

12.

[12]

Hu and

Veeravalli, Requirement-aware scheduling of bag-of-tasks applications on grids with dynamic resilience, Computers, IEEE 62(10) (2013), 2108–2114.

13.

[13]

O.A.

Jadaan,

Abdulal,

M.A.

Hameed and

Jabas, Enhancing data selection using genetic algorithm, in: 2010 International Conference on Computational Intelligence and Communication Networks (CICN), IEEE, 2010, pp. 434–439.

14.

[14]

Li,

Liu and

Gan, A new cognitive model: Cloud model, International Journal of Intelligent Systems 24(3) (2009), 357–375.

15.

[15]

Mansouri,

G.H.

Dastghaibyfard and

Mansouri, Combination of data replication and scheduling algorithm for improving data availability in data grids, Journal of Network and Computer Applications 36(2) (2013), 711–722.

16.

[16]

Palmieri, GMPLS-based service differentiation for scalable QoS support in all-optical grid applications, Future Generation Computer Systems 22(6) (2006), 688–698.

17.

[17]

Palmieri, Percolation-based replica discovery in peer-to-peer grid infrastructures, in: Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, Vol. 25, 2010, pp. 45–56.

18.

[18]

Palmieri,

Buonanno,

Venticinque,

Aversa and

Di Martino, A distributed scheduling framework based on selfish autonomous agents for federated cloud environments, Future Generation Computer Systems 29(6) (2013), 1461–1472.

19.

[19]

Palmieri and

Pardi, Network-aware replica optimization in the SCoPE grid infrastructure, in: Lecture Notes in Computer Science, Vol. 5073, 2008, pp. 845–857.

20.

[20]

Pandey and

Buyya, Scheduling workflow applications based on multi-source parallel data retrieval in distributed computing networks, The Computer Journal 55(11) (2012), 1288–1308.

21.

[21]

R.M.

Rahman,

Barker and

Alhajj, A predictive technique for replica selection in grid environment, in: Seventh IEEE International Symposium on Cluster Computing and the Grid, 2007. CCGRID 2007, IEEE, 2007, pp. 163–170.

22.

[22]

Rong,

S.T.

Nguyen and

M.G.

Jaatun, Beyond lightning: A survey on security challenges in cloud computing, Computers and Electrical Engineering 39(1) (2013), 47–54.

23.

[23]

Ryan, Cloud computing security: The scientific challenge, and a survey of solutions, Journal of Systems and Software 86(9) (2013), 2263–2268.

24.

[24]

Sashi and

A.S.

Thanamani, Dynamic replication in a data grid using a modified BHR region based algorithm, Future Generation Computer Systems 27(2) (2011), 202–210.

25.

[25]

Tan,

Sun,

Li et al., A trust service-oriented scheduling model for workflow applications in cloud computing, IEEE Systems Journal 8(3) (2014), 868–878.

26.

[26]

Toosi,

Calheiros and

Buyya, Interconnected cloud computing environments: Challenges, taxonomy, and survey, ACM Computing Surveys (CSUR) 47(1) (2014), 7.

27.

[27]

Venugopal and

Buyya, An SCP-based heuristic approach for scheduling distributed cloud workflow application on global grids, Journal of Parallel and Distributed Computing 68(4) (2008), 471–487.

28.

[28]

Viriyasitavat and

Martin, A survey of trust in workflows and relevant contexts, Communications Surveys & Tutorials, IEEE 14(3) (2012), 911–940.

29.

[29]

Wang,

Ramamohanarao and

Chen, Trust based robust scheduling and runtime adaptation of scientific workflow, Concurrency and Computation: Practice and Experience 21(16) (2009), 1982–1998.

30.

[30]

Wang,

Zhang,

Wang and

Qiu, A cloud-based trust model for evaluating quality of web services, Journal of Computer Science and Technology 25(6) (2010), 1130–1142.

31.

[31]

Wei,

Zhu,

Cao et al., Security and privacy for storage and computation in cloud computing, Information Sciences 258 (2014), 371–386.

32.

[32]

Yang,

Yan and

Zeng, How to handle uncertainties in AHP: The cloud Delphi hierarchical analysis, Information Sciences 222 (2013), 384–404.

33.

[33]

Yang,

Peng and

Fu, A framework of cloud service selection based on trust mechanism, International Journal of Ad Hoc and Ubiquitous Computing, to appear.