Weizhong Qiang

An adaptive meta-scheduler for data-intensive applications

In data-intensive applications, such as high-energy physics, bio-informatics, we encounter applications involving numerous jobs that access and generate large datasets. Effective scheduling of such applications is a challenge, due to the need to consider for both computational resources and data storage resources. In this paper, we describe an adaptive scheduling model that considers availability of computational, storage and network resources. Based on this model we implement a scheduler used in our campus grid. The results achieved by our scheduler have been analysed by comparing with greedy algorithm that is widely used in computational grids and some data grids.

RB-GACA: an RBAC based grid access control architecture

Grid computing is emerging as a new format of wide area distributed computing. Because the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is a critical concern in grid computing. Authorisation and access control, which are important aspects of security, have obtained more and more attention. This paper proposes a universal, scalable authorisation and access control architecture, RB-GACA, for grid computing. It is based on classical access control mechanism in distributed applications, Role Based Access Control (RBAC). The paper provides a flexible policy management approach for various grid environments. We also use a standard policy language for the presentation of access control policies to provide a general and standard support for different services and resources.

SHelp: Automatic Self-Healing for Multiple Application Instances in a Virtual Machine Environment

When multiple instances of an application running on multiple virtual machines, an interesting problem is how to utilize the fault handling result from one application instance to heal the same fault occurred on other sibling instances, and hence to ensure high service availability in a cloud computing environment. This paper presents SHelp, a lightweight runtime system that can survive software failures in the framework of virtual machines. It applies weighted rescue points and error virtualization techniques to effectively make applications by-pass the faulty path. A two-level storage hierarchy is adopted in the rescue point database for applications running on different virtual machines to share error handling information to reduce the redundancy and to more effectively and quickly recover from future faults caused by the same bugs. A Linux prototype is implemented and evaluated using four web server applications that contain various types of bugs. Our experimental results show that SHelp can make server applications to recover from these bugs in just a few seconds with modest performance overhead.

An Adaptive Meta-scheduler for Data-Intensive Applications

In data-intensive applications, such as high-energy physics, bio-informatics, we encounter applications involving numerous jobs that access and generate large datasets. Effective scheduling such applications is challenging, due to a need to consider for both computational resources and data storage resources. In this paper, we describe an adaptive scheduling model that consider availability of computational, storage and network resources. Based on this model we implement a scheduler used in our campus grid. The results achieved by our scheduler have been analyzed by comparing Greedy algorithm that is widely used in computational grids and some data grids.

Cloud Authentication Based on Anonymous One-Time Password

Cloud computing contains many enterprise applications that require from each user to perform authenticate at first step. Then, he will gain a permit from the service provider to access resources at second step. The issue breach remains facing a modern computing model. A more secure scheme is the two-factor authentication (2FA) that requires a second factor (such as finger print, token) with username/password. Nevertheless, the feasibility of 2FA is largely limited by high device cost, malicious attack and the deployment complexity. In this paper, we propose a scheme of 2FA in cloud computing systems that depends on One-Time Password (OTP), Asymmetric Scalar-product Preserving Encryption (ASPE) and RSA digital signature as two factors. Furthermore, it overcomes aforementioned issues and does not require extra devices such as token device, card reader in smart card and scanner in physiological biometrics. The proposed scheme distinguishes to resist practical attacks, high-security level, anonymous password, mutual authentication, identity management, the cloud server and a user can establish authenticated session keys, reduces the cost, and good performance.

A new approach to hide policy for automated trust negotiation

Automated trust negotiation (ATN) is an important approach to establish trust between strangers through the exchange of credentials and access control policies. In practice, access control policy may contain sensitive information. The negotiation process becomes complicated when the access control policy is designed complex in order to avoid information leakage. Furthermore, if the access control policy has conflicts or cycles, normal negotiation strategies often fail. In this paper, a new approach to hide access control policy is proposed based on the study on the existing problems. In the approach, the policy consistency is checked so as to detect policy conflicts. 0-1 table is used to implement it as well as discover minimal credential-set. Meanwhile, a practical example shows that the approach is suitable and can effectively protect sensitive information in access control policy.

A Practical Privacy-preserving Password Authentication Scheme for Cloud Computing

An era of cloud computing allows users to profit from many privileges. However, there are several new security challenges. In fact, anonymous password authentication in the traditional setting has been suffered from many inherent drawbacks such as ease of exposure to malicious attacks and users registered their passwords in the server. Our scheme proposes the phenomenal context according to three main components: data owner, users, and service provider in cloud where users do not need to register their passwords in the service provider. Moreover, the data owner is contributed to make secure decisions, so that he manages the significant keys to other components distributedly. The proposal enjoys several advantages such as preserving privacy of password, unlink ability, and secrecy of session key. We have given a mechanism to prove the identity of the users authenticated without a need to reveal their passwords. Our approach has been achieved good results of reliability, and validity for cloud password authentication. The experimental results show an effective level of performance.

Grid System Integrated with Trusted Computing Platform

Grid provides people the way to share large mount of distributed resources and services that belong to different local organizations. That is a good way to share many kinds of distributed resources via the network in the open environment, thus it makes security problems more complicate and more important for us than before. In this paper, we analyze the requirements of trusted computing in grid. Considering the security and safety problems both in software and hardware, we construct a way to promote the trusted computing environment for grid by integrating the trusted computing platform (TCP) into grid system. We propose a new prototype system, the Daonity, in which grid system is combined with trusted platform support service (TSS) and TSS is based on trusted platform module (TPM). In this design, better effect can be obtained in authentication, confidentiality and integrity in grid computing environment

RB-GACA: A RBAC Based Grid Access Control Architecture

Because the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is a critical concern in grid computing. This paper proposes a general authorization and access control architecture, RB-GACA, for grid computing. It is based on classical access control mechanism in distributed applications, Role Based Access Control (RBAC). We also use a kind of standard policy language as the presentation of access control policies to provide a general and standard support for different services and resources.

Daonity: an experience on enhancing grid security by trusted computing technology

A critical problem for grid security is how to gain secure solution for Grid virtual organization (VO). In Grid practice at present, issues of VO security rely on non-distributed policy management and related PKI mechanism. A practical but difficult solution is to enforce fine granularity policy over distributed sites. The emerging Trusted Computing (TC) technologies offer great potential to improve this situation. In our Project Daonity, Trusted Platform Module (TPM), as a tamper-resistance module, is shared as a strong secure resource among platforms of grid users. Based on the sharing mechanism, a TC-enabled architecture is proposed to improve Grid Security Infrastructure, especially authorization protection and single sign on are enhanced to demonstrate how to gain enhanced and distributed security in grid environment.