Institutional Repository
| 基于动态域划分的MapReduce安全冗余调度策略 | |
| Alternative Title | Securely redundant scheduling policy for MapReduce based on dynamic domains partition |
| 沈晴霓; 卿斯汉; 吴中海; 张力哲; 杨雅辉; Wu, Z.-H.(wuzh@pku.edu.cn) | |
| 2014 | |
| Source | 通信学报
 |
| ISSN | 1000436X |
| Volume | 35Issue:1Pages:34-46 |
| English Abstract | MapReduce现有调度策略无法实现云环境中多租户作业的安全隔离。提出一种基于动态域划分的安全冗余调度策略:通过引入冲突关系、信任度、安全标签等概念,建立一种动态域划分模型,以将待调度节点划分为与不同租户作业关联的冲突域、可信域或调度域;结合冗余方式,将租户作业同时调度到其可信域节点和调度域节点(但不允许为其冲突域节点),通过二者执行环境和部分计算结果的一致性验证决定是否重新调度。实验分析了其有效性和安全性。 MapReduce’s current scheduling policies could not ensure the isolation between multi-tenant Tasks in the cloud. A securely redundant scheduling policy based on dynamic domains partition was proposed. First, a kind of dy-namic domain partition model was introduced in this policy. Based on the node’s current belief, security labels with the conflict relationship between tenants, a computing node was partitioned into the conflict domain, trusted domain or schedulable domain in this model. Second, through redundantly computing, two copies of each Task were assigned re-spectively to its trusted domain node and its schedulable domain node (but not allow for its conflict domain node) in this policy. And the integrity of the two nodes’execution environments and the consistence of their results on a small part of original input data were verified. Accordingly, it decided whether the schedulable domain node was trusted. Finally, the performance and security analysis in the prototype show its effectiveness. |
| Indexed Type | EI |
| Abstract | MapReduce's current scheduling policies could not ensure the isolation between multi-tenant Tasks in the cloud. A securely redundant scheduling policy based on dynamic domains partition was proposed. First, a kind of dynamic domain partition model was introduced in this policy. Based on the node's current belief, security labels with the conflict relationship between tenants, a computing node was partitioned into the conflict domain, trusted domain or schedulable domain in this model. Second, through redundantly computing, two copies of each Task were assigned respectively to its trusted domain node and its schedulable domain node (but not allow for its conflict domain node) in this policy. And the integrity of the two nodes' execution environments and the consistence of their results on a small part of original input data were verified. Accordingly, it decided whether the schedulable domain node was trusted. Finally, the performance and security analysis in the prototype show its effectiveness. |
| Keyword | 云计算 Mapreduce框架 动态域划分 安全冗余调度 Cloud Computing Mapreduce Framework Dynamic Domain Partition Securely Redundant Scheduling |
| Department | 北京大学 软件与微电子学院,北京102600; 北京大学 网络与软件安全保障教育部重点实验室,北京100871 北京大学 软件与微电子学院,北京102600; 北京大学 网络与软件安全保障教育部重点实验室,北京100871; 中国科学院 软件研究所,北京 100190 |
| Language | 中文 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16972 |
| Collection | 中国科学院软件研究所 |
| Corresponding Author | Wu, Z.-H.(wuzh@pku.edu.cn) |
| Recommended Citation GB/T 7714 | 沈晴霓,卿斯汉,吴中海,等. 基于动态域划分的MapReduce安全冗余调度策略[J]. 通信学报,2014,35(1):34-46. |
| APA | 沈晴霓,卿斯汉,吴中海,张力哲,杨雅辉,&Wu, Z.-H..(2014).基于动态域划分的MapReduce安全冗余调度策略.通信学报,35(1),34-46. |
| MLA | 沈晴霓,et al."基于动态域划分的MapReduce安全冗余调度策略".通信学报 35.1(2014):34-46. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment