基于动态域划分的MapReduce安全冗余调度策略 | |
沈晴霓 ; 卿斯汉 ; 吴中海 ; 张力哲 ; 杨雅辉 | |
刊名 | 通信学报 |
2014 | |
卷号 | 35期号:1页码:34-46 |
关键词 | 云计算 MapReduce框架 动态域划分 安全冗余调度 cloud computing MapReduce framework dynamic domain partition securely redundant scheduling |
ISSN号 | 1000436X |
其他题名 | Securely redundant scheduling policy for MapReduce based on dynamic domains partition |
通讯作者 | Wu, Z.-H.(wuzh@pku.edu.cn) |
中文摘要 | MapReduce现有调度策略无法实现云环境中多租户作业的安全隔离。提出一种基于动态域划分的安全冗余调度策略:通过引入冲突关系、信任度、安全标签等概念,建立一种动态域划分模型,以将待调度节点划分为与不同租户作业关联的冲突域、可信域或调度域;结合冗余方式,将租户作业同时调度到其可信域节点和调度域节点(但不允许为其冲突域节点),通过二者执行环境和部分计算结果的一致性验证决定是否重新调度。实验分析了其有效性和安全性。 MapReduce’s current scheduling policies could not ensure the isolation between multi-tenant Tasks in the cloud. A securely redundant scheduling policy based on dynamic domains partition was proposed. First, a kind of dy-namic domain partition model was introduced in this policy. Based on the node’s current belief, security labels with the conflict relationship between tenants, a computing node was partitioned into the conflict domain, trusted domain or schedulable domain in this model. Second, through redundantly computing, two copies of each Task were assigned re-spectively to its trusted domain node and its schedulable domain node (but not allow for its conflict domain node) in this policy. And the integrity of the two nodes’execution environments and the consistence of their results on a small part of original input data were verified. Accordingly, it decided whether the schedulable domain node was trusted. Finally, the performance and security analysis in the prototype show its effectiveness. |
英文摘要 | MapReduce's current scheduling policies could not ensure the isolation between multi-tenant Tasks in the cloud. A securely redundant scheduling policy based on dynamic domains partition was proposed. First, a kind of dynamic domain partition model was introduced in this policy. Based on the node's current belief, security labels with the conflict relationship between tenants, a computing node was partitioned into the conflict domain, trusted domain or schedulable domain in this model. Second, through redundantly computing, two copies of each Task were assigned respectively to its trusted domain node and its schedulable domain node (but not allow for its conflict domain node) in this policy. And the integrity of the two nodes' execution environments and the consistence of their results on a small part of original input data were verified. Accordingly, it decided whether the schedulable domain node was trusted. Finally, the performance and security analysis in the prototype show its effectiveness. |
收录类别 | EI |
语种 | 中文 |
公开日期 | 2014-12-16 |
内容类型 | 期刊论文 |
源URL | [http://ir.iscas.ac.cn/handle/311060/16972] |
专题 | 软件研究所_软件所图书馆_期刊论文 |
推荐引用方式 GB/T 7714 | 沈晴霓,卿斯汉,吴中海,等. 基于动态域划分的MapReduce安全冗余调度策略[J]. 通信学报,2014,35(1):34-46. |
APA | 沈晴霓,卿斯汉,吴中海,张力哲,&杨雅辉.(2014).基于动态域划分的MapReduce安全冗余调度策略.通信学报,35(1),34-46. |
MLA | 沈晴霓,et al."基于动态域划分的MapReduce安全冗余调度策略".通信学报 35.1(2014):34-46. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论