IaaS环境下多租户安全资源分配算法和安全服务调度框架

doi:10.11772/j.issn.1001-9081.2017.02.0383

计算机应用 ›› 2017, Vol. 37 ›› Issue (2): 383-387.DOI: 10.11772/j.issn.1001-9081.2017.02.0383

• 第十届中国可信计算与信息安全学术会议 • 上一篇下一篇

IaaS环境下多租户安全资源分配算法和安全服务调度框架

苑中梁, 陈兴蜀, 王毅桐

四川大学计算机学院, 成都 610065

收稿日期:2016-08-15 修回日期:2016-09-09 出版日期:2017-02-10 发布日期:2017-02-11
通讯作者: 陈兴蜀,chenxsh@scu.edu.cn
作者简介:苑中梁(1991-),男,硕士研究生,山西朔州人,主要研究方向:虚拟网络、云计算安全;陈兴蜀(1968-),女,四川自贡人,教授,博士,主要研究方向:信息安全、云计算安全、大数据分析;王毅桐(1987-),男,四川成都人,博士研究生,主要研究方向:云计算安全。
基金资助:
国家自然科学基金资助项目（61272447）。

Security resource allocation and service scheduling framework for multiple tenants in IaaS

YUAN Zhongliang, CHEN Xingshu, WANG Yitong

College of Computer Science, Sichuan University, Chengdu Sichuan 610065, China

Received:2016-08-15 Revised:2016-09-09 Online:2017-02-10 Published:2017-02-11
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61272447).

摘要/Abstract

摘要： 针对基础设施即服务（IaaS）环境下多租户使用安全服务时由于安全资源有限和安全资源分配不均导致的效率低下问题，提出了一个租户安全资源调度框架。首先以最小最大公平算法为基础，结合Fair Scheduler的调度思想为租户设定了最小共享量和资源需求量属性；然后通过安全服务资源分配算法在保证租户最小共享量满足的前提下，尽可能公平地满足租户的资源需求；最后结合租户内任务调度和租户间资源抢占算法，实现了租户安全服务调度框架。实验结果表明，在随机资源分配条件下，安全服务资源分配算法与传统资源分配算法相比在资源利用率和作业效率上均有明显提高，安全服务调度框架可以有效解决多租户安全资源的分配和强占问题。

关键词: 云计算, 安全服务, 资源分配, 作业调度

Abstract: In Infrastructure-as-a-Service (IaaS) environment, the limited security service resources and uneven allocation of security resources for multiple tenants causes low efficiency of security service scheduling. To resolve this problem, a tenant security service scheduling framework was designed. Based on the minimum fairness algorithm and the scheduling idea of Fair Scheduler, the minimum sharing resources and resource demand attribute were set for the tenant. Then, the security service resource allocation algorithm was used to satisfy the tenant's resource demand as fair as possible to ensure the minimum sharing resources of the tenant. Finally, a tenant security service scheduling framework was implemented by combining the job scheduling algorithm within tenant and resource preemption algorithm among tenants. The experimental results show that under the condition of random allocation of resources, the proposed security service resource allocation algorithm is better than traditional algorithms in the aspects of resource utilization and operation efficiency, and the security service scheduling framework can solve the uneven allocation of security resources for multiple tenants.

Key words: cloud computing, security service, resource allocation, job scheduling

中图分类号:

TP309.2

苑中梁, 陈兴蜀, 王毅桐. IaaS环境下多租户安全资源分配算法和安全服务调度框架[J]. 计算机应用, 2017, 37(2): 383-387.

YUAN Zhongliang, CHEN Xingshu, WANG Yitong. Security resource allocation and service scheduling framework for multiple tenants in IaaS[J]. Journal of Computer Applications, 2017, 37(2): 383-387.

参考文献

[1] VARIA J, MATHEW S. Overview of Amazon Web services[EB/OL].[2015-01-21]. http://docs.aws.amazon.com/gettingstarted/latest/awsgsg-intro/intro.html.
[2] MELL P M, GRANCE T. The NIST definition of cloud computing, SP 800-145[R]. Gaithersburg, MD:National Institute of Standards & Technology, 2011.
[3] MURRAY S. IDC forecasts[EB/OL].[2015-11-20]. http://www.idc.com/getdoc.jsp?containerId=prUS25797415.
[4] ZISSIS D, LEKKAS D. Addressing cloud computing security issues[J]. Future Generation computer systems, 2012, 28(3):583-592.
[5] 亚马逊EC2云计算服务遭到僵尸网络攻击引发故障[EB/OL].[2016-06-13]. http://www.2cto.com/News/200912/43369.html. (The EC2 of Amazon was attacked by botnet[EB/OL].[2016-06-13]. http://www.2cto.com/News/200912/43369.html.).
[6] 阿里云9月1日云盾升级故障真相[EB/OL].[2015-09-11]. http://www.infoq.com/cn/news/2015/09/aliyun-yundun?isappinstalled=0. (The truth of the malfunction which is occur in Aliyun at Sep.1[EB/OL].[2015-09-11]. http://www.infoq.com/cn/news/2015/09/aliyun-yundun?isappinstalled=0.).
[7] JANSEN W, GRANCE T. Guidelines on security and privacy in public cloud computing, SP 800-144[R]. Gaithersburg, MD:National Institute of Standards & Technology, 2011.
[8] 阿里云安全白皮书V1.2[EB/OL].(2014-03). http://www.chinacloud.cn/show.aspx?id=15308&cid=29. (The white paper of Aliyun security system[EB/OL]. (2014-03). http://www.chinacloud.cn/show.aspx?id=15308&cid=29.).
[9] The VMware NSX network virtualization platform[EB/OL]. (2015-07)[2016-03-16]. http://www.vmware.com/cn/products/nsx/.
[10] ETSI. Network Functions Virtualisation (NFV); architectural framework[EB/OL].[2016-03-16]. http://www.etsi.org/deliver/etsi_gs/NFV/001_099/002/01.01.01_60/gs_NFV002v010101p.pdf.
[11] ETSI. Network Functions Virtualisation (NFV); virtual network functions architecture[EB/OL].[2016-03-16]. http://www.etsi.org/deliver/etsi_gs/NFV-SWA/001_099/001/01.01.01_60/gs_nfv-swa001v010101p.pdf.
[12] 王永贵,韩瑞莲.基于改进蚁群算法的云环境任务调度研究[J].计算机测量与控制,2011,19(5):1203-1204. (WANG Y G, HAN R L. Study on cloud computing task schedule strategy based on MACO algorithm[J]. Computer Measurement & Control, 2011, 19(5):1203-1204.).
[13] 王祺元,闫宏印.基于改进RM算法的云环境任务调度研究[J].计算机测量与控制,2013,21(6):1612-1614. (WANG Q Y, YAN H Y. Study on cloud computing task scheduling strategy based on RM algorithm[J]. Computer Measurement & Control, 2013, 21(6):1612-1614.).
[14] 金伟健,王春枝.基于匹配规则的MapReduce任务调度模型[J].计算机应用,2014,34(4):1010-1013. (JIN W J,WANG C Z. MapReduce tasks scheduling model based on matching rules[J]. Journal of Computer Applications, 2014, 34(4):1010-1013.).
[15] ZAHARIA M, BORTHAKUR D, SARMA J S, et al. Job scheduling for multi-user mapreduce clusters, EECS-2009-55[R]. Berkley:University of California, EECS Department, 2009.
[16] 吴吉红.基于服务质量的多租户资源调度方法研究[D].沈阳:辽宁大学, 2012:21-48. (WU J H. Multi-tenant resource scheduling method based on the quality of service[D]. Shenyang:Liaoning University, 2012:21-48.).
[17] MARBACH P. Priority service and max-min fairness[J]. IEEE/ACM Transactions on Networking, 2003, 11(5):733-746.

IaaS环境下多租户安全资源分配算法和安全服务调度框架

Security resource allocation and service scheduling framework for multiple tenants in IaaS

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[2]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[3]	杨翎, 姜春茂. 基于三支决策的虚拟机节能迁移策略[J]. 计算机应用, 2021, 41(4): 990-998.
[4]	孙晓玲, 杨光, 沈焱萍, 杨秋格, 陈涛. 基于可拆分倒排索引的可搜索加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3288-3294.
[5]	吕佳玉, 竺智荣, 姚志强. 云计算环境下的双通道数据动态加密策略[J]. 计算机应用, 2020, 40(8): 2268-2273.
[6]	陈程军, 毛莺池, 王绎超. 基于激活-熵的分层迭代剪枝策略的CNN模型压缩[J]. 计算机应用, 2020, 40(5): 1260-1265.
[7]	郭曙杰, 李志华, 蔺凯青. 云环境下基于模糊隶属度的虚拟机放置算法[J]. 计算机应用, 2020, 40(5): 1374-1381.
[8]	黄冬艳, 付中卫, 王波. 计算资源受限的移动边缘计算服务器收益优化策略[J]. 计算机应用, 2020, 40(3): 765-769.
[9]	许英鑫, 孙磊, 赵建成, 郭松辉. 基于蚁群优化算法的虚拟现场可编程门阵列部署策略[J]. 计算机应用, 2020, 40(3): 747-752.
[10]	王庆永, 毛莺池, 王绎超, 王龙宝. 基于多微云协作的计算任务卸载[J]. 计算机应用, 2020, 40(2): 328-334.
[11]	刘福鑫, 李劲巍, 王熠弘, 李琳. 基于Kubernetes的云原生海量数据存储系统设计与实现[J]. 计算机应用, 2020, 40(2): 547-552.
[12]	黄秀丽, 黄进, 于鹏飞, 缪巍巍, 杨如侠, 李怡静, 喻鹏. 电力无线专网中面向安全风险的分布式资源分配方法[J]. 计算机应用, 2020, 40(12): 3586-3593.
[13]	杨哂哂, 吴慧珍, 庄黎丽, 吕宏武. 基于Markov过程的IaaS系统可用性建模与分析方法[J]. 计算机应用, 2020, 40(10): 3013-3018.
[14]	程文亮, 王志宏, 周虞, 过弋, 赵俊锋. 面向外汇市场监测的分布式计算框架设计[J]. 计算机应用, 2020, 40(1): 173-180.
[15]	林立, 熊金波, 肖如良, 林铭炜, 陈秀华. Gaming@Edge:基于边缘节点的低延迟云游戏系统[J]. 计算机应用, 2019, 39(7): 2001-2007.