Securing the Intermediate Data of Scientific Workflows in Clouds with ACISO

Many scientific workflow applications are moving to clouds. A scientific workflow is a complicated scientific computing task consisting of many sub-tasks, and each sub-task execution can generate the intermediate data used for the successor sub-task execution. The correct execution of scientific workflows depends on the security of the intermediate data, which is transmitted frequently between virtual machines during the process of the workflow execution. In multi-tenant clouds, the intermediate data contains three attributes: availability, confidentiality and integrity. If the intermediate data is lost, stolen, or tampered with by malicious tenants, the intermediate data's attribute will be damaged, causing workflow interruption, the leakage of secret information or incorrect workflow results. For these problems, we propose ACISO scheme to secure the intermediate data by improving its availability, confidentiality, and integrity. In the scheme, availability, confidentiality and integrity strategy pools are constructed by various erasure codes, encryption algorithms and hash functions, respectively. Then we present a security strategy optimal allocation model named SSOA, which aims to maximize the overall intermediate data security strength while meeting the constraints of the workflow makespan and storage overhead. Normally, a scientific workflow contains a large number of the intermediate data, so solving this model is NP hard. Therefore, we propose a heuristic solution to solve SSOA. The simulation results show that ACISO can effectively improve the availability, confidentiality, and integrity of the intermediate data of the scientific workflows.