A provenance-based heuristic for preserving results confidentiality in cloud-based scientific workflows

摘要

Cloud computing relies on resource sharing to provide a reliable environment for scientists to deploy their simulation-based experiments on distributed virtual resources to execute a wide range of scientific experiments. These experiments can be modeled as scientific workflows and many of them are data-intensive and produce a large volume of data, which is also stored in the cloud by Scientific Workflow Management Systems (SWfMS) using storage services. One recurrent concern regarding cloud storage services is confidentiality of stored data, i.e., if unauthorized people access data files they can infer knowledge about the results or even about the workflow specification. Encryption is a potential solution, but it may not be sufficient. A new level of security can be added to preserve data confidentiality: data dispersion. In order to reduce the risk, generated data files cannot be placed in the same location, or at least sensitive data files have to be distributed across many cloud storage services. In this article, we present OPTIC (OPTimizing Confidentiality of workflow results), an approach that aims at preserving workflow results confidentiality in cloud storage services by means of optimization techniques, such as mathematical programming and heuristic approaches. OPTIC generates a distribution plan for data files generated during a workflow execution. This plan disperses data files in several cloud storage services to preserve confidentiality, taking into account conflicts and restrictions amongst the data files. This distribution plan is then sent to the SWfMS that effectively stores generated data into specific buckets in different services during workflow execution. Several experiments performed on real data gathered from public workflows, such as SciPhy, Montage, LIGO and SIPHT, indicate the effectiveness of the proposed approach. (C) 2019 Elsevier B.V. All rights reserved.