This Article 
 Bibliographic References 
 Add to: 
Scheduling Security-Critical Real-Time Applications on Clusters
July 2006 (vol. 55 no. 7)
pp. 864-879
Tao Xie, IEEE
Xiao Qin, IEEE
Security-critical real-time applications such as military aircraft flight control systems have mandatory security requirements in addition to stringent timing constraints. Conventional real-time scheduling algorithms, however, either disregard applications' security needs and thus expose the applications to security threats or run applications at inferior security levels without optimizing security performance. In recognition that many applications running on clusters demand both real-time performance and security, we investigate the problem of scheduling a set of independent real-time tasks with various security requirements. We build a security overhead model that can be used to reasonably measure security overheads incurred by the security-critical tasks. Next, we propose a security-aware real-time heuristic strategy for clusters (SAREC), which integrates security requirements into the scheduling for real-time applications on clusters. Further, to evaluate the performance of SAREC, we incorporate the earliest deadline first (EDF) scheduling policy into SAREC to implement a novel security-aware real-time scheduling algorithm (SAEDF). Experimental results from both real-world traces and a real application show that SAEDF significantly improves security over three existing scheduling algorithms (EDF, Least Laxity First, and First Come First Serve) by up to 266.7 percent while achieving high schedulability.

[1] T.F. Abdelzaher and K.G. Shin, “Combined Task and Message Scheduling in Distributed Real-Time Systems,” IEEE Trans. Parallel and Distributed Systems, vol. 10, no. 11, Nov. 1999.
[2] T.F. Abdelzaher, E.M. Atkins, and K.G. Shin, “QoS Negotiation in Real-Time Systems and Its Application to Automated Flight Control,” IEEE Trans. Computers, vol. 49, no. 11, pp. 1170-1183, Nov. 2000.
[3] Q. Ahmed and S. Vrbsky, “Maintaining Security in Firm Real-Time Database Systems,” Proc. 14th Ann. Computer Security Application Conf., 1998.
[4] A. Amin, R. Ammar, and A. El Dessouly, “Scheduling Real Time Parallel Structures on Cluster Computing with Possible Processor Failures,” Proc. Int'l Symp. Computers and Comm., June 2004.
[5] A. Apvrille and M. Pourzandi, “XML Distributed Security Policy for Clusters,” Computers & Security J., vol. 23, no. 8, pp. 649-658, Dec. 2004.
[6] F. Azzedin and M. Maheswaran, “Towards Trust-Aware Resource Management in Grid Computing Systems,” Proc. Second IEEE/ACM Int'l Symp. Cluster Computing and the Grid, May 2002.
[7] M. Bishop, Computer Security. Addison-Wesley, 2003.
[8] A. Bosselaers, R. Govaerts, and J. Vandewalle, “Fast Hashing on the Pentium,” Proc. Advances in Cryptology, 1996.
[9] T.D. Braun et al., “A Comparison Study of Static Mapping Heuristics for a Class of Meta-Tasks on Heterogeneous Computing Systems,” Proc. Workshop Heterogeneous Computing, Apr. 1999.
[10] S. Cheng and Y. Huang, “Dynamic Real-Time Scheduling for Multi-Processor Tasks Using Genetic Algorithm,” Proc. 28th Ann. Int'l Conf. Computer Software and Applications, pp. 154-160, Sept. 2004.
[11] K. Connelly and A.A. Chien, “Breaking the Barriers: High Performance Security for High Performance Computing,” Proc. Workshop New Security Paradigms, Sept. 2002.
[12] J. Deepakumara, H.M. Heys, and R. Venkatesan, “Performance Comparison of Message Authentication Code (MAC) Algorithms for Internet Protocol Security (IPSEC),” Proc. Newfoundland Electrical and Computer Eng. Conf., 2003.
[13] G. Donoho, “Building a Web Service to Provide Real-Time Stock Quotes,” MCAD. Net, Feb. 2004.
[14] O. Elkeelany, M. Matalgah, K. Sheikh, M. Thaker, G. Chaudhry, D. Medhi, and J. Qaddouri, “Performance Analysis of IPSEC Protocol: Encryption and Authentication,” Proc. IEEE Int'l Conf. Comm., pp. 1164-1168, Apr.-May 2002.
[15] B. George and J. Haritsa, “Secure Transaction Processing in Firm Real-Time Database Systems,” Proc. ACM SIGMOD Conf., 1997.
[16] W.A. Halang et al., “Measuring the Performance of Real-Time Systems,” Int'l J. Time-Critical Computing Systems, vol. 18, pp. 59-68, 2000.
[17] A. Harbitter and D.A. Menasce, “The Performance of Public Key Enabled Kerberos Authentication in Mobile Computing Applications,” Proc. ACM Conf. Computer and Comm. Security, 2001.
[18] M. Harchol-Balter and A. Downey, “Exploiting Process Lifetime Distributions for Load Balancing,” ACM Trans. Computer Systems, vol. 3, no. 31, 1997.
[19] L. He, A. Jatvis, and D.P. Spooner, “Dynamic Scheduling of Parallel Real-Time Jobs by Modelling Spare Capabilities in Heterogeneous Clusters,” Proc. Int'l Conf. Cluster Computing, pp. 2-10, Dec. 2003.
[20] C. Irvine and T. Levin, “Towards a Taxonomy and Costing Method for Security Services,” Proc. 15th Ann. Computer Security Applications Conf., 1999.
[21] V. Kalogeraki, P.M. Melliar-Smith, and L.E. Moser, “Dynamic Scheduling for Soft Real-Time Distributed Object Systems,” Proc. IEEE Int'l Symp. Object-Oriented Real-Time Distributed Computing, pp. 114-121, 2000.
[22] Z. Lan and P. Deshikachar, “Performance Analysis of Large-Scale Cosmology Application on Three Cluster Systems,” Proc. IEEE Int'l Conf. Cluster Computing, pp. 56-63, Dec. 2003.
[23] S. Liden, “The Evolution of Flight Management Systems,” Proc. IEEE/AIAA 13th Digital Avionics Systems Conf., pp. 157-169, 1995.
[24] A.K. Mok, “Fundamental Design Problems of Distributed Systems for the Hard Real-Time Environment,” PhD dissertation, Massachusetts Inst. of Tech nology, 1983.
[25] C.L. Liu and J.W. Layland, “Scheduling Algorithms for Multiprogramming in a Hard Real-Time Environment,” J. ACM, vol. 20, no. 1, pp. 46-61, 1973.
[26] E. Nahum, S. O'Malley, H. Orman, and R. Schroeppel, “Towards High Performance Cryptographic Software,” Proc. IEEE Workshop Architecture and Implementation of High Performance Comm. Subsystems, Aug. 1995.
[27] M. Pourzandi, I. Haddad, C. Levert, M. Zakrewski, and M. Dagenais, “A New Architecture for Secure Carrier-Class Clusters,” Proc. IEEE Int'l Workshop Cluster Computing, 2002.
[28] X. Qin, H. Jiang, Y. Zhu, and D. Swanson, “Towards Load Balancing Support for I/O-Intensive Parallel Jobs in a Cluster of Workstations,” Proc. IEEE Int'l Conf. Cluster Computing, Dec. 2003.
[29] X. Qin and H. Jiang, “Improving Effective Bandwidth of Networks on Clusters Using Load Balancing for Communication-Intensive Applications,” Proc. 24th IEEE Int'l Performance, Computing, and Comm. Conf., Apr. 2005.
[30] X. Qin, “Improving Network Performance through Task Duplication for Parallel Applications on Clusters,” Proc. 24th IEEE Int'l Performance, Computing, and Comm. Conf., Apr. 2005.
[31] X. Qin, H. Jiang, and D.R. Swanson, “An Efficient Fault-Tolerant Scheduling Algorithm for Real-Time Tasks with Precedence Constraints in Heterogeneous Systems,” Proc. 31st Int'l Conf. Parallel Processing, pp. 360-368, Aug. 2002.
[32] X. Qin and H. Jiang, “A Dynamic and Reliability-Driven Scheduling Algorithm for Parallel Real-Time Jobs on Heterogeneous Clusters,” J. Parallel and Distributed Computing, vol. 65, no. 8, pp. 885-900, Aug. 2005.
[33] K. Ramamritham and J.A. Stankovic, “Dynamic Task Scheduling in Distributed Hard Real-Time System,” IEEE Software, vol. 1, no. 3, July 1984.
[34] J. Schreur, “B737 Flight Management Computer Flight Plan Trajectory Computation and Analysis,” Proc. Am. Control Conf., 1995.
[35] S.H. Son, R. Zimmerman, and J. Hansson, “An Adaptable Security Manager for Real-Time Transactions,” Proc. 12th Euromicro Conf. Real-Time Systems, pp. 63-70, June 2000.
[36] S.H. Son, R. Mukkamala, and R. David, “Integrating Security and Real-Time Requirements Using Covert Channel Capacity,” IEEE Trans. Knowledge and Data Eng., vol. 12, no. 6, pp. 865-879, Nov./Dec. 2000.
[37] S. Song, Y.K. Kwok, and K. Hwang, “Trusted Job Scheduling in Open Computational Grids: Security-Driven Heuristics and a Fast Genetic Algorithms,” Proc. Int'l Symp. Parallel and Distributed Processing, 2005.
[38] J.A. Stankovic, M. Spuri, K. Ramamritham, and G.C. Buttazzo, Deadline Scheduling for Real-Time Systems— EDF and Related Algorithms. Kluwer Academic, 1998.
[39] V. Subramani, R. Kettimuthu, S. Srinivasan, J. Johnston, and P. Sadayappan, “Selective Buddy Allocation for Scheduling Parallel Jobs on Clusters,” Proc. IEEE Int'l Conf. Cluster Computing, pp. 107-116, Sept. 2002.
[40] M.E. Thomadakis and J.-C. Liu, “On the Efficient Scheduling of Non-Periodic Tasks in Hard Real-Time Systems,” Proc. 20th IEEE Real-Time Systems Symp., pp. 148-151, 1999.
[41] G. Vallee, C. Morin, J.-Y. Berthou, and L. Rilling, “A New Approach to Configurable Dynamic Scheduling in Clusters Based on Single System Image Technologies,” Proc. Int'l Symp. Parallel and Distributed Processing, Apr. 2003.
[42] R. Wright, D.J. Shifflett, and C.E. Irvine, “Security Architecture for a Virtual Heterogeneous Machine,” Proc. 14th Ann. Computer Security Applications Conf., 1998.
[43] T. Xie and X. Qin, “Enhancing Security of Real-Time Applications on Grids through Dynamic Scheduling,” Proc. 11th Workshop Job Scheduling Strategies for Parallel Processing, pp. 146-158, June 2005.
[44] T. Xie, X. Qin, and A. Sung, “SAREC: A Security-Aware Scheduling Strategy for Real-Time Applications on Clusters,” Proc. 34th Int'l Conf. Parallel Processing, June 2005.
[45] T. Xie, X. Qin, A. Sung, M. Lin, and L. Yang, “Real-Time Scheduling with Quality of Security Constraints,” Int'l J. High Performance Computing and Networking, Feb. 2006.
[46] W. Yurcik, X. Meng, and G.A. Koenig, “A Cluster Process Monitoring Tool for Intrusion Detection: Proof-of-Concept,” Proc. 29th IEEE Conf. Local Computer Networks, 2004.
[47] W. Yurcik, X. Meng, G. Koenig, and J. Greenseid, “Cluster Security as a Unique Problem with Emergent Properties,” Proc. Fifth LCI Int'l Conf. Linux Clusters: The HPC Revolution 2004, May 2004.
[48] X. Zhang, Y. Qu, and L. Xiao, “Improving Distributed Workload Performance by Sharing Both CPU and Memory Resources,” Proc. 20th Int'l Conf. Distributed Computing Systems, Apr. 2000.
[49] Y. Zhang, A. Sivasubramaniam, J. Moreira, and H. Franke, “Impact of Workload and System Parameters on Next Generation Cluster Scheduling Mechanisms,” IEEE Trans. Parallel and Distributed Systems, vol. 12, no. 9, pp. 967-985, Sept. 2001.

Index Terms:
Clusters, scheduling, real-time systems, security-critical applications, security overhead model.
Tao Xie, Xiao Qin, "Scheduling Security-Critical Real-Time Applications on Clusters," IEEE Transactions on Computers, vol. 55, no. 7, pp. 864-879, July 2006, doi:10.1109/TC.2006.110
Usage of this product signifies your acceptance of the Terms of Use.