Abstract
This paper analyzes the tradeoffs between performance and resilience against cyber attacks of applications organized as workflows. The static nature of current workflows is a major benefit to attackers. To combat this advantage, a promising new approach inspired to Moving Target Defense (MTDs) was developed to increase a workflow’s robustness to cyber attacks. This approach is based on dynamic reconfigurations of workflow tasks to reduce an attacker’s probability of succeeding in completing the reconnaissance phase before launching an attack. Dynamic reconfigurations increase the resilience of a workflow against cyber attacks but increase its execution time due to the overhead of reconfigurations. As a part of this paper, we developed metrics that capture the impact of reconfigurations on a workflow’s execution time and resilience against cyber attacks. The paper also presents recursive algorithms for computing the execution time and the reconnaissance function of a workflow. Our analysis relied on extensive trace-driven simulations of workflows from five different traces from the Workflow Trace Archive (WTA) and we used 6000 workflows from three different domains: scientific computing, engineering, and industrial. Our analysis of the results showed that there is a significant difference at the 95% confidence level due to reconfiguration on the resilience of workflows and demonstrated a consistent behavior across all five trace domains.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
Enquiries about data availability should be directed to the authors.
References
Menascé, D.A., Casallicchio, E., Dubey, V.: On optimal service selection in service oriented architectures. Perform. Eval. 67(8):659–675 (2010). August, Special Issue on Software and Performance
van der Aalst, W.M.P., van Hee, K.M .: Workflow Management: Models, Methods, and Systems. MIT Press, Cambridge (2002)
Goble, C.A., De Roure, D.C.: myExperiment: social networking for workflow-using e-scientists. In: Proceedings of the 2nd Workshop on Workflows in Support of Large-Scale Science, vol. 7, pp. 1–2, New York, NY. Association for Computing Machinery (2007)
Deelman, E., Peterka, T., Altintas, I., Carothers, C.D., van Dam, K.K., Moreland, K., Parashar, M., Ramakrishnan, L., Taufer, M., Vetter, J.: The future of scientific workflows. Intl. J. High Perform. Comput. Appl. 32(1):159–175, (2018)
Fuhui, W., Qingbo, W., Tan, Y.: Workflow scheduling in cloud: a survey. J. Supercomput. 71(9), 3373–3418 (2015)
Dubey, V.K., Menascé, D.A.: Utility-based optimal service selection for business processes in service oriented architectures. In: 2010 IEEE Intl. Conf. Web Services, pp. 542–550. IEEE (2010)
OASIS Committee. Web Service—Business Process Execution Language (WS BPEL)—Version 2.0—OASIS Committee Draft. OASIS, May (2006)
Versluis, L., van Eyk, E., Iosup, A.: An analysis of workflow formalisms for workflows with complex non-functional requirements. In: Companion of the 2018 ACM/SPEC Intl. Conf. Performance Engineering, ICPE ’18, pp. 107–112, New York, NY. ACM. (2018)
Martin, Lockheed.: Gaining the Advantage: applying Cyber Kill Chain methodology to network defense. Lockeed, (2015)
Connell, W., Menascé, D.A., Albanese, M.: Performance modeling of moving target defenses. In: Proc. 2017 Workshop on Moving Target Defense, MTD ’17, pp. 53–63, New York, NY. ACM (2017)
Connell, W., Menascé, D.A., Albanese, M.: Performance modeling of moving target defenses with reconfiguration limits. IEEE Trans. Depend. Secure Comput. 18(1), 205–219 (2021)
Alhozaimy, S., Menascé, D.A.: A formal analysis of performance-security tradeoffs under frequent task reconfigurations. Future Gener. Comput. Syst. 127, 252–262 (2022)
Versluis, L., Matha, R., Talluri, S., Hegeman, T., Prodan, R., Deelman, E., Iosup, A.: The workflow trace archive: open-access data from public and private computing infrastructures. IEEE Trans. Parallel Distrib. Syst. 31(9):2170–2184.
Versluis, L., Neacsu, M., Iosup, A.: A trace-based performance study of autoscaling workloads of workflows in datacenters. In: 2018 18th IEEE/ACM Intl. Symp. Cluster, Cloud and Grid Computing (CCGRID), pp. 223–232, May (2018)
Kephart, J.O., Chess, D.M.: The vision of autonomic computing. Computer 36(1), 41–50 (2003)
Ward, B.C., Gomez, S.R., Skowyra, R.W., Martin, J.N., Landry, J.W.: Survey of Cyber Moving Targets, 2nd edn. Technical Report January, MIT, Cambridge (2018)
Sengupta, S., Chowdhary, A., Sabur, A., Alshamrani, A., Huang, D., Kambhampati, S.: A survey of moving target defenses for network security. IEEE Commun. Surveys Tutor. 1 (2020)
Dsouza, G., Hariri, S., Al-Nashif, Y., Rodriguez, G.: Resilient dynamic data driven application systems (rDDDAS). Procedia Comput. Sci. 18, 1929–1938 (2013)
Tunc, C., Fargo, F., Al-Nashif, Y., Hariri, S., Hughes, J.: Autonomic resilient cloud management (ARCM) design and evaluation. In: 2014 International Conference on Cloud and Autonomic Computing, pp. 44–49 (2014)
Hallerbach, A., Bauer, T., Reichert, M.: Capturing variability in business process models: the Provop approach. J. Softw. Maint. Evol. Res. Pract. 22(6–7), 519–546 (2010)
Marrella, A., Mecella, M., Sardina, S.: Intelligent process adaptation in the smartpm system. ACM Trans. Intell. Syst. Technol. 8(2) (2016)
Gao, H., Huang, W., Yang, X., Duan, Y., Yin, Y.: Toward service selection for workflow reconfiguration:an interface-based computing solution. Future Gener. Comput. Syst. 87, 298–311 (2018)
Gao, H., Huang, W., Duan, Y.: The cloud-edge-based dynamic reconfiguration to service workflow for mobile ecommerce environments: a QoS prediction perspective. ACM Trans. Int. Technol. 21(1) (2021)
Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems—constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273–293 (2014)
Anupa, J., Sekaran, K.C.: Cloud workflow and security: a survey. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1598–1607 (2014)
Wang, Y., Guo, Y., Guo, Z., Baker, T., Liu, W.: CLOSURE: a cloud scientific workflow scheduling algorithm based on attack-defense game model. Future Gener. Comput. Syst. 111, 460–474 (2020)
Funding
The authors have not disclosed any funding.
Author information
Authors and Affiliations
Contributions
SA: Software development, experiment analysis, prepared figures, conceptualization, methodology, writing—original draft. DAM: Conceptualization, methodology, writing—original draft. MA: Conceptualization, methodology, visualization, review the manuscript.
Corresponding author
Ethics declarations
Competing interests
The authors declare that they have no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Alhozaimy, S., Menascé, D.A. & Albanese, M. Design and modeling of moving target defense in workflow-based applications. Cluster Comput 27, 945–958 (2024). https://doi.org/10.1007/s10586-023-03998-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-023-03998-9