Evaluating a Cloud Service using Scheduling Security Model (SSM)

—The development in technology makes cloud computing widely used in different sectors such as academic and business or for a private purposes. Also, it can provide a convenient services via the Internet allowing stakeholders get all the beneﬁts that the cloud can facilitate. With all the beneﬁts of cloud computing still there are some risks such as security. This brings into consideration the need to improve the Quality of Service (QoS). A Scheduling Security Model (SSM) for Cloud Computing has been developed to address these issues. This paper will discuss the evaluation of the SSM model on some examples with different scenarios to investigate the cost and the effect on the service requested by customers.


I. INTRODUCTION
Cloud computing is significantly used by educational and business sectors and for personal use for various purposes.Due to the rapid growth and the development in technology and facilities that cloud services can provide it has added a fascinating transformation to the Information Technology (IT) industry.Also, cloud computing provides convenient services enabling access to different computing resources such as networks, storage, and applications.
Cloud computing includes services such as data services, storage services, scheduling services, accessing to applications via the Internet, on demand self-service, and service management.Data service is about all database services, processing, and data store.While storage services include using a cloud storage system to manage saving data remotely in different storage location.The scheduling services include allowing customers to execute tasks over virtual resources and trying to allocate these tasks to these resources efficiently.
All these services can be provided upon customer request without or with less service provider interaction.For example, a customer can request storage space by submitting the request to a provider website.Then the customer can get the service by finalising service payment without any interaction from the service provider.
Cloud services bring various benefits to stakeholders (providers and customers).These benefits include wide access to software and applications over the Internet without any need to install any software to the customer terminal device.Moreover, using cloud service can be cost effective and as the cloud computing environment depends on reducing infrastructure cost.Also, it comes with different kind of risks such as security risks and financial risks.
There are many kind of risks that are related to the use of cloud computing.Risks such as Security and Privacy are big concerns to all parties in a cloud environment as the cloud services must be trusted and secured.So, any breach or failure in security will cause loss of customers and the business.Another risks that makes customer aware of getting a service is that they will be locked into one provider until their service is finished.This makes the service provider more concern to provide a trusted service.
These considerations include the need of improving the Quality of Services (QoS) provided.QoS includes different aspects such as time, service performance, reducing cost, and some non-functional requirements like reliability and recovery [1].The success of applying these QoS aspects will improve the cloud services to meet customer expectations.
With all the benefits of the cloud, security is still one of the main concerns that affect the use of the cloud service.Cloud providers will be subject to many threats at different level of the cloud.Similarly, customers have concern about security and they share some responsibility with the cloud providers to keep the service security at a high level.
For example, if a customer requests a cloud service with a set of tasks with different security levels, it is required to have a technique that can handle this request.This technique should be able to execute the tasks submitted in the right order combined with security and QoS aspects.
Executing tasks requires using a scheduling process that has security as the main category, then uses priority to put tasks in right order.Security as a feature will be applied to all parts of the service, and the QoS will be applied to make the service more reliable and more efficient while the service is running.This complex request should be cost effective because the customer needs a cloud service that is secure, reliable, and with a very competitive cost compared to other service provider.
A recent review [2] has investigated and described the current situation of the cloud models.It then discusses the requirement of having a cloud security model based on cost that can manage requests focusing on security as a main feature associated with QoS aspects to meet the customer requirements.Then to execute scheduled tasks over allocated resources.
Moreover, Sheikh et al. [3] define a Scheduling Security Model (SSM) for a Cloud Environment.The SSM considers Security, Quality of Service (QoS), and Scheduling to allocate Resources for predefined tasks based on security as a key element for a cloud service request.The security aspect affects task scheduling process, service cost, and service time.QoS levels will be considered as a feature included for the service cost.The Scheduling process will be focused on serving Tasks with higher security and using Task Importance to ordering them depending on Tasks priority.Fig. 1 shows the position of the SSM combining these features for a cloud service.This paper focuses on evaluating the SSM model on some examples with different scenarios to investigate the cost and the effect on the service requested by customers.This paper is organised as follows.Section II gives an over view of the features that involved for developing the Scheduling Security Model (SSM) which are Scheduling, QoS, and Security.
Section III discusses the results of the examples from the SSM, then Section IV discusses the evaluation of the SSM answering the questions that helped to develop the model.Section V concludes explaining aspects that important to be addressed by the service.

A. Scheduling
Scheduling is a process of decision making to deal with allocating resources to tasks within a certain amount of time [4].There are many type of resources and it can be a machine in a workshop, resource in computing environment [5].A scheduler is classified as follows [4]: • Batch Scheduling: used to avoid any handling during the running time [34].There are two types of batch scheduling, serial and parallel batching.In serial batching tasks with same setting can be executed one by one on a machine.In parallel batching a set of tasks can be grouped and executed at same time.
• Interactive: to allow decision making at running time take an immediate response.
• Real Time: the ability to schedule tasks with specific time requirements.
• Parallel: tasks or group of tasks executed at the same time in one VM or more [4].
There are three level of scheduling decisions: 1) Long Term: to control and decide what task execute first and to be supported once at anytime.2) Medium Term: to control switching tasks for different criteria such as non active, fault, and low priority.3) Short Term: to allow frequent interactive to take decisions in short time slot.
The main scheduling goals are: 1) Performance: The scheduling algorithms should be able to consider the following measures in order to get good performance behaviour: a) Maximise CPU Utilisation: to control the number of tasks that can be processed.b) Maximise Throughput: to execute as many tasks as possible in a certain amount of time.c) Maximise Scheduling Efficiency: to execute all tasks without interrupting.d) Minimise Waiting Time: to reduce the amount of time that needed for executing tasks for users.e) Minimise Energy: to control and reduce the power consumption of resources.2) Fairness: One of the important goals of scheduling is to treat all tasks to run in a reasonable time.a) Equal CPU consumption: to allocate tasks the same processing time in the CPU.b) Fair per(user, process, thread): giving all same characteristics for execution.c) CPU bound, I/O bound: to allow direct priority to task from a user.

3) Unfair:
Sometimes the scheduling process tends to be unfair by giving advantage to one task over another for a specific aim.a) Priority System: to run task with higher priority to run first then the less priority one.b) Avoid starvation: to prevent that any task stays with no processing.
According to Yadav and Upadhayay [6], there are a number of existing scheduling algorithms as follows: 1) First-Come First-Served/ First-In First-Out (FCFS/FIFO): Small tasks can be delayed behind large sized tasks.2) Shortest Processing Time First/Shortest Job First (SPT/SJF): The system just keep executing small tasks over large tasks.3) Round Robin Scheduling (RR): The scheduler allocates a fixed time to each task then executes tasks in a cycle way without any priorities.4) Scheduling Priority (Priority): Assigning priority to tasks will affect fairness of the system over other tasks.Also, tasks with less priority will never be executed and if so it will be delayed.5) Multilevel Queue (MLQ) and Multi-level Feedback Queues (MLFQ): Tasks queues can be divided into different categories where each class has its own scheduling requirements [6].The difference is that the Multi-level Feedback Queues (MLFQ) can analyse the behaviour time of execution of the processing and according to changes on its priority.

B. Quality of Service (QoS)
Quality of Service (QoS) is one of the important factor that can help to improve any services, software, and applications [1].So, the QoS means that the essential services features should meet all customer requirements.According to Ramadan et al. [1], to have a good QoS there are some factors that need to be considered which affect the overall service as follows: • Flexibility: It is all about managing any changes at the running time without any harms to the system.
• Maintainability and Readability: Similar to the flexibility but it is more focused on error correction and making any modification needed.
• Performance and Efficiency: It is all about the response time and making sure there is no delay or unexpected waiting time.
• Scalability: It is about responding to customers' activities in reasonable amount of time.
• Availability and Robustness: It is all about the availability all the time even if a failure has occurred.
• Usability and Accessibility: It is all about making the user interface the most visible side by making it very comfortable for the customer and easy to use.
• Platform Compatibility: For better quality the service should be running on as many different platforms as it can, with different system environments such as operating systems, and internet browsers.
• Security: It is the most important factor that needs to be considered in any service, and for QoS there is a need to apply security policies to make sure there are no security breaches at any level.

C. Security
Security is a concept that the process protect from physical or digital unauthorised use of any asset [7].Also, security is a critical feature for any Service.The service must be secure and trusted for both customer and provider as they have both agreed in the Service Level Agreement (SLA) [8].Security issues can affect Data, Networks, Communications, Privacy, unauthorised access and most things connected via the internet.
All of these aspects need to be protected, and each one requires a different way of security.So, these aspects can be classified into different security levels from high to low.This classification depends how valuable information is included in each asset.For example, storing very important government data requires a very high security level.This security level includes physical security measures and secure network connection and secure encrypted data storage.Also, it may require a limited access control to manage the process of retrieving and storing this data.
Security is also a very critical point that needs to be aware of all kind of information for all levels such as individuals, academic, business, and government even if it is digital or non digital materials.
Cloud computing as defined by the National Institute of Standard and Technology (NIST) [9] as "a model for enabling convenient, on-demand network access to a shared pool configurable computing resources (e.g.networks, servers, storage, application, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction".Customers need to communicate with a service provider to request a cloud service.This communication process makes the customer and the provider reach an agreement of the level of the service.This agreement referred to Service Level Agreement (SLA) [10].This SLA is the basis for the expected level of the service between the customer and the provider.The provider of a cloud architecture can offer various services to a customer.Quality of Service (QoS) refers to cloud stakeholders expectation of obtaining a desirable service meeting requirements such as timeliness, scalability, high availability, trust and security specified in the Service Level of Agreement SLA [11].These services can vary both in terms of functionality (such as storage capacity or processor count) or in terms of the Quality of Service (QoS) provided [12].In terms of the QoS a provider will offer a defined SLA which the customer can use when determining the 'best' provider for their needs.
As a result of this review, the proposed model by Sheikh et al. [3] has considered the overall security discussed by Watson [13] to develop Scheduling Security Model (SSM) to address the issues found in other approaches such as security and cost.The SSM use a following equation to calculate the cost [3]: Where • RT i is the time used on Resource i .
• RC i is the Quality of Service. www.ijacsa.thesai.org • Rw i is the security weight of Resource i .
• N is the number of Resources.

III. EXAMPLES AND SCENARIOS
This section will discuss examples from Sheikh et al. [14].The examples and scenarios will discuss aspects that are important to be addressed by the service which are Security, Time, and Cost.
In all examples and scenarios Tasks Security is identified by the customer and the value that added to the service request is to know all service requirements.Which is better than just requesting a service in a certain level of security with Resources then requesting a different Resource with different security level.
One of the main important issues for any cloud services is to be in a convenience time for any customer requests.Also, the service provider should manage to finish the cloud service on requested time or less.
It is very important that the customer identified all service requirements for any service request, because it would help the service provider to analyse the requirements and establish the service without any issues or asking the customer for more details.

A. Example: 1
A customer submits a service request with the details showing in Table I.For this example the customer entered the Quality of Service q = 0.0 Tasks submitted as follows: After analysing the customer inputs, the SSM created a Resource for each Task as follows:  I: the actual running time each Resource is as follows: • R 1 : t 1 and tm 1 = 18 minutes • R 2 : t 2 and tm 2 = 13 minutes Tasks time line for Scenario 1.1 is shown in Fig. 2.Here both actual time and the elapsed time will be equal because there are no dependencies between the tasks.As a result the AC will be the cost of actual running time for each resource.The actual running time for each Resource:

B. Example: 2
A customer submitted a service request with the details shown in Table II.For this example the customer entered the Quality of Service q = 0.0 1) Scenario: 2.1: For Example 2, Table II: Scenario: 2.1, the running time for each Resource, and the Tasks with F T indicates that is has been Fast Tracked as follows: • R 1 : t F T 1 and tm 1 = 18, t 2 and tm 2 = 15 • R 2 : t F T • R 3 : t 6 and tm 6 = 10, t 5 and tm 5 = 5 The dependencies are: t 5 depends on t 1 and t 6 depends on t 3 .If the SSM considers the running time for each Task, there will be a delay in executing Tasks t 6 and t 5 because of the dependencies.In this case, the calculated running time for each Resource will be as follows: • tm 1 = 18, tm 2 = 15, RT 1 Time for R 1 = 18+15 = 33 minutes • tm 3 = 13, tm 4 = 10, RT 2 : Time for R 2 = 13+10 = 23 minutes • tm 6 = 10, tm 5 = 5, RT 3 : Time for R 3 = 10+5 = 15 minutes Here there will be waiting time, so it will be added to RT 3 : Time for R 3 = 13 + 10 + 5 = 28 minutes.The reason for adding tm 3 not tm 1 is that tm 3 is less than tm 1 which can let the related Task t 6 start just after it finishes.Re−Calculating: From equation 1 AC = 13.75 + 13.42 + 18.67 This is illustrated in Tasks time line in Fig. 3. If, the SSM does not consider the waiting time and just calculates the elapsed time as follows: As a result of calculating the elapsed time the AC is less than calculating the AC with the running time.

A. Evaluation Questions
The following questions are the evaluation questions that will be used to see how this research achieved its aims: 1) How does the SSM improve the security aspects of the cloud service?
The SSM applying security to the Tasks Level to make the customer to be more specific on the service requirement.After that the SSM applies to the Resource level to help running the cloud service at a trusted level.2) How does the SSM impact Resource scheduling and performance and security?Performance is a big issue, and currently the SSM is allowing for each Resource to run a single Tasks or a set of Tasks but there is a need to investigate how it impact the service from the performance prospective.3) How well does the SSM help to achieve QoS?
The SSM applies different levels of QoS but it still need to clarify and inspect these QoS levels and how QoS affecting factors considered in these levels.
Fig. 4 shows the SSM features that are considered for a cloud service request.These features are Security, Priority, QoS, Time, and Cost per Resource.QoS contributes to the overall service cost and any change in QoS levels will affect the service cost.Security applied to the service cost as well and used in the scheduling process by Categorising the Tasks by the Task Security Level.Priority will be used in the scheduling process to put the Tasks in the right order for each Resource.Time will be calculated initially before establishing the service and after to show the different between the elapsed time and the actual running time.Resource Cost will be calculated before establishing the service and after receiving customer confirmation it will be Re-Calculating to have the Actual Cost.As shown in Fig. 5, the calculated time is less than the initial time after establishing the service.The Cost calculated in Pounds (£) as a cost unit for this example.As seen in Fig. 6, the initial cost before establishing the service is £55.Then it reduces after running the service to £14.Service time is calculated initially for 1 hour or 60 minutes, but the SSM will Re-calculating the service time after getting the Customer Confirmation to establish the service.So, in Example 1 the service time calculated for each Resource and for the first Resource the time is 13 minutes and for the second Resource is 18 minutes.As a result, both Resources did not take more than the higher Time which is the time for the second Resource, and it reflected on the total or the Actual Cost (AC).Table IV.Example 2 shows that in the Re-Calculating step the cost using either the elapsed time or the actual running time are less than the initial cost.Fig. 8 shows the change in service time for each Resource before and after applying the SSM.As a result, the AC of the elapsed time is less than the AC of the running time.The change in cost for each Resource and then the different between the initial cost and AC shown in Fig. 7. Also, this example has shown how the SSM works with the Tasks dependencies by using the Fast-Track technique with its benefits for scheduling the dependent Tasks with high Security Level.

B. Compare with Other Approaches
In order to identify more implications and to clarify issues in the SSM.As a result, the comparison showed that the SSM and other model have different cost and with different effects on service time.The SSM has more features than other models, but one of the implications that have been founded is the SSM does not allow more than one Resource in the same Security Level.This can affect the total service time and it might cause a delay to execute other Tasks in the same Resource.
However, there is a lack of similar work with security as main feature for scheduling Tasks over allocated Resources.Table V. shows what the SSM provides against other Cloud Models.Also, it shows that there are shared features but there are for different purpose.For example, the Cloud Trust Model [30] is including security but it serves DaaS.So, the SSM adds to Scheduling and QoS the features Security, Cost, Service Availability, and IaaS all together to improve the cloud service.

V. CONCLUSION
This paper provided a discussion of the results produced from the SSM, which helped to discuss the evaluation questions to give better understanding to the SSM.It presented how the SSM improves the security aspect of the Cloud service by implementing the security as a main feature for executing Tasks and the effects on the Cost.Then it showed the differences in time and cost before and after establishing the service.

Fig. 4 .
Fig. 4. Service Features of Applying the SSM

Fig. 5 .
Fig. 5. Example 1 Scenario 1: Changes in Service Time Before and After SSM Applied

Fig. 6 .
Fig. 6.Example 1 Scenario 1: Change in Service Cost Before and After SSM Applied

Fig. 7 .
Fig. 7. Example 2 Scenario 1: Change in Service Cost Before and After SSM Applied

TABLE I .
SSM CUSTOMER REQUIREMENT FOR EXAMPLE 1

TABLE II .
SSM CUSTOMER REQUIREMENT FOR EXAMPLE 2

TABLE III .
EXAMPLE 1.1

TABLE IV .
EXAMPLE 2