A Service Scheduling Security Model for a Cloud Environment

—Scheduling tasks on a standalone system can be complex but applying it to a cloud environment can be even more complex because of the large amount of resources available. An added complexity in a Cloud environment is that of security. This paper addresses scheduling from a security point of view and presents a Scheduling Security Model and evaluates its effectiveness to meet user’s requirements with a number of worked examples with different scenarios.


I. INTRODUCTION
Scheduling tasks on a standalone system to meet the needs of users can be complex but applying it to a cloud environment can be even more complex. This is because of the large amount of different resources available in a Cloud environment. An added complexity in a Cloud environment is that of security.
The National Institute of Standard and Technology (NIST) [1] gives a basic definition of Cloud Computing as a model for a customer to request an on-demand convenient services, that allow to use and access network resources such as servers, data storage, software and applications with indirect provider interactions. There are a various criteria to classify Scheduling Models in Cloud Computing to produce reliable, trusted and secure services, such as scheduling performance [2], cost scheduling [3], and scheduling based on security [4]. Also, NIST [1] specifies the deployment models to four deployment models, which are are: Public, Private, Community, Hybrid. These deployment models identify the accessibility to the cloud service [5]. Dillon et al. [6] indicate some security concerns about the deployment models that include data privacy and trust, service policies, and data transfer. So, these security concerns make the service provider aware to address these issues which have been focused by [7]. Also, [8] describe the main issues that can affect the cloud service models. Then security policies need to be applied to deal with data access and security.
As an example consider a service that consists of two tasks. First task is analysing data with basic security requirement. The second task is a high security task about saving private data. Thus this service requires two resources, one for each task, with different levels of security. In general, the higher the security the higher the cost of using a resource.
This requires that security levels need to be defined. In [9] the security levels for the SSM are driven from Watson [10] as five security levels summarised on Fig. 1: 1) The first level 1: It is all about applying essential security level that can run tasks on trusted public resources.
2) The second level 2: It is all about applying more security setting that can run tasks on more trusted public resources.
3) The third level 3: It is all about applying highly security setting to run tasks on highly trusted public resources. 4) The fourth level 4: It is all about applying advance security setting to run tasks on trusted private resources. 5) The fifth level 5: It is all about applying more highly security setting to run tasks on highly trusted private resource. Thus for the previous example two resources are required. One of the tasks will be on a resource with Level 1 security and the other on a resource with Level 5 security.
A Scheduling Security Model (SSM) [11] [12] [13] is been devised to make security the primary factor for scheduling algorithm. Imbedded in the SSM is a cost calculation together with a scheduling algorithm. To resolve some scheduling issues within a resource each task is given an importance level. Other factors included in the model are times for each task, resource cost per hour, and a Quality of Service cost.
In the SSM a service consists of M tasks that can be executed on N resources. Each task is given a Security Level value of 1 to 5. Tasks with the same Security Level will be run on the same resource, thus N ranges from 1 to 5. The contribution of this paper is to addresses scheduling from a security point of view and present a Scheduling Security Model and evaluate its effectiveness to meet user's requirements with a number of worked examples with different scenarios.

II. MODEL DEFINITION
This section serves as a definition of the SSM and its components. Then it summarises the SSM function.
The SSM [13] is defined formally as follows.
First, the SSM categorises all tasks based on the tasks security level. Then the SSM calculates initial cost for service. Then, the SSM requests confirmation from the customer to start the service. Next, establishing the service after the receiving the confirmations. Then the SSM recalculates the actual cost. b: Customer budget for the service.
h: Security level for a task. h j : Security level ∈ 1, 2, 3, 4, 5 hw: Security weight for the security level (for each task). hw j : Security weight for security level j.
-Each task (t i ) has a security level h j (and then a security weight hw j ) -R: Set of resources (R k ), k ∈ 1, 2, 3, 4, 5 (can use up to to 5 resources R 1 , R 2 , R 3 , R 4 , R 5 ) then, used resources will be numbered from 1 to N N: is the number of resources used (N determined later) -R k : is a set of tasks, where the hw j = Rw k -Rw: Resource security weight (for each resource) Rw k : Security weight for resource k (R k ) www.ijacsa.thesai.org 2 | P a g e Rw k = hw j p: Tasks Importance, p l : is the importance 1, 2, 3 task t i has importance p l -M : Number of tasks.
-N : Number of resources.
e: Maximum time.
The main components of the SSM: • All tasks including the total number of tasks M, and Tasks Set T.
• The time duration for executing the task time cost : The elapsed time (EPT) tm i .
• The required Quality of Service (QoS) level of the service q.
• The overall requested service budget b.
• The Security Level for each task h j . The SSM will identify the security weight hw j for each task t i . Then The SSM allocates the tasks to the correspondents resources R with similar resource weight Rw k . The SSM allocates and executes all tasks on the same Resource with same security weight.
• Task Importance Level p l for each task, and the SSM defines these levels into three levels.
The reason for making the Task Importance in three levels is that the scheduling in the SSM is serving the security as a category, then there is a need to give each task within the same category an order to be executed. So, the order will be as identified with this three levels but if there are some tasks with the same Task Importance level then the scheduling will be for first come first served. Table I shows a simple example of ordering tasks in same resource depends on task importance.
Another simple example with tasks dependencies will be discussed in details later in the Scheduling Process. Tasks submitted t 1 :h 1 = 2,p 1 = 1, t 2 : h 2 = 2, p 2 = 3, and t 3 : h 3 = 4, p 3 = 2. Then the Task dependency t 3 depends on t 1 . The SSM will analyse this input and allocates Tasks to two Resources R 1 and R 2 . Tasks t 1 and t 2 will be allocated to R 1 and t 3 to R 2 . But with the dependencies required t 1 will assigned to the Fast-Track list. That means t 1 will be executed first then t 3 depends on t 1 and it has the highest Security Level that lets the SSM to list first see Table II.   TABLE II. SIMPLE EXAMPLE OF ORDERING TASKS WITH DEPENDENCIES  AND FAST-TRACK Security Level(Weight)/Importance Table III shows a summary of the components that specify the customer requirement for requesting a service. Then SSM will analyse the requirements for the calculating step. Example of a service required is shown in Table IV.
• AC Actual Cost of the service.
• Resource Cost RC = Cost of resources for RT k hours.
(1) Where RC k is Resource Cost for Resource k per hour and RT k is the actual time used by Resource k in hours.
• Security Cost for each Resource Where Rw k is Security weight for Resource k.

• Security Cost for all Resources
• Maximum Time Required e: Minimum 60 minutes (one hour).
The SSM creates categorises for all tasks. The number of categories is equal to the number of the security levels required. For each category, tasks will be ordered depending on the tasks importance. The task with higher task importance will be run first down to the task with lowest task importance. If there are more than one task with the same task importance the SSM will put them in the task number order.

3) Calculations:
Actual Cost AC calculated and compared to budget b.

4) Customer Confirmation:
The customer takes last decision to confirm the service.

5) Establishing the Service:
The SSM starts the service and all tasks allocated to resources.
6) Re-Calculating: At this step, the SSM aims to Re-calculates the AC depends on the actual running time for all resources considering dependencies that might cause delays over other resources.

III. EXAMPLES OF COSTS
The following examples discusses Re-calculation with different scenarios where QoS cost q = 0, and all times represented in minutes.
A. Example: 1 Table V shows the details of a service request:    The dependencies are: t 5 depends on t 1 and t 6 depends on t 3 . As a result of the dependencies, the SSM finds a delay of executing tasks t 6 and t 5 . So, AC calculated as follows:  The dependencies are: t 5 depends on t 1 and t 6 depends on t 3 . As a result of the dependencies, the SSM finds a delay of executing tasks t 6 and t 5 . So, Ac calculated as follows:  The dependencies are: t 5 depends on t 3 and t 6 depends on t 3 . As a result of the dependencies, the SSM finds a delay of executing tasks tasks t 6 and t 5 . So, AC calculated as follows:   1) Scenario: 3.1: This scenario shows the time for each resource and the tasks allocated with Fast-Track as follows: • R 1 : t F T 1 and tm 1 = 8, t 2 and tm 2 = 3 • R 2 : t F T 3 and tm 3 = 10 , t 4 and tm 4 = 4 • R 3 : t 6 and tm 6 = 5, t 5 and tm 5 = 7, t 7 and tm 7 = 7 The dependencies are: t 5 depends on t 1 and t 6 depends on t 3 . As a result of the dependencies, the SSM finds a delay of executing tasks t 6 and t 5 . So, AC calculated as follows: • R 3 : t 6 and tm 6 = 5, t 5 and tm 5 = 7, t 7 and tm 7 = 12 The dependencies are: t 5 depends on t 1 and t 6 depends on t 3 . As a result of dependencies, the SSM finds a delay of executing tasks t 6 and t 5 . So, AC calculated as calculated follows:  • t 6 depends on t 1 • t 5 depends on t 3 • t 3 depends on t 2 The resources allocated as follows: • R 3 : t 6 and tm 6 = 5, t 5 and tm 5 = 7 See Fig. 9 for tasks timeline with tasks orders. So, the SSM finds a delay of executing tasks. As a results, the SSM adds tm 2 to RT 2 , then the SSM adds RT 1 to RT 3 to avoid the delays of running this service: The aim of Tripathy and Patra [14] approach is to execute the high priority tasks first over the allocated resources R K needed. On the other hand, the SSM justified the priority just to order the tasks with five levels. Tripathy and Patra approach allows a single task to run over a number of resources R k at the same time. The Task set jobi(j,k,l) identified as the following: • i serves as tasks id • j identifies the number of resources required • k serves as task time • l to set task priority For example, for a service request: • t 1 :(N = 2, tm 1 = 5, pl 1 = 1) • t 2 :(N = 6, tm 2 = 10, pl 2 = 5) The SSM analyses this service request as follows: • Set q = 0.
• hw j = 0.00 for all taskst i , therefore, Rw i = 0.00 for all R k • All RT k for R k = 15.
• AC will be calculated from equation No. 6. In all examples, the SSM has applied the calculating steps produced by [9]. The calculating steps help to identify if the service includes tasks dependencies or not. Because of the dependencies can make the scheduling and the executing process very complicated.
www.ijacsa.thesai.org   For all examples, AC < the Initial cost. However, it is possible to have a scenario that finds there is no big different of AC and the Initial cost.
Also, The number of tasks running in the service are different as the SSM has defined that a task can be a single task or set of tasks.
The SSM has more features presented in Fig. 11 that can be applied to the services than the current models. These Features are Security, Priority, QoS, Cost, and Time. In addition, these features can make the cloud services very flexible to meet customers requirements. For example, Security defined by the SSM to have five different levels, also there are a range of QoS levels to ensure that the service will be delivered in the required level. So, the comparison of the SSM with Tripathy and Patra [14] showed that the SSM can serves these five features. However, there might be a slight delay of service time when applying the SSM on the same example included in Tripathy and Patra [14] approach. , Fig. 11. SSM Features [13] VI. FUTURE WORK This paper outcomes of the cost and effect suggested more investigating of the SSM. Also, further investigation required on QoS levels introduced by [15] that can be applied and considered for a service.

VII. CONCLUSIONS
In this paper, the SSM has been examined through various worked examples. The Re-calculating step showed a major effect on the service cost AC. Furthermore, it discussed the SSM features over the examples and it showed the effect of the dependencies on the service scheduling and the service time. Finally, SSM works with more benefits than current models as it serves more features that can be applied to the services such as security, priority, QoS, Cost, and Time.

ACKNOWLEDGMENT
Thanks to Taif University in Kingdom of Saudi Arabia for the funding.