Secure Resource Control in Service Oriented ... - Semantic Scholar

3 downloads 0 Views 37KB Size Report
found at: http://www.win.tue.nl/san/amosa/ishare/release.php. IV. CONCLUSION. VICSDA provides authentication, authorization and confidentiality to service ...
Secure Resource Control in Service Oriented Applications Shudong Chen and Johan Lukkien Department of Mathematics and Computer Science Eindhoven University of Technology, the Netherlands [email protected], [email protected] Abstract— This paper presents a secure resource control solution for service oriented applications. Through this, resources on a shared device can be protected from malicious abuse and become controllable for special QoS provisioning. Services are grouped into virtual communities and service access can only be done within the scope of a virtual community. Using soft-state management, services and their underlying resources are monitored by a novel device management service which runs on each device and can activate or deactivate hosted services. Keywords- Resource control, Access management, Service oriented architecture

I.

control,

Soft-state

INTRODUCTION

Advantages of service oriented technologies have enabled all types of devices, like PCs and consumer equipments, sharing resources and data through wrapping functionalities into services and then collaborating to accomplish new applications. A device has to coop with the resource competition among its hosted services in the case of simultaneous invocations. Therefore, in a pervasive computing environment, how to control the use of a device’s limited resources in order to handle concurrent service invocation and then in turn to guarantee the QoS provision becomes crucial. Resource distribution approaches, presented in [1-3], offer facilities to ensure that activities running on the same middleware instance have adequate resources. However, none of these models addresses the issue of cross domains resource management. Although service oriented technology is widely used, there has been no concept of device management for managing services running on a device, for instance, to activate or deactivate a service or to control the resources used by services for different applications. We adopt the idea of providing monitor-able services in [4] as a starting point to achieve the resource control of services and devices associated with multi domains. This paper presents using a service oriented virtual community (VC) overlay, VICSDA, to control service access [5] and then to enable the controllability of resources dedicated to services in diverse VCs. First, services are grouped into VCs. One service can be registered into multiple VCs and only authenticated users can access it. Consequently, its host device is associated with resource usage requests coming from different VCs. Next, a device management service, DevMan, is constructed and runs on each device. It can activate or deactivate a service running on its device. On-line resource utilization of a service for handling invocations from different This work is supported by the research project of Freeband I-Share: Intelligent Middleware for Sharing Resources for Storage, Communication and Processing of Multimedia Data, supported by the Dutch government.

VCs are monitored and stored as soft-state data. With these real time data, the DevMan can control the magnitude of resources used by a service and a by a VC. II.

FUNDAMENTALS

A. Virtual community based access control VICSDA provides a secure service discovery and access environment for service coordination. A service can be registered at multiple VCs. Only services in the same VC can be discovered. To invoke a service, a user is required to provide a valid ticket of that VC. This ticket shows which VC this service user belongs to and what kind of roles she can play in there. A service first validates this ticket and then grants capabilities according to that user’s roles. Using the authentication and authorization of a VC, un-trusted or malicious access requests to services can be filtered. VICSDA allows autonomous services to deny access requests coming from an infamous user of a VC by defining their local access control policy. Services in the same VC can be bound together by an external orchestrator. An orchestrator is responsible for discovering services from a VC repository and then deciding the binding between different services for collaboration. These decisions comprise, for instance, which service can provide a required interface or what protocols should be used for communication between two services. The system architecture of VICSDA is described in the left part of Figure 1.

Figure. 1. VICSDA system design

B. Device management service and soft-state management Relying on this secure service cooperation environment, a DevMan service is built into the VICSDA framework in order to meet the increasing requirement of resource management. Each device has a DevMan service. DevMan is capable to manage the other services running on the same device including advertising them into VCs, monitoring their

resources utilization, and deactivating running services. These have been done through two distinct components: a serviceList and a soft-stateTable. All active and inactive services are kept in the serviceList while the soft-stateTable logs the resources usage by invocations coming from VCs. Using the serviceList, DevMan knows about which VCs a service has registered, which process is running as a service instance for a VC, how much resources (CPU, physical memory, virtual memory) can be used maximally by that process. Consequently, DevMan can prevent excessive resource use by one service which would result in a low overall performance of a device. The softstateTable caches how much resources are allocated to a service which is serving invocations from certain VCs. With this on-line information, resource reservation, allocation, and even dynamic reallocation aiming at a high overall performance of a device provision can be achieved. For instance, when a device is heavily loaded, the DevMan can hang up a process, which is handling a resource consuming service method call to release some amount of resources, or deactivate a service to withdraw all reserved resources when resources are excessively used by it. Soft-state is characterized as data with a limited validity period [6-8]. Examples include the state of short-lived user sessions and caches, etc. We use soft-state for service and resource observation and management. The idea is using softstate to keep track of the services state with high accuracy including service registrations freshness and resources usage by different services for different VCs. The serviceList will be updated by the DevMan periodically. In order to provide resource usage information as fresh as possible, two methods are used to update the soft-stateTable. The update process can be triggered by a timer periodically or by events. For instance, when the DevMan monitors the aliveness of a process for the serviceList updating, the result can be reused for the softstateTable update; or when there is a resource reallocation occurs, the DevMan will update the entire soft-stateTable.

Then the streamer service had to deal with the simultaneous invocations from different VCs. The streamer service failed to respond to the new call from VC B due to its constrained maximum resource usage for VC B’s applications, which is configured in its DevMan’s soft-stateTable. In order to solve the problem, its DevMan service increased the value of the maximum resource usage by the streamer service for VC B and then sufficient resources were reallocated to the second streaming application without affecting the video streaming in VC A. Open source demonstrators and more information can be found at: http://www.win.tue.nl/san/amosa/ishare/release.php. IV.

VICSDA provides authentication, authorization and confidentiality to service discovery and access through grouping services into VCs. In this secure service cooperation environment, a DevMan service is designed to control the resources dedicated to services for distinct applications. It locates at each device, can activate and deactivate services hosted by that device, registers these services into multiple VCs, and manages the magnitude of resources used by that service in each registered VC. Soft-state management is used to monitor and manage services and underlying resource. Service information is kept in the serviceList while the soft-stateTable caches the resources usage by services in order to deal with simultaneous invocations. Dynamic resource assignment to services and to a VC can be achieved. Our current work focus on the context aware adaptive resource management, which uses this enabled full control of services and underlying resources to estimate the performance of the services and then to execute QoS adaptations according to the real state of the service oriented applications. REFERENCES [1]

III.

CASE STUDY

An experimental test bed has been set up to demonstrate our design. Services developed in different languages including Java, Python and C++ are deployed on different type of devices including PCs and PDAs. Each device has a DevMan service running on it. DevMan services register their hosted services into VCs. We use an Orchestrator to discover required services from a VC Repository and then connect them together at runtime to accomplish example scenarios. Communications between services are conducted using SOAP protocol over an SSL socket. An example here is a video streaming application. A video streamer service provided by a PC and a video display service provided by a PDA are registered in the same VC A. At the meantime, the streamer service is also registered in VC B where another display service on the same PC is registered. It has been tested that services belongs to different VCs cannot communicate with each other even when a caller service holds the access point of the callee service given by the orchestrator for this special testing task. We started the video streaming application in VC A first. When the application is still running, we started the second video streaming application in VC B.

CONCLUSION

[2] [3]

[4]

[5]

[6]

[7]

[8]

Object Management Group: Real-time CORBA 1.0. Adopted Specification, ptc/99-06-02, 1999. G.S. Blair, et al.: The Design and Implementation of Open ORB, Version 2, IEEE Distributed Systems Online, vol. 2, no. 6, 2001. J. Frey, T. Tannenbaum, I. Foster, M. Livny, S. Tueche.: Condor-G: A Computation Management Agent for Multi-Institutional Grids. Cluster Computing, 5(3), pp 237-246, 2002. A. Korostelev, J. J. Lukkien, J. Nesvadba and Y. Qian.: QoS Management in Distributed Service Oriented Systems. In: 25th International Multi-Conference Parallel and Distributed Computing and Networks, 2007. S. Chen, J.J. Lukkien, I. Radovanovic.: VICSDA: Using Virtual Communities to Secure Service Discovery and Access. In: Fourth International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, 2007. X. Zhang, M. A. Hiltunen, K. Marzullo, and R. D. Schlichting.: Austomizable Service State Durability for Service Oriented Architectures. In: Sixth European Dependable Computing Conference, pp. 119—128, 2006. B. C. Ling, E. Kiciman, and A. Fox.: Session State: Beyond Soft State. In: Conference on Symposium on Networked Systems Design and Implementation, pp. 22—22, 2004. A. Fox, S. Gribble, Y. Chawathe, E. Brewer, and P. Gauthier.: Clusterbased Scalable Network Services. In: Sixteenth ACM Symposium on Operating Systems Principles, pp. 78—91, 1997.