End-to-End Security Formalization and Alignment for Federated Workflow Management

Abstract

Traditionally, the allocation and dynamic adaptation of federated cyberinfrastructure resources residing across multiple domains for data-intensive application workflows have been performance or quality of service-centric (i.e., QSpecs), often compromising the end-to-end security requirements of scientific workflows. Lack of standardized formalization methods of the workflows' end-to-end security requirements, and diverse/heterogenous domain resource and security policies make inter-conflict characterization between application's security and performance requirements non-trivial, and leads to sub-optimal resource allocation. In this paper, we present a joint security and performance-driven federated resource allocation and adaptation scheme to define and characterize a data-intensive scientific application's security specifications (i.e., SSpecs). In order to aid security-driven resource brokering among domains with diverse security postures, we describe an alignment technique inspired by Portunes Algebra to combine domain-specific resource policies (i.e., RSpecs) along the application workflow life cycle. We use standardized guidelines that help in compute/storage resource domain/location selection as well as network path selection based on both application QSpecs and SSpecs. We implement our security formalization and alignment methods as a framework, viz., OnTimeURB and apply it on an exemplar Distributed Computing workflow to show the benefits of joint QSpecs-SSpecs-driven, RSpecs-compliant federated workflow management.