迁移工作流系统中迁移实例的安全迁移规划研究
|
摘要
近年来,迁移工作流(Migrating Workflow)成为了工作流管理研究的一个新方向。基于移动计算的迁移工作流包含三个要素:工作流引擎、工作位置和迁移实例。工作流引擎定义工作流过程,生成迁移实例和协调多迁移实例等工作;工作位置为迁移实例提供服务,管理工作流网络,是迁移实例运行的场所;迁移实例是工作流任务的执行主体,能够在各个工作位置之间进行迁移,利用本地资源执行一项或多项任务,在迁移工作流系统中,迁移实例是以移动Agent为范型构建的。工作流任务依照业务的复杂程度被分配给一个或几个迁移实例来执行,迁移实例根据任务说明书在工作位置之间规划线路进行迁移来完成任务。
迁移实例作为工作流任务的执行主体,必须选择合适的工作位置进行迁移来执行任务,快速、有效、安全的完成用户指定的目标。因此,为迁移实例规划一条合适的迁移路线或者一个迁移目标也是迁移工作流系统研究中的一个重要问题。根据迁移工作流的概念模型和系统框架,本文基于免疫算法对迁移实例的迁移规划进行了研究,并且将安全因素也作为规划研究的一个重要参数之一,提出了迁移实例的安全迁移规划方法。
该方法首先在迁移工作流系统中,为迁移实例增加了免疫规划模块,并利用免疫算法将迁移实例所携带任务的服务需求和安全需求编码为抗原,将工作位置所能提供的服务信息和安全性能编码为抗体,模拟免疫系统的匹配过程从而动态的规划出迁移实例的迁移路线。随后本文又给出了抗原和抗体亲和度的计算方法,抗体的演化过程,以及具体的免疫算法步骤和流程。
论文首先对免疫算法、迁移规划和移动Agent的安全知识进行了概述,然后介绍了工作流、移动Agent技术以及迁移工作流等基础知识;而后提出了迁移实例的安全迁移规划模块,最后给出了基于免疫算法的迁移实例的安全迁移规划算法,并根据免疫算法设计了抗原和抗体编码。最后本文对该算法进行了仿真实验,实验结果表明该算法使迁移实例在迁移过程中有效的避开了恶意主机,使迁移实例的被攻击率大大降低,保护了迁移实例的安全。
In recent years, the migrating workflow has become a new study direction of the workflow management. The migrating workflow based on mobile computing paradigm consists of three elements:workflow management engine, workstation and migrating instance. The workflow management engine defines workflow process, generates migrating instance and coordinates migrating instances'tasks. The workstation provides services for migrating instances and manages workflow network. It is the place of migrating instance to run. The migrating instance executes the workflow's tasks, which can migrate within various workstations and use local resources to finish one or more tasks. In the migrating workflow system, migrating instance is built based on mobile agent paradigm. According to the complexity of the business, the tasks of workflow will be assigned to one or more migrating instances to execute. And migrating instance will plan a route for migrating within workstations to complete the tasks.
Migrating instance, as the implementation of workflow tasks, must select a suitable workstation for migrating and performing the task with the user-specified target:fast, effective and safe. Therefore, a suitable migrating path or target is an important issue in migrating workflow system.
According to the concept of migrating workflow model and system framework, this paper presents an algorithm of migrating instance's plan of security migration, which is based on immune algorithm and puts security factors as one important parameter for migrating plan.
The algorithm adds the module of immune plan in the migrating workflow system, and encodes migrating instance's needs and security requirements as antigen and work location of service information and security as antibody, and simulates the matching process of the immune system in order to get the migration routes dynamically. Then this paper gives the calculation method of affinity for antigen and antibody, the evolution of antibodies and the specific steps of immune algorithm.
As the beginning, this paper outlines the knowledge of immune algorithm, security migrating plan and security of mobile agent. And then, it introduces the workflow, mobile agent and migrating workflow. Next, the immune algorithm of security migrating is proposed, and the encoding of antigen and antibody are designed. Finally, a simulated experiment will be given which show that the algorithm effectively avoids the malicious host, significantly reduces the probability of migrating instance attacked and enhance the security of migrating instance.
迁移实例作为工作流任务的执行主体,必须选择合适的工作位置进行迁移来执行任务,快速、有效、安全的完成用户指定的目标。因此,为迁移实例规划一条合适的迁移路线或者一个迁移目标也是迁移工作流系统研究中的一个重要问题。根据迁移工作流的概念模型和系统框架,本文基于免疫算法对迁移实例的迁移规划进行了研究,并且将安全因素也作为规划研究的一个重要参数之一,提出了迁移实例的安全迁移规划方法。
该方法首先在迁移工作流系统中,为迁移实例增加了免疫规划模块,并利用免疫算法将迁移实例所携带任务的服务需求和安全需求编码为抗原,将工作位置所能提供的服务信息和安全性能编码为抗体,模拟免疫系统的匹配过程从而动态的规划出迁移实例的迁移路线。随后本文又给出了抗原和抗体亲和度的计算方法,抗体的演化过程,以及具体的免疫算法步骤和流程。
论文首先对免疫算法、迁移规划和移动Agent的安全知识进行了概述,然后介绍了工作流、移动Agent技术以及迁移工作流等基础知识;而后提出了迁移实例的安全迁移规划模块,最后给出了基于免疫算法的迁移实例的安全迁移规划算法,并根据免疫算法设计了抗原和抗体编码。最后本文对该算法进行了仿真实验,实验结果表明该算法使迁移实例在迁移过程中有效的避开了恶意主机,使迁移实例的被攻击率大大降低,保护了迁移实例的安全。
In recent years, the migrating workflow has become a new study direction of the workflow management. The migrating workflow based on mobile computing paradigm consists of three elements:workflow management engine, workstation and migrating instance. The workflow management engine defines workflow process, generates migrating instance and coordinates migrating instances'tasks. The workstation provides services for migrating instances and manages workflow network. It is the place of migrating instance to run. The migrating instance executes the workflow's tasks, which can migrate within various workstations and use local resources to finish one or more tasks. In the migrating workflow system, migrating instance is built based on mobile agent paradigm. According to the complexity of the business, the tasks of workflow will be assigned to one or more migrating instances to execute. And migrating instance will plan a route for migrating within workstations to complete the tasks.
Migrating instance, as the implementation of workflow tasks, must select a suitable workstation for migrating and performing the task with the user-specified target:fast, effective and safe. Therefore, a suitable migrating path or target is an important issue in migrating workflow system.
According to the concept of migrating workflow model and system framework, this paper presents an algorithm of migrating instance's plan of security migration, which is based on immune algorithm and puts security factors as one important parameter for migrating plan.
The algorithm adds the module of immune plan in the migrating workflow system, and encodes migrating instance's needs and security requirements as antigen and work location of service information and security as antibody, and simulates the matching process of the immune system in order to get the migration routes dynamically. Then this paper gives the calculation method of affinity for antigen and antibody, the evolution of antibodies and the specific steps of immune algorithm.
As the beginning, this paper outlines the knowledge of immune algorithm, security migrating plan and security of mobile agent. And then, it introduces the workflow, mobile agent and migrating workflow. Next, the immune algorithm of security migrating is proposed, and the encoding of antigen and antibody are designed. Finally, a simulated experiment will be given which show that the algorithm effectively avoids the malicious host, significantly reduces the probability of migrating instance attacked and enhance the security of migrating instance.
引文
1范玉顺.工作流管理技术基础[M].北京清华大学出版社,2001.
2 W.M.P.van der Aalst.Woflan:A Petri-net-based Workflow Analyzer[J]. Systems Analysis Modelling Simulation,1999,P345-357.
3曾广周,党研.基于移动计算范型的迁移工作流研究[J].计算机学报,2003,26(10):1343-1349.
4张云勇,刘锦德.移动Agent技术[M].北京:清华大学出版社,2003.
5何炎祥,陈莘萌.Agent和多Agent系统的设计与应用[M].武汉:武汉大学出版,2001.
6焦李成,杜海峰,刘芳等.免疫优化计算、学习与识别[M].北京:科学出版社,2006.
7莫宏伟.人工免疫系统原理与应用[M].哈尔滨:哈尔滨工业大学出版社,2002.
8 Dasgupta D. Artificial Immune Systems and Their Applications[M]. Berlin Heidelberg:Springer-Verlang,1999.
9 MORIK, TSUKIYAMAM, FUKUDAT. Application of an immune algorithm to multi-optimization problems[J]. Electrical Engineering in Japan,1998, 122(2):30-37.
10 HUANG S. An immune-based optimization method to capacitor placement in a radial distribution system [J]. IEEE Transaction on Power Delivery,2000, 15(2):744-749.
11宁黎华,古天龙.基于免疫算法的装备序列规划问题求解[J].计算机集成制造系统,2007,13(1):82-87.
12 D. Castro, F.J.V. Zuben. Learning and Optimization Using the Clonal Selection Principle[J]. IEEE Transactions on Evolutionary Computation,2002,6(3): 239-251.
13 S.Forrest, A.S. Perelson, L. Allen et al. Self-Nonself Discrimination in a Computer[J]. IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA,1994:202-212.
14王磊.免疫进化计算理论及应用[M].西安:西安电子科技大学,2001.
15 Chun J S, Jung H K, Hahn S Y.A study on comparison of optimization performance between immune algorithm and other heuristic algorithms[J]. IEEE Transactions on Magnetics.1998,34(5):2972-2975.
16史忠植.智能主体及其应用[M].科学出版社,北京,2000.
17王红.移动Agent关键技术研究[M].中国科学院博士论文,2002.
18 http://www.omg.org.
19 http://www.fipa.org.
20 P. Maes.Agents that Reduce Work and Information Overload [J], in CACM37(7), July 1994.
21 D.Chess, C.Harrison et A. Kershenbaum. Mobile Agents:Are They a Good Idea?. IBM Research Division,5 T. J. Watson Research Center, Yorktown Heights, New York, march 1995.
22 C'edric Fournet, Georges Gonthier, Jean-Jacques L'evy, Luc Maranget, and Didier R'emy. A calculus of mobile agents. In LNCS, volume 1119,1996.
23 ELMARIE BIERMAN,Techikon Pretoria,ELSABE CLOETE.Classification of Malicious Host Threats in Mobile Agent Computing[C]. Proceedings of SAICSIT 2002, Pages 141-148.
24熊云萍,曾广周.基于生物免疫的移动agent完整性检测[J].计算机应用,2006,26(7):1514-1516,1551.
25 Tie Yan Li, Kwok Yan Lam.Detecting Anomalous Agents in Mobile Agent System A Preliminary Approach [A].International Conference on Autonomous Agents [C].I2Italy:Bologna,2002.
26 Oscar Esparza,Miguel Soriano Jose L.,Munoz Jordi Forne.A protocol for detecting malicious hosts based on limiting the execution time of mobile agents, Proceedings of the Eighth IEEE International Symposium on Computers and Communication (ISCC'03):1530-1346/03,2003.
27 J. Ametller, S. Robles, J. A. Ortega-Ruiz. Self-Protected Mobile Agents[C]. Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems New York, New York,2004:362-367.
28 YAN WANG and XIAOLIN PANG. Security and Robustness Enhanced Route Structures for Mobile Agents[J].Mobile Networks and Applications413-423, 2003 2003 Kluwer Academic Publishers. Manufactured in The Netherlands.
29王建华,刘卫东,徐万鸿.基于Agent的工作流模型的研究与应用[J].计算机工程与应用.2001,37(17):60-62.
30吴刚,吴泉源,王怀民.一种移动智能体的工作流管理模型[J].计算机辅助设计与图形学学报.2001,13(6):527-531.
31 Mitsubishi Electric. Concordia:An Infrastructure for Collaborating Mobile Agents[C]. In:Proceedings of the 1st International Workshop on Mobile Agents(MA'97), April 1997:186-190.
32 A Acharya, M Ranganathan, J Saltz. Sumatra:A language for resource-aware mobile programs. In:J Vitek, C Tschudin eds. Proc of Mobile Object Systems: Towards the Programmable Internet. Berlin:Springer,1997.111-130.
33 M.Ashraf Iqbal, Joachim Baumann, Markus Strasser. Efficient Algorithms to Find Optimal Agent Migration Strategies. Stuttgart University, Tech Rep: TR-1998-05,1998.
34 B Brewington, R Gray, K Moizumi. Mobile agents in distributed information retrieval. In:M Klusch ed. Intelligence Information Agent.Berlin: Springer-Verlag,1999.355-395.
35刘大有,杨博,杨琨,王生生.基于旅行图的移动Agent迁移策略[J].计算机研究与发展.2003(6):838-845.
36张正球,蔡声镇,余敏.一种改进的基于迁移计划图的移动Agent迁移策略.计算机应用研究[J],2007年第1期:40-45.
37朱翠涛等人,基于遗传算法的移动Agent迁移策略[J].计算机科学,2007Vol.34 No.7.
38肖丹丹,蔡乐才,李鹏.改进的蚁群算法在移动Agent迁移中的应用研究[J].成都大学学报,2008Vol.27 No.1.
39马俊等人,改进的蚁群算法求解旅行Agent问题[J].北京邮电大学学报.2008 Vol.31No.6.
40党辰,王嘉祯等人.一种动态环境下的移动Agent智能迁移算法[J].计算机工程,2009Vol.35 No.9.
41 WFMC. Workflow Management Coalition Terminology and Glossary(WFMC-TC-1011). Technical Report, Workflow Management Coalition, Brussels,1996.
42 G.Vigna. Protecting Mobile Agents through Tracing. Mobile Object SystemsECOOP Workshop'97.
43 F.Hohl. A Protocol to Detect Malicious Hosts Attacks by Using Reference States. Universitat Stuttgart,Fakultat Informatik, Bericht Nr.1999.
44 W.Farmer, J.Guttman, etc. Security for Mobile Agents:Authentification and State Appraisal. FourthEuropean Symposium on Research in Computer Security ESORICS19 96:118-130.
45 C.Tschudin. Environmental Security:Apoptotic Functions and a Way toProtect Them.4th WORKSHOPON MOBILE OBJECT SYSTEMS:Secure Internet Mobile Computations.In association with the 12thEuropean Conference on Object-Oriented Programming (ECOOP'98),21 July 1998, Brussels, Belgium.
46 Xudong Guan, Yiling Yang, etc. POM-A Mobile Agent Security Model Against Malicious Hosts. In Proc. HPC-Asia 2000, pp.1165-1166, Beijing, China, May.15-18,2000.
47 Nikola Mitrovic, Unai Arronategui. Mobile Agent security using Proxy-Agents and Trusted domains.2002.
2 W.M.P.van der Aalst.Woflan:A Petri-net-based Workflow Analyzer[J]. Systems Analysis Modelling Simulation,1999,P345-357.
3曾广周,党研.基于移动计算范型的迁移工作流研究[J].计算机学报,2003,26(10):1343-1349.
4张云勇,刘锦德.移动Agent技术[M].北京:清华大学出版社,2003.
5何炎祥,陈莘萌.Agent和多Agent系统的设计与应用[M].武汉:武汉大学出版,2001.
6焦李成,杜海峰,刘芳等.免疫优化计算、学习与识别[M].北京:科学出版社,2006.
7莫宏伟.人工免疫系统原理与应用[M].哈尔滨:哈尔滨工业大学出版社,2002.
8 Dasgupta D. Artificial Immune Systems and Their Applications[M]. Berlin Heidelberg:Springer-Verlang,1999.
9 MORIK, TSUKIYAMAM, FUKUDAT. Application of an immune algorithm to multi-optimization problems[J]. Electrical Engineering in Japan,1998, 122(2):30-37.
10 HUANG S. An immune-based optimization method to capacitor placement in a radial distribution system [J]. IEEE Transaction on Power Delivery,2000, 15(2):744-749.
11宁黎华,古天龙.基于免疫算法的装备序列规划问题求解[J].计算机集成制造系统,2007,13(1):82-87.
12 D. Castro, F.J.V. Zuben. Learning and Optimization Using the Clonal Selection Principle[J]. IEEE Transactions on Evolutionary Computation,2002,6(3): 239-251.
13 S.Forrest, A.S. Perelson, L. Allen et al. Self-Nonself Discrimination in a Computer[J]. IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA,1994:202-212.
14王磊.免疫进化计算理论及应用[M].西安:西安电子科技大学,2001.
15 Chun J S, Jung H K, Hahn S Y.A study on comparison of optimization performance between immune algorithm and other heuristic algorithms[J]. IEEE Transactions on Magnetics.1998,34(5):2972-2975.
16史忠植.智能主体及其应用[M].科学出版社,北京,2000.
17王红.移动Agent关键技术研究[M].中国科学院博士论文,2002.
18 http://www.omg.org.
19 http://www.fipa.org.
20 P. Maes.Agents that Reduce Work and Information Overload [J], in CACM37(7), July 1994.
21 D.Chess, C.Harrison et A. Kershenbaum. Mobile Agents:Are They a Good Idea?. IBM Research Division,5 T. J. Watson Research Center, Yorktown Heights, New York, march 1995.
22 C'edric Fournet, Georges Gonthier, Jean-Jacques L'evy, Luc Maranget, and Didier R'emy. A calculus of mobile agents. In LNCS, volume 1119,1996.
23 ELMARIE BIERMAN,Techikon Pretoria,ELSABE CLOETE.Classification of Malicious Host Threats in Mobile Agent Computing[C]. Proceedings of SAICSIT 2002, Pages 141-148.
24熊云萍,曾广周.基于生物免疫的移动agent完整性检测[J].计算机应用,2006,26(7):1514-1516,1551.
25 Tie Yan Li, Kwok Yan Lam.Detecting Anomalous Agents in Mobile Agent System A Preliminary Approach [A].International Conference on Autonomous Agents [C].I2Italy:Bologna,2002.
26 Oscar Esparza,Miguel Soriano Jose L.,Munoz Jordi Forne.A protocol for detecting malicious hosts based on limiting the execution time of mobile agents, Proceedings of the Eighth IEEE International Symposium on Computers and Communication (ISCC'03):1530-1346/03,2003.
27 J. Ametller, S. Robles, J. A. Ortega-Ruiz. Self-Protected Mobile Agents[C]. Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems New York, New York,2004:362-367.
28 YAN WANG and XIAOLIN PANG. Security and Robustness Enhanced Route Structures for Mobile Agents[J].Mobile Networks and Applications413-423, 2003 2003 Kluwer Academic Publishers. Manufactured in The Netherlands.
29王建华,刘卫东,徐万鸿.基于Agent的工作流模型的研究与应用[J].计算机工程与应用.2001,37(17):60-62.
30吴刚,吴泉源,王怀民.一种移动智能体的工作流管理模型[J].计算机辅助设计与图形学学报.2001,13(6):527-531.
31 Mitsubishi Electric. Concordia:An Infrastructure for Collaborating Mobile Agents[C]. In:Proceedings of the 1st International Workshop on Mobile Agents(MA'97), April 1997:186-190.
32 A Acharya, M Ranganathan, J Saltz. Sumatra:A language for resource-aware mobile programs. In:J Vitek, C Tschudin eds. Proc of Mobile Object Systems: Towards the Programmable Internet. Berlin:Springer,1997.111-130.
33 M.Ashraf Iqbal, Joachim Baumann, Markus Strasser. Efficient Algorithms to Find Optimal Agent Migration Strategies. Stuttgart University, Tech Rep: TR-1998-05,1998.
34 B Brewington, R Gray, K Moizumi. Mobile agents in distributed information retrieval. In:M Klusch ed. Intelligence Information Agent.Berlin: Springer-Verlag,1999.355-395.
35刘大有,杨博,杨琨,王生生.基于旅行图的移动Agent迁移策略[J].计算机研究与发展.2003(6):838-845.
36张正球,蔡声镇,余敏.一种改进的基于迁移计划图的移动Agent迁移策略.计算机应用研究[J],2007年第1期:40-45.
37朱翠涛等人,基于遗传算法的移动Agent迁移策略[J].计算机科学,2007Vol.34 No.7.
38肖丹丹,蔡乐才,李鹏.改进的蚁群算法在移动Agent迁移中的应用研究[J].成都大学学报,2008Vol.27 No.1.
39马俊等人,改进的蚁群算法求解旅行Agent问题[J].北京邮电大学学报.2008 Vol.31No.6.
40党辰,王嘉祯等人.一种动态环境下的移动Agent智能迁移算法[J].计算机工程,2009Vol.35 No.9.
41 WFMC. Workflow Management Coalition Terminology and Glossary(WFMC-TC-1011). Technical Report, Workflow Management Coalition, Brussels,1996.
42 G.Vigna. Protecting Mobile Agents through Tracing. Mobile Object SystemsECOOP Workshop'97.
43 F.Hohl. A Protocol to Detect Malicious Hosts Attacks by Using Reference States. Universitat Stuttgart,Fakultat Informatik, Bericht Nr.1999.
44 W.Farmer, J.Guttman, etc. Security for Mobile Agents:Authentification and State Appraisal. FourthEuropean Symposium on Research in Computer Security ESORICS19 96:118-130.
45 C.Tschudin. Environmental Security:Apoptotic Functions and a Way toProtect Them.4th WORKSHOPON MOBILE OBJECT SYSTEMS:Secure Internet Mobile Computations.In association with the 12thEuropean Conference on Object-Oriented Programming (ECOOP'98),21 July 1998, Brussels, Belgium.
46 Xudong Guan, Yiling Yang, etc. POM-A Mobile Agent Security Model Against Malicious Hosts. In Proc. HPC-Asia 2000, pp.1165-1166, Beijing, China, May.15-18,2000.
47 Nikola Mitrovic, Unai Arronategui. Mobile Agent security using Proxy-Agents and Trusted domains.2002.