Portunes Algebra for security formalization in a federated workflow management

Abstract

[ACCESS RESTRICTED TO THE UNIVERSITY OF MISSOURI AT REQUEST OF AUTHOR.] The allocation and dynamic adaptation of federated cyberinfrastructure resources across multiple domains for data-intensive application workflows is typically based on performance-centric considerations. Such an approach could compromise the end-to-end security requirements of scientific application workflows. The major cause for any compromise can be attributed to the lack of methods that suitably align application workflows' end-to-end security requirements, and diverse or heterogeneous domain resource and security policies. In this thesis, we present an architecture for joint security and performance-driven federated resource allocation and adaptation for a set of exemplar data-intensive scientific applications that use distributed computing and remote instrumentation. In order to aid security-driven resource brokering among domains with diverse security postures, we describe an alignment technique inspired by Portunes Algebra to combine heterogeneous domain-specific resource policies affecting an application workflow lifecycle. We develop a middleware implementation that operationalizes the use of portunes statements for satisfying the security alignment for the SoyKB application workflow life cycle involving local university resources, and federated resources at U. of Texas at Austin. Our validation results demonstrate the effectiveness of our novel approach in its ability to assist domain scientists and cyberinfrastructure analysts to homogenize multi-domain security and resource policies while managing data-intensive application workflows.