trust and security for next generation grids, usage control in action: controlling resource usage...
TRANSCRIPT
Trust and Security for Next Generation Grids, www.gridtrust.eu
Usage Control in Action: Usage Control in Action: Controlling Resource Usage in a Controlling Resource Usage in a
Grid-Based Supply ChainGrid-Based Supply Chain
Lorenzo BlasiLorenzo Blasi
HP Italy Innovation CenterHP Italy Innovation Center
February 2009February 2009
Trust and Security for Next Generation Grids, www.gridtrust.eu
AgendaAgenda
• Business context / Grid proposalBusiness context / Grid proposal
• Solving the Vehicle Routing ProblemSolving the Vehicle Routing Problem
• Security issues / GridTrust solutionSecurity issues / GridTrust solution
• ArchitectureArchitecture
• Future evolutionFuture evolution
Trust and Security for Next Generation Grids, www.gridtrust.eu
AgendaAgenda
• Business context / Grid proposalBusiness context / Grid proposal
• Solving the Vehicle Routing ProblemSolving the Vehicle Routing Problem
• Security issues / GridTrust solutionSecurity issues / GridTrust solution
• ArchitectureArchitecture
• Future evolutionFuture evolution
Trust and Security for Next Generation Grids, www.gridtrust.eu
Business Context / ProducersBusiness Context / Producers
• Competitiveness in the Pharmaceuticals market has Competitiveness in the Pharmaceuticals market has increasedincreasedappearance of "generic" pharma productspressure from public institutionspharma products can now be sold in large retailers
• Producers' and Distributors' margins decreaseProducers' and Distributors' margins decrease• Transportation costs have big influence on final Transportation costs have big influence on final
product priceproduct price• To reduce costs and maintain profit margins big To reduce costs and maintain profit margins big
industries have created their own e-procurement industries have created their own e-procurement auctioning system for transportation servicesauctioning system for transportation services
• This leverages competition by searching the lowest This leverages competition by searching the lowest possible price on each single transportation taskpossible price on each single transportation task
Trust and Security for Next Generation Grids, www.gridtrust.eu
Business Context / TransportersBusiness Context / Transporters
• Small transporters, to avoid being crushed between raising Small transporters, to avoid being crushed between raising prices and competitive pressureprices and competitive pressuremust increase the optimization level of their business
• The Transporters' Association proposes to its members a The Transporters' Association proposes to its members a common Grid system that can optimize both routes and common Grid system that can optimize both routes and scheduling of their whole vehicles' fleetsscheduling of their whole vehicles' fleets
• Daily optimization is already a big leap forward for most Daily optimization is already a big leap forward for most transporters, but a Grid allows more than that:transporters, but a Grid allows more than that: to re-optimize the allocation of transportation tasks to
vehicles every time that a quotation for a new one has to be produced, thus calculating the lowest possible price for each offer
Trust and Security for Next Generation Grids, www.gridtrust.eu
The Transporters’ Association GridThe Transporters’ Association Grid
• UsersUsers Transporters
• Service ProvidersService Providers 3rd parties, e.g. Utility computing vendors
• Managing ApplicationManaging Application TAportal, used by Transporters’ Association
• Computing ApplicationComputing Application TAportal used by Transporters to submit computational jobs
• Supporting softwareSupporting software An implementation of Operational Research optimization
algorithms (VrpSolve library) A standard format for representing the problem’s input/output
data Example optimizer application
Trust and Security for Next Generation Grids, www.gridtrust.eu
AgendaAgenda
• Business context / Grid proposalBusiness context / Grid proposal
• Solving the Vehicle Routing ProblemSolving the Vehicle Routing Problem
• Security issues / GridTrust solutionSecurity issues / GridTrust solution
• ArchitectureArchitecture
• Future evolutionFuture evolution
Trust and Security for Next Generation Grids, www.gridtrust.eu
The Vehicle Routing Problem The Vehicle Routing Problem (VRPTW) input data(VRPTW) input data
• A fleet of A fleet of MM vehicles of capacity vehicles of capacity CC
• A central depot with coordinates (A central depot with coordinates (xx00, , yy00))
• A list of N transportation tasks, where each A list of N transportation tasks, where each task task TTii is defined by: is defined by:Destination vertex vi with coordinates (xi, yi)Quantity qi of goods to be deliveredTime window (ri, di) within which the node
should be served ri defines the ready time or start time
di defines the due date or end time
Service time si for unloading goods
Trust and Security for Next Generation Grids, www.gridtrust.eu
VRPTW problem and goalVRPTW problem and goal
• Can be formulated as a mathematical programming problem: Can be formulated as a mathematical programming problem: objective function + constraintsobjective function + constraints
• ProblemProblem: find a set of NV vehicle routes, originating from and : find a set of NV vehicle routes, originating from and terminating at the depot, such thatterminating at the depot, such that
Each vehicle services one route Each vertex vi i=1..N is visited only once Quantity of goods on each vehicle never exceeds its capacity C Start time of each route is >= r0 End time of each route is <= d0 Time of beginning of service at vertex i is >= ri If arrival time ti at vertex i is < ri then the vehicle waits for a waiting time wi= (ri - ti) Time of ending of service at vertex i is <= di
• GoalGoal: minimize NV and then the total distance TD: minimize NV and then the total distance TD• Complexity: NP-hard (for optimal solution)Complexity: NP-hard (for optimal solution)• Benchmark problems of size up to 100 customers have been Benchmark problems of size up to 100 customers have been
proposed [Solomon 1987]proposed [Solomon 1987]
Trust and Security for Next Generation Grids, www.gridtrust.eu
Example: Solomon benchmark R103Example: Solomon benchmark R103VEHICLEVEHICLENUMBER CAPACITYNUMBER CAPACITY 25 20025 200
CUSTOMERCUSTOMERCUST NO. XCOORD. YCOORD. DEMAND READY TIME DUE DATE SERVICE TIMECUST NO. XCOORD. YCOORD. DEMAND READY TIME DUE DATE SERVICE TIME 0 35 35 0 0 230 0 0 35 35 0 0 230 0 1 41 49 10 0 204 10 1 41 49 10 0 204 10 2 35 17 7 0 202 10 2 35 17 7 0 202 10 3 55 45 13 0 197 10 3 55 45 13 0 197 10 4 55 20 19 149 159 10 4 55 20 19 149 159 10 5 15 30 26 0 199 10 5 15 30 26 0 199 10 6 25 30 3 99 109 10 6 25 30 3 99 109 10 7 20 50 5 0 198 10 7 20 50 5 0 198 10 8 10 43 9 95 105 10 8 10 43 9 95 105 10 9 55 60 16 97 107 10 9 55 60 16 97 107 10 10 30 60 16 124 134 10 10 30 60 16 124 134 10 11 20 65 12 67 77 10 11 20 65 12 67 77 10 12 50 35 19 0 205 10 12 50 35 19 0 205 10 13 30 25 23 159 169 10 13 30 25 23 159 169 10 14 15 10 20 0 187 10 14 15 10 20 0 187 10 15 30 5 8 61 71 10 15 30 5 8 61 71 10 16 10 20 19 0 190 10 16 10 20 19 0 190 10 17 5 30 2 157 167 10 17 5 30 2 157 167 10 18 20 40 12 0 204 10 18 20 40 12 0 204 10 19 15 60 17 0 187 10 19 15 60 17 0 187 10 20 45 65 9 0 188 10 20 45 65 9 0 188 10 21 45 20 11 0 201 10 21 45 20 11 0 201 10 22 45 10 18 97 107 10 22 45 10 18 97 107 10 23 55 5 29 68 78 10 23 55 5 29 68 78 10 24 65 35 3 0 190 10 24 65 35 3 0 190 10 25 65 20 6 172 182 10 25 65 20 6 172 182 10
Trust and Security for Next Generation Grids, www.gridtrust.eu
MACS - Multiple Ants Colony MACS - Multiple Ants Colony SystemsSystems
• MACS-VRPTW algorithm [Gambardella et al 1999] MACS-VRPTW algorithm [Gambardella et al 1999] allows multi-objective optimizationallows multi-objective optimization
• Algorithm defines two ant colonies, ACS-TIME and Algorithm defines two ant colonies, ACS-TIME and ACS-VEIACS-VEI
• Each ants colony is dedicated to optimizing a different Each ants colony is dedicated to optimizing a different objective functionobjective functionACS-VEI minimizes the number of vehiclesACS-TIME minimizes the total travel time (cost)
• The two ants colonies cooperate exchanging The two ants colonies cooperate exchanging information through the update of a single pheromone information through the update of a single pheromone matrixmatrix
• Number of vehicles minimization takes precedence Number of vehicles minimization takes precedence over travel time minimization (when comparing over travel time minimization (when comparing solutions)solutions)
Trust and Security for Next Generation Grids, www.gridtrust.eu
R103 routesR103 routes
The strange rings / butterfly wings are due to the need to
avoid or minimize waiting time in nodes where the goods are
not yet ready
Trust and Security for Next Generation Grids, www.gridtrust.eu
Ants Colony System algorithmsAnts Colony System algorithms
• Ant Colony Algorithms are inspired by observation of Ant Colony Algorithms are inspired by observation of real ants [Dorigo Maniezzo Colorni 1991]real ants [Dorigo Maniezzo Colorni 1991]
• Real ants are insects organized in coloniesReal ants are insects organized in colonies
• Ants search for food by parallel exploration of the Ants search for food by parallel exploration of the environmentenvironment
• Ants coordinate their activity by an indirect form of Ants coordinate their activity by an indirect form of communication based on pheromone layingcommunication based on pheromone laying
• Ants follow pheromone trails and lay more of it on Ants follow pheromone trails and lay more of it on their waytheir way
Trust and Security for Next Generation Grids, www.gridtrust.eu
AgendaAgenda
• Business context / Grid proposalBusiness context / Grid proposal
• Solving the Vehicle Routing ProblemSolving the Vehicle Routing Problem
• Security issues / GridTrust solutionSecurity issues / GridTrust solution
• ArchitectureArchitecture
• Future evolutionFuture evolution
Trust and Security for Next Generation Grids, www.gridtrust.eu
Security IssuesSecurity Issues
• By default, in a business environment,By default, in a business environment,Users and Service ProvidersUsers and Service ProvidersDon’t KNOW each otherDon’t TRUST each other
• The Transporter Association mustThe Transporter Association mustEnsure that only its members use the Grid resources
Guarantee a secure environment for competing transporters using the same resources
Guarantee Service Providers that their security policies will not be violated by Grid (transporters) users
A
B
C
Trust and Security for Next Generation Grids, www.gridtrust.eu
GridTrust SolutionGridTrust Solution
• Ensure that only TA members use the Grid resourcesEnsure that only TA members use the Grid resourcesTA members form a Virtual Organization
• Guarantee a secure environment for Guarantee a secure environment for competingcompeting transporters using the same resourcestransporters using the same resourcesSelect only (Grid)Trusted SPs which have suitable
security policies
• Guarantee SPs that their security policies will not be Guarantee SPs that their security policies will not be violated by Grid usersviolated by Grid usersUsage Control Service enforces SP policies
A
B
C
Trust and Security for Next Generation Grids, www.gridtrust.eu
Secure VO Operation:Secure VO Operation:granting access to servicesgranting access to services
VO
Service1
Denied
Service2
Non-VO user
VO userSP1Service1
OK
OK
SP2
PKI
A
Trust and Security for Next Generation Grids, www.gridtrust.eu
Secure VO Operation:Secure VO Operation:selecting secure servicesselecting secure services
VO Manager
VO
SRB
Select S
Ps
SP1
SP2
Join VO
Join VO
Search SPs
Register
VBE Manager
B
Trust and Security for Next Generation Grids, www.gridtrust.eu
Secure VO Operation:Secure VO Operation:usage controlusage control
TRS
VO
Application2VO user
SP1Application
1
Denied
OK
SP2
Applications can open the HP libs if the user
reputation is > 0.7
Applications can open files only in the user
home directory
C
Trust and Security for Next Generation Grids, www.gridtrust.eu
AgendaAgenda
• Business context / Grid proposalBusiness context / Grid proposal
• Solving the Vehicle Routing ProblemSolving the Vehicle Routing Problem
• Security issues / GridTrust solutionSecurity issues / GridTrust solution
• Scenario / ArchitectureScenario / Architecture
• Future evolutionFuture evolution
Trust and Security for Next Generation Grids, www.gridtrust.eu
ScenarioScenario
• Transporters’ Association (TA) Administrator Transporters’ Association (TA) Administrator sets up TA Grid Portal and VOsets up TA Grid Portal and VOCreate VOSelect and add Computational providersAdd VO users
• A good transporterA good transporterSubmitting jobs to solve routing problem
• A malicious transporterA malicious transporterTrying to steal data from competitorsTrying to steal data from providers
Trust and Security for Next Generation Grids, www.gridtrust.eu
What if a bad transporter wants to What if a bad transporter wants to steal data from competitors?steal data from competitors?
• Transporters using the same Grid services are in Transporters using the same Grid services are in competition between themcompetition between them
• All transporters are interested in competitors’ data, so let’s All transporters are interested in competitors’ data, so let’s suppose that one of them wants to play badsuppose that one of them wants to play bad
• The bad transporter writes an application (BadApp01) The bad transporter writes an application (BadApp01) which tries to steal data of sibling applications in execution which tries to steal data of sibling applications in execution on the same Grid computational nodeon the same Grid computational node
• The starting idea is that data for all calculations on the The starting idea is that data for all calculations on the same node are hosted in temporary directories under the same node are hosted in temporary directories under the same rootsame root
• BadApp01BadApp01 so tries to navigate in sibling directories and so tries to navigate in sibling directories and pack all their contents in a single jar which will be then sent pack all their contents in a single jar which will be then sent back as the application output, but…back as the application output, but…
• ……UCON policies of the computational node don’t allow it!UCON policies of the computational node don’t allow it!
Trust and Security for Next Generation Grids, www.gridtrust.eu
What if a bad transporter wants to What if a bad transporter wants to steal data from providers?steal data from providers?
• Routing optimization algorithm ideally uses a map, which has an Routing optimization algorithm ideally uses a map, which has an associated DT matrix giving Distance (or Time) between any pair of associated DT matrix giving Distance (or Time) between any pair of locationslocations
• Solution precision depends on the quality of the DT matrix dataSolution precision depends on the quality of the DT matrix data• DT matrix (map) data is precious and local to each SPDT matrix (map) data is precious and local to each SP• SPs make money from DT matrix data and allow clients to access it SPs make money from DT matrix data and allow clients to access it
only after payment of a feeonly after payment of a fee• Reselling DT matrix data is prohibited by the license agreementReselling DT matrix data is prohibited by the license agreement• The bad transporter writes an application (BadApp02) which tries to The bad transporter writes an application (BadApp02) which tries to
steal DT matrix data and make it available over the net, with the steal DT matrix data and make it available over the net, with the idea of reselling itidea of reselling it
• BadApp02BadApp02 is built as a web server, accepting connections from is built as a web server, accepting connections from Internet clients and providing DT matrix data as answer to requests, Internet clients and providing DT matrix data as answer to requests, but…but…
• ……UCON policies of the computational node don’t allow it!UCON policies of the computational node don’t allow it!
Trust and Security for Next Generation Grids, www.gridtrust.eu
ArchitectureArchitecture
• TA portal / VOM operated by VO adminTA portal / VOM operated by VO admin
• VO userVO user
• Computational providers (GRAM+UCON)Computational providers (GRAM+UCON)
• VBE Manager + CAVBE Manager + CA
• SRB + TRS + PPMSRB + TRS + PPM
• Graphical Reputation MonitorGraphical Reputation Monitor
Trust and Security for Next Generation Grids, www.gridtrust.eu
Service DeploymentService Deploymentfor the Supply Chain Demofor the Supply Chain Demo
SRB
C-UCONVO MGT
GridTrust CA
TRS
PPM
Trust and Security for Next Generation Grids, www.gridtrust.eu
Libraries
GRAM
UCON
Libraries
GRAM
UCON
VBEM
GRAM SP registr GRAM SP registr
registerregister
register
create VO
SearchSPSelectSP
SRB
PPMTR
VO User
SearchSP
JoinVO
JoinUserToVO
TransporterAssociationPortal
VO library
VOM
Submit job
JoinSPToVO
JoinVBE
TR Monitor GUI
VO Admin
create VOJoinUserToVO
JoinSPToVO
CA
JavaAppl
DATA
Feedback
Trust and Security for Next Generation Grids, www.gridtrust.eu
AgendaAgenda
• Business context / Grid proposalBusiness context / Grid proposal
• Solving the Vehicle Routing ProblemSolving the Vehicle Routing Problem
• Security issues / GridTrust solutionSecurity issues / GridTrust solution
• ArchitectureArchitecture
• Future evolutionFuture evolution
Trust and Security for Next Generation Grids, www.gridtrust.eu
Future evolution of the scenarioFuture evolution of the scenario
• Auctioning systemAuctioning system
• Transporter’s automated bidding systemTransporter’s automated bidding system Get new task from each auction Add task to current task list Re-route whole fleet Calculate incremental cost Produce bid
• N transporters in parallelN transporters in parallel
• To give a sample size to the scenario imagine:To give a sample size to the scenario imagine: 10 producers create an auction for each of their 50 daily transportation tasks 30 transporters that bid on every auction it is 500 auctions per day (nearly one every minute in working
hours), spawning 15.000 jobs of routing optimization every day
Trust and Security for Next Generation Grids, www.gridtrust.eu
Auction based supply chainAuction based supply chain
• Fist-Price Sealed-Bid reverse auction modelFist-Price Sealed-Bid reverse auction model• Producers (auction proponents) produce RfQs for transportation tasksProducers (auction proponents) produce RfQs for transportation tasks• Transporters can recalculate routing exploiting routing computational Transporters can recalculate routing exploiting routing computational
services running on Grid resourcesservices running on Grid resources• Auctioning system’s offers selection is based on customer requirements: best Auctioning system’s offers selection is based on customer requirements: best
time / lowest price / transporter’s reputation / a combination of the abovetime / lowest price / transporter’s reputation / a combination of the above• Producers create a Producers create a Delivery VODelivery VO (auction and delivery management) (auction and delivery management)• Transporters use Routing VO to compute best routes for answering the Transporters use Routing VO to compute best routes for answering the
auctionauction
Trust and Security for Next Generation Grids, www.gridtrust.eu
Thanks!Thanks!
For more information please contact: For more information please contact: Lorenzo Blasi - HP Italy Innovation CenterLorenzo Blasi - HP Italy Innovation Center
[email protected]@hp.com