SGX-E 2 C 2 D : A Big Data Workflow Scheduling Algorithm for Confidential Cloud Computing ( TR-BIGDATA-03-2019-A ) , 0301-2019

Recently, scientific workflows increasingly use cloud computing to provision on-demand scalable resources in computation and storage for large-scale big data analytics. In contrast to traditional on-premise computing environments, where the number of resources is bounded, cloud computing has the capability to provision practically an unlimited number of resources to a workflow application based on a pay-as-you-go pricing model. However, one main challenge of using cloud computing is the protection of the integrity and privacy of confidential workflow tasks, whose proprietary algorithm implementations are intellectual properties of the respective stakeholders. Another challenge is the monetary cost optimization of executing workflows in the cloud while satisfying a user-defined deadline. In this paper, we use the Intel Software Guard Extensions (SGX) as a Trusted Execution Environment (TEE) to support the integrity and confidentiality of individual workflow tasks. Based on this, we propose a deadline-constrained and SGX-aware workflow scheduling algorithm, called SGX-E2C2D (Efficient Cost-Effective Deadline Constrained algorithms for IaaS clouds), to address these two challenges. SGX-E2C2D features several heuristics including exploiting longest critical paths and reuse of extra times in existing virtual machine instances. Our experiments show that SGX-E2C2D outperforms the representative algorithm, IC-PCP, in most cases in monetary cost while satisfying the given user-defined deadline. To our best knowledge, this is the first workflow scheduling algorithm that considers and supports the confidentiality of workflow tasks in a public cloud computing environment. This is also exciting news for scientist users who care confidentially of their work requiring scientific workflows.