跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.87) 您好!臺灣時間:2024/12/04 02:03
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:張永鋒
研究生(外文):CHANG, YONG-FONG
論文名稱:容器環境中AI計算平台權限控管機制之實現
論文名稱(外文):Implementation of authority control mechanism in the AI platform with container environment
指導教授:賴冠州賴冠州引用關係
指導教授(外文):LAI, KUAN-CHOU
口試委員:許慶賢伍朝欽李宜軒賴冠州
口試委員(外文):HSU, CHING-HSIENWU, CHAO-CHINLEE, YI-HSUANLAI, KUAN-CHOU
口試日期:2021-01-18
學位類別:碩士
校院名稱:國立臺中教育大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2021
畢業學年度:109
語文別:中文
論文頁數:48
中文關鍵詞:容器機器學習安全性
外文關鍵詞:ContainerMachine LearningSecurity
相關次數:
  • 被引用被引用:1
  • 點閱點閱:208
  • 評分評分:
  • 下載下載:32
  • 收藏至我的研究室書目清單書目收藏:0
本研究旨在探討在Open Source AI平台Submarine上的安全機制。因應大數據時代的潮流,對數據處裡的需求也日漸增加,許多與大數據有關的研究也日益蓬勃,例如提升數據運算時間,降低系統負擔,或使其預測結果更好等。而容器計算憑藉著其良好的隔離環境,輕量化和高擴展性,逐漸在大數據運算中受到歡迎,它是由 image 所建立,包含了可執行程式碼、支援程式庫、運算要求條件,以及一些運作一個執行程序所需的其他物件。容器可以被快速且大量的部署,將過往集中式的運算方式分散至各個容器中。因為大量資料計算需求,目前對於數據處理已透過分散式叢集系統進行。這類的叢集由許多增減方便且能快速啟動的容器構成,可以平行處理多個運算工作,並將最終的運算結果回傳。而即使在過程中發生意外,也可以自動地重新啟動一個新的容器,重啟原先的工作流程,藉此來提高叢集的可用性與負載均衡能力。在容器的相關技術方面,Kubernetes 是目前討論度很高的一個容器管理平台。Kubernetes的容器叢集由Master 和 Slave Node 所組成,Master 提供API server,資源排程,應用程式部署管理等等,而slave node 則是實際在執行容器的工作節點。Kubernetes可以幫助使用者同時部署多個容器到一台機器上,甚至是多台機器;可以管理各個容器的狀態,如果其中某個提供服務的容器crash了,Kubernetes 會自動偵測到,並重新啟動這個容器,來確保持續提供服務;可以將一台機器上的所有容器轉移到另一台機器上;並提供機器的高度擴展性,可以從一台機器,到多台機器上的共同運行。而為了將容器的優點帶到AI相關領域開發,Cloudera公司啟動了Submarine專案,並在Apache社群上做出貢獻,同時也在社區中得到許多關注。Submarine提供使用者執行AI資料運算等工作的計算平台,讓使用者透過簡單易懂的介面,完成複雜的運算工作。在相關計算平台中,各用戶的數據安全是個重要的議題。學習前的數據與學習後的結果、分析模型等,都不該被同一個平台上的其他使用者取得。以往Hadoop相關系統很少注意到多個使用者的權限管理部分,但如今開發AI平台時,勢必要在安全機制多加留心。本文即著手處理Submarine上的使用者安全相關的問題,來保護使用者的數據安全。本研究著重於Submarine security,針對使用者的登入進行驗證,並控制使用者的身分和權限。未來也會利用這次的開發經驗,在其他類似的平台上實現安全相關的機制。
In response to the trend of the big data era, the demand for data processing is also increasing, and many big data-related research is also becoming more and more vigorous, such as increasing data computing time, reducing system burden, or improving prediction results to better. However, container computing has overcome its good isolation environment, lightweight and high scalability, and has gradually become popular in big data operations. It is established by images and contains executable program codes, supporting program libraries, and operation requirements. And some other things needed to run an execution program. Containers can be deployed quickly and in large numbers, distributing the previous centralized computing methods to each container. Because of the large amount of data calculation requirements, data processing has been carried out through a distributed cluster system. This type of cluster is composed of many containers that are easy to increase or decrease and can be started quickly. Multiple operations can be processed in parallel, and the final result of the operation is returned. In the event of an accident in the process, a new container can also be restarted automatically, restarting the original workflow, thereby increasing the available capacity and load balancing capabilities of the cluster. In terms of container-related technologies, Kubernetes is currently a highly discussed Kubernetes container cluster consisting of Master and Slave Node. Master provides API server, resource scheduling, application deployment management, etc., while slave node is actually Execute the working routine of the container. Kubernetes can help users deploy multiple containers to one machine or even multiple machines at the same time; it can manage the status of each container. If one of the containers provided services crashes, Kubernetes will automatically detect it and restart the container. , To ensure continuous service; you can transfer all containers on one machine to another machine; and provide a high degree of scalability of the machine, which can run from one machine to multiple machines. In order to bring the advantages of containers to the development of AI-related fields, Cloudera launched the Submarine project and made contributions to the Apache community, and at the same time received a lot of attention in the community. Submarine provides a computing platform for users to perform AI data computing and other tasks, allowing users to complete complex computing tasks through a simple and easy-to-understand interface. In related computing platforms, the data security of each user is an important substitute. The data before learning, the results after learning, analysis models, etc. should not be obtained by other users on the same platform. Previous Hadoop-related systems rarely paid attention to the authority management part of multiple users, but now when developing AI platforms, you may need to pay more attention to security mechanisms. This is to deal with user safety-related issues on the submarine to protect the user's data security. This research focuses on submarine securi ty, which verifies the user's login and controls the user's identity and permissions. In the future, we will also use this development experience to implement security-related mechanisms on other similar platforms.
目錄
致謝 i
摘要 ii
目錄 iii
圖目錄 v
第一章 緒論
1-1 研究背景與動機 1
1-2 問題描述 2
1-3 研究流程 3
1-4 論文架構 3
第二章 文獻探討
2-1 雲端計算 5
2-2 容器計算 6
2-3 Apache Ranger 8
2-4 Apache Sentry 12
2-5 Apache Spark 14
2-6 LDAP 16
2-7 OpenLDAP 18
2-8 Docker 18
2-9 Kubernetes 21
2-10 Apache YARN 25
2-11 Apache Submarine 26
第三章 研究方法
3-1 研究架構 28
3-2 軟體環境 29
3-3 Apache Submarine 系統元件 29
3-4 Apache Submarine 控制/運作流程 30
3-5 權限控管機制 32
第四章 研究結果與分析
4-1 實驗環境 33
4-2 實驗方法 33
4-3 實驗結果 39
第五章 結論
5-1 結論 45
5-2 未來工作 45
第六章 參考資料 46

[1]Apache Ranger
https://Ranger.apache.org/
[2]Apache Sentry
https://sentry.apache.org/
[3]Apache Spark
https://www.tutorialspoint.com/apache_spark/apache_spark_introduction.htm
[4]LDAP
https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
[5]OpenLDAP
https://www.openldap.org/
[6]Docker
https://www.docker.com/
[7]Kubernetes
https://Kubernetes.io/docs/concepts/overview/components/
[8]Kubernetes
https://www.digitalocean.com/community/tutorials/an-introduction-to-Kubernetes
[9]Apache YARN
https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YARN.html
[10]Apache Submarine
https://medium.com/analytics-vidhya/implementing-apache-Submarine-a-unified-ai-platform-459c9edd541e
[11]K. K. Butt, G. H. Li and M. Obaid Ur Rehman, "Comparative Analysis of Hadoop Security Ad-Ons," 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), New York, NY, USA, 2019, pp. 289-293, doi: 10.1109/CSE/EUC.2019.00062.
[12]A. Sun, G. Gao, T. Ji and X. Tu, "One Quantifiable Security Evaluation Model for Cloud Computing Platform," 2018 Sixth International Conference on Advanced Cloud and Big Data (CBD), Lanzhou, 2018, pp. 197-201, doi: 10.1109/CBD.2018.00043.
[13]M. Ryden, K. Oh, A. Chandra and J. Weissman, "Nebula: Distributed edge cloud for data-intensive computing," 2014 International Conference on Collaboration Technologies and Systems (CTS), Minneapolis, MN, 2014, pp. 491-492, doi: 10.1109/CTS.2014.6867613.
[14]Y. Zhang et al., "A Communication-Aware Container Re-Distribution Approach for High Performance VNFs," 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, 2017, pp. 1555-1564, doi: 10.1109/ICDCS.2017.10.
[15]K. Ye and Y. Ji, "Performance Tuning and Modeling for Big Data Applications in Docker Containers," 2017 International Conference on Networking, Architecture, and Storage (NAS), Shenzhen, 2017, pp. 1-6, doi: 10.1109/NAS.2017.8026871.
[16]P. Xu, S. Shi and X. Chu, "Performance Evaluation of Deep Learning Tools in Docker Containers," 2017 3rd International Conference on Big Data Computing and Communications (BIGCOM), Chengdu, 2017, pp. 395-403, doi: 10.1109/BIGCOM.2017.32.
[17]S. Nadgowda, S. Suneja, N. Bila and C. Isci, "Voyager: Complete Container State Migration," 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, 2017, pp. 2137-2142, doi: 10.1109/ICDCS.2017.91.
[18]C. Cérin, T. Menouer, W. Saad and W. B. Abdallah, "A New Docker Swarm Scheduling Strategy," 2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2), Kanazawa, 2017, pp. 112-117, doi: 10.1109/SC2.2017.24.
[19]C. Chang, S. Yang, E. Yeh, P. Lin and J. Jeng, "A Kubernetes-Based Monitoring Platform for Dynamic Cloud Resource Provisioning," GLOBECOM 2017 - 2017 IEEE Global Communications Conference, Singapore, 2017, pp. 1-6, doi: 10.1109/GLOCOM.2017.8254046.
[20]N. M. Faseeh Qureshi et al., "Dynamic Container-based Resource Management Framework of Spark Ecosystem," 2019 21st International Conference on Advanced Communication Technology (ICACT), PyeongChang Kwangwoon_Do, Korea (South), 2019, pp. 522-526, doi: 10.23919/ICACT.2019.8701970.
[21]Y. Tao, X. Wang, X. Xu and Y. Chen, "Dynamic Resource Allocation Algorithm for Container-Based Service Computing," 2017 IEEE 13th International Symposium on Autonomous Decentralized System (ISADS), Bangkok, 2017, pp. 61-67, doi: 10.1109/ISADS.2017.20.
[22]J. Shen, T. Zhou, D. He, Y. Zhang, X. Sun and Y. Xiang, "Block Design-Based Key Agreement for Group Data Sharing in Cloud Computing," in IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 6, pp. 996-1010, 1 Nov.-Dec. 2019, doi: 10.1109/TDSC.2017.2725953.

[23]M. Bousselham, N. Benamar and A. Addaim, "A new Security Mechanism for Vehicular Cloud Computing Using Fog Computing System," 2019 International Conference on Wireless Technologies, Embedded and Intelligent Systems (WITS), Fez, Morocco, 2019, pp. 1-4, doi: 10.1109/WITS.2019.8723723.

[24]D. Zhao, M. Mohamed and H. Ludwig, "Locality-Aware Scheduling for Containers in Cloud Computing," in IEEE Transactions on Cloud Computing, vol. 8, no. 2, pp. 635-646, 1 April-June 2020, doi: 10.1109/TCC.2018.2794344.
[25]E. H. Bourhim, H. Elbiaze and M. Dieye, "Inter-container Communication Aware Container Placement in Fog Computing," 2019 15th International Conference on Network and Service Management (CNSM), Halifax, NS, Canada, 2019, pp. 1-6, doi: 10.23919/CNSM46954.2019.9012671.
[26]P. Shantharama et al., "Hardware Acceleration for Container Migration on Resource-Constrained Platforms," in IEEE Access, vol. 8, pp. 175070-175085, 2020, doi: 10.1109/ACCESS.2020.3024675.
[27]X. Li, Q. Wang, X. Lan, X. Chen, N. Zhang and D. Chen, "Enhancing Cloud-Based IoT Security Through Trustworthy Cloud Service: An Integration of Security and Reputation Approach," in IEEE Access, vol. 7, pp. 9368-9383, 2019, doi: 10.1109/ACCESS.2018.2890432.
[28]T. Halabi and M. Bellaiche, "Towards Security-Based Formation of Cloud Federations: A Game Theoretical Approach," in IEEE Transactions on Cloud Computing, vol. 8, no. 3, pp. 928-942, 1 July-Sept. 2020, doi: 10.1109/TCC.2018.2820715.
[29]Y. Wu, Y. Lyu and Y. Shi, "Cloud storage security assessment through equilibrium analysis," in Tsinghua Science and Technology, vol. 24, no. 6, pp. 738-749, Dec. 2019, doi: 10.26599/TST.2018.9010127.
[30]T. Dbouk, A. Mourad, H. Otrok, H. Tout and C. Talhi, "A Novel Ad-Hoc Mobile Edge Cloud Offering Security Services Through Intelligent Resource-Aware Offloading," in IEEE Transactions on Network and Service Management, vol. 16, no. 4, pp. 1665-1680, Dec. 2019, doi: 10.1109/TNSM.2019.2939221.
[31]J. Chase, D. Niyato, P. Wang, S. Chaisiri and R. K. L. Ko, "A Scalable Approach to Joint Cyber Insurance and Security-as-a-Service Provisioning in Cloud Computing," in IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 4, pp. 565-579, 1 July-Aug. 2019, doi: 10.1109/TDSC.2017.2703626.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊