Real-Time Scheduling with Security Enhancement for Packet Switched Networks

IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 10, NO. 3, SEPTEMBER 2013 271
Real-Time Scheduling with Security Enhancement
for Packet Switched Networks
Maen Saleh, Member, IEEE, and Liang Dong, Senior Member, IEEE
Abstract—Real-time network applications depend on schedulers
to guarantee the quality of service (QoS). Conventional
real-time schedulers focus on the timing constraints but are much
less effective in satisfying the security requirements. In this paper,
we propose an adaptive security-aware scheduling system for
packet switched networks using a real-time multi-agent design
model. The proposed system combines real-time scheduling with
security service enhancement. The scheduling unit uses the
differentiated-earliest-deadline-first (Diff-EDF) scheduler and the
security enhancement scheme adopts a congestion control mechanism.
The required QoS is guaranteed for different types (audio
and video) of real-time data flows, while the packet security levels
are adaptively enhanced according to the feedbacks from the
congestion control module. Compared with the IPsec protocol,
the proposed scheme reduces the number of pending packets at
the destinations. In implementation, the proposed scheme can
overload the priority code point and the virtual-LAN identifier
fields of the IEEE 802.1Q frame format, hence eliminating the
overhead of the security associations performed by the IPsec
protocol.
Index Terms—Multi-agent systems, quality of service (QoS),
real-time scheduling, network security, resource estimation.
I. INTRODUCTION
THE Internet has become a commercial entity that needs
to provide its customers with quality-of-service (QoS)
guarantees. The QoS can be in the form of delivery delay,
capacity, reliability, mean time between failures, mean time to
restore a service, or any combination of such metrics [1], [2].
Real-time network applications such as real-time audio and
video streams have been congesting the Internet. To provide
the real-time network applications with the QoS guarantees,
network technologies were developed by applying a realtime
scheduling algorithm [3]–[5]. Nowadays, real-time data
packet sources are required to provide security services to their
applications and make them robust against different security
threats [6], [7]. In order to provide the security services, security
protocols were implemented such as the secure sockets
layer protocol (SSL), the transport layer security protocol
(TLS), and the internet protocol security (IPsec). However,
with the current security protocols, any dynamic change in
the network cannot affect the pre-negotiated security level.
Therefore, network performance issues are not taken into account
and the QoS may not be guaranteed for different classes
Manuscript received May 13, 2012; revised March 4, 2013. The associate
editor coordinating the review of this manuscript and approving it for
publication was J. Sventek.
M. Saleh is with the Department of Electrical and Computer Engineering,
Tafila Technical University, Tafila 66110 Jordan (e-mail: maen@ttu.edu.jo).
L. Dong is with the Department of Electrical and Computer Engineering,
Baylor University, Waco, TX 76798 USA (e-mail: liang dong@baylor.edu).
Digital Object Identifier 10.1109/TNSM.2013.071813.120299
of real-time data streams. This may lead to a catastrophe
especially for those hard real-time network applications [8].
For real-time applications, network technologies keep a
balance between providing the required security services and
reserving the overall performance of the network. The network
performance can be measured by different network performance
metrics (NPMs) such as miss ratio, average total packet
delay, functionality, jitter, and throughput [9]. A key factor that
affects the NPMs hence the overall network performance is
the utilization of the network’s buffering system. The buffering
system regulates the total amount of traffic load in the network
and therefore limits the network’s maximum throughput [10].
Accordingly, different network-based algorithms were implemented
based on the network’s buffer estimation technique
such as routing, scheduling, maintenance, load balancing, and
security [11], [12].
Different methodologies were implemented to analyze and
measure the overall performance of the network such as online
and off-line monitoring. Such monitoring techniques were
based on queueing theory analysis models [13]. Conventional
simulation techniques are suitable for best-effort networks
where no QoS guarantees are provided for the data traffics.
However, they are inefficient in modeling and analyzing
complicated heterogeneous environments such as the dynamic
real-time networks with QoS guarantees and security aspects.
In order to overcome such inefficiency, real-time multi-agent
simulation system is implemented in our approach, where
the whole environment is modeled by interactive entities that
cooperate with each other with a time-critical constrained
protocol. In designing a multi-agent system, two major phases
should be predefined: collaboration and interaction. Collaboration
is the process of establishing different levels of cooperation
between the agents [14], while interaction is the
protocol of rules and constraints that controls the transactions
performed by the cooperating agents [15].
In this paper, we propose an adaptive security-aware
scheduling for packet switched networks using the real-time
multi-agent model. Such model is object-oriented and it
provides a mechanism to inherit the methodologies used to
design the interactions between the agents. It also allows
the agents to synchronize with time-critical events. Therefore,
the multi-agent system is applicable to simulate the real-time
heterogeneous network environment. The key features of the
proposed real-time scheduling system are as follows.
1) The proposed system combines the functionality of realtime
scheduling with security service enhancement. The
real-time scheduling unit uses the differentiated-earliestdeadline-
first (Diff-EDF) scheduler, while the security
1932-4537/13/$31.00 c 2013 IEEE
272 IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 10, NO. 3, SEPTEMBER 2013
service enhancement scheme adopts a congestion control
mechanism based on resource estimation;
2) The security service enhancement is designed with two
modules: a single-layer module and a weighted multilayer
module. The single-layer design provides enhancement
for a single security service, that is, confidentiality,
integrity, or authentication. The weighted multi-layer design
provides enhancement for multiple security services
with different weights;
3) The proposed system provides the required QoS guarantees
for different classes of real-time data flows,
while it enhances the packets’ security service levels
according to feedbacks from the congestion control.
The congestion control efficiently utilizes the buffering
system at the edge router, hence protecting the network
from being congested by heavy traffic loads;
4) The proposed system is implemented such that it eliminates
the overhead of the security association phase
performed by the IPsec protocol. This is achieved by
overloading the priority code point (PCP) field of the
IEEE 802.1Q tagged frame format for the single-layer
module and overloading both PCP field and virtual-
LAN identifier (VID) field for the weighted multi-layer
module.
The performance of the proposed system is evaluated for
both single-layer and weighted multi-layer design modules
from different perspectives. First, we examine the effect of
the destination buffering system on both security-level enhancement
and QoS guarantee. Simulation results show that
the data flow security level is better enhanced with larger
destination buffering system. However, it trades off with the
QoS in terms of total average packet delay. Second, the
proposed system is compared with the IPsec protocol on
buffer utilization at the end users (destinations). The proposed
scheme minimizes the destination buffer consumption hence
protecting the network from being congested.We also evaluate
the performance of the proposed system over the IPsec protocol
with fully consumed destination buffers. It reduces the
number of pending packets at the destination without affecting
the provided security level. Third, we examine the effect of
using the Diff-EDF algorithm at the scheduler on two QoS
metrics: the miss ratio at the server agent and the average
total packet delay at the queue agent. Comparing Diff-EDF
with both earliest-deadline-first (EDF) and first-come firstserved
(FCFS) schedulers, simulation results show that the
Diff-EDF has the smallest miss ratio and the shortest average
total packet delay. Finally, we compare the proposed system
with an existing IPsec protocol with feedback. The proposed
adaptive system eliminates the repeated security associations
performed by the existing protocol, hence less overhead and
increased chance to meet the QoS requirements.
The rest of the paper is organized as follows. Section II
gives an overview of some recent related work. Section III
provides the model of the proposed system using a realtime
multi-agent architecture. The design of the two security
modules, single-layer and weighted multi-layer, is described in
Section IV. In Section V, the proposed system that combines
scheduling and security enhancement is developed using the
multi-agent design model. In Section VI, the adaptive securityaware
network is implemented by redesigning the IEEE
802.1Q frame format. Section VII gives numerical results of
the network simulations and Section VIII concludes the paper.
II. RELATED WORK
Scheduling algorithms are implemented to guarantee data
delivery with the required QoS. A FCFS scheduler was
implemented to schedule best-effort traffic on a dynamic computing
system [16]. For asynchronous best-effort networks,
a scheduler was proposed based on FCFS and a combined
strategy of backfilling and prediction for grid computing [17].
When different types of data traffics with different QoS
requirements share and congest a single network, weightedfair-
queue (WFQ) scheduler was implemented to solve the
starvation problem [18]. Different models of WFQ were
implemented for networks of different types. The generalizedprocessor-
sharing (GPS) model was adopted for clustered
networks, where data units are in the forms of divisible
tasks (sub-tasks) [19]. For packet switched networks, packetweighted-
fair-queue (PWFQ) scheduler was implemented that
does not terminate the traffic session until it finishes the
current packet [20]. However, it may exceed the allowable
bandwidth of a session. In order to deal with this problem, the
worst-case fair-weighted fair-queueing (WF2Q) scheduler was
implemented, where each packet is checked whether it can be
scheduled within the session’s time slice [21]. The Standard
EDF (SEDF) scheduler was implemented to serve real-time
data flows in an integrated network [22]. It has optimal
efficiency when dealing with similar data traffics. For data
streams with different QoS requirements, a modified version
of the SEDF with live monitoring strategy was developed [23].
For heavily loaded traffic, an EDF scheduler was implemented
that has a pre-negotiation phase between the system and the
data generators [24].
Agent-based schedulers are implemented to serve complex
real-time networks such as heterogeneous networks. The
entire environment can be modeled by interactive entities
that cooperate under a protocol with timing constraints. A
quantitative multi-agent real-time scheduler was implemented
for real-time scheduling in both static and dynamic networks
[25]. For homogeneous networks, a three-model (basic,
forward-backward, and partial-forward-backward) agent-based
scheduler was implemented [26]. Such system shows high
efficiency in serving time-critical tasks with the required
QoS. For heterogeneous networks with heavy traffic load and
possibilities of network corruptions, a multi-agent scheduling
architecture was proposed with self-correction capability [27].
An agent-based grid scheduling architecture was proposed to
provide efficient real-time scheduling for time-critical tasks
on a grid network [28]. A dynamic and responsive scheduler
was created by integrating the conventional heuristic scheduler
with artificial intelligence technique in an agent-based system
for job shop scheduling [29].
Secure scheduling algorithms are implemented in order to
achieve both QoS and security requirements for real-time
data flows. A security-aware heuristic scheduling architecture
was implemented to provide both QoS and security services
for soft real-time tasks on cluster [8]. For homogeneous
real-time networks, an optimal resource allocation algorithm
SALEH and DONG: REAL-TIME SCHEDULING WITH SECURITY ENHANCEMENT FOR PACKET SWITCHED NETWORKS 273

Comments are closed.