Decision Making for Finding an Adequate : Providing trade-off between Performance and Security

Smirnov, Sergey

January 2007

The new opportunities that come with the Internet as a worldwide network bring the new threats and risks for private, institutional and corporate users. Therefore, it is important to integrate the security mechanisms into a network environment. Due to the significant increase in computers speed and features of applications, the people are not able any more to make quick and adequate decisions about which security mechanisms should be applied at the moment. In most cases they choose the strongest security level available. Along with the high security this approach brings additional costs and resources consumption and drastically reduces the performance of devices with limited resources. For such devices a trade-off between performance and security should be provided. Most of the time there are no risks and threats to devices since there are not under attacks, and the use of strong security wastes the available resources. A user of computer networks and electronic devices (e.g. PCs, smartphones, PDAs) is faced with a wide range of different security mechanisms. These mechanisms differ in terms costs, complexity of used cryptographic algorithms, types of licence, processing speed, and required resources. The user has to make a decision on which security mechanism to apply. This decision is often based on user's preferences, device capabilities and available resources. While a broad range of security mechanisms has been developed to secure devices and networks, too little attention is given to actual process of making a decision about the required security level with respect to the set of predefined requirements. The main goal of this thesis is the developing of a practical decision making model for dynamic reasoning about an adequate security level providing trade-off between security and performance. The thesis presents the methodology for security metrics identification, selection and quantification. The developed approach is not limited to a particular system or number of metrics. The scheme can be used to select and quantify security metrics for any decision making models and different systems under consideration. This thesis analyses the range of decision making methods for their fitness to fulfil the main goal of this work. Three models are developed based on fuzzy reasoning, simple multi-attribute rating technique (SMART) and artificial neural networks (ANNs) for making decisions about an adequate security level. The models take into consideration the selected metrics (e.g. threat level, location, content, resources), and user's preferences and make a recommendation regarding security level. The models differ in terms number of security metrics used, user's intervention into decision making process, and number of security levels. Finally, the thesis presents the results of the experiment that has been conducted to evaluate a performance of the adaptive approach for selecting an adequate security level. The motivation for this experiment is based on the fact that decision making process requires additional computations, which can lead to increased resources consumption and can make the use of adaptive approach impractical. The results show that with right software design and implementation the computations related to adaptive approach does not decrease the performance of mobile devices. Furthermore, the use of the adequate security level improves the resources utilization for memory and battery life. The improvements are feasible already for small data rates (~3.4 Mb). Thus, for the real life scenarios with the data rates of hundred megabytes, we can expect significant improvements in resources usage by using an adequate security level / E-mail: ssmirnow@msn.com

Adaptive security

adequate security level

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

Analysis of Computer System Incidents and Security Level Evaluation / Incidentų kompiuterių sistemose tyrimas ir saugumo lygio įvertinimas

Paulauskas, Nerijus

10 June 2009

The problems of incidents arising in computer networks and the computer system security level evaluation are considered in the thesis. The main research objects are incidents arising in computer networks, intrusion detection systems and network scanning types. The aim of the thesis is the investigation of the incidents in the computer networks and computer system security level evaluation. The following main tasks are solved in the work: classification of attacks and numerical evaluation of the attack severity level evaluation; quantitative evaluation of the computer system security level; investigation of the dependence of the computer system performance and availability on the attacks affecting the system and defense mechanisms used in it; development of the model simulating the computer network horizontal and vertical scanning. The thesis consists of general characteristic of the research, five chapters and general conclusions. General characteristic of the thesis is dedicated to an introduction of the problem and its topicality. The aims and tasks of the work are also formulated; the used methods and novelty of solutions are described; the author‘s publications and structure of the thesis are presented. Chapter 1 covers the analysis of existing publications related to the problems of the thesis. The survey of the intrusion detection systems is presented and methods of the intrusion detection are analyzed. The currently existing techniques of the attack classification are... [to full text] / Disertacijoje nagrinėjamos incidentų kompiuterių tinkluose ir kompiuterių sistemų saugumo lygio įvertinimo problemos. Pagrindiniai tyrimo objektai yra incidentai kompiuterių tinkluose, atakų atpažinimo sistemos ir kompiuterių tinklo žvalgos būdai. Disertacijos tikslas – incidentų kompiuterių tinkluose tyrimas ir kompiuterių sistemų saugumo lygio įvertinimas. Darbe sprendžiami šie pagrindiniai uždaviniai: atakų klasifikavimas ir jų sunkumo lygio skaitinis įvertinimas; kompiuterių sistemos saugumo lygio kiekybinis įvertinimas; kompiuterių sistemos našumo ir pasiekiamumo priklausomybės nuo sistemą veikiančių atakų ir joje naudojamų apsaugos mechanizmų tyrimas; modelio, imituojančio kompiuterių tinklo horizontalią ir vertikalią žvalgą kūrimas. Disertaciją sudaro įvadas, penki skyriai ir bendrosios išvados. Įvadiniame skyriuje nagrinėjamas problemos aktualumas, formuluojamas darbo tikslas bei uždaviniai, aprašomas mokslinis darbo naujumas, pristatomi autoriaus pranešimai ir publikacijos, disertacijos struktūra. Pirmasis skyrius skirtas literatūros apžvalgai. Jame apžvelgiamos atakų atpažinimo sistemos, analizuojami atakų atpažinimo metodai. Nagrinėjami atakų klasifikavimo būdai. Didelis dėmesys skiriamas kompiuterių sistemos saugumo lygio įvertinimo metodams, kompiuterių prievadų žvalgos būdams ir žvalgos atpažinimo metodams. Skyriaus pabaigoje formuluojamos išvados ir konkretizuojami disertacijos uždaviniai. Antrajame skyriuje pateikta sudaryta atakų nukreiptų į kompiuterių... [toliau žr. visą tekstą]

Electronics and Electrical Engineering

Computer system security

Security level evaluation

Network scanning

Intrusion detection system

Computer system incidents

Kompiuterių sistemų saugumas

Saugumo lygio įvertinimas

Tinklo žvalga

Atakų atpažinimo sistmos

Incidentai kompiuterių sistemose

A Framework for Secure Structural Adaptation

Saman Nariman, Goran

January 2018

A (self-) adaptive system is a system that can dynamically adapt its behavior or structure during execution to "adapt" to changes to its environment or the system itself. From a security standpoint, there has been some research pertaining to (self-) adaptive systems in general but not enough care has been shown towards the adaptation itself. Security of systems can be reasoned about using threat models to discover security issues in the system. Essentially that entails abstracting away details not relevant to the security of the system in order to focus on the important aspects related to security. Threat models often enable us to reason about the security of a system quantitatively using security metrics. The structural adaptation process of a (self-) adaptive system occurs based on a reconfiguration plan, a set of steps to follow from the initial state (configuration) to the final state. Usually, the reconfiguration plan consists of multiple strategies for the structural adaptation process and each strategy consists of several steps steps with each step representing a specific configuration of the (self-) adaptive system. Different reconfiguration strategies have different security levels as each strategy consists of a different sequence configuration with different security levels. To the best of our knowledge, there exist no approaches which aim to guide the reconfiguration process in order to select the most secure available reconfiguration strategy, and the explicit security of the issues associated with the structural reconfiguration process itself has not been studied. In this work, based on an in-depth literature survey, we aim to propose several metrics to measure the security of configurations, reconfiguration strategies and reconfiguration plans based on graph-based threat models. Additionally, we have implemented a prototype to demonstrate our approach and automate the process. Finally, we have evaluated our approach based on a case study of our making. The preliminary results tend to expose certain security issues during the structural adaptation process and exhibit the effectiveness of our proposed metrics.

Self-Adaptive System

Adaptive System

Security

Threat Models

Security Metrics

Structural Adaptation

Reconfiguration Plan

Security Level

Graph-based Threat Models

Dynamic Reconfiguration

Structural Reconfiguration

Attack Graphs

T-HARM

Attack Trees

Attack Graphs Generation

MulVAL

Computer Sciences

Datavetenskap (datalogi)

Computer Systems

Datorsystem