Modelling and Quantitative Analysis of Performance vs Security Trade-offs in Computer Networks: An investigation into the modelling and discrete-event simulation analysis of performance vs security trade-offs in computer networks, based on combined metrics and stochastic activity networks (SANs)

Habib Zadeh, Esmaeil

January 2017

Performance modelling and evaluation has long been considered of paramount importance to computer networks from design through development, tuning and upgrading. These networks, however, have evolved significantly since their first introduction a few decades ago. The Ubiquitous Web in particular with fast-emerging unprecedented services has become an integral part of everyday life. However, this all is coming at the cost of substantially increased security risks. Hence cybercrime is now a pervasive threat for today’s internet-dependent societies. Given the frequency and variety of attacks as well as the threat of new, more sophisticated and destructive future attacks, security has become more prevalent and mounting concern in the design and management of computer networks. Therefore equally important if not more so is security. Unfortunately, there is no one-size-fits-all solution to security challenges. One security defence system can only help to battle against a certain class of security threats. For overall security, a holistic approach including both reactive and proactive security measures is commonly suggested. As such, network security may have to combine multiple layers of defence at the edge and in the network and in its constituent individual nodes. Performance and security, however, are inextricably intertwined as security measures require considerable amounts of computational resources to execute. Moreover, in the absence of appropriate security measures, frequent security failures are likely to occur, which may catastrophically affect network performance, not to mention serious data breaches among many other security related risks. In this thesis, we study optimisation problems for the trade-offs between performance and security as they exist between performance and dependability. While performance metrics are widely studied and well-established, those of security are rarely defined in a strict mathematical sense. We therefore aim to conceptualise and formulate security by analogy with dependability so that, like performance, it can be modelled and quantified. Having employed a stochastic modelling formalism, we propose a new model for a single node of a generic computer network that is subject to various security threats. We believe this nodal model captures both performance and security aspects of a computer node more realistically, in particular the intertwinements between them. We adopt a simulation-based modelling approach in order to identify, on the basis of combined metrics, optimal trade-offs between performance and security and facilitate more sophisticated trade-off optimisation studies in the field. We realise that system parameters can be found that optimise these abstract combined metrics, while they are optimal neither for performance nor for security individually. Based on the proposed simulation modelling framework, credible numerical experiments are carried out, indicating the scope for further work extensions for a systematic performance vs security tuning of computer networks.

Performance

Security

Trade-off

Modelling

Simulation

Petri nets

Stochastic activity networks

Modelling and Evaluation of Performance, Security and Database Management Trade-offs in Cloud Computing Platforms. An investigation into quantitative modelling and simulation analysis of ‘optimal’ performance, security and database management trade-offs in Cloud Computing Platforms (CCPs), based on Stochastic Activity Networks (SANs) and a three-tier combined metrics

Akinyemi, Akinwale A.

January 2020

A framework for the quantitative analysis of performance, security and database management within a network system (e.g. a cloud computing platform) is presented within this research. Our study provides a methodology for modelling and quantitatively generating significant metrics needed in the evaluation of a network system. To narrow this research, a study is carried-out into the quantitative modelling and analysis of performance, security and database management trade-offs in cloud computing platforms, based on Stochastic Activity Networks (SANs) and combined metrics. Cloud computing is an innovative distributed computing archetypal based on the infrastructure of the internet providing computational power, application, storage and infrastructure services. Security mechanisms such as: batch rekeying, intrusion detection, encryption/decryption or security protocols come at the expense of performance and computing resources consumption. Furthermore, database management processing also has an adverse effect on performance especially in the presence of big data. Stochastic Activity Networks (SANs) that offer synchronisation, timeliness and parallelism are proposed for the modelling and quantitative evaluations of ‘optimal’ trade-offs involving performance, security and database management. Performance modelling and analysis of computer network systems has mostly been considered of utmost importance. Quantification of performance for a while has been assessed using stochastic models with a rising interest in the quantification of security stochastic modelling being applied to security problems. Quantitative techniques that includes analytical valuations founded on queuing theory, discrete-event simulations and correlated approximations have been utilised in the examination of performance. Security suffers from the point that no interpretations can be made in an optimal case. The most consequential security metrics are in analogy with reliability metrics. The express rate at which data grows increases the prominence for research into the design and development of cloud computing models that manages the workload intensity and are suitable for data exploration. Handling big data especially within cloud computing is a resource consuming, time-demanding and challenging task that necessitates titanic computational infrastructures to endorse successful data exploration. We present an improved Security State Transition Diagram (SSTD) by adding a new security state (Failed/Freeze state). The presence of this new security state signifies a security position of the computing network system were the implemented security countermeasures cannot handle the security attacks and the system fails completely. In a more sophisticated security system, when the security countermeasure(s) cannot in any form categorise the security attack, the network system is moved to the Failed/Freeze security state. At this security state, the network system can only resume operation when restored by the system administrator. In this study, we propose a cloud computing system model, defined security countermeasures and evaluated the optimisation problems for the trade-offs between performance, security and database management using SANs formalism. We designed, modelled and implemented dependency within our presented security system, developing interaction within the security countermeasures using our proposed Security Group Communication System (SGCS). The choice of Petri-Nets enables the understanding and capturing of specified metrics at different stages of the proposed cloud computing model. In this thesis, an overview of cloud computing including its classification and services is presented in conjunction with a review of existing works of literature. Subsequently, a methodology is proposed for the quantitative analysis of our proposed cloud computing model of performance-security-database trade-offs using Möbius simulator. Additionally, numerical experiments with relevant interpretations are presented and appropriate interpretations are made. We identified that there are system parameters that can be used to optimise the presented abstract combined metrics but they are optimal for neither performance or security or database management independently. Founded on the proposed quantitative simulation model framework, reliable numerical experiments were observed and indicated scope for further extensions of this work. For example, the use of Machine Learning (ML) or Artificial Intelligence (AI) in the predictive and prevention aspects of the security systems.

Performance

Security

Database management

Cloud computing

Stochastic Activity Networks (SANs)

Cloud Computing Platforms (CCPs)