1 |
Modelling and Quantitative Analysis of Performance vs Security Trade-offs in Computer Networks: An investigation into the modelling and discrete-event simulation analysis of performance vs security trade-offs in computer networks, based on combined metrics and stochastic activity networks (SANs)Habib Zadeh, Esmaeil January 2017 (has links)
Performance modelling and evaluation has long been considered of paramount
importance to computer networks from design through development, tuning and
upgrading. These networks, however, have evolved significantly since their first introduction
a few decades ago. The Ubiquitous Web in particular with fast-emerging
unprecedented services has become an integral part of everyday life. However, this
all is coming at the cost of substantially increased security risks. Hence cybercrime is
now a pervasive threat for today’s internet-dependent societies. Given the frequency
and variety of attacks as well as the threat of new, more sophisticated and destructive
future attacks, security has become more prevalent and mounting concern in
the design and management of computer networks. Therefore equally important if
not more so is security.
Unfortunately, there is no one-size-fits-all solution to security challenges. One security
defence system can only help to battle against a certain class of security threats. For overall security, a holistic approach including both reactive and proactive
security measures is commonly suggested. As such, network security may have
to combine multiple layers of defence at the edge and in the network and in its
constituent individual nodes.
Performance and security, however, are inextricably intertwined as security measures
require considerable amounts of computational resources to execute. Moreover, in
the absence of appropriate security measures, frequent security failures are likely
to occur, which may catastrophically affect network performance, not to mention
serious data breaches among many other security related risks.
In this thesis, we study optimisation problems for the trade-offs between performance
and security as they exist between performance and dependability. While
performance metrics are widely studied and well-established, those of security are
rarely defined in a strict mathematical sense. We therefore aim to conceptualise and
formulate security by analogy with dependability so that, like performance, it can
be modelled and quantified.
Having employed a stochastic modelling formalism, we propose a new model for a
single node of a generic computer network that is subject to various security threats.
We believe this nodal model captures both performance and security aspects of a
computer node more realistically, in particular the intertwinements between them.
We adopt a simulation-based modelling approach in order to identify, on the basis
of combined metrics, optimal trade-offs between performance and security and facilitate
more sophisticated trade-off optimisation studies in the field.
We realise that system parameters can be found that optimise these abstract combined
metrics, while they are optimal neither for performance nor for security individually.
Based on the proposed simulation modelling framework, credible numerical
experiments are carried out, indicating the scope for further work extensions for a
systematic performance vs security tuning of computer networks.
|
2 |
Modelling and Evaluation of Performance, Security and Database Management Trade-offs in Cloud Computing Platforms. An investigation into quantitative modelling and simulation analysis of ‘optimal’ performance, security and database management trade-offs in Cloud Computing Platforms (CCPs), based on Stochastic Activity Networks (SANs) and a three-tier combined metricsAkinyemi, Akinwale A. January 2020 (has links)
A framework for the quantitative analysis of performance, security and database
management within a network system (e.g. a cloud computing platform) is presented
within this research. Our study provides a methodology for modelling and
quantitatively generating significant metrics needed in the evaluation of a network
system. To narrow this research, a study is carried-out into the quantitative modelling
and analysis of performance, security and database management trade-offs in cloud
computing platforms, based on Stochastic Activity Networks (SANs) and combined
metrics.
Cloud computing is an innovative distributed computing archetypal based on the
infrastructure of the internet providing computational power, application, storage and
infrastructure services. Security mechanisms such as: batch rekeying, intrusion
detection, encryption/decryption or security protocols come at the expense of
performance and computing resources consumption. Furthermore, database
management processing also has an adverse effect on performance especially in the
presence of big data. Stochastic Activity Networks (SANs) that offer synchronisation, timeliness and parallelism are proposed for the modelling and quantitative evaluations
of ‘optimal’ trade-offs involving performance, security and database management.
Performance modelling and analysis of computer network systems has mostly been
considered of utmost importance. Quantification of performance for a while has been
assessed using stochastic models with a rising interest in the quantification of security
stochastic modelling being applied to security problems. Quantitative techniques that
includes analytical valuations founded on queuing theory, discrete-event simulations
and correlated approximations have been utilised in the examination of performance.
Security suffers from the point that no interpretations can be made in an optimal case.
The most consequential security metrics are in analogy with reliability metrics.
The express rate at which data grows increases the prominence for research into the
design and development of cloud computing models that manages the workload
intensity and are suitable for data exploration. Handling big data especially within
cloud computing is a resource consuming, time-demanding and challenging task that
necessitates titanic computational infrastructures to endorse successful data
exploration. We present an improved Security State Transition Diagram (SSTD) by adding a new
security state (Failed/Freeze state). The presence of this new security state signifies a
security position of the computing network system were the implemented security
countermeasures cannot handle the security attacks and the system fails completely.
In a more sophisticated security system, when the security countermeasure(s) cannot
in any form categorise the security attack, the network system is moved to the
Failed/Freeze security state. At this security state, the network system can only resume
operation when restored by the system administrator.
In this study, we propose a cloud computing system model, defined security
countermeasures and evaluated the optimisation problems for the trade-offs between
performance, security and database management using SANs formalism. We
designed, modelled and implemented dependency within our presented security
system, developing interaction within the security countermeasures using our
proposed Security Group Communication System (SGCS). The choice of Petri-Nets enables the understanding and capturing of specified metrics at different stages of the
proposed cloud computing model.
In this thesis, an overview of cloud computing including its classification and services
is presented in conjunction with a review of existing works of literature. Subsequently,
a methodology is proposed for the quantitative analysis of our proposed cloud
computing model of performance-security-database trade-offs using Möbius
simulator. Additionally, numerical experiments with relevant interpretations are
presented and appropriate interpretations are made. We identified that there are system
parameters that can be used to optimise the presented abstract combined metrics but
they are optimal for neither performance or security or database management
independently. Founded on the proposed quantitative simulation model framework,
reliable numerical experiments were observed and indicated scope for further
extensions of this work. For example, the use of Machine Learning (ML) or Artificial
Intelligence (AI) in the predictive and prevention aspects of the security systems.
|
Page generated in 0.0765 seconds