[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Experience Report: Trading Dependability, Performance, and Security through Temporal Decoupling

  • Conference paper
Distributed Applications and Interoperable Systems (DAIS 2011)

Abstract

While it is widely recognized that security can be traded for performance and dependability, this trade-off lacks concrete and quantitative evidence. In this experience report we discuss (i) a concrete approach (temporal decoupling) to control the trade-off between those properties, and a quantitative and qualitative evaluation of the benefits based on an online auction system. Our results show that trading only a small amount of security does not pay off in terms of performance or dependability. Trading security even more first improves performance and later improves dependability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Agi, I., Gong, L.: An empirical study of secure mpeg video transmissions. In: Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS 1996), pp. 137–144. IEEE Computer Society, Washington, DC, USA (1996)

    Google Scholar 

  2. Andersen, D.G.: Mayday: Distributed filtering for internet services. In: 4th USENIX Symposium on Internet Technologies and Systems (2003)

    Google Scholar 

  3. Avižienis, A., Laprie, J.C., Randell, B., Landwehr, C.E.: Basic concepts and taxon- omy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  4. Barka, E., Boulmalf, M.: On the impact of security on the performance of wlans. JCM 2(4), 10–17 (2007)

    Google Scholar 

  5. Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against tor. In: WPES 2007: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, pp. 11–20. ACM, New York (2007)

    Chapter  Google Scholar 

  6. Chen, Y., He, Z.: Simulating highly dependable applications in a distributed computing environment. In: ANSS 2003: Proceedings of the 36th Annual Symposium on Simulation, p. 101. IEEE Computer Society, Washington, DC, USA (2003)

    Chapter  Google Scholar 

  7. Cho, B., Youn, H., Lee, E.: Performability analysis method from reliability and availability. In: Lee, G., Howard, D., Kang, J.J., Slezak, D., Ahn, T.N., Yang, C.H. (eds.) ICHIT. ACM International Conference Proceeding Series, vol. 321, pp. 401–407. ACM, New York (2009)

    Chapter  Google Scholar 

  8. Cortellessa, V., Trubiani, C., Mostarda, L., Dulay, N.: An architectural framework for analyzing tradeoffs between software security and performance. In: Giese, H. (ed.) ISARCS 2010. LNCS, vol. 6150, pp. 1–18. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Cowan, C., Pu, C., Maier, D., Hintony, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: automatic adaptive detection and prevention of buffer-overow attacks. In: SSYM 1998: Proceedings of the 7th USENIX Security Symposium, p. 5. USENIX Association, Berkeley (1998)

    Google Scholar 

  10. Deswarte, Y., Blain, L., Fabre, J.C.: Intrusion tolerance in distributed computing systems. In: IEEE Symposium on Security and Privacy, pp. 110–121 (1991)

    Google Scholar 

  11. Fraga, J., Powell, D.: A fault- and intrusion-tolerant file system. In: Proceedings of the 3rd Intl. Conf. on Computer Security, pp. 203–218 (1985)

    Google Scholar 

  12. Haleem, M.A., Mathur, C.N., Chandramouli, R., Subbalakshmi, K.P.: Opportunis- tic encryption: A trade-off between security and throughput in wireless networks. IEEE Trans. Dependable Secur. Comput. 4(4), 313–324 (2007)

    Article  Google Scholar 

  13. Hariri, S., Mutlu, H.: Hierarchical modeling of availability in distributed systems. IEEE Trans. Softw. Eng. 21(1), 50–58 (1995)

    Article  Google Scholar 

  14. Kaaniche, M., Kanoun, K., Rabah, M.: A framework for modeling availability of e- business systems. In: Proceedings of Tenth Intl. Conf. on Computer Communications and Networks, 2001, pp. 40–45 (2001)

    Google Scholar 

  15. Komari, I.E., Kharchenko, V., Lysenko, I., Babeshko, E., Romanovsky, A.: Diversity and security of computing systems: Points of interconnection. part 2: Methodology and case study. MASAUM Journal of Open Problems in Science and Engineering 1(2), 33–41 (2009)

    Google Scholar 

  16. Komari, I.E., Kharchenko, V., Romanovsky, A., Babeshko, E.: Diversity and security of computing systems: Points of interconnection. part 1: Introduction to methodology. MASAUM Journal of Open Problems in Science and Engineering 1(2), 28–32 (2009)

    Google Scholar 

  17. Laprie, J. (ed.): Dependability: Basic Concepts and Terminology. Springer, Heidelberg (1992)

    MATH  Google Scholar 

  18. Littlewood, B., Strigini, L.: Redundancy and diversity in security. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 423–438. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Mainkar, V.: Availability analysis of transaction processing systems based on user-perceived performance. In: SRDS 1997: Proceedings of the 16th Symposium on Reliable Distributed Systems, p. 10. IEEE Computer Society, Los Alamitos (1997)

    Chapter  Google Scholar 

  20. Meyer, J.F.: On evaluating the performability of degradable computing systems. IEEE Transactions on Computers 29(8), 720–731 (1980)

    Article  MATH  Google Scholar 

  21. Meyer, J.F.: Performability: a retrospective and some pointers to the future. Performance Evaluation 14(3-4), 139–156 (1992); performability Modelling of Computer and Communication Systems

    Article  MATH  Google Scholar 

  22. Powell, D., Stroud, R. (eds.): Conceptual model and architecture of MAFTIA. Tech. Rep. D21, MAFTIA EU Project (2003)

    Google Scholar 

  23. Shao, L., Zhao, J., Xie, T., Zhang, L., Xie, B., Mei, H.: User-perceived service availability: A metric and an estimation approach. In: ICWS, pp. 647–654. IEEE, Los Alamitos (2009)

    Google Scholar 

  24. Snader, R., Borisov, N.: A tune-up for tor: Improving security and performance in the tor network. In: NDSS. The Internet Society, San Diego (2008)

    Google Scholar 

  25. Starnberger, G., Froihofer, L., Goeschka, K.M.: Distributed timestamping with smart cards using effcient overlay routing. In: Fifth Intl. Conf. for Internet Technology and Secured Transactions (ICITST 2010) (November 2010)

    Google Scholar 

  26. Starnberger, G., Froihofer, L., Goeschka, K.M.: Adaptive run-time performance optimization through scalable client request rate control. In: Proc. 2nd Joint WOSP/SIPEW Intl. Conf. on Performance Engineering (WOSP/SIPEW 2011). ACM, New York (March 2011) (to appear)

    Google Scholar 

  27. Starnberger, G., Froihofer, L., Goeschka, K.M.: A generic proxy for secure smart card-enabled web applications. In: Benatallah, B., Casati, F., Kappel, G., Rossi, G. (eds.) ICWE 2010. LNCS, vol. 6189, pp. 370–384. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  28. Starnberger, G., Froihofer, L., Goeschka, K.M.: Using smart cards for tamper-proof timestamps on untrusted clients. In: ARES 2010, Fifth Intl. Conf. on Availability,Reliability and Security, Kraków, Poland, February 15-18, pp. 96–103. IEEE Computer Society, Los Alamitos (2010)

    Chapter  Google Scholar 

  29. Timmerman, B.: A security model for dynamic adaptive traffic masking. In: NSPW 1997: Proceedings of the 1997 Workshop on New Security Paradigms, pp. 107–116. ACM, New York (1997)

    Google Scholar 

  30. Veríssimo, P., Neves, N.F., Cachin, C., Poritz, J.A., Powell, D., Deswarte, Y., Stroud, R.J., Welch, I.: Intrusion-tolerant middleware: the road to automatic security. IEEE Security & Privacy 4(4), 54–62 (2006)

    Article  Google Scholar 

  31. Veríssimo, P., Neves, N.F., Correia, M.: Intrusion-tolerant architectures: Concepts and design. In: de Lemos, R., Gacek, C., Romanovsky, A.B. (eds.) Architecting Dependable Systems. LNCS, vol. 2677, pp. 3–36. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  32. Wang, D., Trivedi, K.S.: Modeling user-perceived service availability. In: Malek, M., Nett, E., Suri, N. (eds.) ISAS 2005. LNCS, vol. 3694, pp. 107–122. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  33. Wolter, K., Reinecke, P.: Performance and security tradeoff. In: Aldini, A., Bernardo, M., Pierro, A.D., Wiklicky, H. (eds.) SFM 2010. LNCS, vol. 6154, pp. 135–167. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  34. Xie, W., Sun, H., Cao, Y., Trivedi, K.: Modeling of user perceived webserver availability. In: IEEE Intl. Conf. on Communications, ICC 2003, vol. 3, pp. 1796–1800 (May 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2011 IFIP International Federation for Information Processing

About this paper

Cite this paper

Froihofer, L., Starnberger, G., Goeschka, K.M. (2011). Experience Report: Trading Dependability, Performance, and Security through Temporal Decoupling. In: Felber, P., Rouvoy, R. (eds) Distributed Applications and Interoperable Systems. DAIS 2011. Lecture Notes in Computer Science, vol 6723. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21387-8_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21387-8_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21386-1

  • Online ISBN: 978-3-642-21387-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics