Abstract
While it is widely recognized that security can be traded for performance and dependability, this trade-off lacks concrete and quantitative evidence. In this experience report we discuss (i) a concrete approach (temporal decoupling) to control the trade-off between those properties, and a quantitative and qualitative evaluation of the benefits based on an online auction system. Our results show that trading only a small amount of security does not pay off in terms of performance or dependability. Trading security even more first improves performance and later improves dependability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Agi, I., Gong, L.: An empirical study of secure mpeg video transmissions. In: Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS 1996), pp. 137–144. IEEE Computer Society, Washington, DC, USA (1996)
Andersen, D.G.: Mayday: Distributed filtering for internet services. In: 4th USENIX Symposium on Internet Technologies and Systems (2003)
Avižienis, A., Laprie, J.C., Randell, B., Landwehr, C.E.: Basic concepts and taxon- omy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11–33 (2004)
Barka, E., Boulmalf, M.: On the impact of security on the performance of wlans. JCM 2(4), 10–17 (2007)
Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against tor. In: WPES 2007: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, pp. 11–20. ACM, New York (2007)
Chen, Y., He, Z.: Simulating highly dependable applications in a distributed computing environment. In: ANSS 2003: Proceedings of the 36th Annual Symposium on Simulation, p. 101. IEEE Computer Society, Washington, DC, USA (2003)
Cho, B., Youn, H., Lee, E.: Performability analysis method from reliability and availability. In: Lee, G., Howard, D., Kang, J.J., Slezak, D., Ahn, T.N., Yang, C.H. (eds.) ICHIT. ACM International Conference Proceeding Series, vol. 321, pp. 401–407. ACM, New York (2009)
Cortellessa, V., Trubiani, C., Mostarda, L., Dulay, N.: An architectural framework for analyzing tradeoffs between software security and performance. In: Giese, H. (ed.) ISARCS 2010. LNCS, vol. 6150, pp. 1–18. Springer, Heidelberg (2010)
Cowan, C., Pu, C., Maier, D., Hintony, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: automatic adaptive detection and prevention of buffer-overow attacks. In: SSYM 1998: Proceedings of the 7th USENIX Security Symposium, p. 5. USENIX Association, Berkeley (1998)
Deswarte, Y., Blain, L., Fabre, J.C.: Intrusion tolerance in distributed computing systems. In: IEEE Symposium on Security and Privacy, pp. 110–121 (1991)
Fraga, J., Powell, D.: A fault- and intrusion-tolerant file system. In: Proceedings of the 3rd Intl. Conf. on Computer Security, pp. 203–218 (1985)
Haleem, M.A., Mathur, C.N., Chandramouli, R., Subbalakshmi, K.P.: Opportunis- tic encryption: A trade-off between security and throughput in wireless networks. IEEE Trans. Dependable Secur. Comput. 4(4), 313–324 (2007)
Hariri, S., Mutlu, H.: Hierarchical modeling of availability in distributed systems. IEEE Trans. Softw. Eng. 21(1), 50–58 (1995)
Kaaniche, M., Kanoun, K., Rabah, M.: A framework for modeling availability of e- business systems. In: Proceedings of Tenth Intl. Conf. on Computer Communications and Networks, 2001, pp. 40–45 (2001)
Komari, I.E., Kharchenko, V., Lysenko, I., Babeshko, E., Romanovsky, A.: Diversity and security of computing systems: Points of interconnection. part 2: Methodology and case study. MASAUM Journal of Open Problems in Science and Engineering 1(2), 33–41 (2009)
Komari, I.E., Kharchenko, V., Romanovsky, A., Babeshko, E.: Diversity and security of computing systems: Points of interconnection. part 1: Introduction to methodology. MASAUM Journal of Open Problems in Science and Engineering 1(2), 28–32 (2009)
Laprie, J. (ed.): Dependability: Basic Concepts and Terminology. Springer, Heidelberg (1992)
Littlewood, B., Strigini, L.: Redundancy and diversity in security. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 423–438. Springer, Heidelberg (2004)
Mainkar, V.: Availability analysis of transaction processing systems based on user-perceived performance. In: SRDS 1997: Proceedings of the 16th Symposium on Reliable Distributed Systems, p. 10. IEEE Computer Society, Los Alamitos (1997)
Meyer, J.F.: On evaluating the performability of degradable computing systems. IEEE Transactions on Computers 29(8), 720–731 (1980)
Meyer, J.F.: Performability: a retrospective and some pointers to the future. Performance Evaluation 14(3-4), 139–156 (1992); performability Modelling of Computer and Communication Systems
Powell, D., Stroud, R. (eds.): Conceptual model and architecture of MAFTIA. Tech. Rep. D21, MAFTIA EU Project (2003)
Shao, L., Zhao, J., Xie, T., Zhang, L., Xie, B., Mei, H.: User-perceived service availability: A metric and an estimation approach. In: ICWS, pp. 647–654. IEEE, Los Alamitos (2009)
Snader, R., Borisov, N.: A tune-up for tor: Improving security and performance in the tor network. In: NDSS. The Internet Society, San Diego (2008)
Starnberger, G., Froihofer, L., Goeschka, K.M.: Distributed timestamping with smart cards using effcient overlay routing. In: Fifth Intl. Conf. for Internet Technology and Secured Transactions (ICITST 2010) (November 2010)
Starnberger, G., Froihofer, L., Goeschka, K.M.: Adaptive run-time performance optimization through scalable client request rate control. In: Proc. 2nd Joint WOSP/SIPEW Intl. Conf. on Performance Engineering (WOSP/SIPEW 2011). ACM, New York (March 2011) (to appear)
Starnberger, G., Froihofer, L., Goeschka, K.M.: A generic proxy for secure smart card-enabled web applications. In: Benatallah, B., Casati, F., Kappel, G., Rossi, G. (eds.) ICWE 2010. LNCS, vol. 6189, pp. 370–384. Springer, Heidelberg (2010)
Starnberger, G., Froihofer, L., Goeschka, K.M.: Using smart cards for tamper-proof timestamps on untrusted clients. In: ARES 2010, Fifth Intl. Conf. on Availability,Reliability and Security, Kraków, Poland, February 15-18, pp. 96–103. IEEE Computer Society, Los Alamitos (2010)
Timmerman, B.: A security model for dynamic adaptive traffic masking. In: NSPW 1997: Proceedings of the 1997 Workshop on New Security Paradigms, pp. 107–116. ACM, New York (1997)
Veríssimo, P., Neves, N.F., Cachin, C., Poritz, J.A., Powell, D., Deswarte, Y., Stroud, R.J., Welch, I.: Intrusion-tolerant middleware: the road to automatic security. IEEE Security & Privacy 4(4), 54–62 (2006)
Veríssimo, P., Neves, N.F., Correia, M.: Intrusion-tolerant architectures: Concepts and design. In: de Lemos, R., Gacek, C., Romanovsky, A.B. (eds.) Architecting Dependable Systems. LNCS, vol. 2677, pp. 3–36. Springer, Heidelberg (2003)
Wang, D., Trivedi, K.S.: Modeling user-perceived service availability. In: Malek, M., Nett, E., Suri, N. (eds.) ISAS 2005. LNCS, vol. 3694, pp. 107–122. Springer, Heidelberg (2005)
Wolter, K., Reinecke, P.: Performance and security tradeoff. In: Aldini, A., Bernardo, M., Pierro, A.D., Wiklicky, H. (eds.) SFM 2010. LNCS, vol. 6154, pp. 135–167. Springer, Heidelberg (2010)
Xie, W., Sun, H., Cao, Y., Trivedi, K.: Modeling of user perceived webserver availability. In: IEEE Intl. Conf. on Communications, ICC 2003, vol. 3, pp. 1796–1800 (May 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Froihofer, L., Starnberger, G., Goeschka, K.M. (2011). Experience Report: Trading Dependability, Performance, and Security through Temporal Decoupling. In: Felber, P., Rouvoy, R. (eds) Distributed Applications and Interoperable Systems. DAIS 2011. Lecture Notes in Computer Science, vol 6723. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21387-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-21387-8_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21386-1
Online ISBN: 978-3-642-21387-8
eBook Packages: Computer ScienceComputer Science (R0)