performance and security tradeoff
play

Performance and Security Tradeoff Katinka Wolter Bertinoro, June - PowerPoint PPT Presentation

Nov 04, 2023 •296 likes •1.27k views

Performance and Security Tradeoff Katinka Wolter Bertinoro, June 26, 2010 Table of Contents Introduction Performance Cost of Encryption Performance Evaluation of a Key Distribution Centre Modelling and Quantifying Intrusion Tolerant Systems

  1. Performance and Security Tradeoff Katinka Wolter Bertinoro, June 26, 2010

  2. Table of Contents Introduction Performance Cost of Encryption Performance Evaluation of a Key Distribution Centre Modelling and Quantifying Intrusion Tolerant Systems Security of MANETs Security of the email system Modelling Performance Security Tradeoff Conclusions , Katinka Wolter, Performance and Security Tradeoff, SFM’10 2

  3. motivation ◮ what does the performance security tradeoff mean? ◮ we need to measure performance ◮ we need to measure security ◮ what are the costs of performance? ◮ what are the costs of security? ◮ can we trade one against the other? , Katinka Wolter, Performance and Security Tradeoff, SFM’10 3

  4. performance classical metrics ◮ throughput ◮ response time, completion time evaluation tools ◮ CTMC ◮ queueing model ◮ GSPN, SRN, PEPA measures ◮ accumulated reward ◮ expected reward ◮ moments of reward ◮ time to absorption , Katinka Wolter, Performance and Security Tradeoff, SFM’10 4

  5. Performance versus Security Quantification ◮ performance can be measured, quantified ◮ cost of performance can be quantified ◮ can we measure security? ◮ can we determine the cost of security? ◮ ultimately cost in terms of performance , Katinka Wolter, Performance and Security Tradeoff, SFM’10 5

  6. Security Cost It cost British Columbians almost $15 million a day to ensure a peaceful Olympics. Members of the Vancouver 2010 Olympic Games Integrated Security Unit , Katinka Wolter, Performance and Security Tradeoff, SFM’10 6

  7. Information Week April 2007 ◮ Forrester Research survey of 28 companies ◮ Security Breaches Cost $90 To $305 Per Lost Record ◮ 25% respondants do not know how to quantify loss , Katinka Wolter, Performance and Security Tradeoff, SFM’10 7

  8. security cost Google Gmail now can be set to encrypt communications between a browser and Google’s servers by default, an option that makes the e-mail service harder to snoop on but also potentially slower. Google mail Your computer has to do extra work to decrypt all that data, and encrypted data doesn’t travel across the Internet as efficiently as unencrypted data, that’s why we leave the choice up to you. , Katinka Wolter, Performance and Security Tradeoff, SFM’10 8

  9. IBM slogans IBM Security Solutions Manage Risk. Reduce Costs. Enable Innovation. IBM Virtualisation Virtualisation Security Solutions from IBM Internet Security Systems TM Manage the risks of virtualisations and realise the cost savings. , Katinka Wolter, Performance and Security Tradeoff, SFM’10 9

  10. IBM security IBM cloud computing security IBM offers end-to-end solutions that enable you to take a business-driven and holistic approach to securing your cloud computing environment. IBM’s capabilities empower you to dynamically monitor and quantify security risks, enabling you to better: ◮ understand threats and vulnerabilities in terms of business impact, ◮ respond to security events with security controls that optimize business results, ◮ prioritize and balance your security investments. IBM Security Solutions for Data Centers Your company can build a secure, dynamic information infrastructure that helps you accelerate innovation while reducing cost and complexity of security. , Katinka Wolter, Performance and Security Tradeoff, SFM’10 10

  11. energy costs IT costs ◮ total energy costs of FUB 10 M Euro ◮ electricity 50% ◮ power consumption of FUB’s central IT services ◮ how much redundancy, security is necessary? , Katinka Wolter, Performance and Security Tradeoff, SFM’10 11

  12. security concerns are not new Problems ◮ cost of security incident unknown ◮ incidents may not be detected ◮ information security aims to get close to theoretical max. without knowing the cost. ◮ security risks may have very low probability. Don’t invest close to potential damage to prevent, but detect. Source: A Structured Ap- proach to Computer Security, T. Olovsson (1992) , Katinka Wolter, Performance and Security Tradeoff, SFM’10 12

  13. Information Security CIA Properties ◮ Confidentiality (information is not passed to unauthorised parties, defense) ◮ Integrity (information is not modified by unauthorised parties, banking) ◮ Availability (information is at disposition, telephone) ◮ (non-repudiation) sender and receiver are authentic , Katinka Wolter, Performance and Security Tradeoff, SFM’10 13

  14. security versus dependability analogies ◮ error, fault, failure in dependability ◮ vulnerability, security fault (Trojan hoarse), security failure ◮ failures can be modelled as random processes differences ◮ accidental problems in dependability ◮ intentional problems in security ◮ attacker accumulates reward ◮ redundancy is helpful in dependability, detrimental for security references ◮ Littlewood, Brocklehurst, Fenton, Mellor, Page, Wright (1993) ◮ Littlewood, Strigini (2004), Nicol, Sanders, Trivedi (2004) , Katinka Wolter, Performance and Security Tradeoff, SFM’10 14

  15. weak hypothesis survey of security quantification ◮ Verendel 2009: survey of 90 papers between 1981 and 2008. ◮ includes hardly model-based analysis ◮ it is unclear whether the methods applied are appropriate ◮ quantitative analysis needs large numbers of results ◮ solid, empirical data is necessary, hence , Katinka Wolter, Performance and Security Tradeoff, SFM’10 15

  16. weak hypothesis survey of security quantification ◮ Verendel 2009: survey of 90 papers between 1981 and 2008. ◮ includes hardly model-based analysis ◮ it is unclear whether the methods applied are appropriate ◮ quantitative analysis needs large numbers of results ◮ solid, empirical data is necessary, hence ◮ Quantified Security is a Weak Hypothesis , Katinka Wolter, Performance and Security Tradeoff, SFM’10 15

  17. security engineering prevention protect data and communication to avoid security breaches diagnosis/detection identify whether and when a security incident has happened response stop attack from causing further damage recovery recover from security breach, rekey, use backup data , Katinka Wolter, Performance and Security Tradeoff, SFM’10 16

  18. security metrics metrics for security in analogy with dependability metrics TBI t t1 td1 tr1 t2 td2 tr2 TTID TBDR TTIR ◮ TBI: Time Between Incidents ◮ TTID: Time To Incident Discovery ◮ TTIR: Time To Incident Recovery ◮ TBDR: Time Between Detection and Recovery , Katinka Wolter, Performance and Security Tradeoff, SFM’10 17

  19. simple Markovian security model parameterise using ◮ inverse of MTBSI as rate of the fail transition ◮ inverse of MTTID as rate of the detect transition ◮ inverse of MTBDR as rate of the recover transition. The states relate to prevention, diagnosis, recovery. Open question: how do we know the rates? , Katinka Wolter, Performance and Security Tradeoff, SFM’10 18

  20. Performance Cost of Encryption Introduction Performance Cost of Encryption Performance Evaluation of a Key Distribution Centre Modelling and Quantifying Intrusion Tolerant Systems Security of MANETs Security of the email system Modelling Performance Security Tradeoff Conclusions , Katinka Wolter, Performance and Security Tradeoff, SFM’10 19

  21. performance cost of encryption experiments ◮ experimental study, no model ◮ investigation of different algorithms for symmetric and asymmetric encryption ◮ investigation of different implementations ◮ encryption of 1,137 byte plaintext file ◮ keylength: DES 56bit, DESede (Triple DES) 112, Skipjack 80, 128 all others ◮ results for symmetric and asymmetric algorithms include key generation, algorithm initialization and message encryption times C. Lamprecht, A. van Moorsel, P. Tomlinson, and N. Thomas. Investigating the efficiency of cryptographic algorithms in online transactions. International Journal of Simulation: Systems, Science & Technology , 7(2):63–75, 2006. , Katinka Wolter, Performance and Security Tradeoff, SFM’10 20

  22. performance of Sun JCE implementation ◮ encryption times range between 85ms and 180ms ◮ triple DES (DESede) hardly slower than DES , Katinka Wolter, Performance and Security Tradeoff, SFM’10 21

  23. performance of Java Cryptix implementation ◮ encryption times range between 15ms and 50ms ◮ AES = Rijndael hardly slower than DES ◮ triple DES (DESede) slightly slower than DES , Katinka Wolter, Performance and Security Tradeoff, SFM’10 22

  24. conclusions for symmetric encryption performance versus security ◮ IDEA and Cryptix implementation seem to be best ◮ security measured in key length ⇒ DES and Skypjack less secure ◮ security and cost do not correlate ◮ implementation matters , Katinka Wolter, Performance and Security Tradeoff, SFM’10 23

  25. asymmetric encryption public key cryptography ◮ encrypt with destinations public key ◮ receiver decrypts with private key ◮ avoids problem of secure key transmission ◮ security increases with key length ◮ current security standard RSA-1024 ◮ measurement of key generation and encryption time , Katinka Wolter, Performance and Security Tradeoff, SFM’10 24

  26. speed of public key encryption ◮ DSA only provides non-repudiation, no data confidentiality ◮ Diffie-Hellman 1024 is omitted for clarity , Katinka Wolter, Performance and Security Tradeoff, SFM’10 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo

Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo

Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo Italy Foundations of Security Analysis and Design (FOSAD) 3 September 2011, Bertinoro Outline Introduction 1 Motivation Different Views of

865 views • 64 slides
Performance Tradeoff Considerations in a Graphics Processing Unit

Performance Tradeoff Considerations in a Graphics Processing Unit

Performance Tradeoff Considerations in a Graphics Processing Unit (GPU) Implementation of a Low Detectable Aircraft Sensor System Christopher SCANNELL, Kevin COX,

335 views • 7 slides
On the Resource/Performance Tradeoff in Large Scale Queueing Systems David Gamarnik MIT Joint

On the Resource/Performance Tradeoff in Large Scale Queueing Systems David Gamarnik MIT Joint

High Level Comments Join the Shortest Queue Policy Dispatching with Limited Memory and Information Exchange On the Resource/Performance Tradeoff in Large Scale Queueing Systems David Gamarnik MIT Joint work with Patrick Eschenfeldt, John

749 views • 48 slides
Prize-Collecting Data Fusion for Cost-Performance Tradeoff in Distributed Inference Anima

Prize-Collecting Data Fusion for Cost-Performance Tradeoff in Distributed Inference Anima

Prize-Collecting Data Fusion for Cost-Performance Tradeoff in Distributed Inference Anima Anandkumar 1 Meng Wang 1 Lang Tong 1 Ananthram Swami 2 1 School of ECE, Cornell University, Ithaca, NY. 2 Army Research Laboratory, Adelphi MD. INFOCOM 2009

671 views • 51 slides
Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in

Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in

Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments Ana Nieto Javier Lopez nieto@lcc.uma.es jlm@lcc.uma.es www.nics.uma.es/nieto www.nics.uma.es/lopez University of Malaga

638 views • 16 slides
FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J.

FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J.

FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J. Abadi, Yale University Presented by Bojun Wang FAIRNESS THROUGHPUT ISOLATION 1 Isolation v.s. Throughput and Fairness Strong isolation

542 views • 20 slides
5. Structured Descriptions & Tradeoff Between Expressiveness and Tractability Outline

5. Structured Descriptions & Tradeoff Between Expressiveness and Tractability Outline

5. Structured Descriptions & Tradeoff Between Expressiveness and Tractability Outline Review Expressiveness & Tractability Tradeoff Modern Description Logics Object Oriented Representations Key Representation

652 views • 51 slides
Tufin: Maximizing Agility and Security Henry Pea Digital Transformation is all about Business

Tufin: Maximizing Agility and Security Henry Pea Digital Transformation is all about Business

Tufin: Maximizing Agility and Security Henry Pea Digital Transformation is all about Business Agility 2 The Tradeoff Balancing Security and Agility 3 The Problem: Manual Processes Speed Cost Risk Compliance 4 The Solution: Security

1.21k views • 46 slides
Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $ whoami Performance and security at Cloudflare Passionate about security and crypto Enjoy low level programming @ignatkn Performance vs

1.45k views • 133 slides
Security Resources, Capabilities and Cultural Values: Links to Security Performance and

Security Resources, Capabilities and Cultural Values: Links to Security Performance and

Security Resources, Capabilities and Cultural Values: Links to Security Performance and Regulatory Compliance WEIS 2012 Juhee Kwon and M. Eric Johnson Tuck School of Business Dartmouth College 1 Healthcare Security Landscape Healthcare

223 views • 18 slides
Bias-Variance Tradeoff Matthieu R. Bloch h in a given set H that minimizes the true risk R ( h ) .

Bias-Variance Tradeoff Matthieu R. Bloch h in a given set H that minimizes the true risk R ( h ) .

1 Regularization plays a similar role by biasing answer away from complex functions. Tiis is particu- ; We formalize the bias-variance tradeoff assuming the following: which takes the form We now develop an alternative method to quantify the

454 views • 3 slides
Analysis of the Parallel Distinguished Point Tradeoff Jin Hong, *Ga Won Lee, Daegun Ma Seoul

Analysis of the Parallel Distinguished Point Tradeoff Jin Hong, *Ga Won Lee, Daegun Ma Seoul

Analysis of the Parallel Distinguished Point Tradeoff Jin Hong, *Ga Won Lee, Daegun Ma Seoul National University 13/12/2011 J. Hong, G.W. Lee, D. Ma (SNU) Analysis of the pD tradeoff 13/12/2011 1 / 24 The Inversion Problem N : key space

952 views • 80 slides
Improving performance for Improving performance for security enabled web security enabled web

Improving performance for Improving performance for security enabled web security enabled web

Improving performance for Improving performance for security enabled web security enabled web services services - Dr. Colm higeartaigh - Dr. Colm higeartaigh Agenda Introduction to Apache CXF WS-Security in CXF 3.0.0

490 views • 44 slides
Fatal Tradeoff? Toward A Better Understanding of the Costs of Not Evacuating from a Hurricane in

Fatal Tradeoff? Toward A Better Understanding of the Costs of Not Evacuating from a Hurricane in

Fatal Tradeoff? Toward A Better Understanding of the Costs of Not Evacuating from a Hurricane in Landfall Counties Jeffrey Czajkowski Austin College: Department of Economics Florida International University: Intnl Hurricane Research Center

665 views • 44 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
1 Incidence of teachers voice problems in UK LSBU survey of teachers voice levels (2004) 36

1 Incidence of teachers voice problems in UK LSBU survey of teachers voice levels (2004) 36

Damaging effects of noise on hearing and voice in childrens Outline learning environments Reykjavik Iceland 12-13 October 2012 Voice Care Network Oral communication ergonomic work in UK Incidence of teachers voice problems in UK

551 views • 5 slides
What is case? Nominative/accusative languages Many languages mark nouns or noun phrases with

What is case? Nominative/accusative languages Many languages mark nouns or noun phrases with

What is case? Nominative/accusative languages Many languages mark nouns or noun phrases with morphology that indicates their grammatical function in the clause (subject, object, etc.). The various forms that nouns (or NPs) take in such

1.57k views • 127 slides
7: Catchup I Machine Learning and Real-world Data Simone Teufel and Ann Copestake Computer

7: Catchup I Machine Learning and Real-world Data Simone Teufel and Ann Copestake Computer

7: Catchup I Machine Learning and Real-world Data Simone Teufel and Ann Copestake Computer Laboratory University of Cambridge Lent 2017 Last session: uncertainty and human annotation In the last session, we used multiple human annotation and

551 views • 26 slides
Accessibility for Viewers with Disabilities An ASL interpreter should be viewable on-screen.

Accessibility for Viewers with Disabilities An ASL interpreter should be viewable on-screen.

Accessibility for Viewers with Disabilities An ASL interpreter should be viewable on-screen. LIVE note taking by 3 note takers. See links in the chatroom FREE unlimited replay available to anyone with a self-identified disability

834 views • 58 slides
Whats Next for Networked Games? Wu-chang Feng W. Feng, "What's Next for Networked

Whats Next for Networked Games? Wu-chang Feng W. Feng, "What's Next for Networked

Whats Next for Networked Games? Wu-chang Feng W. Feng, "What's Next for Networked Games", NetGames 2007 keynote talk, Sept. 19-20, 2007. Networked Games ? A smashing success W. Feng, "What's Next for Networked Games",

622 views • 37 slides
Unified Benchmarking of Big Data Platforms The HOBBIT Platform Axel-Cyrille Ngonga Ngomo Horizon

Unified Benchmarking of Big Data Platforms The HOBBIT Platform Axel-Cyrille Ngonga Ngomo Horizon

Unified Benchmarking of Big Data Platforms The HOBBIT Platform Axel-Cyrille Ngonga Ngomo Horizon 2020 GA No 688227 01/12/201630/11/2018 Apache Big Data Sevilla, Spain November 11, 2016 Ngonga Ngomo (InfAI) Benchmarking Big Data

714 views • 49 slides
Cy Cypher pher-based based Graph ph Pattern ttern Ma Matc tching hing in in Gradoo adoop

Cy Cypher pher-based based Graph ph Pattern ttern Ma Matc tching hing in in Gradoo adoop

GRADES2017: Graph Data-management Experiences & Systems Chicago May 2017 Cy Cypher pher-based based Graph ph Pattern ttern Ma Matc tching hing in in Gradoo adoop Martin Junghanns 1 , Max Kieling 1,2 , Alex Averbuch 2 , Andr

451 views • 29 slides
Extended Property Graphs and Cypher on Gradoop Martin Junghanns University of Leipzig Database

Extended Property Graphs and Cypher on Gradoop Martin Junghanns University of Leipzig Database

1st openCypher Implementers Meeting 8 February 2017 Walldorf, Germany Extended Property Graphs and Cypher on Gradoop Martin Junghanns University of Leipzig Database Research Group Grado Grado doop doop op op Extende ended d Proper

339 views • 20 slides

More recommend