tradeoff between performance and security
play

Tradeoff between Performance and Security Alessandro Aldini - PowerPoint PPT Presentation

Sep 02, 2022 •223 likes •865 views

Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo Italy Foundations of Security Analysis and Design (FOSAD) 3 September 2011, Bertinoro Outline Introduction 1 Motivation Different Views of

  1. Tradeoff between Performance and Security Alessandro Aldini University of Urbino “Carlo Bo” – Italy Foundations of Security Analysis and Design (FOSAD) 3 September 2011, Bertinoro

  2. Outline Introduction 1 Motivation Different Views of the Tradeoff Requirements Methodology 2 Nointerference Theory A Process-algebraic Approach to Model Design The Methodology at Work

  3. Where is the focus... Modern software systems: security (dependability) and performance requirements Trading security and performance: what does it mean? Different perspectives: Performability-like principle: do the costs of security cause a tolerable degradation of performance? Noninterference-like principle: do the performance optimizations cause security leaks? Trading the two aspects: is it possible to balance the costs of the security mechanisms with the performance profile of the system?

  4. Where is the focus... Modern software systems: security (dependability) and performance requirements Trading security and performance: what does it mean? Different perspectives: Performability-like principle: do the costs of security cause a tolerable degradation of performance? Noninterference-like principle: do the performance optimizations cause security leaks? Trading the two aspects: is it possible to balance the costs of the security mechanisms with the performance profile of the system?

  5. Where is the focus... Modern software systems: security (dependability) and performance requirements Trading security and performance: what does it mean? Different perspectives: Performability-like principle: do the costs of security cause a tolerable degradation of performance? Noninterference-like principle: do the performance optimizations cause security leaks? Trading the two aspects: is it possible to balance the costs of the security mechanisms with the performance profile of the system?

  6. Performability-like principle Determine security metrics, estimate security costs, and evaluate the relation with performance measures security metrics Some analogy with dependability metrics: time between security incidents, time to security incident detection/recovery, time between detection and recovery, reward of leaked information (empirical data are important) references Littlewood 1993, 2004 Trivedi 2004 Verendel 2009

  7. Performability-like principle Determine security metrics, estimate security costs, and evaluate the relation with performance measures security costs Example: encryption encryption time (symmetric vs. asymmetric), key length, key generation impact on throughput and response time empirical analysis of both costs and impact references Lamprecht 2006

  8. Performability-like principle Determine security metrics, estimate security costs, and evaluate the relation with performance measures security costs Example: cryptographic protocols key distribution mechanisms, additional message exchange impact on throughput, response time, scalability, utilization many (semi) formal models, no formulation of the impact references Zhao 2009 (Kerberos)

  9. Performability-like principle Determine security metrics, estimate security costs, and evaluate the relation with performance measures security costs Example: access control authentication mechanisms, intrusion detection systems impact on response time, utilization, availability many (semi) formal models, no analysis of tradeoff references Madan 2004 (IDS) Wang 2010 (email system)

  10. Performability-like principle Determine security metrics, estimate security costs, and evaluate the relation with performance measures security costs Example: lightweight security trust/security infrastructures in WLANs and MANETs impact on response time, utilization many (semi) formal models, difficult analysis of tradeoff references Cho 2008 (MANETs)

  11. Noninterference-like principle Employ quantitative information to estimate security leaks Quantitative Model Quantitative requirements (MCs, MDPs, PAs, SPAs, . . . ) (logics, sim./equiv., . . . ) ❅ � ❘ ❅ ✠ � Model Checking / Equivalence Checking Shannon’s Information Theory ❄ Prob. for good/bad behaviors Expected costs (reward-based) Tradeoff Examples PIN cracking schemes, contract signing, fair exchange, network virus infection, anonymity, DoS, non-repudiation, crypto-protocols, . . .

  12. Noninterference-like principle Employ quantitative information to estimate security leaks Pros and Cons quantitative information typically considered: (conditional) probability distributions of events, discrete time security metric typically considered: amount of information leakage tradeoff: sometimes it is clear the cost to pay for a reduction of the information leakage references Baier et al. Di Pierro et al. Malacaria Segala et al.

  13. General Requirements What we need Need for performance/security models that can be mutually validated Need for specification of performance/security measures Need for trading guidelines/mechanisms

  14. General Requirements What we need Need for performance/security models that can be mutually validated Need for specification of performance/security measures Need for trading guidelines/mechanisms

  15. General Requirements What we need Need for performance/security models that can be mutually validated Need for specification of performance/security measures Need for trading guidelines/mechanisms

  16. A General Methodology Problem Analyzing both quantitative aspects (e.g. performance) and dependability aspects (such as security, reliability, safety, and availability) in a component-oriented fashion. Goal Guiding the system design towards a balanced trade-off among all these aspects. Solution Integrated view Equivalence-based integrated analysis

  17. A General Methodology Problem Analyzing both quantitative aspects (e.g. performance) and dependability aspects (such as security, reliability, safety, and availability) in a component-oriented fashion. Goal Guiding the system design towards a balanced trade-off among all these aspects. Solution Integrated view Equivalence-based integrated analysis

  18. A General Methodology Problem Analyzing both quantitative aspects (e.g. performance) and dependability aspects (such as security, reliability, safety, and availability) in a component-oriented fashion. Goal Guiding the system design towards a balanced trade-off among all these aspects. Solution Integrated view Equivalence-based integrated analysis

  19. A General Methodology Problem Analyzing both quantitative aspects (e.g. performance) and dependability aspects (such as security, reliability, safety, and availability) in a component-oriented fashion. Goal Guiding the system design towards a balanced trade-off among all these aspects. Solution Integrated view Equivalence-based integrated analysis

  20. A General Methodology Problem Analyzing both quantitative aspects (e.g. performance) and dependability aspects (such as security, reliability, safety, and availability) in a component-oriented fashion. Goal Guiding the system design towards a balanced trade-off among all these aspects. Solution Integrated view Equivalence-based integrated analysis

  21. A General Methodology Scenario A single component may cope with a sole specific aspect in a one-to-one fashion, or else crosscutting aspects may be handled by several components. In any case, the components may interfere each other when pursuing the goal of satisfying the requirements of different aspects. Examples Mechanisms for controlling power-consumption / resource access / resource usage may interfere with security aspects. Viceversa, mechanisms dedicated to security aspects may interfere with QoS parameters.

  22. A General Methodology Scenario A single component may cope with a sole specific aspect in a one-to-one fashion, or else crosscutting aspects may be handled by several components. In any case, the components may interfere each other when pursuing the goal of satisfying the requirements of different aspects. Examples Mechanisms for controlling power-consumption / resource access / resource usage may interfere with security aspects. Viceversa, mechanisms dedicated to security aspects may interfere with QoS parameters.

  23. A General Methodology Scenario A single component may cope with a sole specific aspect in a one-to-one fashion, or else crosscutting aspects may be handled by several components. In any case, the components may interfere each other when pursuing the goal of satisfying the requirements of different aspects. Examples Mechanisms for controlling power-consumption / resource access / resource usage may interfere with security aspects. Viceversa, mechanisms dedicated to security aspects may interfere with QoS parameters.

  24. A General Methodology Goal Evaluating the capability of a component of interfering with the behaviors (of other components) aiming at satisfying the requirements of specific aspects. The ultimate goal is to reach a balanced trade-off among all the functional and nonfunctional aspects. Approach Performing a noninterference check in order to assess the impact of every component on the security requirements. Applying quantitative analysis techniques in order to estimate the revealed interference and the impact of the mitigating strategies on the performability aspects.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Performance and Security Tradeoff Katinka Wolter Bertinoro, June 26, 2010 Table of Contents

Performance and Security Tradeoff Katinka Wolter Bertinoro, June 26, 2010 Table of Contents

Performance and Security Tradeoff Katinka Wolter Bertinoro, June 26, 2010 Table of Contents Introduction Performance Cost of Encryption Performance Evaluation of a Key Distribution Centre Modelling and Quantifying Intrusion Tolerant Systems

1.27k views • 95 slides
Performance Tradeoff Considerations in a Graphics Processing Unit

Performance Tradeoff Considerations in a Graphics Processing Unit

Performance Tradeoff Considerations in a Graphics Processing Unit (GPU) Implementation of a Low Detectable Aircraft Sensor System Christopher SCANNELL, Kevin COX,

335 views • 7 slides
On the Resource/Performance Tradeoff in Large Scale Queueing Systems David Gamarnik MIT Joint

On the Resource/Performance Tradeoff in Large Scale Queueing Systems David Gamarnik MIT Joint

High Level Comments Join the Shortest Queue Policy Dispatching with Limited Memory and Information Exchange On the Resource/Performance Tradeoff in Large Scale Queueing Systems David Gamarnik MIT Joint work with Patrick Eschenfeldt, John

749 views • 48 slides
Prize-Collecting Data Fusion for Cost-Performance Tradeoff in Distributed Inference Anima

Prize-Collecting Data Fusion for Cost-Performance Tradeoff in Distributed Inference Anima

Prize-Collecting Data Fusion for Cost-Performance Tradeoff in Distributed Inference Anima Anandkumar 1 Meng Wang 1 Lang Tong 1 Ananthram Swami 2 1 School of ECE, Cornell University, Ithaca, NY. 2 Army Research Laboratory, Adelphi MD. INFOCOM 2009

671 views • 51 slides
Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in

Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in

Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments Ana Nieto Javier Lopez nieto@lcc.uma.es jlm@lcc.uma.es www.nics.uma.es/nieto www.nics.uma.es/lopez University of Malaga

638 views • 16 slides
FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J.

FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J.

FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J. Abadi, Yale University Presented by Bojun Wang FAIRNESS THROUGHPUT ISOLATION 1 Isolation v.s. Throughput and Fairness Strong isolation

542 views • 20 slides
5. Structured Descriptions & Tradeoff Between Expressiveness and Tractability Outline

5. Structured Descriptions & Tradeoff Between Expressiveness and Tractability Outline

5. Structured Descriptions & Tradeoff Between Expressiveness and Tractability Outline Review Expressiveness & Tractability Tradeoff Modern Description Logics Object Oriented Representations Key Representation

652 views • 51 slides
Tufin: Maximizing Agility and Security Henry Pea Digital Transformation is all about Business

Tufin: Maximizing Agility and Security Henry Pea Digital Transformation is all about Business

Tufin: Maximizing Agility and Security Henry Pea Digital Transformation is all about Business Agility 2 The Tradeoff Balancing Security and Agility 3 The Problem: Manual Processes Speed Cost Risk Compliance 4 The Solution: Security

1.21k views • 46 slides
Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $ whoami Performance and security at Cloudflare Passionate about security and crypto Enjoy low level programming @ignatkn Performance vs

1.45k views • 133 slides
Security Resources, Capabilities and Cultural Values: Links to Security Performance and

Security Resources, Capabilities and Cultural Values: Links to Security Performance and

Security Resources, Capabilities and Cultural Values: Links to Security Performance and Regulatory Compliance WEIS 2012 Juhee Kwon and M. Eric Johnson Tuck School of Business Dartmouth College 1 Healthcare Security Landscape Healthcare

223 views • 18 slides
Bias-Variance Tradeoff Matthieu R. Bloch h in a given set H that minimizes the true risk R ( h ) .

Bias-Variance Tradeoff Matthieu R. Bloch h in a given set H that minimizes the true risk R ( h ) .

1 Regularization plays a similar role by biasing answer away from complex functions. Tiis is particu- ; We formalize the bias-variance tradeoff assuming the following: which takes the form We now develop an alternative method to quantify the

454 views • 3 slides
Analysis of the Parallel Distinguished Point Tradeoff Jin Hong, *Ga Won Lee, Daegun Ma Seoul

Analysis of the Parallel Distinguished Point Tradeoff Jin Hong, *Ga Won Lee, Daegun Ma Seoul

Analysis of the Parallel Distinguished Point Tradeoff Jin Hong, *Ga Won Lee, Daegun Ma Seoul National University 13/12/2011 J. Hong, G.W. Lee, D. Ma (SNU) Analysis of the pD tradeoff 13/12/2011 1 / 24 The Inversion Problem N : key space

952 views • 80 slides
Improving performance for Improving performance for security enabled web security enabled web

Improving performance for Improving performance for security enabled web security enabled web

Improving performance for Improving performance for security enabled web security enabled web services services - Dr. Colm higeartaigh - Dr. Colm higeartaigh Agenda Introduction to Apache CXF WS-Security in CXF 3.0.0

490 views • 44 slides
Fatal Tradeoff? Toward A Better Understanding of the Costs of Not Evacuating from a Hurricane in

Fatal Tradeoff? Toward A Better Understanding of the Costs of Not Evacuating from a Hurricane in

Fatal Tradeoff? Toward A Better Understanding of the Costs of Not Evacuating from a Hurricane in Landfall Counties Jeffrey Czajkowski Austin College: Department of Economics Florida International University: Intnl Hurricane Research Center

665 views • 44 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
The Impact of the Tax Legislation on my Agency The Impact of Federal Tax Reform on Big I

The Impact of the Tax Legislation on my Agency The Impact of Federal Tax Reform on Big I

The Impact of the Tax Legislation on my Agency The Impact of Federal Tax Reform on Big I Members October 2018 Disclaimer This presentation includes only general information and should not be relied upon as legal or compliance advice.

552 views • 20 slides
Solenoid Magnet System Outline Introduction Scope Key Design issues Conclusions

Solenoid Magnet System Outline Introduction Scope Key Design issues Conclusions

Solenoid Magnet System Outline Introduction Scope Key Design issues Conclusions Michael Lamm RESMM12 For the Mu2e Solenoids February 13, 2011 L2 Solenoid Production Solenoid (PS) Transport Solenoid (TS)

947 views • 20 slides
Monetary Policy and Macroprudential Policy: Different and Separate Lars E.O. Svensson Stockholm

Monetary Policy and Macroprudential Policy: Different and Separate Lars E.O. Svensson Stockholm

Monetary Policy and Macroprudential Policy: Different and Separate Lars E.O. Svensson Stockholm School of Economics and IMF Web: larseosvensson.se FRB of Bostons 59 th Econonomic Conference Federal Reserve Bank of Boston October 2-3, 2015

514 views • 13 slides
The Agility Continuum Where is your project (or product or team) on the agility scale? Thene

The Agility Continuum Where is your project (or product or team) on the agility scale? Thene

The Agility Continuum Where is your project (or product or team) on the agility scale? Thene Sheehy October, 2017 PMP, ACP, CSP, ScrumStudy SMC & Trainer Who am I? Thene Sheehy Program Manager/Specialist, Center for Enablement PetSmart,

1.43k views • 26 slides
Amdahls Law Example #2 Protein String Matching Code 4 days execution time on current

Amdahls Law Example #2 Protein String Matching Code 4 days execution time on current

Amdahls Law Example #2 Protein String Matching Code 4 days execution time on current machine 20% of time doing integer instructions 35% percent of time doing I/O Which is the better tradeoff? Compiler optimization that

389 views • 23 slides
OVER VERVIEW VIEW OF THE OF THE OPERA OPERATING REA TING REACT CTORS ORS BUSINESS LINE

OVER VERVIEW VIEW OF THE OF THE OPERA OPERATING REA TING REACT CTORS ORS BUSINESS LINE

OVER VERVIEW VIEW OF THE OF THE OPERA OPERATING REA TING REACT CTORS ORS BUSINESS LINE USINESS LINE August 6, 2015 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs Program Program Overvi Overview ew

643 views • 62 slides
Ken Birman i Cornell University. CS5410 Fall 2008. Failure detection vs Masking Failure

Ken Birman i Cornell University. CS5410 Fall 2008. Failure detection vs Masking Failure

Ken Birman i Cornell University. CS5410 Fall 2008. Failure detection vs Masking Failure detection: in some sense, weakest Assumes that failures are rare and localized Develops a mechanism to detect faults with low rates of

608 views • 48 slides
Part II: Bidding, Dynamics and Competition Jon Feldman S. Muthukrishnan Campaign Optimization

Part II: Bidding, Dynamics and Competition Jon Feldman S. Muthukrishnan Campaign Optimization

Part II: Bidding, Dynamics and Competition Jon Feldman S. Muthukrishnan Campaign Optimization Budget Optimization (BO): Simple Input: Set of keywords and a budget. For each keyword, (clicks, cost) pair. Same auction all day,

481 views • 33 slides

More recommend