An Architectural Framework for Analyzing Tradeoffs between Software Security and Performance

  • Vittorio Cortellessa
  • Catia Trubiani
  • Leonardo Mostarda
  • Naranker Dulay
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6150)


The increasing complexity of software systems entails large effort to jointly analyze their non-functional attributes in order to identify potential tradeoffs among them (e.g. increased availability can lead to performance degradation). In this paper we propose a framework for the architectural analysis of software performance degradation induced by security solutions. We introduce a library of UML models representing security mechanisms that can be composed with performance annotated UML application models for architecting security and performance critical systems. Composability of models allows to introduce different security solutions on the same software architecture, thus supporting software architects to find appropriate security solutions while meeting performance requirements. We report experimental results that validate our approach by comparing a model-based evaluation of a software architecture for management of cultural assets with values observed on the real implementation of the system.


performance security UML GSPN tradeoff analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    UML 2.0 Superstructure Specification, OMG document formal/05-07-04, Object Management Group (2005),
  2. 2.
    UML Profile for MARTE beta 2, OMG document ptc/08-06-09 (2008),
  3. 3.
    Balsamo, S., Di Marco, A., Inverardi, P., Simeoni, M.: Model-based performance prediction in software development: A survey. IEEE TSE 30(5), 295–310Google Scholar
  4. 4.
    Blaze, M., Ioannidis, J., Keromytis, A.D.: Trust management for ipsec. ACM Transactions on Information and System Security 5(2), 95–118 (2002)CrossRefGoogle Scholar
  5. 5.
    Cortellessa, V., Trubiani, C.: Towards a library of composable models to estimate the performance of security solutions. In: WOSP, pp. 145–156 (2008)Google Scholar
  6. 6.
    Cortellessa, V., Trubiani, C., Mostarda, L., Dulay, N.: An Architectural Framework for Analyzing Tradeoffs between Software Security and Performance - Extended results. Technical Report 001-2010, Dipartimento di Informatica - Università dell’Aquila (2010),
  7. 7.
    European Commision 6th Framework Program. Cultural Heritage Space Identification System (CUSPIS),
  8. 8.
    France, R.B., Ray, I., Georg, G., Ghosh, S.: Aspect-oriented approach to early design modelling. IEE Proceedings - Software 151(4), 173–186 (2004)CrossRefGoogle Scholar
  9. 9.
    Gupta, V., Gupta, S., Shantz, S.C., Stebila, D.: Performance analysis of elliptic curve cryptography for SSL, pp. 87–94 (2002)Google Scholar
  10. 10.
    Harbiterr, A., Menasce, D.A.: A methodology for analyzing the performance of authentication protocols. ACM TISSEC (2002)Google Scholar
  11. 11.
    Hirel, C., Sahner, R., Zang, X., Trivedi, K.: Reliability and performability modeling using sharpe 2000. In: Haverkort, B.R., Bohnenkamp, H.C., Smith, C.U. (eds.) TOOLS 2000. LNCS, vol. 1786, pp. 345–349. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Juric, M.B., Rozman, I., Brumen, B., Colnaric, M., Hericko, M.: Comparison of performance of web services, ws-security, rmi, and rmi-ssl. Journal of Systems and Software 79(5), 689–700 (2006)CrossRefGoogle Scholar
  13. 13.
    Jurjens, J.: Secure Systems Development with UML (2004)Google Scholar
  14. 14.
    Kant, K., Iyer, R.K., Mohapatra, P.: Architectural impact of Secure Socket Layer on internet servers, pp. 7–14 (2000)Google Scholar
  15. 15.
    Marsan, M.A., Balbo, G., Conte, G., Donatelli, S., Franceschinis, G.: Modelling with Generalized Stochastic Petri Nets, 4th edn. (November 1994)Google Scholar
  16. 16.
    Menascé, D.A.: Security performance. IEEE Internet Computing 7(3), 84–87 (2003)CrossRefGoogle Scholar
  17. 17.
    Mostarda, L., Dong, C., Dulay, N.: Place and Time Authentication of Cultural Assets. In: 2nd Joint ITRUST and PST Conferences on Privacy, Trust and Security, IFIPTM 2008 (2008)Google Scholar
  18. 18.
    Stallings, W.: Cryptography and network security: Principles and Practice, 4th edn. Prentice-Hall, Englewood Cliffs (2006)Google Scholar
  19. 19.
    Tai, A.T., Meyer, J.F., Avizienis, A.: Software Performability: From Concepts to Applications. Kluwer Academic Publishers, Boston (1996)MATHGoogle Scholar
  20. 20.
    Tawhid, R., Petriu, D.C.: Towards automatic derivation of a product performance model from a UML software product line model. In: WOSP, pp. 91–102 (2008)Google Scholar
  21. 21.
    Trivedi, K.: Sharpe interface, user’s manual, version 1.01. Technical report (1999),
  22. 22.
    Woodside, C.M., Petriu, D.C., Petriu, D.B., Xu, J., Israr, T.A., Georg, G., France, R.B., Bieman, J.M., Houmb, S.H., Jürjens, J.: Performance analysis of security aspects by weaving scenarios extracted from UML models. Journal of Systems and Software 82(1), 56–74 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Vittorio Cortellessa
    • 1
  • Catia Trubiani
    • 1
  • Leonardo Mostarda
    • 2
  • Naranker Dulay
    • 2
  1. 1.Università degli Studi dell’AquilaL’AquilaItaly
  2. 2.Imperial College LondonLondonUnited Kingdom

Personalised recommendations