On the Efficiency Modelling of Cryptographic Protocols by Means of the Quality of Protection Modelling Language (QoP-ML)

  • Bogdan Ksiezopolski
  • Damian Rusinek
  • Adam Wierzbicki
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7804)


The problem of efficiency in the IT systems is now widely discussed. One of the factors affecting the performance of IT systems is implementation and maintaining a high level of security. In many cases the guaranteed security level is too high in relation to the real threats. The implementation and maintenance of this protection level is expensive in terms of both productivity and financial costs.

The paper presents the analysis of TLS Handshake protocol in terms of quality of protection performed by the Quality of Protection Modelling Language (QoP-ML). The analysis concerns efficiency.


Security Attribute Cryptographic Protocol Transport Layer Security Adaptable Security Security Metrics 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Jaquith, A.: Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison Wesley (2007)Google Scholar
  2. 2.
    Jürjens, J.: Secure System Development with UML. Springer (2007)Google Scholar
  3. 3.
    Jürjens, J.: Tools for Secure Systems Development with UML. International Journal on Software Tools for Technology Transfer 9, 527–544 (2007)CrossRefGoogle Scholar
  4. 4.
    Ksiezopolski, B.: QoP-ML: Quality of Protection modelling language for cryptographic protocols. Computers & Security 31(4), 569–596 (2012)CrossRefGoogle Scholar
  5. 5.
    Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for the dynamic environments. Computers & Security 26, 246–255 (2007)CrossRefGoogle Scholar
  6. 6.
    Ksiezopolski, B., Kotulski, Z., Szalachowski, P.: Adaptive approach to network security. Communications in Computer and Information Science 158, 233–241 (2009)CrossRefGoogle Scholar
  7. 7.
    Lambrinoudakis, C., Gritzalis, S., Dridi, F., Pernul, G.: Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy 2003. Computers & Security 26, 1873–1883 (2003)Google Scholar
  8. 8.
    LeMay, E., Unkenholz, W., Parks, D.: Adversary-Driven State-Based System Security Evaluation. In: Workshop on Security Metrics - MetriSec (2010)Google Scholar
  9. 9.
    Lindskog, S.: Modeling and Tuning Security from a Quality of Service Perspective. PhD dissertation, Department of Computer Science and Engineering, Chalmers University of Technology, Goteborg, Sweden (2005)Google Scholar
  10. 10.
    Luo, A., Lin, C., Wang, K., Lei, L., Liu, C.: Quality of protection analysis and performance modeling in IP multimedia subsystem. Computers Communications 32, 1336–1345 (2009)CrossRefGoogle Scholar
  11. 11.
    Openssl Project:
  12. 12.
    Petriu, D.C., Woodside, C.M., Petriu, D.B., Xu, J., Israr, T., Georg, G., France, R., Bieman, J.M., Houmb, S.H., Jürjens, J.: Performance Analysis of Security Aspects in UML Models. In: Sixth International Workshop on Software and Performance. ACM, Buenos Aires (2007)Google Scholar
  13. 13.
    Sun, Y., Kumar, A.: Quality od Protection(QoP): A quantitative methodology to grade security services. In: 28th Confrence on Distributed Computing Systems Workshop, pp. 394–399 (2008)Google Scholar
  14. 14.
    Szalachowski, P., Ksiezopolski, B., Kotulski, Z.: CMAC, CCM and GCM/GMAC: advanced modes of operation of symmetric block ciphers in the Wireless Sensor Networks. Information Processing Letters 110, 247–251 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Theoharidou, M., Kotzanikolaou, P., Gritzalis, S.: A multi-layer Criticality Assessment methodology based on interdependencies. Computers & Security 29, 643–658 (2010)CrossRefGoogle Scholar
  16. 16.
    RFC 5246: The Transport Layer Security (TLS) Protocol v.1.2 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Bogdan Ksiezopolski
    • 1
    • 2
  • Damian Rusinek
    • 2
  • Adam Wierzbicki
    • 1
  1. 1.Polish-Japanese Institute of Information TechnologyWarsawPoland
  2. 2.Institute of Computer ScienceMaria Curie-Sklodowska UniversityLublinPoland

Personalised recommendations