Advertisement

On the Balancing Security Against Performance in Database Systems

  • Damian Rusinek
  • Bogdan Ksiezopolski
  • Adam Wierzbicki
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 522)

Abstract

Balancing security against performance for IT systems is one of the most important issues to be solved. The quality of protection of systems can be achieved on different levels. One can choose factors which have a different impact on the overall system security. Traditionally, security engineers configure IT systems with the strongest possible security mechanisms. Unfortunately, the strongest protection can lead to unreasoned increase of the system load and finally influence system availability. In such a situation the quality of protection models which scale the protection level depending on the specific requirements can be used. In the article, we present the approach which enables balancing security against performance for database systems. The analysis is performed by Automated Quality of Protection Analysis (AQoPA) tool which allow automatic evaluation of system models which are created in the Quality of Protection Modelling Language (QoP-ML).

Keywords

Quality of protection Security economics Modelling and protocol design Cryptographic protocols Security protocol analysis Network security 

References

  1. 1.
    Ksiezopolski, B., Kotulski, Z., Szalachowski, P.: Adaptive approach to network security. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2009. CCIS, vol. 39, pp. 233–241. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  2. 2.
    Ksiezopolski, B., Kotulski, Z., Szalachowski, P.: On QoP method for ensuring availability of the goal of cryptographic protocols in the real-time systems. In: European Teletraffic Seminar, pp. 195–202 (2011)Google Scholar
  3. 3.
    Stubblefield, A., Rubin, A.D., Wallach, D.S.: Managing the performance impact of web security. Electron. Commer. Res. 5, 99–116 (2005)Google Scholar
  4. 4.
    Sklavos, N., Kitsos, P., Papadopoulos, K., Koufopavlou, O.: Design, architecture and performance evaluation of the wireless transport layer security. J. Supercomputing 36(1), 33–50 (2006)Google Scholar
  5. 5.
    Ksiezopolski, B., Kotulski, Z.: On scalable security model for sensor networks protocols. In: 22nd CIB-W78 Conference Information Technology in Construction, Dresden, pp. 463–469 (2005)Google Scholar
  6. 6.
    Szalachowski, P., Ksiezopolski, B., Kotulski, Z.: On authentication method impact upon data sampling delay in wireless sensor networks. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2010. CCIS, vol. 79, pp. 280–289. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  7. 7.
    Jürjens, J.: Security and compliance in clouds. In: IT-Compliance 2011, Berlin, 4th Pan-European Conference (2011)Google Scholar
  8. 8.
    Khan, J.I., Wierzbicki, A.: Foundations of Peer-to-Peer Computing (2008)Google Scholar
  9. 9.
    Wierzbicki, A., Szczepaniak, R., Buszka, M.: Application layer multicast for efficient peer-to-peer applications. In: Proceedings of the Third IEEE Workshop on Internet Applications, WIAPP 2003. IEEE (2003)Google Scholar
  10. 10.
    Wierzbicki, A., Zwierko, A., Kotulski, A.: Authentication with controlled anonymity in P2P systems. In: Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2005. IEEE (2005)Google Scholar
  11. 11.
    Wierzbicki, A.: The case for fairness of trust management. Electron. Notes Theoret. Comput. Sci. 197(2), 73–89 (2008)MathSciNetGoogle Scholar
  12. 12.
    Ksiezopolski, B., Rusinek, D., Wierzbicki, A.: On the modelling of kerberos protocol in the quality of protection modelling language (QoP-ML). Ann. UMCS Inf. AI XII 4, 69–81 (2012)Google Scholar
  13. 13.
    Ksiezopolski, B., Rusinek, D., Wierzbicki, A.: On the efficiency modelling of cryptographic protocols by means of the quality of protection modelling language (QoP-ML). In: Mustofa, K., Neuhold, E.J., Tjoa, A.M., Weippl, E., You, I. (eds.) ICT-EurAsia 2013. LNCS, vol. 7804, pp. 261–270. Springer, Heidelberg (2013) Google Scholar
  14. 14.
    Lambrinoudakis, C., Gritzalis, S., Dridi, F., Pernul, G.: Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy. Comput. Secur. 26, 1873–1883 (2003)Google Scholar
  15. 15.
    Lindskog, S.: Modeling and Tuning Security from a Quality of Service Perspective. Ph.D. dissertation, Department of Computer Science and Engineering, Chalmers University of Technology, Goteborg, Sweden (2005)Google Scholar
  16. 16.
    Ong, C.S., Nahrstedt, K., Yuan, W.: Quality of protection for mobile applications. In: IEEE International Conference on Multimedia & Expo 2003, pp. 137–140 (2003)Google Scholar
  17. 17.
    Schneck, P., Schwan, K.: Authenticast: An Adaptive Protocol for High-Performance, Secure Network Applications. Technical report GIT-CC-97-22 (1997)Google Scholar
  18. 18.
    Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for the dynamic environments. Comput. Secur. 26, 246–255 (2007)Google Scholar
  19. 19.
    Luo, A., Lin, C., Wang, K., Lei, L., Liu, C.: Quality of protection analysis and performance modelling in IP multimedia subsystem. Comput. Commun. 32, 1336–1345 (2009)Google Scholar
  20. 20.
    LeMay, E., Unkenholz, W., Parks, D.: Adversary-driven state-based system security evaluation. In: Workshop on Security Metrics, MetriSec (2010)Google Scholar
  21. 21.
    Petriu, D.C., Woodside, C.M., Petriu, D.B., Xu, J., Israr, T., Georg, G., France, R., Bieman, J.M., Houmb, S.H., Jürjens, J.: Performance analysis of security aspects in UML models. In: Sixth International Workshop on Software and Performance, Buenos Aires, Argentina, ACM (2007)Google Scholar
  22. 22.
    Jürjens, J.: Secure System Development with UML. Springer, Heidelberg (2007)Google Scholar
  23. 23.
    Ksiezopolski, B.: QoP-ML: quality of protection modelling language for cryptographic protocols. Comput. Secur. 31(4), 569–596 (2012)Google Scholar
  24. 24.
    Mazur, K., Ksiezopolski, B., Kotulski, Z.: The robust measurement method for security metrics generation. Comput. J. (2014) (in press)Google Scholar
  25. 25.
    Ksiezopolski, B., Zurek, T., Mokkas, M.: Quality of protection evaluation of security mechanisms. Sci. World J. 2014, Art. ID 725279 (2014)Google Scholar
  26. 26.
    ISO: ISO/IEC 25010: Systems and Software Engineering - Systems and Software Quality Requirements and Evaluation (SQuaRE) - System and Software Quality Models (2011)Google Scholar
  27. 27.
    The web page of the QoP-ML project: http://www.qopml.org
  28. 28.
    Mazur, K., Ksiezopolski, B.: Comparison and assessment of security modeling approaches in terms of the QoP-ML. In: Kotulski, Z., Księżopolski, B., Mazur, K. (eds.) CSS 2014. CCIS, vol. 448, pp. 178–192. Springer, Heidelberg (2014) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Damian Rusinek
    • 1
  • Bogdan Ksiezopolski
    • 1
    • 2
  • Adam Wierzbicki
    • 2
  1. 1.Institute of Computer ScienceMaria Curie-Sklodowska UniversityLublinPoland
  2. 2.Polish-Japanese Academy of Information TechnologyWarsawPoland

Personalised recommendations