Abstract
Security analysis and performance evaluation are two fundamental activities in the system design process, which are usually carried out separately. Unfortunately, a purely qualitative analysis of the security requirements is not sufficient in the case of real systems, as they suffer from unavoidable information leaks that need to be quantified. In this paper we propose an integrated and tool-supported methodology encompassing both activities, thus providing insights about how to trade the quality of service delivered by a system with the bandwidth of its covert channels. The methodology is illustrated by assessing the effectiveness and the efficiency of the securing strategy implemented in the NRL Pump, a trusted device proposed to secure the replication of information from a low-security level enclave to a high-security level enclave.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aldini, A., Bernardo, M.: TwoTowers 4.0: Towards the Integration of Security Analysis and Performance Evaluation. In: 1st Int. Conf. on Quantitative Evaluation of Systems (QEST 2004). IEEE CS Press, Los Alamitos (2004) (to appear)
Aldini, A., Bravetti, M., Gorrieri, R.: A Process-algebraic Approach for the Analysis of Probabilistic Noninterference. Journal of Computer Security 12(2) (2004)
Aldini, A., Gorrieri, R.: Security Analysis of a Probabilistic Non-repudiation Protocol. In: Hermanns, H., Segala, R. (eds.) PROBMIV 2002, PAPM-PROBMIV 2002, and PAPM 2002. LNCS, vol. 2399, pp. 17–36. Springer, Heidelberg (2002)
Bernardo, M., Bravetti, M.: Performance Measure Sensitive Congruences for Markovian Process Algebras. Theoretical Computer Science 290, 117–160 (2003)
Bernardo, M., Ciancarini, P., Donatiello, L.: Architecting Families of Software Systems with Process Algebras. ACM Trans. on Software Engineering and Methodology 11, 386–426 (2002)
Bernardo, M., Donatiello, L., Ciancarini, P.: Stochastic Process Algebra: From an Algebraic Formalism to an Architectural Description Language. In: Calzarossa, M.C., Tucci, S. (eds.) Performance 2002. LNCS, vol. 2459, pp. 236–260. Springer, Heidelberg (2002)
Cleaveland, W.R., Li, T., Sims, S.: The Concurrency Workbench of the New Century - Version 1.2 - User’s Manual (2000), www.cs.sunysb.edu/~cwb/
Focardi, R., Gorrieri, R.: A Classification of Security Properties. Journal of Computer Security 3, 5–33 (1995)
Goguen, J.A., Meseguer, J.: Security Policy and Security Models. In: Symposium on Security and Privacy (SSP 1982), pp. 11–20. IEEE CS Press, Los Alamitos (1982)
Kang, M.H., Moore, A.P., Moskowitz, I.S.: Design and Assurance Strategy for the NRL Pump., NRL Memo 5540-97-7991, Naval Research Laboratory, Washington, DC (1997); appeared in IEEE Computer Magazine 31, 56–64 (1998)
Lanotte, R., Maggiolo-Schettini, A., Tini, S., Troina, A., Tronci, E.: Automatic Analysis of the NRL Pump. To appear in ENTCS. Selected Papers from MEFISTO project Formal Methods for Security (2004)
Lavenberg, S.S. (ed.): Computer Performance Modeling Handbook. Academic Press, London (1983)
Meadows, C.: What Makes a Cryptographic Protocol Secure? The Evolution of Requirements Specification in Formal Cryptographic Protocol Analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 10–21. Springer, Heidelberg (2003)
Milner, R.: Communication and Concurrency. Prentice-Hall, Englewood Cliffs (1989)
Moskowitz, I.S., Kang, M.H.: Covert Channels – Here to Stay? In: 9th Conf. on Computer Assurance (Compass 1994), National Institute of Standards and Technology, pp. 235–244 (1994)
Ryan, P.Y.A., McLean, J., Millen, J., Gligor, V.: Non-interference: Who Needs It? In: 14th Computer Security Foundations Workshop (CSFW 2001), pp. 237–238. IEEE CS Press, Los Alamitos (2001)
Stewart, W.J.: Introduction to the Numerical Solution of Markov Chains. Princeton University Press, Princeton (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aldini, A., Bernardo, M. (2004). An Integrated View of Security Analysis and Performance Evaluation: Trading QoS with Covert Channel Bandwidth. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2004. Lecture Notes in Computer Science, vol 3219. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30138-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-30138-7_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23176-9
Online ISBN: 978-3-540-30138-7
eBook Packages: Springer Book Archive