{"title":"构建一个可组合模型库来评估安全解决方案的性能","authors":"V. Cortellessa, Catia Trubiani","doi":"10.1145/1383559.1383579","DOIUrl":null,"url":null,"abstract":"Complex distributed dependable systems, such as web-based applications that contain sensitive data and are exposed to many users, have to meet different, and sometimes conflicting, non functional requirements, such as security and performance requirements. A typical example of this trade-off is the performance degradation introduced in a system by the raising of security solutions. Several proposals have been made to estimate the performance of security methodologies, but they are often grounded to existing standards such as IPsec and SSL.\n In this paper we tackle the problem from a model-based viewpoint: we introduce basic performance models for security mechanisms, which can be considered as building bricks to compose in order to model security services. To this goal, we introduce rules that drive the composition. Security service models can then be integrated with functional models of critical applications to estimate the performance of the adopted security solutions. We represent models as Generalized Stochastic Petri Nets (GSPNs).\n This is a first step towards a Security Library containing composable performance models of security mechanisms and services and representing an instrument to support designers in decisions related to the security vs performance trade-off. We show how to use our models on an example of banking system.","PeriodicalId":235512,"journal":{"name":"Workshop on Software and Performance","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Towards a library of composable models to estimate the performance of security solutions\",\"authors\":\"V. Cortellessa, Catia Trubiani\",\"doi\":\"10.1145/1383559.1383579\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Complex distributed dependable systems, such as web-based applications that contain sensitive data and are exposed to many users, have to meet different, and sometimes conflicting, non functional requirements, such as security and performance requirements. A typical example of this trade-off is the performance degradation introduced in a system by the raising of security solutions. Several proposals have been made to estimate the performance of security methodologies, but they are often grounded to existing standards such as IPsec and SSL.\\n In this paper we tackle the problem from a model-based viewpoint: we introduce basic performance models for security mechanisms, which can be considered as building bricks to compose in order to model security services. To this goal, we introduce rules that drive the composition. Security service models can then be integrated with functional models of critical applications to estimate the performance of the adopted security solutions. We represent models as Generalized Stochastic Petri Nets (GSPNs).\\n This is a first step towards a Security Library containing composable performance models of security mechanisms and services and representing an instrument to support designers in decisions related to the security vs performance trade-off. We show how to use our models on an example of banking system.\",\"PeriodicalId\":235512,\"journal\":{\"name\":\"Workshop on Software and Performance\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Workshop on Software and Performance\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1383559.1383579\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Workshop on Software and Performance","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1383559.1383579","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards a library of composable models to estimate the performance of security solutions
Complex distributed dependable systems, such as web-based applications that contain sensitive data and are exposed to many users, have to meet different, and sometimes conflicting, non functional requirements, such as security and performance requirements. A typical example of this trade-off is the performance degradation introduced in a system by the raising of security solutions. Several proposals have been made to estimate the performance of security methodologies, but they are often grounded to existing standards such as IPsec and SSL.
In this paper we tackle the problem from a model-based viewpoint: we introduce basic performance models for security mechanisms, which can be considered as building bricks to compose in order to model security services. To this goal, we introduce rules that drive the composition. Security service models can then be integrated with functional models of critical applications to estimate the performance of the adopted security solutions. We represent models as Generalized Stochastic Petri Nets (GSPNs).
This is a first step towards a Security Library containing composable performance models of security mechanisms and services and representing an instrument to support designers in decisions related to the security vs performance trade-off. We show how to use our models on an example of banking system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
