Modeling and tuning security from a quality of service perspective

Security has traditionally been thought of as a system or network attribute that was the result of the joint endeavors of the designer, maintainer and user, among others. Even though security can never reach a level of 100%, the aim has been to provide as much security as possible, given the boundary conditions in question. With the advent of, e.g., many low-power computing and communication devices it has become desirable to trade security against other system parameters, such as performance and power consumption. Thus, in many situations, tunable or selectable security, rather than maximal security, is desirable. The overall focus of this thesis is therefore how security with tunable level could be achieved and traded against other parameters. To this end, basic security primitives, such as the intrusion process, flaws, and impairments, are studied. This contributes to a deeper understanding of fundamental problems and paves the way for security modeling. This part of the work provides a great deal of experimental data that are also used for modeling purposes. Attempts to model and systemize security are made based on the knowledge thus achieved. The relation between security and dependability is touched upon, and the physical separation to achieve certain desirable security properties is pointed out. However, most of the modeling research is devoted to suggesting methods for achieving different security levels, i.e., tuning security, in particular for networked applications. Here, the widespread Quality of Service (QoS) concept turns out to be a proper means to embed this novel concept, and a taxonomy for tunable data protection services is suggested. Two data protection services are developed in order to test and verify the concept of tunable security. The evaluations are limited to networked applications and confidentiality through selective encryption schemes. The tests show good agreement between experimental and theoretical results. It is clear that the future applications will require security that can be set to a desired level in order to optimize total system performance. This thesis shows that this is possible and gives some ideas as to how selectable security can be generally attainable.

[1]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[2]  I. Bey,et al.  Delta-4: A Generic Architecture for Dependable Distributed Computing , 1991, Research Reports ESPRIT.

[3]  Tomas Olovsson,et al.  On the Integration of Security and Dependability in Computer Systems , 1992 .

[4]  Erland Jonsson,et al.  An Analysis of the Security of Windows NT , 1998 .

[5]  W. Tolman,et al.  Social Engineering , 2014, Encyclopedia of Social Network Analysis and Mining.

[6]  Erland Jonsson,et al.  On the functional relation between security and dependability impairments , 1999, NSPW '99.

[7]  Ulf Lindqvist,et al.  Observations on the nature of computer security intrusions , 1996 .

[8]  Shivkumar Kalyanaraman,et al.  BANANAS: an evolutionary framework for explicit and multipath routing in the internet , 2003, FDNA '03.

[9]  Dan M. Nessett Factors Affecting Distributed System Security , 1987, IEEE Transactions on Software Engineering.

[10]  Zheng Wang,et al.  Internet QoS: Architectures and Mechanisms for Quality of Service , 2001 .

[11]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[12]  Eugene H. Spafford,et al.  A computer virus primer , 1991 .

[13]  Erland Jonsson,et al.  A Comparison of the Security of Windows NT and UNIX , 1998 .

[14]  Stefan Axelsson Research in Intrusion-Detection Systems: A Survey , 1998 .

[15]  Uwe Horn,et al.  Video Encryption Based on Data Partitioning and Scalable Coding - A Comparison , 1998, IDMS.

[16]  Henric Johnson Lightweight Authentication in Wireless Networks , 2004 .

[17]  Ira S. Winkler The Non-Technical Threat to Computing Systems , 1996, Comput. Syst..

[18]  Marc Van Droogenbroeck,et al.  Techniques for a selective encryption of uncompressed and compressed images , 2002 .

[19]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[20]  Brian Randell,et al.  A Distributed Secure System , 1983, 1983 IEEE Symposium on Security and Privacy.

[21]  Debanjan Saha,et al.  Transport layer security: how much does it really cost? , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[22]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[23]  Eugene H. Spafford,et al.  Tripwire: a case study in integrity monitoring , 1997 .

[24]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[25]  Erland Jonsson,et al.  Security Evolution of a Network Operating System , 1999 .

[26]  R. Ramaswami,et al.  Book Review: Design and Analysis of Fault-Tolerant Digital Systems , 1990 .

[27]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[28]  Tomas Olovsson,et al.  An analysis of a secure system based on trusted components , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[29]  Eugene H. Spafford,et al.  Crisis and aftermath , 1989, Commun. ACM.

[30]  A. Avizienis,et al.  Fault-tolerance: The survival attribute of digital systems , 1978, Proceedings of the IEEE.

[31]  Bharat K. Bhargava,et al.  An efficient MPEG video encryption algorithm , 1998, Proceedings Seventeenth IEEE Symposium on Reliable Distributed Systems (Cat. No.98CB36281).

[32]  Erland Jonsson,et al.  A Preliminary Evaluation of the Security of a Non-Distributed Version of Windows NT , 1997 .

[33]  Cynthia E. Irvine,et al.  Toward a taxonomy and costing method for security services , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[34]  Edward N. Adams,et al.  Optimizing Preventive Service of Software Products , 1984, IBM J. Res. Dev..

[35]  Erland Jonsson,et al.  An integrated framework for security and dependability , 1998, NSPW '98.

[36]  Erland Jonsson,et al.  Risks and Dangers of Security Extensions , 2001 .

[37]  Catherine A. Meadows,et al.  Applying the dependability paradigm to computer security , 1995, Proceedings of 1995 New Security Paradigms Workshop.

[38]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[39]  Juan Carlos De Martin,et al.  Perception-based selective encryption of G.729 speech , 2002, 2002 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[40]  Peter J. Denning,et al.  The internet worm , 1991 .

[41]  Simson L. Garfinkel,et al.  Practical UNIX and Internet Security , 1996 .

[42]  T. Austin,et al.  Architectural support for fast symmetric-key cryptography , 2000, ASPLOS IX.

[43]  Xipeng Xiao,et al.  Internet QoS: a big picture , 1999, IEEE Netw..

[44]  Lei Tang,et al.  Methods for encrypting and decrypting MPEG video data efficiently , 1997, MULTIMEDIA '96.

[45]  Erland Jonsson,et al.  Dynamic Data Protection Services for Network Transfers: Concepts and Taxonomy , 2004 .

[46]  L. Finkelstein What is Not Measurable, Make Measurable , 1982 .

[47]  John McLean,et al.  Security and dependability: then and now , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[48]  Yongcheng Li,et al.  Security enhanced MPEG player , 1996, Proceedings International Workshop on Multimedia Software Development.

[49]  Eugene H. Spafford,et al.  Software vulnerability analysis , 1998 .

[50]  Tomas Olovsson,et al.  Towards operational measures of computer security: Experimentation and modelling , 1995 .

[51]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[52]  Bruce Schneier,et al.  Performance Comparison of the AES Submissions , 1999 .

[53]  Udo W. Pooch,et al.  A Unix network protocol security study: network information service , 1992, CCRV.

[54]  A. Kohn [Computer viruses]. , 1989, Harefuah.

[55]  Cynthia E. Irvine,et al.  Quality of security service , 2001, NSPW '00.

[56]  Anantha Chandrakasan,et al.  Low power scalable encryption for wireless systems , 1998, Wirel. Networks.

[57]  Myung J. Lee,et al.  LS-SCTP: a bandwidth aggregation technique for stream control transmission protocol , 2004, Comput. Commun..

[58]  Dixie B. Baker,et al.  Fortresses built upon sand , 1996, NSPW '96.

[59]  T. Olovsson,et al.  On measurement of operational security , 1994, IEEE Aerospace and Electronic Systems Magazine.

[60]  Tracy Bradley Maples,et al.  Performance Study of a Selective Encryption Scheme for the Security of Networked, Real-Time Video , 1995, Proceedings of Fourth International Conference on Computer Communications and Networks - IC3N'95.

[61]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[62]  Scott Shenker,et al.  Integrated Services in the Internet Architecture : an Overview Status of this Memo , 1994 .

[63]  Angelos D. Keromytis,et al.  A Study of the Relative Costs of Network Security Protocols , 2002, USENIX Annual Technical Conference, FREENIX Track.

[64]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[65]  Deborah A. Frincke,et al.  Integrating Security into the Curriculum , 1998, Computer.

[66]  Elizabeth D. Zwicky,et al.  Building internet firewalls , 1995 .

[67]  Eugene H. Spafford,et al.  Are computer hacker break-ins ethical? , 1992, J. Syst. Softw..

[68]  Carol L. Lane,et al.  Glossary of Computer Security Terms. Version 1 , 1988 .

[69]  Dimitris Gritzalis,et al.  Information Systems Security, Facing the information society of the 21st Century , 1996, SEC.

[70]  Jürgen Dodt,et al.  De , 2003, KN - Journal of Cartography and Geographic Information.

[71]  Sushil Jajodia,et al.  Computer Security, Fault Tolerance, And Software Assurance , 1999, IEEE Concurrency.

[72]  Dan Farmer,et al.  Improving the Security of Your Site by Breaking Into it , 2000 .

[73]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[74]  Tomas Olovsson,et al.  An empirical model of the security intrusion process , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[75]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[76]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[77]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[78]  C. Searle A common language , 1983 .

[79]  Thomas Anderson,et al.  Fault Tolerance Terminology Proposals , 1985 .

[80]  Yi-Bing Lin,et al.  Wireless and Mobile Network Architectures , 2000 .

[81]  Peter D. Goldis Questions and Answers about Tiger Teams , 1989 .

[82]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[83]  Erland Jonsson,et al.  Adding Security to QoS Architectures , 2004 .

[84]  Matt Bishop,et al.  A Critical Analysis of Vulnerability Taxonomies , 1996 .

[85]  Steve R. White,et al.  Open Problems in Computer Virus Research , 1998 .

[86]  Tomas Olovsson,et al.  On the modelling of preventive security based on a PC network intrusion experiment , 1996, ACISP.

[87]  Richard H. Baker,et al.  The computer security handbook , 1985 .

[88]  Iskender Agi,et al.  An empirical study of secure MPEG video transmissions , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[89]  I. S. Herschberg Make the tigers hunt for you , 1988, Comput. Secur..

[90]  Shari Lawrence Pfleeger,et al.  Software Metrics : A Rigorous and Practical Approach , 1998 .

[91]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[92]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[93]  Andreas Uhl,et al.  SELECTIVE BITPLANE ENCRYPTION FOR SECURE TRANSMISSION OF IMAGE DATA IN MOBILE ENVIRONMENTS , 2002 .

[94]  Kai Rannenberg,et al.  Pseudonymous audit for privacy enhanced intrusion detection , 1997, SEC.

[95]  Erland Jonsson,et al.  A Content-Independent Scalable Encryption Model , 2004, ICCSA.

[96]  Erland Jonsson,et al.  A taxonomy and overview of information security experiments , 1997, SEC.

[97]  Richard Baskerville,et al.  A taxonomy for analyzing hazards to information systems , 1996, SEC.

[98]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[99]  Johann C.K.H. Riedel,et al.  Time to Market , 1994 .

[100]  Cynthia E. Irvine,et al.  Calculating costs for quality of security service , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[101]  Erland Jonsson,et al.  A practical dependability measure for degradable computer systems with non-exponential degradation , 1994 .

[102]  Barry W. Johnson Design & analysis of fault tolerant digital systems , 1988 .

[103]  C. Richard Attanasio,et al.  Penetrating an Operating System: A Study of VM/370 Integrity , 1976, IBM Syst. J..

[104]  Håkan Kvarnström,et al.  A survey of commercial tools for intrusion detection , 1999 .

[105]  Akihiro Nakao,et al.  A routing underlay for overlay networks , 2003, SIGCOMM '03.

[106]  Xiaobo Li,et al.  Partial encryption of compressed images and videos , 2000, IEEE Trans. Signal Process..

[107]  K. Schwan,et al.  Dynamic authentication for high-performance networked applications , 1998, 1998 Sixth International Workshop on Quality of Service (IWQoS'98) (Cat. No.98EX136).

[108]  Ulf Lindqvist,et al.  On the Fundamentals of Analysis and Detection of Computer Misuse , 1999 .

[109]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[110]  David E. Culler,et al.  A blueprint for introducing disruptive technology into the Internet , 2003, CCRV.

[111]  Karin Sallhammar,et al.  Using Game Theory in Stochastic Models for Quantifying Security , 2004 .

[112]  Stefan Lindskog,et al.  Observations on Operating System Security Vulnerabilities , 2000 .

[113]  Richard R. Linde,et al.  Operating system penetration , 1975, AFIPS '75.

[114]  Kai Rannenberg Die Trusted Computer System Evaluation Criteria (TCSEC) , 1998 .

[115]  Jari Koistinen,et al.  Worth-based multi-category quality-of-service negotiation in distributed object infrastructures , 1998, Proceedings Second International Enterprise Distributed Object Computing (Cat. No.98EX244).

[116]  Cynthia E. Irvine,et al.  Toward quality of security service in a resource management system benefit function , 2000, Proceedings 9th Heterogeneous Computing Workshop (HCW 2000) (Cat. No.PR00556).

[117]  Morris Sloman,et al.  A survey of quality of service in mobile computing environments , 1999, IEEE Communications Surveys & Tutorials.

[118]  Erland Jonsson,et al.  An Attempt to Quantitative Modelling of Behavioural Security , 1995 .

[119]  Douglas C. Sicker,et al.  Selective encryption for consumer applications , 2004, First IEEE Consumer Communications and Networking Conference, 2004. CCNC 2004..

[120]  M. E. Kabay,et al.  Computer Security Handbook , 2002 .

[121]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[122]  Tomas Olovsson,et al.  Security Evaluation of a PC Network based on Intrusion Experiments , 1996, CCS 1996.

[123]  Champskud J. Skrepth,et al.  SELECTIVE ENCRYPTION OF VISUAL DATA Classification of Application Scenarios and Compar­ ison of Techniques for Lossless Environments , 2002 .

[124]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[125]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[126]  Charles P. Shelton,et al.  Robustness testing of the Microsoft Win32 API , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[127]  Bruce Schneier,et al.  Cryptographic Design Vulnerabilities , 1998, Computer.

[128]  Jon A. Rochlis,et al.  With microscope and tweezers: the worm from MIT's perspective , 1989, Commun. ACM.

[129]  Erland Jonsson,et al.  A Map of Security Risks Associated wuth Using COTS , 1998, Computer.

[130]  Carl E. Landwehr,et al.  A Taxonomy of Computer Program Security Flaws, with Examples , 1993 .

[131]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[132]  Erland Jonsson,et al.  Privacy vs. Intrusion Detection Analysis , 1999, Recent Advances in Intrusion Detection.

[133]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[134]  Bob Blakley,et al.  The Emperor's old armor , 1996, NSPW '96.

[135]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[136]  Cynthia E. Irvine,et al.  THE NPS CISR GRADUATE PROGRAM IN INFOSEC: SIX YEARS OF EXPERIENCE , 1997 .

[137]  Ilyong Chung Dynamic security , 1991 .

[138]  Cynthia E. Irvine,et al.  IPsec Modulation for Quality of Security Service , 2002 .

[139]  E. Bruce Lee,et al.  Ciphers and their products: group theory in private key cryptography , 1999 .

[140]  Frank Gadegast Securitymechanisms for Multimedia-Data with the Example MPEG-I-Video , 1998 .

[141]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.