Security Evaluation of Layered Intrusion Tolerant Systems

Hafezian Razavi, Sanaz; Das, Olivia

doi:10.1007/978-3-642-13568-2_11

Sanaz Hafezian Razavi¹⁹ &
Olivia Das¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6148))

Included in the following conference series:

International Conference on Analytical and Stochastic Modeling Techniques and Applications

964 Accesses

Abstract

This paper constructs a stochastic model of a layered system to analyze its security measures. It discusses evaluation of availability and integrity as two major security properties of a three-layered Architecture consisting of Client, Web-server, and Database. Using Mobius software, this study models the change in vulnerability of a layer owing to an intrusion in another layer. Furthermore, it analyzes the impact on the security of the upper layers due to an intrusion in a lower layer. While maintaining a system availability of 97.73%, this study indicates that increasing the host attack rate in the Database layer from 10 to 20 will reduce system availability to 97.55%. Similar modification made to a Web-server layer will contribute to 97.04% availability. This set of results imply that increasing the attack rate in Web Server layer has a more severe impact on system availability, as compared to the Database layer. Similar results have been gathered when predicting integrity of the system under identical set of modification. At system integrity of 96.88%, increasing host attack rate in Database layer has resulted in achieving integrity of 96.68%; similar experiment for Web server layer resulted in system integrity of 96.57%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Doboson, J., McDermid, J., Gollmann, D.: Towards Operational Measures of Computer Security. Journal of Computer Security 2, 211–229 (1993)
Google Scholar
Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation 56(1-4), 167–186 (2004)
Article Google Scholar
Zhang, Z., Nait-Abdesselam, F., Ho, P.: Boosting Markov Reward Models for Probabilistic Security Evaluation by Characterizing Behaviours of Attacker and Defender. In: Proc. Of Third Int’l Conf. on Availability, Reliability and Security, pp. 352–359 (2008)
Google Scholar
Sallhammar, K., Helvik, B.E., Knapskog, S.J.: Towards a stochastic model for integrated security and dependability evaluation. In: Proc. of First Int’l Conf. on Availability, Reliability and Security, pp. 156–165 (2006)
Google Scholar
Jiang, W., Tian, Z., Zhang, H.L., Song, X.: A Stochastic Game Theoretic Approach to Attack Prediction and Optimal Active Defence Strategy Decision. In: Proc. of the IEEE International Conference on Networking, Sensing and Control, pp. 648–653 (2008)
Google Scholar
Deavours, D.D., Clark, G., Courtney, T., Daly, D., Derisavi, S., Doyle, J.M., Sanders, W.H., Webster, P.G.: The Möbius Framework and Its Implementation. IEEE Trans. on Software Engineering 28(10), 956–969 (2002)
Article Google Scholar
Sanders, W.H., the Board of Trustees of the University of Illinois: Mobius Manual. Version 2.2.1
Google Scholar
Hafezian, S.: Evaluating Security Measures of a Layered Intrusion Tolerant System. Master’s thesis, Ryerson University- Canada (2009)
Google Scholar
Castro, M., Liskov, B.: Practical Byzantine Fault Tolerance. In: Proc. of the Third Symp. on Operating Systems Design and Implementation, pp. 173–186 (1999)
Google Scholar
Lamport, L., Shostak, R., Pease, M.: The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems 4(3), 382–401 (1982)
Article MATH Google Scholar

Download references

Author information

Authors and Affiliations

Department of Electrical and Computer Engineering, Ryerson University, 350 Victoria Street, Toronto, ON, Canada
Sanaz Hafezian Razavi & Olivia Das

Authors

Sanaz Hafezian Razavi
View author publications
You can also search for this author in PubMed Google Scholar
Olivia Das
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Faculty of Advanced Technology, University of Glamorgan, CF37 1DL, Pontypridd, UK
Khalid Al-Begain
Department TELIN, Ghent University, Sint-Pietersnieuwstraat 41, 9000, Gent, Belgium
Dieter Fiems
Department of Computing,, Imperial College London, South Kensington Campus, SW7 2AZ, London, United Kingdom
William J. Knottenbelt

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hafezian Razavi, S., Das, O. (2010). Security Evaluation of Layered Intrusion Tolerant Systems. In: Al-Begain, K., Fiems, D., Knottenbelt, W.J. (eds) Analytical and Stochastic Modeling Techniques and Applications. ASMTA 2010. Lecture Notes in Computer Science, vol 6148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13568-2_11

Download citation

DOI: https://doi.org/10.1007/978-3-642-13568-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13567-5
Online ISBN: 978-3-642-13568-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics