Abstract
This paper constructs a stochastic model of a layered system to analyze its security measures. It discusses evaluation of availability and integrity as two major security properties of a three-layered Architecture consisting of Client, Web-server, and Database. Using Mobius software, this study models the change in vulnerability of a layer owing to an intrusion in another layer. Furthermore, it analyzes the impact on the security of the upper layers due to an intrusion in a lower layer. While maintaining a system availability of 97.73%, this study indicates that increasing the host attack rate in the Database layer from 10 to 20 will reduce system availability to 97.55%. Similar modification made to a Web-server layer will contribute to 97.04% availability. This set of results imply that increasing the attack rate in Web Server layer has a more severe impact on system availability, as compared to the Database layer. Similar results have been gathered when predicting integrity of the system under identical set of modification. At system integrity of 96.88%, increasing host attack rate in Database layer has resulted in achieving integrity of 96.68%; similar experiment for Web server layer resulted in system integrity of 96.57%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Doboson, J., McDermid, J., Gollmann, D.: Towards Operational Measures of Computer Security. Journal of Computer Security 2, 211–229 (1993)
Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation 56(1-4), 167–186 (2004)
Zhang, Z., Nait-Abdesselam, F., Ho, P.: Boosting Markov Reward Models for Probabilistic Security Evaluation by Characterizing Behaviours of Attacker and Defender. In: Proc. Of Third Int’l Conf. on Availability, Reliability and Security, pp. 352–359 (2008)
Sallhammar, K., Helvik, B.E., Knapskog, S.J.: Towards a stochastic model for integrated security and dependability evaluation. In: Proc. of First Int’l Conf. on Availability, Reliability and Security, pp. 156–165 (2006)
Jiang, W., Tian, Z., Zhang, H.L., Song, X.: A Stochastic Game Theoretic Approach to Attack Prediction and Optimal Active Defence Strategy Decision. In: Proc. of the IEEE International Conference on Networking, Sensing and Control, pp. 648–653 (2008)
Deavours, D.D., Clark, G., Courtney, T., Daly, D., Derisavi, S., Doyle, J.M., Sanders, W.H., Webster, P.G.: The Möbius Framework and Its Implementation. IEEE Trans. on Software Engineering 28(10), 956–969 (2002)
Sanders, W.H., the Board of Trustees of the University of Illinois: Mobius Manual. Version 2.2.1
Hafezian, S.: Evaluating Security Measures of a Layered Intrusion Tolerant System. Master’s thesis, Ryerson University- Canada (2009)
Castro, M., Liskov, B.: Practical Byzantine Fault Tolerance. In: Proc. of the Third Symp. on Operating Systems Design and Implementation, pp. 173–186 (1999)
Lamport, L., Shostak, R., Pease, M.: The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems 4(3), 382–401 (1982)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hafezian Razavi, S., Das, O. (2010). Security Evaluation of Layered Intrusion Tolerant Systems. In: Al-Begain, K., Fiems, D., Knottenbelt, W.J. (eds) Analytical and Stochastic Modeling Techniques and Applications. ASMTA 2010. Lecture Notes in Computer Science, vol 6148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13568-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-13568-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13567-5
Online ISBN: 978-3-642-13568-2
eBook Packages: Computer ScienceComputer Science (R0)