• DocumentCode
    2028401
  • Title

    Evaluating security measures of a layered system

  • Author

    Razavi, Sanaz Hafezian ; Das, Olivia

  • Author_Institution
    Dept. of Electr. & Comput. Eng., Ryerson Univ., Toronto, ON, Canada
  • fYear
    2009
  • fDate
    26-27 Sept. 2009
  • Firstpage
    296
  • Lastpage
    301
  • Abstract
    Most distributed systems that we use in our daily lives have layered architecture since such architectures allow separation of processing between multiple processes in different layers thereby reducing the complexity of the system. Unauthorized control over such systems can have potentially serious consequences ranging from huge monetary loss to even loss of human life. Hence considerable research attention is being given towards building tools and techniques for quantitative modeling and evaluation of security properties. This paper proposes a high-level stochastic model to estimate security of a layered system. It discusses evaluation of availability and integrity as two major security properties of a 3 layered Architecture consisting of Client, Web-server, and Data base. Using Mobius software, this study models the change in vulnerability of a layer owing to an intrusion in another layer. Furthermore, it analyzes the impact on the security of the upper layers due to an intruded lower layer. While maintaining a system availability of 88.48%, this study indicates that increasing the system host attack rate in the Database layer from 10 to 100 will reduce system availability to 73%, while the same modification for Web-server layer will contribute to 60% availability.
  • Keywords
    client-server systems; database management systems; security of data; software architecture; Mobius software; Web server; client; database; distributed system; high-level stochastic model; intrusion; layered architecture; layered system; quantitative modeling; security measures; security property; system availability; system complexity; system host attack rate; unauthorized control; Application software; Buildings; Computer architecture; Computer security; Control systems; Data security; Electric variables measurement; Humans; Information security; Software architecture;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Science and Technology for Humanity (TIC-STH), 2009 IEEE Toronto International Conference
  • Conference_Location
    Toronto, ON
  • Print_ISBN
    978-1-4244-3877-8
  • Electronic_ISBN
    978-1-4244-3878-5
  • Type

    conf

  • DOI
    10.1109/TIC-STH.2009.5444485
  • Filename
    5444485