DocumentCode
2028401
Title
Evaluating security measures of a layered system
Author
Razavi, Sanaz Hafezian ; Das, Olivia
Author_Institution
Dept. of Electr. & Comput. Eng., Ryerson Univ., Toronto, ON, Canada
fYear
2009
fDate
26-27 Sept. 2009
Firstpage
296
Lastpage
301
Abstract
Most distributed systems that we use in our daily lives have layered architecture since such architectures allow separation of processing between multiple processes in different layers thereby reducing the complexity of the system. Unauthorized control over such systems can have potentially serious consequences ranging from huge monetary loss to even loss of human life. Hence considerable research attention is being given towards building tools and techniques for quantitative modeling and evaluation of security properties. This paper proposes a high-level stochastic model to estimate security of a layered system. It discusses evaluation of availability and integrity as two major security properties of a 3 layered Architecture consisting of Client, Web-server, and Data base. Using Mobius software, this study models the change in vulnerability of a layer owing to an intrusion in another layer. Furthermore, it analyzes the impact on the security of the upper layers due to an intruded lower layer. While maintaining a system availability of 88.48%, this study indicates that increasing the system host attack rate in the Database layer from 10 to 100 will reduce system availability to 73%, while the same modification for Web-server layer will contribute to 60% availability.
Keywords
client-server systems; database management systems; security of data; software architecture; Mobius software; Web server; client; database; distributed system; high-level stochastic model; intrusion; layered architecture; layered system; quantitative modeling; security measures; security property; system availability; system complexity; system host attack rate; unauthorized control; Application software; Buildings; Computer architecture; Computer security; Control systems; Data security; Electric variables measurement; Humans; Information security; Software architecture;
fLanguage
English
Publisher
ieee
Conference_Titel
Science and Technology for Humanity (TIC-STH), 2009 IEEE Toronto International Conference
Conference_Location
Toronto, ON
Print_ISBN
978-1-4244-3877-8
Electronic_ISBN
978-1-4244-3878-5
Type
conf
DOI
10.1109/TIC-STH.2009.5444485
Filename
5444485
Link To Document