ACM Transactions on Information and System Security (TISSEC)
Cryptography: Theory and Practice,Second Edition
Cryptography: Theory and Practice,Second Edition
Designing Concurrent, Distributed, and Real-Time Applications with Uml
Designing Concurrent, Distributed, and Real-Time Applications with Uml
Modelling with Generalized Stochastic Petri Nets
Modelling with Generalized Stochastic Petri Nets
Performance analysis of elliptic curve cryptography for SSL
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
A methodology for analyzing the performance of authentication protocols
ACM Transactions on Information and System Security (TISSEC)
Cryptography and Network Security: Principles and Practice
Cryptography and Network Security: Principles and Practice
Architectural Impact of Secure Socket Layer on Internet Servers
ICCD '00 Proceedings of the 2000 IEEE International Conference on Computer Design: VLSI in Computers & Processors
From UML activity diagrams to Stochastic Petri nets: application to software performance engineering
WOSP '04 Proceedings of the 4th international workshop on Software and performance
Computer Networking: A Top-Down Approach Featuring the Internet
Computer Networking: A Top-Down Approach Featuring the Internet
Performance analysis of security aspects in UML models
WOSP '07 Proceedings of the 6th international workshop on Software and performance
ArgoSPE: model-based software performance engineering
ICATPN'06 Proceedings of the 27th international conference on Applications and Theory of Petri Nets and Other Models of Concurrency
Optimising multiple quality criteria of service-oriented software architectures
Proceedings of the 1st international workshop on Quality of service-oriented software systems
An architectural framework for analyzing tradeoffs between software security and performance
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
Proceedings of the 3rd international ACM SIGSOFT symposium on Architecting Critical Systems
Systematic guidance in solving performance and scalability problems
Proceedings of the 18th international doctoral symposium on Components and architecture
An Exposition of Performance-Security Trade-offs in RANETs Based on Quantitative Network Models
Wireless Personal Communications: An International Journal
Towards a methodology driven by relationships of quality attributes for qos-based analysis
Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering
Hi-index | 0.01 |
Complex distributed dependable systems, such as web-based applications that contain sensitive data and are exposed to many users, have to meet different, and sometimes conflicting, non functional requirements, such as security and performance requirements. A typical example of this trade-off is the performance degradation introduced in a system by the raising of security solutions. Several proposals have been made to estimate the performance of security methodologies, but they are often grounded to existing standards such as IPsec and SSL. In this paper we tackle the problem from a model-based viewpoint: we introduce basic performance models for security mechanisms, which can be considered as building bricks to compose in order to model security services. To this goal, we introduce rules that drive the composition. Security service models can then be integrated with functional models of critical applications to estimate the performance of the adopted security solutions. We represent models as Generalized Stochastic Petri Nets (GSPNs). This is a first step towards a Security Library containing composable performance models of security mechanisms and services and representing an instrument to support designers in decisions related to the security vs performance trade-off. We show how to use our models on an example of banking system.