An architectural framework for analyzing tradeoffs between software security and performance

Authors:
Vittorio Cortellessa;Catia Trubiani;Leonardo Mostarda;Naranker Dulay
Affiliations:
Università degli Studi dell'Aquila, L'Aquila, Italy;Università degli Studi dell'Aquila, L'Aquila, Italy;Imperial College London, London, United Kingdom;Imperial College London, London, United Kingdom
Venue:
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
Year:
2010

Citing 13
Cited 4

Trust management for IPsec

ACM Transactions on Information and System Security (TISSEC)
Software Performability: From Concepts to Applications

Software Performability: From Concepts to Applications
Performance analysis of elliptic curve cryptography for SSL

WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
A methodology for analyzing the performance of authentication protocols

ACM Transactions on Information and System Security (TISSEC)
Reliability and Performability Modeling Using SHARPE 2000

TOOLS '00 Proceedings of the 11th International Conference on Computer Performance Evaluation: Modelling Techniques and Tools
Security Performance

IEEE Internet Computing
Architectural Impact of Secure Socket Layer on Internet Servers

ICCD '00 Proceedings of the 2000 IEEE International Conference on Computer Design: VLSI in Computers & Processors
Model-Based Performance Prediction in Software Development: A Survey

IEEE Transactions on Software Engineering
Secure Systems Development with UML

Secure Systems Development with UML
Comparison of performance of Web services, WS-Security, RMI, and RMI-SSL

Journal of Systems and Software - Special issue: Quality software
Towards automatic derivation of a product performance model from a UML software product line model

WOSP '08 Proceedings of the 7th international workshop on Software and performance
Towards a library of composable models to estimate the performance of security solutions

WOSP '08 Proceedings of the 7th international workshop on Software and performance
Performance analysis of security aspects by weaving scenarios extracted from UML models

Journal of Systems and Software

Experience report: trading dependability, performance, and security through temporal decoupling

Proceedings of the 11th IFIP WG 6.1 international conference on Distributed applications and interoperable systems
Software quality trade-offs: A systematic map

Information and Software Technology
Fault-tolerant techniques and security mechanisms for model-based performance prediction of critical systems

Proceedings of the 3rd international ACM SIGSOFT symposium on Architecting Critical Systems
Towards a methodology driven by relationships of quality attributes for qos-based analysis

Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

The increasing complexity of software systems entails large effort to jointly analyze their non-functional attributes in order to identify potential tradeoffs among them (e.g. increased availability can lead to performance degradation). In this paper we propose a framework for the architectural analysis of software performance degradation induced by security solutions. We introduce a library of UML models representing security mechanisms that can be composed with performance annotated UML application models for architecting security and performance critical systems. Composability of models allows to introduce different security solutions on the same software architecture, thus supporting software architects to find appropriate security solutions while meeting performance requirements. We report experimental results that validate our approach by comparing a model-based evaluation of a software architecture for management of cultural assets with values observed on the real implementation of the system.