ACM Transactions on Information and System Security (TISSEC)
Scaling for E Business: Technologies, Models, Performance, and Capacity Planning
Scaling for E Business: Technologies, Models, Performance, and Capacity Planning
Performance analysis of elliptic curve cryptography for SSL
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
IEEE Internet Computing
Architectural Impact of Secure Socket Layer on Internet Servers
ICCD '00 Proceedings of the 2000 IEEE International Conference on Computer Design: VLSI in Computers & Processors
Model-Based Performance Prediction in Software Development: A Survey
IEEE Transactions on Software Engineering
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
Comparison of performance of Web services, WS-Security, RMI, and RMI-SSL
Journal of Systems and Software - Special issue: Quality software
A Systematic Approach to Domain-Specific Language Design Using UML
ISORC '07 Proceedings of the 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing
Performance Evaluation of Security Services: An Experimental Approach
PDP '07 Proceedings of the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing
Improving uml profile design practices by leveraging conceptual domain models
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Towards a library of composable models to estimate the performance of security solutions
WOSP '08 Proceedings of the 7th international workshop on Software and performance
Performance analysis of security aspects by weaving scenarios extracted from UML models
Journal of Systems and Software
Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery
IEEE Transactions on Parallel and Distributed Systems
From UML to Petri Nets: The PCM-Based Methodology
IEEE Transactions on Software Engineering
ArgoSPE: model-based software performance engineering
ICATPN'06 Proceedings of the 27th international conference on Applications and Theory of Petri Nets and Other Models of Concurrency
An architectural framework for analyzing tradeoffs between software security and performance
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
Integrating fault-tolerant techniques into the design of critical systems
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
PeabraiN: A PIPE Extension for Performance Estimation and Resource Optimisation
ACSD '12 Proceedings of the 2012 12th International Conference on Application of Concurrency to System Design
Modelling and analysing resilience as a security issue within UML
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
| Hi-index | 0.00 |
Security attacks aim to system vulnerabilities that may lead to operational failures. In order to react to attacks software designers use to introduce Fault-Tolerant Techniques (FTTs), such as recovery procedures, and/or Security Mechanisms (SMs), such as encryption of data. FTTs and SMs inevitably consume system resources, hence they influence the system performance, even affecting its full operability. The goal of this paper is to provide a model-based methodology able to quantitatively estimate the performance degradation due to the introduction of FTTs and/or SMs aimed at protecting critical systems. Such a methodology is able to inform software designers about the performance degradation the system may incur, thus supporting them to find appropriate security strategies while meeting performance requirements. This approach has been applied to a case study in the E-commerce domain, whose experimental results demonstrate its effectiveness.