Modeling and Performance Evaluation of Computer Systems Security Operation 1



Similar documents
On the mathematical theory of splitting and Russian roulette

LECTURE 4. Last time: Lecture outline

INDISTINGUISHABILITY OF ABSOLUTELY CONTINUOUS AND SINGULAR DISTRIBUTIONS

2.3 Convex Constrained Optimization Problems

SOLVING LINEAR SYSTEMS

Lecture 4: BK inequality 27th August and 6th September, 2007

Modern Optimization Methods for Big Data Problems MATH11146 The University of Edinburgh

1. (First passage/hitting times/gambler s ruin problem:) Suppose that X has a discrete state space and let i be a fixed state. Let

UNCOUPLING THE PERRON EIGENVECTOR PROBLEM

Load Balancing and Switch Scheduling

Lecture 3: Finding integer solutions to systems of linear equations

1 Gambler s Ruin Problem

MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS. + + x 2. x n. a 11 a 12 a 1n b 1 a 21 a 22 a 2n b 2 a 31 a 32 a 3n b 3. a m1 a m2 a mn b m

Message-passing sequential detection of multiple change points in networks

Lecture 15 An Arithmetic Circuit Lowerbound and Flows in Graphs

Introduction to Scheduling Theory

NOTES ON LINEAR TRANSFORMATIONS

What is Linear Programming?

Row Echelon Form and Reduced Row Echelon Form

Determination of the normalization level of database schemas through equivalence classes of attributes

Stationary random graphs on Z with prescribed iid degrees and finite mean connections

Systems of Linear Equations

Lecture 13: Martingales

n k=1 k=0 1/k! = e. Example 6.4. The series 1/k 2 converges in R. Indeed, if s n = n then k=1 1/k, then s 2n s n = 1 n

Revenue Management for Transportation Problems

9.2 Summation Notation

arxiv: v1 [math.pr] 5 Dec 2011

Mathematics Course 111: Algebra I Part IV: Vector Spaces

Continued Fractions and the Euclidean Algorithm

MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS

Load Balancing by MPLS in Differentiated Services Networks

Analysis of Load Frequency Control Performance Assessment Criteria

Random access protocols for channel access. Markov chains and their stability. Laurent Massoulié.

Towards Optimal Firewall Rule Ordering Utilizing Directed Acyclical Graphs

Solution of Linear Systems

10.2 Series and Convergence

CMSC 858T: Randomized Algorithms Spring 2003 Handout 8: The Local Lemma

Classification of Cartan matrices

Math 181 Handout 16. Rich Schwartz. March 9, 2010

MATH10212 Linear Algebra. Systems of Linear Equations. Definition. An n-dimensional vector is a row or a column of n numbers (or letters): a 1.

Scheduling Shop Scheduling. Tim Nieberg

Numerical methods for American options

α = u v. In other words, Orthogonal Projection

Discuss the size of the instance for the minimum spanning tree problem.

Section Inner Products and Norms

SHARP BOUNDS FOR THE SUM OF THE SQUARES OF THE DEGREES OF A GRAPH

Minimizing the Number of Machines in a Unit-Time Scheduling Problem

Exam Introduction Mathematical Finance and Insurance

IEOR 6711: Stochastic Models, I Fall 2012, Professor Whitt, Final Exam SOLUTIONS

Optimal Hiring of Cloud Servers A. Stephen McGough, Isi Mitrani. EPEW 2014, Florence

F Matrix Calculus F 1

7 Gaussian Elimination and LU Factorization

SPECTRAL POLYNOMIAL ALGORITHMS FOR COMPUTING BI-DIAGONAL REPRESENTATIONS FOR PHASE TYPE DISTRIBUTIONS AND MATRIX-EXPONENTIAL DISTRIBUTIONS

Triangle deletion. Ernie Croot. February 3, 2010

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Let H and J be as in the above lemma. The result of the lemma shows that the integral

CS 522 Computational Tools and Methods in Finance Robert Jarrow Lecture 1: Equity Options

This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

Single machine parallel batch scheduling with unbounded capacity

Tools for the analysis and design of communication networks with Markovian dynamics

Solving Systems of Linear Equations

A characterization of trace zero symmetric nonnegative 5x5 matrices

WHERE DOES THE 10% CONDITION COME FROM?

SCORE SETS IN ORIENTED GRAPHS

Analysis of a Production/Inventory System with Multiple Retailers

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

GenOpt (R) Generic Optimization Program User Manual Version 3.0.0β1

4: EIGENVALUES, EIGENVECTORS, DIAGONALIZATION

The Relation between Two Present Value Formulae

Direct Methods for Solving Linear Systems. Matrix Factorization

A STUDY OF TASK SCHEDULING IN MULTIPROCESSOR ENVIROMENT Ranjit Rajak 1, C.P.Katti 2, Nidhi Rajak 3

ALMOST COMMON PRIORS 1. INTRODUCTION

Completion Time Scheduling and the WSRPT Algorithm

A Practical Scheme for Wireless Network Operation

IRREDUCIBLE OPERATOR SEMIGROUPS SUCH THAT AB AND BA ARE PROPORTIONAL. 1. Introduction

Matrices 2. Solving Square Systems of Linear Equations; Inverse Matrices

! Solve problem to optimality. ! Solve problem in poly-time. ! Solve arbitrary instances of the problem. #-approximation algorithm.

Department of Economics

! Solve problem to optimality. ! Solve problem in poly-time. ! Solve arbitrary instances of the problem. !-approximation algorithm.

3 Some Integer Functions

Fault Localization in a Software Project using Back- Tracking Principles of Matrix Dependency

The Exponential Distribution

Exponential Approximation of Multi-Skill Call Centers Architecture

Structure Preserving Model Reduction for Logistic Networks

Every Positive Integer is the Sum of Four Squares! (and other exciting problems)

SPARE PARTS INVENTORY SYSTEMS UNDER AN INCREASING FAILURE RATE DEMAND INTERVAL DISTRIBUTION

M/M/1 and M/M/m Queueing Systems

Weakly Secure Network Coding

Transcription:

Modeling and Performance Evaluation of Computer Systems Security Operation 1 D. Guster 2 St.Cloud State University 3 N.K. Krivulin 4 St.Petersburg State University 5 Abstract A model of computer system security operation is developed based on the fork-join queueing network formalism. We introduce a security operation performance measure, and show how it may be used to performance evaluation of actual systems. Keywords: computer system security, security attack, security vulnerability, performance evaluation, fork-join queueing networks 1 Introduction The explosive growth in computer systems and networks has increased the role of computer security within organizations [4]. In many cases, ineffective protection against computer security treats leads to considerable damage, and even can cause an organization to be paralized. Therefore, the development of new models and methods of performance analysis of security systems seems to be very important. In this paper, we propose a model of computer security operation, and introduce its related performance measure. It is shown how the model can be applied to performance evaluation of actual systems. Finally, a technique of security system performance analysis is described and its practical implementation is discussed. We conclude with an appendix which contains technical details concerning fork-join network representation of the model, and related results. 1 The work was partially supported by the Russian Foundation for Basic Research, Grant #00-01-00760. 2 E:-mail:Guster@mcs.stcloudstate.edu 3 Department of Statistics, 720 4th Ave. S., St.Cloud, MN 56301-4442 4 E-mail: Nikolai.Krivulin@pobox.spbu.ru 5 Bibliotechnaya Sq. 2, Petrodvorets, 198904 St.Petersburg, Russia 233

2 A Security Operation Model In this paper, we deal with the current security activities (see Fig. 1) that mainly relate to the actual security threats rather than to strategic or long-term issues of security management. Intrusion Detection Analysis of Attack Recovery Planning Recovery Procedure Figure 1. Computer systems security activities. Consider the model of security operation in an organization, presented in Fig. 2. Each operational cycle starts with security attack detection based on audit records and system/errors log analysis, traffic analysis, or user reports. In order to detect an intrusion, automated tools of security monitoring are normally used including procedures of statistical anomaly detection, rule-based detection, and data integrity control [4]. Security Attacks Detection 1 Software and Data Integrity Analysis Vulnerabilities Analysis 2 3 Software 4 and Data Recovery Procedures Development of Countermeasures 5 Security 6 System Modification Figure 2. A security analysis and maintenance model. After security attack detection and identification, the integrity of system/application software and data in storage devices has to be examined to search for possible unauthorized modifications or damages made by the intruder. The investigation procedure can exploit file lists and checksum analysis, hash functions, and other automated techniques. In parallel, the system vulnerabilities, which allow the intruder to attack, should be identified and investigated. The vulnerability analysis normally presents an informal procedure, and therefore, it can hardly be performed automatically. Based on the results of integrity analysis, a software and data recovery procedure can be initiated using back-up servers and reserving storage devices. It has to take into account the security vulnerabilities identified at the previous step, so as to provide for further improvements in the entire security system. Along with the recovery procedure, the development of a complete set of countermeasures against similar attacks should be performed. Finally, the operational 234

cycle is concluded with appropriate modifications of software, data bases, and system security policies and procedures. We assume that the organization has appropriate personnel integrated in a Computer Emergency Response Team, available to handle the attack. The team would include at least two subteams working in parallel, one to perform integrity analysis and recovery procedures, and another to do vulnerability analysis and development of countermeasures. At any time instant, each subteam can deal with only one security incident. Any procedure may be started as soon as all prior procedures according to the model in Fig. 2, have been completed. If a request to handle a new incident occurs when a subteam is still working on a procedure, the request has to wait until the processing of that procedure is completed. We denote by τ 1k a random variable (r.v.) that represents the time interval between detections of the kth attack and its predecessor. Furthermore, we introduce r.v. s τ ik, i = 2,..., 6, to describe the time of the kth instant of procedure i in the model. We assume τ i1, τ i2,..., to be independent and identically distributed (i.i.d.) r.v. s with finite mean and variance for each i, i = 1,..., 6. At the same time, we do not require of independence of τ 1k,..., τ 6k for each k, k = 1, 2,.... 3 Security Operation Performance Evaluation In order to describe system performance, we introduce the following notations. Let T A be the mean time between consecutive security attacks (the attack cycle time), and T S be the mean time required to completely handle an attack (the recovery cycle time), as the number of attacks k tends to. In devising the security operation performance measure, one can take the ratio R = T S /T A. With the natural condition T S T A, one can consider R as the time portion the system is under recovery, assuming k. First note that the attack cycle time can immediately be evaluated as the mean value: T A = E[τ 11 ]. Now consider the cycle time of the entire system, which can be defined as the mean time interval between successive completions of security system modification procedures as the number of attacks k. As one can prove (see Appendix for further details), the system cycle time γ can be calculated as γ = max{e[τ 11 ],..., E[τ 61 ]}. In order to evaluate the recovery cycle time, we assume the system will operate under the maximum traffic level, which can be achieved when all the time intervals between attacks are set to 0. Clearly, under that condition, the system cycle time can be taken as a reasonable estimate of the recovery cycle time. Considering that now E[τ 11 ] = 0, we get the recovery cycle time in the form T S = max{e[τ 21 ],..., E[τ 61 ]}. 235

4 Performance Analysis and Discussion In fact, the above model presents a quite simple but useful tool for security system operation management. It may be used to make decision on the basis of a few natural parameters of the security operation process. Let us represent the ratio R in the form R = max{e[τ 21 ],..., E[τ 61 ]}/E[τ 11 ], and assume the attack rate determined by E[τ 11 ], to be fixed. Taking into account that the above result has been obtained based on the assumption of an infinite number of attacks, we arrive at the following conclusion. As the number of attacks becomes sufficiently large, the performance of the system is determined by the time of the longest procedure involved in the system operation, whereas the impact of the order of performing the procedures disappears. It is clear that in order to improve system performance, the system security manager (administrator) should first concentrate on decreasing the mean time required to perform the longest procedure within the security operation model, then consider the second longest procedure, and so on. The goal of decreasing the time can be achieved through partition of a whole procedure into subprocedures, which can be performed in parallel, or through rescheduling of the entire process with redistribution of particular activities between procedures. In practice, the above model and its related ratio R can serve as the basis for efficient monitorization of organizational security systems. Because the introduction of new countermeasures may change the attack cycle time, the monitoring requires updating this parameter after each modification of the system. Finally note, the above model can be easily extended to cover security operational processes, which consist of different procedures and precedence constraints. Appendix In order to describe the above security system operational model in a formal way, we exploit the fork-join network formalism proposed in [1]. The fork-join networks present a class of queueing systems, which allow for splitting a customer into several new customers at one node, and of merging customers into one at another node. In order to represent the dynamics of such networks, we use a (max, +)-algebra based approach developed in [2]. The (max, +)-algebra is a triple R ε,,, where R ε = R {ε} with ε =. The operations and are defined for all x, y R ε as x y = max(x, y), x y = x + y. The (max, +)-algebra of matrices is introduced in the ordinary way with the matrix E with all its entries equal ε, taken as the null matrix, and the matrix E = diag(0,..., 0) with its off-diagonal entries equal ε, as the identity. We introduce the vector x(k) = (x 1 (k),..., x n (k)) T as the kth service completion times at the network nodes, and the diagonal matrix T k = diag(τ 1k,..., τ nk ) 236

with given nonnegative random variables τ ik representing the kth service time at node i, i = 1,..., n, and the off-diagonal entries equal ε. The dynamics of acyclic fork-join networks can be described by the stochastic difference equation (see [2] for further details) x(k) = A(k) x(k 1), A(k) = p (T k G T ) j T k, (1) where G is a matrix with the elements { 0, if there exists arc (i, j) in the network graph, g ij = ε, otherwise, and p is the length of the longest path in the graph. The matrix G is normally referred to as the support matrix of the network. Note that since the network graph is acyclic, we have G q = E for all q > p. The cycle time of the network is defined as γ = lim k x(k), where x(k) = max i x i (k). Clearly, if this limit exists, it can be found as lim k A k, where A k = A(k) A(1). As it is easy to see, the fork-join network representation of the above security operation model takes the form presented in Fig. 3. 1 2 3 4 5 (a) Network scheme 6 G = ε 0 0 ε ε ε ε ε ε 0 ε ε ε ε ε 0 0 ε ε ε ε ε ε 0 ε ε ε ε ε 0 ε ε ε ε ε ε (b) Support matrix Figure 3. The fork-join queueing network model. For the network graph, we have p = 3. Therefore, we get equation (1) with A(k) = (E T k G T (T k G T ) 2 ) (T k G T ) 3 ) T k. Let us consider an arbitrary fork-join queueing network with n nodes, which is governed by equation (1). We assume that the matrix G at (1) has the upper triangular form. Since the network graph is acyclic, the network nodes can always be renumbered so that the matrix G become upper triangular. Now we describe a tandem queueing system associated with the above network. We assume the evolution of the tandem system to be governed by the equation x(k) = B(k) x(k 1), B(k) = n (T k H T ) j T k, 237

where H is a support matrix with the elements { 0, if i + 1 = j, h ij = ε, otherwise. Note that both matrices A(k) and B(k) are determined by the common matrix T k, but different support matrices G and H. Clearly, the longest path in the graph associated with the tandem queue is assumed to be equal n. Lemma 1. For all k = 1, 2,..., it holds that A(k) B(k). Proof: As it is easy to verify, for any integer q > 0, it holds G q H H 2 H n. Furthermore, since T k has only nonnegative entries on the diagonal, we have for any q > 1, H q T k (H T k ) q. By applying the above inequalities together with the condition that H m = E for all m > n, we arrive at the inequality (G T k ) q (H T k ) (H T k ) 2 (H T k ) n. Taking into account that the last inequality is valid for all q > 0, we have p n T k (G T k ) j T k (H T k ) j. It remains to transpose the both side of the inequality to get the desired result. By applying the above lemma together with the result in [3], one can prove the following statement. Lemma 2. Suppose that for the acyclic fork-join queueing network, the random variables τ i1, τ i2,..., are i.i.d. for each i = 1,..., n with finite mean E[τ i1 ] 0 and variance D[τ i1 ]. Then the cycle time γ can be evaluated as References γ = max{e[τ 11 ],..., E[τ n1 ]}. 1. F. Baccelli and A.M. Makowski, Queueing Models for Systems with Synchronization Constraints, Proceedings of the IEEE, Vol.77, No.1, 1989, pp.138-160. 2. N.K. Krivulin, Algebraic Modeling and Performance Evaluation of Acyclic Fork-Join Queueing Networks, Advances in Stochastic Simulation Methods, Statistics for Industry and Technology, (N. Balakrishnan, V. Melas, S. Ermakov, Eds.), Birkhäuser, Boston, 2000, pp.63-81. 3. N.K. Krivulin and V.B. Nevzorov, Evaluation of the Mean Interdeparture Time in Tandem Queueing Systems, This proceedings, 2001. 4. W. Stallings, Network and Internetwork Security: Principles and Practice, Prentice-Hall, Englewood Cliffs, 1995. 238

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information