Performance modelling and analysis of systems under attack and misbehaviour

Abstract

PhD ThesisComputing systems are growing increasingly complex, incorporating multiple interactive components. Performance is a critical attribute in evaluating computing systems. Most computing systems are now connected to networks, either private or public, raising concerns about vulnerability and exposure to threats and attacks. A secure system requires effective security protocols and techniques that do not negatively compromise performance. Analysing a system’s behaviour under attack and misbehaviour can assist in determining where a problem is located so as to direct additional resources appropriately. The overall aim of this thesis is to model the performance of secure systems where behaviour changes in response to attacks and misbehaviour. Performance Evaluation Process Algebra (PEPA) modelling is employed to convert formal security protocols and methods into formal performance models. This thesis addresses the impact and cost of cyber-attacks on the performance of webbased sales systems. PEPA models are proposed for two scenarios, with and without the attacks, to understand how the system behaves in different scenarios to provide a sustainable level of performance. It also explores the performance cost of a security protocol, an anonymous and failure resilient fair-exchange e-commerce protocol. The proposed PEPA models were formulated with and without anonymity in order to explore its overhead. Additionally, we modelled a basic protocol with no misbehviour, not requiring the active involvement of a Trusted Third Party (TTP), and an extended protocol, for which the TTP’s participation is essential to resolve disputes. These models provide an insight into the protocol’s behaviour and the associated performance cost. An attack graph is a popular method to support a defender in understanding an attacker’s behaviour. It also supports the defender in detecting possible threats, thereby improving a system’s security status. Developing a PEPA model version of an attack graph can advance understanding and identification of key risks, and assist the defender with implementing appropriate countermeasures. This thesis developed two methods to automate the generation of the PEPA model based on a pre-existing attack graph specification. The first method is simple, generating a single sequential component to represent both a system and an attacker. The second method has more potential, by generating a PEPA model with two sequential components representing a system and an attacker, as well as the system equation to define how they interact. The attacker component enables us to explicitly incorporate attacker skills into the model. We use case studies to demonstrate how the PEPA models generated are used to perform path analysis and sensitivity analysis, as well as estimate the time required for each path. The defender can use this to determine the amount of safe time remaining before the system is compromised, and rank the risk from all attack paths. In addition, we developed PEPA models for an attack graph considering two criteria: attacker expertise and the availability of exploit code to estimate time needed to breach the system. We proposed three attacker skill levels: beginner, intermediate, and expert. The adaptability of our proposed PEPA models were improved by incorporating learning behaviours for both attacker and defender, to demonstrate how this affects the time required to compromise the system. The models in this thesis demonstrate an approach to integrating security and performance concerns to advance understanding of system and attacker behaviour. The performance analysis undertaken indicates where problems may arise and additional resources needed. This analysis could be extended in the future to consider alternative design options and dynamic reconfiguration. Understanding the impact of attackers on system behaviour increases our ability to design systems that can adapt and tolerate attacks. This thesis represents an initial step toward greater understanding of the impact of attacks on system performance