Both government and business are increasingly interested in addressing
the growing threats imposed by the lack of adequate information
security. Consistent with these efforts, our work focuses on the
integrity and protection of information exchanged in high-performance
networked computing applications such as video teleconferencing and
other streamed interactive data exchanges. For these applications,
security procedures are often omitted in the interest of performance.
Since this may not be acceptable when using public communications
media, our research makes explicit and then utilizes the inherent
tradeoffs in realizing performance vs. security in communications. In
this paper, we expand the notion of QoS to include the level of
security that can be offered within performance and CPU resource
availability constraints. To address performance and security
tradeoffs in asymmetric and dynamic client-server environments, we
developed Authenticast, a dynamically configurable, user-level
communications protocol, offering variable levels of security
throughout execution. The Authenticast protocol comprises a suite of
heuristics to realize dynamic security levels, as well as heuristics
that decide when and how to apply dynamic security.
To demonstrate this protocol, we have implemented a prototype of a
high performance privacy system. We have developed and experimented
with a novel security control abstraction with which tradeoffs in
security vs. performance may be made explicit and then utilized with
dynamic client-server asymmetries. This abstraction is called a
security thermostat [12], and interacts directly with
Authenticast to enable adaptive security processing. Our results
demonstrate overall increased scalability and improved performance
when adaptive security is applied to the client-server platform with
varying numbers of clients and varying resource availabilities at
clients
