Modelling and Quantitative Analysis of Performance vs Security Trade-offs in Computer Networks: An investigation into the modelling and discrete-event simulation analysis of performance vs security trade-offs in computer networks, based on combined metrics and stochastic activity networks (SANs)

Abstract

Performance modelling and evaluation has long been considered of paramount importance to computer networks from design through development, tuning and upgrading. These networks, however, have evolved significantly since their first introduction a few decades ago. The Ubiquitous Web in particular with fast-emerging unprecedented services has become an integral part of everyday life. However, this all is coming at the cost of substantially increased security risks. Hence cybercrime is now a pervasive threat for today’s internet-dependent societies. Given the frequency and variety of attacks as well as the threat of new, more sophisticated and destructive future attacks, security has become more prevalent and mounting concern in the design and management of computer networks. Therefore equally important if not more so is security. Unfortunately, there is no one-size-fits-all solution to security challenges. One security defence system can only help to battle against a certain class of security threats. For overall security, a holistic approach including both reactive and proactive security measures is commonly suggested. As such, network security may have to combine multiple layers of defence at the edge and in the network and in its constituent individual nodes. Performance and security, however, are inextricably intertwined as security measures require considerable amounts of computational resources to execute. Moreover, in the absence of appropriate security measures, frequent security failures are likely to occur, which may catastrophically affect network performance, not to mention serious data breaches among many other security related risks. In this thesis, we study optimisation problems for the trade-offs between performance and security as they exist between performance and dependability. While performance metrics are widely studied and well-established, those of security are rarely defined in a strict mathematical sense. We therefore aim to conceptualise and formulate security by analogy with dependability so that, like performance, it can be modelled and quantified. Having employed a stochastic modelling formalism, we propose a new model for a single node of a generic computer network that is subject to various security threats. We believe this nodal model captures both performance and security aspects of a computer node more realistically, in particular the intertwinements between them. We adopt a simulation-based modelling approach in order to identify, on the basis of combined metrics, optimal trade-offs between performance and security and facilitate more sophisticated trade-off optimisation studies in the field. We realise that system parameters can be found that optimise these abstract combined metrics, while they are optimal neither for performance nor for security individually. Based on the proposed simulation modelling framework, credible numerical experiments are carried out, indicating the scope for further work extensions for a systematic performance vs security tuning of computer networks