Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Decision Making for Finding an Adequate: Providing trade-off between Performance and Security
Blekinge Institute of Technology, School of Engineering, Department of Interaction and System Design.
2007 (English)Independent thesis Advanced level (degree of Master (One Year))Student thesis
Abstract [en]

The new opportunities that come with the Internet as a worldwide network bring the new threats and risks for private, institutional and corporate users. Therefore, it is important to integrate the security mechanisms into a network environment. Due to the significant increase in computers speed and features of applications, the people are not able any more to make quick and adequate decisions about which security mechanisms should be applied at the moment. In most cases they choose the strongest security level available. Along with the high security this approach brings additional costs and resources consumption and drastically reduces the performance of devices with limited resources. For such devices a trade-off between performance and security should be provided. Most of the time there are no risks and threats to devices since there are not under attacks, and the use of strong security wastes the available resources. A user of computer networks and electronic devices (e.g. PCs, smartphones, PDAs) is faced with a wide range of different security mechanisms. These mechanisms differ in terms costs, complexity of used cryptographic algorithms, types of licence, processing speed, and required resources. The user has to make a decision on which security mechanism to apply. This decision is often based on user's preferences, device capabilities and available resources. While a broad range of security mechanisms has been developed to secure devices and networks, too little attention is given to actual process of making a decision about the required security level with respect to the set of predefined requirements. The main goal of this thesis is the developing of a practical decision making model for dynamic reasoning about an adequate security level providing trade-off between security and performance. The thesis presents the methodology for security metrics identification, selection and quantification. The developed approach is not limited to a particular system or number of metrics. The scheme can be used to select and quantify security metrics for any decision making models and different systems under consideration. This thesis analyses the range of decision making methods for their fitness to fulfil the main goal of this work. Three models are developed based on fuzzy reasoning, simple multi-attribute rating technique (SMART) and artificial neural networks (ANNs) for making decisions about an adequate security level. The models take into consideration the selected metrics (e.g. threat level, location, content, resources), and user's preferences and make a recommendation regarding security level. The models differ in terms number of security metrics used, user's intervention into decision making process, and number of security levels. Finally, the thesis presents the results of the experiment that has been conducted to evaluate a performance of the adaptive approach for selecting an adequate security level. The motivation for this experiment is based on the fact that decision making process requires additional computations, which can lead to increased resources consumption and can make the use of adaptive approach impractical. The results show that with right software design and implementation the computations related to adaptive approach does not decrease the performance of mobile devices. Furthermore, the use of the adequate security level improves the resources utilization for memory and battery life. The improvements are feasible already for small data rates (~3.4 Mb). Thus, for the real life scenarios with the data rates of hundred megabytes, we can expect significant improvements in resources usage by using an adequate security level

Place, publisher, year, edition, pages
2007. , p. 47
Keywords [en]
Adaptive security, adequate security level, trade-off between performance and security
National Category
Computer Sciences Software Engineering
Identifiers
URN: urn:nbn:se:bth-2950Local ID: oai:bth.se:arkivex61B5B3C033761469C12573AD003D54E7OAI: oai:DiVA.org:bth-2950DiVA, id: diva2:830245
Uppsok
Technology
Supervisors
Note
E-mail: ssmirnow@msn.comAvailable from: 2015-04-22 Created: 2007-12-10 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

fulltext(621 kB)106 downloads
File information
File name FULLTEXT01.pdfFile size 621 kBChecksum SHA-512
c791b08aadbc15528f43d8bd47311f6c01a48fd2db59a45d5fe3238222bc098861714947bd5e897354f2c5176e2a3fe8f29ef838301b1ecc5bc1a1e243f907b1
Type fulltextMimetype application/pdf

By organisation
Department of Interaction and System Design
Computer SciencesSoftware Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 107 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 140 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf