An integrated view of security analysis and performance evaluation: trading qos with covert channel bandwidth

Abstract

Security analysis and performance evaluation are two fundamental activities in the system design process, which are usually carried out separately. Unfortunately, a purely qualitative analysis of the security requirements is not sufficient in the case of real systems, as they suffer from unavoidable information leaks that need to be quantified. In this paper we propose an integrated and tool-supported methodology encompassing both activities, thus providing insights about how to trade the quality of service delivered by a system with the bandwidth of its covert channels. The methodology is illustrated by assessing the effectiveness and the efficiency of the securing strategy implemented in the NRL Pump, a trusted device proposed to secure the replication of information from a low-security level enclave to a high-security level enclave. © Springer-Verlag 2004.