Use this URL to cite or link to this record in EThOS:
Title: Adaptive security
Author: Lamprecht, Christiaan Johan
ISNI:       0000 0004 2730 8793
Awarding Body: University of Newcastle Upon Tyne
Current Institution: University of Newcastle upon Tyne
Date of Award: 2012
Availability of Full Text:
Access from EThOS:
Access from Institution:
Automated runtime security adaptation has great potential in providing timely and fine grained security control. In this thesis we study the practical utility of a runtime security-performance trade off for the pervasive Secure Socket Layer (SSL/TLS) protocol. To that end we address a number of research challenges. We develop an Adaptive Security methodology to extend non-adaptive legacy security systems with adaptive features. We also create a design of such an extended system to support the methodology. The design aids in identifying additional key components necessary for the creation of an adaptive security system. We furthermore apply our methodology to the Secure Socket Layer (SSL) protocol to create a design and implementation of a practical Adaptive SSL (ASSL) solution that supports runtime security adaptation in response to cross-cutting environmental concerns. The solution effectively adapts security at runtime, only reducing maximum server load by 15% or more depending on adaptation decision complexity. Next we address the security-performance trade off research challenge. Following our methodology we conduct an offline study of factors affecting server performance when security is adapted. These insights allow for the creation of policies that can trade off security and performance by taking into account the expected future state of the system under adaptation. In so doing we found that client SSL session duration, requested file size and current security algorithm play roles predicting future system state. Notably, performance deviation is smaller when sessions are longer and files are smaller and vice versa. A complete Adaptive Security solution which successfully demonstrates our methodology is implemented with trade-off policies and ASSL as key components. We show that the solution effectively utilises available processing resources to increase security whilst still respecting performance guarantees.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available