Mason Archival Repository Service

Quantitative Framework to Design Services with Intrusion Tolerant QoS

Show simple item record

dc.contributor.advisor Sood, Arun Nguyen, Quyen Luong
dc.creator Nguyen, Quyen Luong en_US 2014-09-18T01:56:59Z 2014-09-18T01:56:59Z 2014-05 en_US
dc.description.abstract Large software systems can be designed as a set of loosely coupled services interacting with each other; simple services can be composed to form more complex services. But, for services to be usable in production, they must satisfy non-functional requirements, especially security-related quality of service in order to ensure confidentiality, integrity, and availability. Unfortunately, software vulnerabilities expose these services to malicious actors, and make them susceptible to attacks. Due to the distributed and decentralized nature of services, publishing and guaranteeing security quality of service are crucial so that potential applications and clients can make use of the provided services. On the other hand, intrusion prevention and detection are not perfect in securing services, due to the increased sophistication of malicious attacks. This has motivated the addition of the Intrusion Tolerant component to complement the line of defense for applications and services. Given the need of making services intrusion-tolerant, my research focuses on providing an Quantitative Framework for Intrusion Tolerant Services (QFITS) for a systematic and quantitative approach to model, design and implement services with Intrusion Tolerant Quality of Service (IT-QoS). The approach relies on: a) the foundation of the architecture of Self Cleansing Intrusion Tolerance; b) a correlation component for which I will use Semi-Markov Model to compute IT-QoS metrics and then prove that there exists a mathematical dependency between those metrics and intrusion tolerance control parameters such as the exposure window in the case of a recovery-based architecture; c) a software specification mechanism which is based on a proposed Unified Modeling Language profile that allows software architects to model IT-QoS for services. To system architects of service providers, the framework would also constitute as the basis for ensuring differentiated levels of certain IT-QoS metrics such as Secure Availability, and Mean Time To Security Failure (MTTSF), which are indicators the reliability of a service operating in the presence of cybersecurity attacks.
dc.format.extent 215 pages en_US
dc.language.iso en en_US
dc.rights Copyright 2014 Quyen Luong Nguyen en_US
dc.subject Computer science en_US
dc.subject Attack Surface en_US
dc.subject Intrusion Tolerance en_US
dc.subject IT-QoS en_US
dc.subject SCIT en_US
dc.subject Semi-Markov en_US
dc.title Quantitative Framework to Design Services with Intrusion Tolerant QoS en_US
dc.type Dissertation en Doctoral en Computer Science en George Mason University en

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search MARS

Advanced Search


My Account