400 likes | 580 Views
Data survivability vs. security in information systems. Gregory Levitin a,b,n , Kjell Hausken c, Heidi A. Taboada d, David W. Coit Presented by Chia-Ling Lee. Agenda. Introduction Data survivability/data security model Two Multiple objective optimization model
E N D
Data survivability vs. security in information systems Gregory Levitina,b,n, KjellHausken c, Heidi A. Taboada d, David W. Coit Presented by Chia-Ling Lee
Agenda • Introduction • Data survivability/data security model • Two Multiple objective optimization model • Multiple objective optimization • Multiple objective genetic algorithm(MOGA) • Example • Conclusion
Introduction • Defender may suffers theft and/or information destruction. • To prevent theft, the defender can separate the information into multiple blocks and store these blocks on multiple resources. Separating the information increases its vulnerability as the destruction of any block makes it unusable. • To prevent destruction the defender can create multiple copies of each block and store these blocks on multiple resources. Creating multiple copies increases the possibility of theft.
Introduction • This paper considers the conflicting information survivability and security requirements in systems with data separation based on secret sharing approach.
Data survivability/data security model • how a defender separates information into blocks, and makes copies of blocks, to prevent theft and destruction? • The defender separates information into n blocks and stores these blocks on n different resources to protect information from theft. • If the attacker succeeds to destroy any block of information, the defender loses the information integrity and cannot use it. The defender enhances the data survivability by creating mi copies of each block i of the information and stores these blocks on mi different resources.
Data survivability/data security model • In order to destroy the information, the attacker should destroy all mi copies of any block i. In order to steal the information, the attacker should steal at least one copy of an block. Block 1 Block 2 Block 3 Block 1 Block 2 Block 3
Data survivability/data security model • Creating more blocks makes information more difficult to steal, but easier to destroy. • Creating more copies of each block makes information more difficult to destroy, but easier to steal. • multiple objective optimization problem • constrained optimization problem
Data survivability/data security model • We assume that the events of data destruction at different resources are independent, which presumes that different resources use different methods of data protection.
Data survivability/data security model • Formula 1: • Block1 destruction : 0.1*0.1*0.1 (only this situation) • V=1-[1-(0.1*0.1*0.1)]*[1-(0.1*0.1*0.1)]*[1-(0.1*0.1*0.1)] • When the defender is solely concerned about information destruction, the defender prefers maximum miand minimum n (n=1). • If the attacker gets access to one copy, he can see the entire record (theft), but it is difficult to get access to all copies (destroy the record).
Data survivability/data security model • Formula 2: • When i=1: 1-(1-w11)(1-w12)(1-w13) • W=[1-(1-0.1)(1-0.1)(1-0.1)]*[1-(1-0.1)(1-0.1)(1-0.1)]*[1-(1-0.1)(1-0.1)] • when the defender is solely concerned about information theft, defender prefers minimum mi and maximum n. • If the attacker gets access to one fragment, the record gets destroyed, but it is difficult to get access to all the fragments (steal the record)
Data survivability/data security model • The defender usually has resource constraints and cannot deploy arbitrarily many blocks and copies. • N=m*n=32 • Min V subject to W<0.5 • Answer: • (m,n)=(8,4) • W=0.11 • V=0.89
Data survivability/data security model • If the defender seeks to address both concerns, it must strike a compromise.
Two multiple objective optimization models • The first model is to determine a data/information storage solution to simultaneously minimize the probabilities of information destruction and data theft. • The second model adds an additional objective to minimize cost of information storage. • Since both models have multiple conflicting objective functions, the goal will be to determine a set of non-dominated Pareto solutions.
Two multiple objective optimization models • Each resource k, k=1,...,K, has a known cost ck and specified vk and wk. • Therefore for any copy j of block i, there areassociated vf(i,j) and wf(i,j). • .
Two multiple objective optimization models • Problem 1: • Problem 2:
Multiple objective optimization • There are two general approaches to determine solutions to multiple objective problems. • The first approach is to combine mathematically all of the objective functions into one composite objective function, often a cost or utility function. • When specific, defensible and precise objective function weights, equivalent cost conversion factors, or utility functions can be determined • The second approach is to determine the Pareto set of solutions.
Multiple objective optimization • Advantages of the Pareto set approach: • the decision-makers has several or more alternatives and the final selection can incorporate additional information or concerns not included in the original problem formulation. • further investigation of the Pareto sets allows for the explicit comparison and consideration of the various trade-offs among objective functions • there is often a "knee" solution that balances the relative trade-offs that would not be apparent otherwise • Disadvantages of the Pareto set approach: • the decision-maker can get too many solutions to consider before selecting a preferred solution to implement. • Taboada et al. present a methodology to minimize the number of Pareto-optimal solutions to consider
Multiple objective genetic algorithm(MOGA) • For this study, we determine solutions to the problem using a MOGA called MOEA-DAP (multiple objective evolutionary algorithm-design allocation problem). • MOGAs are ideally suited to multiple objective optimization because they are able to capture multiple near-Pareto-optimal solutions in a single GA run and may exploit similarities of solutions by recombination. • MOGAs are search methods that take their inspiration from natural selection and survival of the fittest in the biological world. MOGAs follow the fundamentals of single-objective GAs.
Multiple objective genetic algorithm(MOGA) • The main difference between single-objective GAs and MOGAs is that, these latter concentrate their efforts on the strategies used for selection and diversification • The two fundamental goals in MOGA design are guiding the search towards the Pareto set and keeping a diverse set of non-dominated solutions.
Multiple objective genetic algorithm(MOGA) • MOEA-DAP differs from other multiple objective evolutionary algorithms in the crossover operation performed and in the fitness assignment. • In the crossover step, several offspring are created through multi-parent recombination. Thus, the mating pool contains a great amount of diversity of solutions. • Two different methods to assign fitness to the solutions are used. • The first fitness is intended to maintain population diversity • The second fitness aims to select those individuals which are more dominating
Multiple objective genetic algorithm(MOGA) • The GA chromosome used for this study includes a string of n substrings each consisting of m elements corresponding to the reference location for each block. • For example, consider the following GA chromosome vector a where aij is the type of resource where copy j of block i is located (aij represents f(i,j)) • The chromosome can represent variable number of blocks.
Examples • Both examples were formulated and solved as both Problems 1 and 2, with two and three objective functions. • For both examples, there was no defined cost constraint. The examples demonstrate that this approach can be used to find an approximation of the Pareto set of promising solutions.
Example (1) • There is a maximum of five blocks. • MOEA-DAP was first run for Problem P1 with a population size of 100 for 10 generations. • There were 79 solutions in the obtained approximation of the Pareto set.
Example (1) Min V Min W
Example (1) • Point 1: (3,5,5,3) (3,5,3,5) (3,5,4,3,1) (1,3,5,3) Both objective function are deemed to be important. V=0.00368, W=0.00388 Information theft Information destruction
Example (1) • Point 2: (5,5,5,5) Point 2 favors the minimization of probability of destruction. (Max mi, min n=1) V=0.00010, W=0.5904 Information destruction Information theft
Example (1) • Point 3: (3,3) (3,3,3) (3,5) (3,5) (3,3,3) Point3 favors the minimization of the probability of theft. (max n=5, min mi) V=0.1894,W=0.0011 Information theft Information destruction
Example (1) • Notice that all three of these selected Pareto solution use primarily resources of types 3 and 5. because resource 3 provides the lowest wij and resource 5 (along with 1) provides the lowest vij.
Example (1) • The first example was also solved as Problem P2 with three objective functions, including cost. • MOEA-DAP was run for this problem with a population size of 200 for 10 generations • There were 154 solutions in the obtained approximation of the Pareto set.
Example (1) • Point 1: (1) (3,3,3) V=0.00368, W=0.388, C=30 Information destruction Information theft
Example (2) • There is a maximum of ten blocks. • population size of 120 for 5 generations. • there were 73 solutions in the obtained approximation of the Pareto set.
Example (2) • The solution uses the maximum number of blocks to provide a low V but relatively few copies. • V=0.0364 W=2.39e^(-5)
Example (2) • The second example was then solved as Problem P2 with three objective functions, including the cost. • MOEA-DAP was run with a population size of 200 for 10 generations • There were 166 solutions in the obtained approximation of the Pareto set.
Example (2) • This is a solution with very low cost and very low probability of information theft. • V=.4845, W=7.2E-7, C=30
Conclusion • We consider a defender which seeks to store information securely. An attacker may steal or destroy the information which we demonstrate are two conflicting concerns. • We show that to prevent information destruction, the defender prefers to maximize the number of parallel copies of each block, regardless how many blocks in series there are. • To prevent information theft, the defender prefers to maximize the number of separated blocks, regardless how many copies in series there are.
Conclusion • Two multiple objective optimization models are developed. These minimize the probabilities of information destruction and data theft, and minimize cost. • Using a multiple objective evolutionary algorithm, we determine how to distribute an optimal number of blocks and copies of blocks among the resources. • Further research could be devoted to multi-objective optimization of complex tree-structured information storing topology and to systems with multi-level protections (defense in depth architecture).