1 / 15

Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach

Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach. Norman Lim, Shikharesh Majumdar, Vineet Srivastava, Dept. of Systems and Computer Engineering, Cistech Limited, Carleton University, Ottawa, Canada Ottawa, Canada. Presentation Outline.

katy
Download Presentation

Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar, Vineet Srivastava, Dept. of Systems and Computer Engineering, Cistech Limited, Carleton University, Ottawa, Canada Ottawa, Canada

  2. Presentation Outline • Motivation and Proposed Solution • Additional Performance Optimizations • PO1: Multiple Channels • PO2: Batching • Performance Evaluation • Conclusions and Future Work Department of Systems and Computer Engineering

  3. Motivation • In a distributed environment, exchanging documents containing sensitive information is common. • The state of the art: Transmit the entire document over a secure channel. • Problem: Can result in long document transmission times due to CPU-intensive operations (e.g. encryption/decryption) used by security protocols. • However, some documents can contain both sensitive and non-sensitive components • E.g., Document containing a patient’s medical history • Secure components (that can identify the person) • Non-Secure components Department of Systems and Computer Engineering

  4. Proposed Solution • A performance enhancement technique called Security Sieve, is proposed. • Security sieve uses selective security which is based on two performance optimization principles: • Processing vs. Frequency principle • Centering principle Department of Systems and Computer Engineering

  5. MS Word Macro 2 1 3 Department of Systems and Computer Engineering 5

  6. Additional Performance Optimizations • Along with basic security sieve, two other performance optimizations (POs) are introduced: • PO1: Adds multiple channels to achieve concurrent data transmission • Based on parallel processing principle • PO2: Batches multiple document transfer requests that have the same destination • Based on batching principle Department of Systems and Computer Engineering

  7. Split/Combine Algorithms • Even Split/Combine (ES) • Evenly divides data among the channels • Segment Split/Combine (SS) • Distributes entire text segments Department of Systems and Computer Engineering

  8. Combining PO1 and PO2 • Combining PO1 and PO2, requires dividing the batch data lists (containing data for multiple files) into multiple sub-batch data lists. • Batch File Split/Combine (BFS) • Batch Even Split/Combine (BES) • Batch Segment Split/Combine (BSS) Department of Systems and Computer Engineering

  9. Performance Analysis of Security Sieve: Sample Results • Performance Metric: Total Time: • Data transfer Time (Response Time) • Sieving and integration Times • Effect of P • Proportion of data corresponding to the secure components • When P is less than approximately 95% the security sieve system starts outperforming the secure-only system. Department of Systems and Computer Engineering

  10. Evaluation of PO1: Multiple Channels • For the 1MB file, the mean total time increases, as the number of channels increases. • For the 10MB file, the lowest total time is achieved when using two channels.

  11. Comparison of ES and SS Algorithm • The ES algorithm starts to outperform the SS algorithm when proportion of non-secure data is less than 40% • For all other values, the SS-based system has slightly lower response times because the split/combine times are lower. Department of Systems and Computer Engineering

  12. Evaluation of PO2: Batching • PO2 is evaluated when a stream of file transfer requests arrives (following a Poisson process). • At higher λ, batching becomes more effective. • At low λ, system without batching displays higher performance. Department of Systems and Computer Engineering

  13. Conclusions • Security sieve, a performance enhancement technique for improving the performance of transferring documents containing both sensitive and non-sensitive components • Performance measurements made on the prototype demonstrates the effectiveness of the security sieve technique. • Evaluation of PO1: Using multiple channels is effective in reducing response times but only when enough data is transferred • Evaluation of PO2: Batching is most effective at higher arrival rates. Department of Systems and Computer Engineering

  14. Future Work • Development of a tool that searches a document and automatically marks the confidential data warrant further investigation. • Such a technique can be based on a user provided list of keywords and/or phrases that are associated with confidential information. Department of Systems and Computer Engineering

  15. Evaluation of Combining PO1 and PO2 • When using the BSS and BES algorithm we observe that the mean total times are nearly identical. • When the BFS algorithm is used, the mean total time is higher, especially for medium and high values of x. Department of Systems and Computer Engineering

More Related