Presentation is loading. Please wait.

Presentation is loading. Please wait.

Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems.

Published byMorgan Herron Modified over 10 years ago

Similar presentations

Presentation on theme: "Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems."— Presentation transcript:

1 Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems and Computer Engineering,Cistech Limited, Carleton University,Ottawa, Canada Ottawa, Canada

2 Presentation Outline  Motivation and Proposed Solution  Additional Performance Optimizations –PO1: Multiple Channels –PO2: Batching  Performance Evaluation  Conclusions and Future Work 2 Department of Systems and Computer Engineering

3 Motivation  In a distributed environment, exchanging documents containing sensitive information is common.  The state of the art: Transmit the entire document over a secure channel.  Problem: Can result in long document transmission times due to CPU-intensive operations (e.g. encryption/decryption) used by security protocols.  However, some documents can contain both sensitive and non-sensitive components –E.g., Document containing a patient’s medical history –Secure components (that can identify the person) –Non-Secure components 3 Department of Systems and Computer Engineering

4 Proposed Solution Department of Systems and Computer Engineering 4  A performance enhancement technique called Security Sieve, is proposed.  Security sieve uses selective security which is based on two performance optimization principles: –Processing vs. Frequency principle –Centering principle

5 MS Word Macro Department of Systems and Computer Engineering 5 1 2 3

6 Additional Performance Optimizations  Along with basic security sieve, two other performance optimizations (POs) are introduced:  PO1: Adds multiple channels to achieve concurrent data transmission –Based on parallel processing principle  PO2: Batches multiple document transfer requests that have the same destination –Based on batching principle 6 Department of Systems and Computer Engineering

7 Split/Combine Algorithms 7 Department of Systems and Computer Engineering  Even Split/Combine (ES) –Evenly divides data among the channels  Segment Split/Combine (SS) –Distributes entire text segments

8 Combining PO1 and PO2  Combining PO1 and PO2, requires dividing the batch data lists (containing data for multiple files) into multiple sub-batch data lists.  Batch File Split/Combine (BFS)  Batch Even Split/Combine (BES)  Batch Segment Split/Combine (BSS) Department of Systems and Computer Engineering 8

9 Performance Analysis of Security Sieve: Sample Results  Performance Metric: Total Time: –Data transfer Time (Response Time) –Sieving and integration Times  Effect of P –Proportion of data corresponding to the secure components  When P is less than approximately 95% the security sieve system starts outperforming the secure-only system. 9 Department of Systems and Computer Engineering

10 Evaluation of PO1: Multiple Channels  For the 1MB file, the mean total time increases, as the number of channels increases.  For the 10MB file, the lowest total time is achieved when using two channels. 10

11 Comparison of ES and SS Algorithm  The ES algorithm starts to outperform the SS algorithm when proportion of non- secure data is less than 40%  For all other values, the SS- based system has slightly lower response times because the split/combine times are lower. Department of Systems and Computer Engineering 11

12 Evaluation of PO2: Batching  PO2 is evaluated when a stream of file transfer requests arrives (following a Poisson process).  At higher λ, batching becomes more effective.  At low λ, system without batching displays higher performance. Department of Systems and Computer Engineering 12

13 Conclusions  Security sieve, a performance enhancement technique for improving the performance of transferring documents containing both sensitive and non-sensitive components  Performance measurements made on the prototype demonstrates the effectiveness of the security sieve technique.  Evaluation of PO1: Using multiple channels is effective in reducing response times but only when enough data is transferred  Evaluation of PO2: Batching is most effective at higher arrival rates. 13 Department of Systems and Computer Engineering

14 Future Work  Development of a tool that searches a document and automatically marks the confidential data warrant further investigation.  Such a technique can be based on a user provided list of keywords and/or phrases that are associated with confidential information. 14 Department of Systems and Computer Engineering

15 Evaluation of Combining PO1 and PO2  When using the BSS and BES algorithm we observe that the mean total times are nearly identical.  When the BFS algorithm is used, the mean total time is higher, especially for medium and high values of x. Department of Systems and Computer Engineering 15

16 Security Sieve Algorithms  Sieve Algorithm 16 Department of Systems and Computer Engineering

17 Security Sieve Algorithms Cont’d  Integration Algorithm 17 Department of Systems and Computer Engineering

18 Performance Evaluation  Evaluation of Security Sieve Technique –Effect of changing proportion of classified information, P –Effect of changing the file size, x  Evaluation of PO1 –Single channel vs. Multiple channels –Comparison of ES and SS  Evaluation of PO2 –Batching multiple file transfer requests vs. sending files one at a time  Evaluation of Combining PO1 and PO2 –Comparison of BES, BSS, and BFS 18 Department of Systems and Computer Engineering

Download ppt "Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
EE:450 – Computer Networks

EE:450 – Computer Networks
Adders Used to perform addition, subtraction, multiplication, and division (sometimes) Half-adder adds rightmost (least significant) bit Full-adder.

Adders Used to perform addition, subtraction, multiplication, and division (sometimes) Half-adder adds rightmost (least significant) bit Full-adder.
Institute for Cyber Security

Institute for Cyber Security
Dynamic Power Redistribution in Failure-Prone CMPs Paula Petrica, Jonathan A. Winter * and David H. Albonesi Cornell University *Google, Inc.

Dynamic Power Redistribution in Failure-Prone CMPs Paula Petrica, Jonathan A. Winter * and David H. Albonesi Cornell University *Google, Inc.
Cognitive Radio Communications and Networks: Principles and Practice By A. M. Wyglinski, M. Nekovee, Y. T. Hou (Elsevier, December 2009) 1 Chapter 12 Cross-Layer.

Cognitive Radio Communications and Networks: Principles and Practice By A. M. Wyglinski, M. Nekovee, Y. T. Hou (Elsevier, December 2009) 1 Chapter 12 Cross-Layer.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.

1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
Reconsidering Reliable Transport Protocol in Heterogeneous Wireless Networks Wang Yang Tsinghua University 1.

Reconsidering Reliable Transport Protocol in Heterogeneous Wireless Networks Wang Yang Tsinghua University 1.
eClassifier: Tool for Taxonomies

eClassifier: Tool for Taxonomies
1 Probability and the Web Ken Baclawski Northeastern University VIStology, Inc.

1 Probability and the Web Ken Baclawski Northeastern University VIStology, Inc.
1 RXQ. 10.4.2 Customer Drop Submitted by Supplier Process Flow Diagram Customer Supplier Distribution Company Supplier sends Drop Request to Distribution.

1 RXQ Customer Drop Submitted by Supplier Process Flow Diagram Customer Supplier Distribution Company Supplier sends Drop Request to Distribution.
REQ.24.4.2 Drop from Demand Response Programs Process Flow Retail Customer Demand Response Service Provider (DRSP) Distribution Company 1 Drop Request.

REQ Drop from Demand Response Programs Process Flow Retail Customer Demand Response Service Provider (DRSP) Distribution Company 1 Drop Request.
Energy-Efficient Distributed Algorithms for Ad hoc Wireless Networks Gopal Pandurangan Department of Computer Science Purdue University.

Energy-Efficient Distributed Algorithms for Ad hoc Wireless Networks Gopal Pandurangan Department of Computer Science Purdue University.
15.082 and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem 1 24 35 10, $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $7 25 0 0 0-25.

and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $
1 The Case for Heterogeneous Wireless MACs Chun-cheng Chen Haiyun Luo Dept. of Computer Science, UIUC.

1 The Case for Heterogeneous Wireless MACs Chun-cheng Chen Haiyun Luo Dept. of Computer Science, UIUC.
Designing Services for Grid-based Knowledge Discovery A. Congiusta, A. Pugliese, Domenico Talia, P. Trunfio DEIS University of Calabria ITALY

Designing Services for Grid-based Knowledge Discovery A. Congiusta, A. Pugliese, Domenico Talia, P. Trunfio DEIS University of Calabria ITALY
0 - 0.

0 - 0.
ALGEBRAIC EXPRESSIONS

ALGEBRAIC EXPRESSIONS
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)

MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)

Similar presentations

Ads by Google