A Scalability Analysis of an Architecture for Countering Network-Centric Insider Threats

Sibai, Faisal; Menasce ́, Daniel

Home // International Journal On Advances in Security, volume 5, numbers 1 and 2, 2012 // View article

A Scalability Analysis of an Architecture for Countering Network-Centric Insider Threats

Authors:
Faisal Sibai
Daniel Menasce ́

Keywords: insider threat, scalability, network security.

Abstract:
Dealing with the insider threat in networked en- vironments poses many challenges. Privileged users have great power over the systems they own in organizations. To mitigate the potential threat posed by insiders, we introduced in previous work a preliminary architecture for the Autonomic Violation Prevention System (AVPS), which is designed to self-protect applications from disgruntled privileged users via the network. We also provided insight on an architecture extension and how well the AVPS can scale. This paper extends the scalability model of our previous work and presents additional results. We conducted a series of experiments to assess the performance of the AVPS system on three different application environments: File Transfer Protocol (FTP), database, and Web servers. Our experimental results indicate that the AVPS introduces a very low overhead despite the fact that it is deployed in-line. We also developed an analytic queuing model to analyze the scalability of the AVPS framework as a function of the workload intensity. We show model results for a varying number of applications, users, and AVPS engines.

Pages: 16 to 27

Publication date: June 30, 2012

Published in: journal

ISSN: 1942-2636