The new opportunities that come with the Internet as a worldwide network bring
the new threats and risks
for private, institutional and corporate users. Therefore, it is important to
integrate the security mechanisms
into a network environment. Due to the significant increase in computers speed
and features of applications,
the people are not able any more to make quick and adequate decisions about
which security mechanisms
should be applied at the moment. In most cases they choose the strongest
security level available. Along
with the high security this approach brings additional costs and resources
consumption and drastically
reduces the performance of devices with limited resources. For such devices a
trade-off between
performance and security should be provided. Most of the time there are no
risks and threats to devices
since there are not under attacks, and the use of strong security wastes the
available resources.
A user of computer networks and electronic devices (e.g. PCs, smartphones,
PDAs) is faced with a wide
range of different security mechanisms. These mechanisms differ in terms costs,
complexity of used
cryptographic algorithms, types of licence, processing speed, and required
resources. The user has to make
a decision on which security mechanism to apply. This decision is often based
on user's preferences, device
capabilities and available resources.
While a broad range of security mechanisms has been developed to secure devices
and networks, too little
attention is given to actual process of making a decision about the required
security level with respect to the
set of predefined requirements.
The main goal of this thesis is the developing of a practical decision making
model for dynamic reasoning
about an adequate security level providing trade-off between security and
performance.
The thesis presents the methodology for security metrics identification,
selection and quantification. The
developed approach is not limited to a particular system or number of metrics.
The scheme can be used to
select and quantify security metrics for any decision making models and
different systems under
consideration.
This thesis analyses the range of decision making methods for their fitness to
fulfil the main goal of this
work. Three models are developed based on fuzzy reasoning, simple
multi-attribute rating technique
(SMART) and artificial neural networks (ANNs) for making decisions about an
adequate security level.
The models take into consideration the selected metrics (e.g. threat level,
location, content, resources), and
user's preferences and make a recommendation regarding security level. The
models differ in terms number
of security metrics used, user's intervention into decision making process, and
number of security levels.
Finally, the thesis presents the results of the experiment that has been
conducted to evaluate a performance
of the adaptive approach for selecting an adequate security level. The
motivation for this experiment is
based on the fact that decision making process requires additional
computations, which can lead to
increased resources consumption and can make the use of adaptive approach
impractical. The results show
that with right software design and implementation the computations related to
adaptive approach does not
decrease the performance of...