A Scalability Analysis of an Architecture for Countering Network-Centric Insider Threats

Abstract

Dealing with the insider threat in networked environments poses many challenges. Privileged users have great power over the systems they own in organizations. To mitigate the potential threat posed by insiders, we introduced in previous work a preliminary architecture for the Autonomic Violation Prevention System (AVPS), which is designed to self-protect applications from disgruntled privileged users via the network. We also provided insight on an architecture extension and how well the AVPS can scale. This paper extends the scalability model of our previous work and presents additional results. We conducted a series of experiments to assess the performance of the AVPS system on three different application environments: File Transfer Protocol (FTP), database, and Web servers. Our experimental results indicate that the AVPS introduces a very low overhead despite the fact that it is deployed in-line. We also developed an analytic queuing model to analyze the scalability of the AVPS framework as a function of the workload intensity. We show model results for a varying number of applications, users, and AVPS engines. Keywordsinsider threat, scalability, network security.

20 Figures and Tables

Cite this paper

@inproceedings{Sibai2012ASA, title={A Scalability Analysis of an Architecture for Countering Network-Centric Insider Threats}, author={Faisal M. Sibai and Daniel A. Menasc{\'e}}, year={2012} }