Modeling and performance evaluation of computer systems security operation
D. Guster, N. K. Krivulin
TL;DR
This work addresses evaluating the performance of computer security operations under ongoing attack activity using a fork-join queueing network model. It defines a concise performance metric $R=\overline{T}_{S}/\overline{T}_{A}$, where $\overline{T}_{A}$ is the attack-cycle time and $\overline{T}_{S}$ is the recovery-cycle time, with $\overline{T}_{A}=E[\tau_{11}]$ and $\overline{T}_{S}=\max\{E[\tau_{21}],\ldots,E[\tau_{61}]\}$; the network cycle time is $\gamma=\lim_{k\to\infty}\|x(k)\|^{1/k}=\max\{E[\tau_{11}],\ldots,E[\tau_{n1}]\}$. A key finding is that, in the large-attack regime, system performance is governed by the longest procedure, informing prioritization and enabling parallelization or rescheduling to reduce the dominant time component. The framework provides a practical tool for monitoring and optimizing security operations and can be extended to other security processes with precedence constraints.
Abstract
A model of computer system security operation is developed based on the fork-join queueing network formalism. We introduce a security operation performance measure, and show how it may be used to performance evaluation of actual systems.