Three types of activities may run on computer and network systems at the same time: services, security mechanisms, and attacks. Computer and network systems should sustain legitimate cyber services even under attacks. In this study, system impacts of services, security mechanisms and attacks are investigated and used to develop strategies for system survivability. Experiments are conducted to collect system dynamics data under two services of voice communication and motion detection, two security mechanisms of data encryption and intrusion detection, and five cyber attacks. Statistical analyses are performed on the experimental data to identify system-wide impacts of services, security mechanisms and attacks on system activities, state and performance. The analytical results reveal the system impact characteristics of these services, security mechanisms, and attacks on IO and file operations and bytes, page and cache faults, memory usage, CPU usage, and network traffic. The competition for system resources by all the activities in the system manifests themselves predominantly in their competition for limited CPU time. This competition for limited CPU time can be used as a strategy to ensure system survivability by increasing the activity level of legitimate services to leave less CPU time for attacks and thus suppress the level and system impacts of attacks while sustaining CPU time for legitimate services.
N. Ye et al. / System impact characteristics of cyber services, security mechanisms, and attacks with implicationswe are looking into ways of making tradeoffs within limits of given system resources based on impacts of services, security mechanisms and attacks on system activities, resource state, and process performance. Services, security mechanisms and attacks drive system activities which change the state of system resources. Changes in the state of system resources affect the performance of processes, including service and security processes, and thus affect quality of service (QoS) and quality of protection (QoP) or quality of information assurance (QoIA). Hence, we investigate system impacts of services, security mechanisms and attacks by examining cause-effect chains of system activities, resource state and process performance [1,8-10] driven by services, security mechanisms, attacks, and their parameters. We also explore the implications of those system impacts to develop strategies for system survivability.System impacts of services, security mechanism and attacks in the form of activity-state-performance chains are not well understood at the system scale, especially under services, security mechanisms and attacks simultaneously. Such cause-effect chains are not readily available from the design of system and application software which provides mostly algorithm-based operational models. There are studies on resource and performance impacts, e.g., those on disk load variation and file transfer time [11], resource usage models in a computational grid environment [12], CPU load parameters and utilizatio...
