The impact on quality of service when using security-enabling filters to provide for the security of run-time extensible virtual environments

Abstract

The Naval Postgraduate School is developing NPSNET-V, a Run-Time Extensible Virtual Environment (RTEVE) framework. RTEVEs differ from traditional VEs in that applications within the environment can both discover and use new object types and behaviors at runtime. As the use of this technology has become more valuable to organizations, the need for adequate security has arisen, particularly for sensitive military and commercial applications. The level of security measures employed by these applications must be weighed against their impact on Quality of Service (QOS). To address RTEVE security issues, we developed a taxonomy identifying twenty-five information assurance (IA) areas within RTEVEs. We then designed and implemented a Security Management System for NPSNET-V (NSMS) that provided security through the use of three communications filters that provide for encryption, sequencing verification, and integrity. This design addressed four of the twenty-five areas identified in the taxonomy: component authentication; and communications confidentiality, integrity, and authentication. Analysis of the encryption, sequencing, and integrity filters indicates that their use introduces a negligible delay of 0.111 milliseconds for a 156 byte data packet, at the cost in packet size increase of 41 bytes; this indicates the technical feasibility of RTEVE data packet security at minimal cost to QOS.