Runtime Security Adaptation Using Adaptive SSL

[aruljothi]

Self-adaptive security offers great potential in providing timely and fine grained security control. In this paper we experimentally investigate the effects of a security adaptation in various client-server scenarios. We do this using SSL/TLS and show how client load patterns determine the overall performance effect of a security adaptation. We also demonstrate the viability of such a system using Adaptive SSL. Experiments and analysis show that client arrival rate is not sufficient for making an adaptation decision. The average requested file size and the client session duration play key roles in the performance effect of such an adaptation. Adaptation with file sizes larger than 8192 bytes and small session durations result in greater performance impact when the server is under heavy load.