Abstract
Information assurance (IA) is a growing concern, since almost every aspect of our lives depends on distributed information systems and the frequency and sophistication of cyber attacks targeting these systems is on the rise. However, IA cannot be considered in isolation, as it also affects the Quality of Service (QoS); with limited resources, the security mechanisms employed for IA (e.g. firewalls, antivirus, encryption) usually adversely affect QoS levels delivered by a system. The system therefore needs to make tradeoffs between IA and QoS. These tradeoffs are complicated by the facts that users' relative preferences over QoS-IA change based on the situation, the preferences of different users conflict and tradeoff decisions made at one node in the distributed system typically affect other nodes as well. We address the problem of distributed computation of tradeoffs among various aspects of QoS and IA in a way that maximizes the satisfaction of all stakeholders. Specifically, we want the nodes in the system to make coordinated decisions as to what local actions to take to optimize QoS/IA levels delivered by the system. Our first contribution is formulating this problem as a distributed constraint optimization problem (DCOP). This entails quantifying various notions involved in tradeoffs to be able to compare options in the course of optimization, as well as encoding the effects of various decisions on the quantities we want to optimize. The DCOPs we obtain have cost functions where multiple local configurations result in the same cost. In addition, the corresponding factor graphs contain many cycles. To deal with these issues, our second contribution is a value propagation (VP) algorithm that helps nodes reach a consistent set of decisions even in cyclic factor graphs with non-unique local optima. We present experimental results comparing the performance of the max-sum algorithm with and without VP against other algorithms when applied to domain-inspired and random instances. On the domain-inspired instances, max-sum with VP achieves near optimal solutions at a fraction of time taken by Distributed Pseudotree Optimization Procedure, with the reduction in solution cost due to VP most pronounced in scenarios with resource contention. On random instances, VP obtains solutions with cost 1.7x of optimal, even when performed without a utility propagation algorithm first.