Model-Based Load Testing for Performance and Security. Cornel Barna, Mark Shtern, Michael Smit, Marin Litoiu

Size: px

Start display at page:

Download "Model-Based Load Testing for Performance and Security. Cornel Barna, Mark Shtern, Michael Smit, Marin Litoiu"

Kory Wilkins
6 years ago
Views:

1 for Performance and Security Cornel Barna Mark Shtern Michael Smit Marin Litoiu Computer Science and Engineering York University April 17, 212

2 Performance Testing The Performance Stress Space The Framework Results Search Complexity DoS Attack Mitigation DoS Attacks Adaptive DoS Mitigation Experiments Results

3 Performance Testing The Performance Stress Space The Framework Results Search Complexity DoS Attack Mitigation DoS Attacks Adaptive DoS Mitigation Experiments Results

4 Introduction Load Balancer Users Web Servers Database Servers

5 The Performance Stress Space U 1,2 C Consider a system with two hardware resources, two software resources and two classes of service. Hardware Constraints U h 1 = a Linear equations: U h K = C C D K,C U Kr,C, K K h D Kr,C Feasible space OABC B U h 2 = b O A U 1,1

6 The Performance Stress Space U 1,2 C E O Consider a system with two hardware resources, two software resources and two classes of service. Hardware Constraints U h 1 = a D U s 1 = c B U h 2 = b A U s 2 = d U 1,1 Linear equations: U h K = C C D K,C U Kr,C, K K h D Kr,C Feasible space OABC Hardware and Software Constraints Non-linear equations: U s K = R s K,C D Kr,C C C Feasible space OABDE U Kr,C, K K s

7 The Framework Stress goals Autonomic Test Controller Test Cases Component/System under test Performance Model Kalman Filter Monitor and Estimator Model loop Work Generator loop

8 The Framework Stress goals Autonomic Test Controller Test Cases Component/System under test Performance Model Kalman Filter Monitor and Estimator Model loop Work Generator loop

9 The Framework Stress goals Autonomic Test Controller Test Cases Component/System under test Performance Model Kalman Filter Monitor and Estimator Model loop Work Generator loop

10 The Framework Stress goals Autonomic Test Controller Test Cases Component/System under test Performance Model Kalman Filter Monitor and Estimator Model loop Work Generator loop

11 Results (response time goal) Response (browse) Users in scenario browse Users in scenario buy 1

12 Results (response time goal) Response (browse) Users in scenario browse Users in scenario buy 1

13 Results (response time goal) Response (browse) Users in scenario browse Users in scenario buy 1

14 Results (response time goal) Response (browse) Users in scenario browse Users in scenario buy 1

15 Complexity Exhaustive search: 6 classes of service at most 2 users With our framework: 6 classes of service no limit for users } workload mixes } 119 workload mixes

16 Performance Testing The Performance Stress Space The Framework Results Search Complexity DoS Attack Mitigation DoS Attacks Adaptive DoS Mitigation Experiments Results

17 DoS Attacks Flood the target server with requests in an attemt to saturate the bottlenecks; DDoS attacks: the requests can come from multiple machines; Challenging to defend against them; Methods of mitigation: firewalls and intrusion detection systems.

18 Adaptive DoS Mitigation Performance Monitoring Data (feedback) Incoming traffic Outgoing Reverse Proxy Decision Engine Regular traffic Web Application traffic Dynamic Firewall Filtered traffic Challenge Response Analyzer Regular traffic

19 Decision Engine Use OPERA model to analyze the performance metrics; Constantly synchronize the model with the real system; When system is overloaded: Identify the scenario(s) that should be filtered; Create filtering rules; When system is functioning normally: Identify the scenario(s) that should be unfiltered (if any); Remove filtering rules;

20 Model-based Protection Performance goals Incoming requests Decision Controller Request Filter Rules System under protection Performance Model Kalman Filter Monitor and Estimator Decision Engine loop Protection loop

21 Deployment Topology... Users Load Balancer... Web Servers Database Server Hacker Dynamic Firewall Web Application with 6 scenarios: marketing, product selection, buy, pay, inventory, auto bundles.

22 Req./s Results without a model Milliseconds Req./s Milliseconds Req./s Milliseconds Req./s Milliseconds Req./s Milliseconds Req./s Milliseconds CPU Utilization (%) DB Web

23 Req./s Results with OPERA Milliseconds Req./s Milliseconds Req./s Milliseconds Req./s Milliseconds Req./s Milliseconds Req./s Milliseconds CPU Utilization (%) DB Web

24 References OPERA (Optimization, Performance Evaluation and Resource Allocator), February, 212. C. Barna, M. Litoiu, and H. Ghanbari, Model-Based Performance Testing, NIER Track of ICSE 211, May 211. C. Barna, M. Litoiu, and H. Ghanbari, Autonomic Load Testing Framework, in Proceedings of the 8 th ACM International Conference on Autonomic Computing. ACM, 211, pp C. Barna, M. Shtern, M. Smit, V. Tzerpos, and M. Litoiu, Model-Based Adaptive DoS Attack Mitigation, in Proceedings of the 7 th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, ser. SEAMS 212. ACM, 212.

A Model-based Application Autonomic Manager with Fine Granular Bandwidth Control

A Model-based Application Autonomic Manager with Fine Granular Bandwidth Control Nasim Beigi-Mohammadi, Mark Shtern, and Marin Litoiu Department of Computer Science, York University, Canada Email: {nbm,