Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Relation between Performance and Security

 
Jeff Belisle
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Q from Whizlab simulator:

Relation between Performance & Security
A. None
B. High security results in high performance
C. High performance is pre-requisite for secure system
D. Security & Performance are inversely proportional
E. Low performance system can't be secure.

The correct answer according to them is D. The explanation takes Cryptography into account. Well, to me Security means "app level security" + "on the wire security"

So my choice is NONE. Unless we know whether we are talking about App level or on the wire how can we make a blanket statement that performance and security are inverse. By that token all the Role Based access control (RBAC) systems should also have very low performance because they offer high level of app security.

In my opinion this is one of the MANY MANY questions with SLOPPY quality in Whizlab.

Comments Please!!!
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would say B), that high security results in high performance.

Imagine, if nobody can access your program except for you, just how fast would it be. Imagine all those dual processors just to yourself.

I think the idea is that if you have a program that works fine, or the same program that works fine, but a credentials check must occur before the program is accessed, then there is a performance delay.

I actually very much dislike the relationship that is constantly drawn between security and performance. I've done alot of performance testing and improvements in my time, and never has the security infrastructure being the problem. People loading a terabyte database into each users session, or somebody re-inventing WebSphere connection pooling because their implementation will be 'better' on the other hand, causes more performance problems than a simple credentials check ever will.

Checking takes more time than not checking thouhg. You can't really argue with that.

-Cameron McKenzie
 
Jeff Belisle
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Kameron McKenzie:
I would say B), that high security results in high performance.

Imagine, if nobody can access your program except for you, just how fast would it be. Imagine all those dual processors just to yourself.



Here is my experience. I had this system which had a lot of rules and security etc. so If B was true that would mean I am getting High performance too. The application used to generate a PDF profit/loss report after complex calculations and using a combination of Oracle, MS SQL and hyperion multi-dimensional database. You guessed it right performance was a real pain even with only 1 user on the system.


I think the idea is that if you have a program that works fine, or the same program that works fine, but a credentials check must occur before the program is accessed, then there is a performance delay.

I actually very much dislike the relationship that is constantly drawn between security and performance. I've done alot of performance testing and improvements in my time, and never has the security infrastructure being the problem. People loading a terabyte database into each users session, or somebody re-inventing WebSphere connection pooling because their implementation will be 'better' on the other hand, causes more performance problems than a simple credentials check ever will.

Checking takes more time than not checking thouhg. You can't really argue with that.


Sure, I agree with your argument but this does not necessarily mean degraded performance. As you said, you have never seen security as a performance bottleneck.



-Cameron McKenzie

[ October 28, 2006: Message edited by: Jeff Belisle ]
 
Eddy Lee Sin Ti
Ranch Hand
Posts: 135
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my humble opinion, every security measures implemented does incurred certain performance impacts, usually negatively.

Encryption/Decryption takes more CPU cycles. SSL or TLS too.

Application level security like authentication using LDAP or ACL authorization makes our application execution slower than if we don't have all these security protections.

Even a standard login screen, would causes performance delay, in the sense of user get slower access to the functionality of the system.

What about obfuscation process that makes your source codes more secure? Alot of experiments and benchmarks signify that obfuscation makes the application runtime execution faster. Yes, runtime performance is increase, but the application build and deployment performance would be slower due to the extra process it takes (In this case, obfuscation).

So, I would agree that performance and security are inversely propotional generally.

Just my 2 cents. Cheers.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic