Optimizing security and quality of service in a real-time operating system using multi-objective Bat algorithm

Abstract

The rise of digitization in Industrial Control Systems (ICSs) using Commercial Off-The-Shelf software has stimulated the use of existing IT security solutions. This trend involves serious risks, due to the unsuitability of most existing IT security solutions to ICSs environments. The aim of this study is to prevent Intrusion Detection and Prevention Systems’ (IDPSs) behaviors from degrading the QoS of data transfers between time sensitive subsystems of ICSs. Facilities such as Nuclear Power Plants (NPPs) often have systems using Real Time Operating Systems (RTOS), which have to be response-time deterministic. A module is designed based on the utilization law, queuing theory, and a heuristic algorithm in order to evaluate and propose the optimal security policy and configuration for each role representing a machine. The crux of this approach is that the module integrated with the IDPS, solve an optimization problem using the Bat algorithm to generate a Pareto set of optimal solutions and propose the best one that will guarantee the security required for a role, while maintaining QoS (i.e. response time inferior to the Worst Case Execution Time (WCET)). MATLAB is used to simulate the proposed method. The results show that the IDPS efficiently selects the best security policies for all active roles and minimize the chances of WCET violations, thus, avoid any undesirable effects. As shown in the simulation scenarios, the module was able to propose a policy which represents an optimal solution where the security strength value is 0.68942 and the response time is 0.219015 s. Moreover, in the second scenario, even though the first run did not find any optimal solution, the improvement introduced using the urgency flag, solve the problem and propose a security policy for the role under evaluation. Therefore, the approach guarantees the maximum security possible without violating the WCET of roles. The study sheds light on the deficiencies and weaknesses of security systems in some demanding environments. Security policies might be a hindrance to these types of security systems when stringent constraints (e.g. real time response) are imposed. Consequently, the proposed method mitigating the issue would be a major contribution to the Information Communication Technology security field, if integrated with IDPSs designed to protect time sensitive ICSs using ROTSs. Moreover, it provides a much-needed approach to help guarantee real-time, deterministic performance, and security requirements needed by time sensitive systems.