Skip to main content
SpringerLink
Log in

Quantitative Risk Analysis for Data Storage Systems

  • Conference paper
Computer Networks (CN 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 370))

Included in the following conference series:

  • 1556 Accesses

Abstract

In IT systems quantitative risk analysis is a method for security risk assessment used as a part of risk management process which in turn is a part of security policy. The main advantage of the method (in comparison to other techniques) is its accuracy – a better start point for security policy definition. Obviously the accuracy is directly related to input data dependability. The basic problem of the method is related to acquisition of input data necessary to perform the analysis. Data should be complete and reliable. The main purpose of the paper is to define comprehensive set of data necessary for the quantitative risk analysis for data storage systems (including magnetic disks and solid state disks) and to discuss trustworthiness of the data. Such comprehensive set of data should include data related to storage technology, features of storage processes (e.g. compression, deduplication), security events probabilities. Some of the parameters are dynamic, they change in time, they are related to environmental conditions. Different sources, different means of data acquisition are presented together with discussion on trustworthiness and dependability of the acquired data in the second part of the paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ISO/IEC 27005 Information technology – Security techniques – Information security risk management. ISO/IEC (2011)

    Google Scholar 

  2. ISO/IEC 17799 Information Technology – Code of practice for information security management. ISO/IEC (2005)

    Google Scholar 

  3. NIST Special Publication 800-30 (2011) – Guide for Conducting Risk Assessments. NIST (2011)

    Google Scholar 

  4. Cottrell, L., Matthews, W., Logg, C.: Tutorial on Internet Monitoring and PingER at SLAC. SLAC (2007), http://www.slac.stanford.edu/comp/net/wanmon/tutorial.html

  5. Yaakobi, E., Grupp, L., Siegel, P.H., Swanson, S., Wolf, J.K.: Characterization and Error-Correcting Codes for TLC Flash Memories. In: International Conference on Computing, Networking & Communications, Maui Hawaii (February 2012), http://cseweb.ucsd.edu/users/swanson/papers/ICNC2012TLC.pdf

  6. Blu-ray Disc Format A Physical Format Specifications for BD-RE, 3rd edn. Blu-ray Disc Association (October 2010), http://www.blu-raydisc.com/Assets/Downloadablefile/BD-RE-physical-format-specifications-18325.pdf

  7. Huang, J., Lo, F.: Effect of reducing track pitch in DVD-ROM. IEEE Transactions on Magnetics 41(2), 1073–1075 (2005)

    Article  Google Scholar 

  8. Cannon, D.: Data Deduplication and Tivoli Storage Manager. IBM Corporation 2009 (2009), http://www.ibm.com/developerworks/wikis/download/attachments/106987789/TSMDataDeduplication.pdf?version=1

  9. Mathis, F.H.: A Generalized Birthday Problem. SIAM Review 33(2), 265–270 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  10. Nakajima, J., Matsui, M.: Performance Analysis and Parallel Implementation of Dedicated Hash Functions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 165–180. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Bilski, T.: Storage media security. In: NATO Regional Conference on Military Communications and Information Systems 2001. Partnership for CIS Interoperability, Wojskowy Instytut Lacznosci, Zegrze (October 2001)

    Google Scholar 

  12. Schroeder, B., Gibson, G.: Disk failures in the real world: What does an MTTF of 1,000,000 hours mean to you? In: Proceedings of the Fifth Usenix Conference on File and Storage Technologies FAST (February 2007)

    Google Scholar 

  13. Sun, F., Zhang, S.: Does hard-disk drive failure rate enter steady-state after one year? In: Proceedings of the Annual Reliability and Maintainability Symposium. IEEE (January 2007)

    Google Scholar 

  14. Shah, S., Elerath, J.G.: Disk drive vintage and its effect on reliability. In: Proceedings of the Annual Reliability and Maintainability Symposium, pp. 163–167 (January 2004)

    Google Scholar 

  15. Elerath, J.G., Pecht, M.: Enhanced reliability modeling of RAID storage systems. In: 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Edinburgh, UK (June 2007)

    Google Scholar 

  16. Bilski, T.: QoS Predictability of Internet Services. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2010. CCIS, vol. 79, pp. 163–172. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  17. McCumber, J.: Assessing and Managing Security Risk in IT Systems. A Structured Methodology. Auerbach Publications (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Poznań University of Technology, Poland

    Tomasz Bilski

Authors
  1. Tomasz Bilski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Informatics, Silesian University of Technology, ul. Akademicka 16, 41-100, Gliwice, Poland

    Andrzej Kwiecień

  2. Institute of Informatics, Silesian University of Technology, ul. Akademicka 16, 44-100, Gliwice, Poland

    Piotr Gaj  & Piotr Stera  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bilski, T. (2013). Quantitative Risk Analysis for Data Storage Systems. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2013. Communications in Computer and Information Science, vol 370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38865-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38865-1_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38864-4

  • Online ISBN: 978-3-642-38865-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation