Cost-Performance Optimization of SSL-Based Secure Distributed Infrastructures

Business-to-Business and Business-to-Customer transactions in Internet require secure communication, especially for web applications. The Secure Socket Layer (SSL) protocol is one of the most viable solutions to provide the required level of confidentiality, message integrity and endpoint authentication. The two main alternatives for providing SSL security are the end-to-end and the accelerated solutions, which enable different cost-performance tradeoffs, where performance is intended as the overall delay that the customer experiences to complete the transaction. The accelerated solution is enabled by special devices (SSL acceleration cards) placed in network nodes. In this paper, we propose an optimization algorithm, which designs the ICT infrastructure minimizing the total cost, given a target performance objective defined as the end-to-end delay for the completion of the distributed application tasks. We apply this method to evaluate the efficiency of SSL acceleration versus end-to-end SSL, in order to determine in what conditions SSL acceleration is convenient. Our algorithm performs joint optimization of computing and communication resources, whilst in literature hard-ware and network are typically optimized separately.