Monitoring of a Modelled Real-Time System : with Data Diode Enabled Unidirectional Network

Abstract: Monitoring and logging is fundamental in systems. Today, these techniques are widely used to detect functionality issues as well as malicious event. This thesis compares and evaluates two techniques commonly used for this purpose: the Simple Network Management Protocol (SNMP) and the Syslog protocol. The protocols are evaluated with regard to their vulnerability to traffic pattern analysis, impact on network load and performance of the system, and the attack surface of the technique. Each protocol’s applicability is investigated on a modelled system, containing a data diode, using experiments and analysis of their individual features. We observe only small differences in traffic load and performance of the two techniques. The findings suggest that each of the two techniques can successfully be applied on the modelled system, and the decision on which technique should be used at each instance can therefore be left to the customer of each specific system implementation instance.