MODELING THE SECURITY POLICY OF THE INFORMATION SYSTEM FOR CRITICAL USE

Authors

  • O. V. Bisikalo Vinnitsa National Technical University, Vinnytsia, Ukraine, Ukraine
  • V. V. Kovtun Vinnitsa National Technical University, Vinnytsia, Ukraine, Ukraine
  • M. S. Yukhimchuk Vinnitsa National Technical University, Vinnytsia, Ukraine, Ukraine

DOI:

https://doi.org/10.15588/1607-3274-2019-1-13

Keywords:

information system for critical use, security policy, data processing unit, access separation unit, automated speaker recognition system for critical use.

Abstract

Context. Compared to universal information systems, the information system for critical use has a simplified structure of the information environment and specific requirements regarding the volumes and nature of information resources. This fact allows us to refuse excessive detail and to narrow the simulation object to the process of forming a security policy for an information system for critical use, an adequate problem description of which is achievable under the condition of a rational choice of the mathematical apparatus.
Objective. Synthesis of mathematical apparatus for the complex unified description of static and dynamic, controlled by integrity and authenticity, processes in the information system for critical use in its hierarchical representation.
Method. In the article new complex mathematical models of processes of information processing and access separation to it are obtained, which, in contrast to the existing ones, describe in the framework of the mathematical apparatus of E-networks mechanisms for protecting the environment and resources of the information system for critical use and allow to quantify the integrity of its
information resources. The mathematical models of the synthesis of the policy of safe information processes interaction in the information system for critical use are developed, which allow guaranteeing the observance of local security policies on the various structural elements of the system and integrating them into the global security policy, observing a single discretionary policy everywhere in the system.
Results. The practical consequence of the obtained theoretical results is the methods of optimizing the operation of the data processing and the access separation units, which are responsible in the information system for critical use for controlling the information integrity and the authenticity of access to it, respectively. In particular, the model of security policy of a information system for critical use adapted for practical application, a method for dynamically information integrity controlling with a corresponding criterion based on the mathematical apparatus of semi-Markov networks for a comprehensive stochastic description of discrete states of the information integrity control at selected hierarchical levels of the system during the continuous discretionary access. The method allows us to select the maximum allowable values of information integrity control coefficients at the sub-levels of the OSI application level allocated in the information system for critical use based on the pre-set amount of the size of controlled information, the speed of information integrity control and the maximum period of the system is in the appropriate state. Also describes a method for controlling access to information processes that are described by superblocks on the E-network representation
of the ISCU using sets of classifiers integrated into each block of the superblock that capture the fact of exceeding the corresponding thresholds by weighted degrees of identity of the attributes of the object that wants to access, which allows us to classify the identified information threat and initiate the corresponding reaction described in the system security policy. The analysis of the
results of the experiments allowed to obtain optimal parameters of groups of classifiers, which, in the framework of global, local and discretionary security policies, prevent the unauthorized access to system information resources or attempts to violate their integrity.
Conclusions. The article presents for the first time the mathematical model of the information system of critical use, in which, unlike the existing ones, a single approach has been introduced to describe information processes within the global, discretionary and local security policies with an attachment to the hierarchical structure of the information system, which allows analysis and synthesis
of functions services supporting user roles based on the object-relational model of organization of information resources of the system, to perform their integration, induction and ensure compatibility within a single security policy, to control the information and the authenticity of static and dynamic access to it.

References

Conceptual Modeling of Information Systems [Electronic

resource]. Access mode:

http://infocat.ucpel.tche.br/disc/mc/cmis.pdf

Peltier T. Information Security Policies, Procedures, and

Standards: Guidelines for Effective Information Security

Management. Auerbach Publications, CRC Press, 2001,

p.

ISO/IEC 27001 Information Security Management Standard

[Electronic resource]. Access mode: http://pqmonline.

com/assets/files/pubs/translations/std/iso-mek-27001-

(rus).pdf

ISO/IEC 2382:2015 Information technology Standard

[Electronic resource]. Access mode:

https://webstore.iec.ch/publication/22380

Alani M. Guide to OSI and TCP/IP Models. Springer

Publishing Company, 2014, 50 p. DOI: 10.1007/978-3-319-

-9

Discrete System Models [Electronic resource]. Access

mode:

http://laser.inf.ethz.ch/2004/papers/abrial/discrete_system_

models.pdf

Chen Y.-L., Feng Lin Modeling of discrete event systems

using finite state machines with parameters, Proc. of the

IEEE International Conference on Control

Applications. (Cat. No.00CH37162), 27–27 Sept. 2000 :

proceedings, USA, Anchorage, 2000, P. 941–946. DOI:

1109/CCA.2000.897591

Nikolaidou M. Dimosthenis Anagnostopoulos Exploring

Web-Based Information System Design: A Discrete-Stage

Methodology and the Corresponding Model, International

Conference on Advanced Information Systems Engineering

CAiSE 2003. Berlin, Springer, 2003, pp. 159–174. DOI

1007/3-540-45017-3_13

Mehler A., Kühnberger K.-U., Lobin H., Lüngen H.,

Storrer A., Witt A. Modeling, Learning, and Processing of

Text-Technological Data Structures. Berlin, Springer-

Verlag, 2012, XVI, 400 p. DOI 10.1007/978-3-642-22613-7

Balle B., Castro J., Gavaldà R. Learning probabilistic

automata: A study in state distinguishability, Theoretical

Computer Science, 2013, Vol. 473, pp. 46–60. DOI

1016/j.tcs.2012.10.009

Kim D., Solomon M. Fundamentals of Information System

Security, Third Edition. Jones & Bartlett Publishers, 2010,

p.

Analysis of Probabilistic Processes and Automata Theory

[Electronic resource]. Access mode:

http://homepages.inf.ed.ac.uk/kousha/etessami-probprocesses-

chapter-handbook-of-automata-theory-

DRAFT.pdf

Falley P. Categories of Data Structures, Journal of

Computing Sciences in Colleges, Papers of the Fourteenth

Annual CCSC Midwestern Conference and Papers of the

Sixteenth Annual CCSC Rocky Mountain Conference, 2007,

Vol. 23, Iss. 1, pp. 147–153.

Bisikalo O. V., Grischuk T. V., Kovtun V. V. Optimizatsiya

klasifikatora avtomatizovanoyi sistemi rozpiznavannya

movtsya kritichnogo zastosuvannya, Radio Electronics,

Computer Science, Control, 2018, No. 2, pp. 30–43. DOI

15588/1607-3274-2018-2-4

Bikov M. M., Gafurova A. D., Kovtun V. V. Doslidzhennya

komitetu neyromerezh u avtomatizovaniy sistemi

rozpiznavannya movtsiv kritichnogo zastosuvannya, Visnik

Hmelnitskogo natsionalnogo universitetu, seriya: Tehnichni

nauki. Hmelnitskiy, 2017, No. 2(247), pp. 144–150.

Grischuk T. V., Kovtun V. V. Kontseptsiya vprovadzhennya

avtomatizovanoyi sistemi rozpiznavannya movtsya u protses

avtentifIkatsiyi dlya dostupu do kritichnoyi sistemi, Visnik

vinnitskogo politehnichnogo institutu, 2018, No. 6, pp. 98–

Downloads

How to Cite

Bisikalo, O. V., Kovtun, V. V., & Yukhimchuk, M. S. (2019). MODELING THE SECURITY POLICY OF THE INFORMATION SYSTEM FOR CRITICAL USE. Radio Electronics, Computer Science, Control, (1). https://doi.org/10.15588/1607-3274-2019-1-13

Issue

No. 1 (2019): Radio Electronics, Computer Science, Control

Section

Progressive information technologies

License

Copyright (c) 2019 O. V. Bisikalo, V. V. Kovtun, M. S. Yukhimchuk

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Creative Commons Licensing Notifications in the Copyright Notices

The journal allows the authors to hold the copyright without restrictions and to retain publishing rights without restrictions.

The journal allows readers to read, download, copy, distribute, print, search, or link to the full texts of its articles.

The journal allows to reuse and remixing of its content, in accordance with a Creative Commons license СС BY -SA.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License CC BY-SA that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.