DOI: https://doi.org/10.15588/1607-3274-2019-1-13

MODELING THE SECURITY POLICY OF THE INFORMATION SYSTEM FOR CRITICAL USE

O. V. Bisikalo, V. V. Kovtun, M. S. Yukhimchuk

Abstract


Context. Compared to universal information systems, the information system for critical use has a simplified structure of the information environment and specific requirements regarding the volumes and nature of information resources. This fact allows us to refuse excessive detail and to narrow the simulation object to the process of forming a security policy for an information system for critical use, an adequate problem description of which is achievable under the condition of a rational choice of the mathematical apparatus.
Objective. Synthesis of mathematical apparatus for the complex unified description of static and dynamic, controlled by integrity and authenticity, processes in the information system for critical use in its hierarchical representation.
Method. In the article new complex mathematical models of processes of information processing and access separation to it are obtained, which, in contrast to the existing ones, describe in the framework of the mathematical apparatus of E-networks mechanisms for protecting the environment and resources of the information system for critical use and allow to quantify the integrity of its
information resources. The mathematical models of the synthesis of the policy of safe information processes interaction in the information system for critical use are developed, which allow guaranteeing the observance of local security policies on the various structural elements of the system and integrating them into the global security policy, observing a single discretionary policy everywhere in the system.
Results. The practical consequence of the obtained theoretical results is the methods of optimizing the operation of the data processing and the access separation units, which are responsible in the information system for critical use for controlling the information integrity and the authenticity of access to it, respectively. In particular, the model of security policy of a information system for critical use adapted for practical application, a method for dynamically information integrity controlling with a corresponding criterion based on the mathematical apparatus of semi-Markov networks for a comprehensive stochastic description of discrete states of the information integrity control at selected hierarchical levels of the system during the continuous discretionary access. The method allows us to select the maximum allowable values of information integrity control coefficients at the sub-levels of the OSI application level allocated in the information system for critical use based on the pre-set amount of the size of controlled information, the speed of information integrity control and the maximum period of the system is in the appropriate state. Also describes a method for controlling access to information processes that are described by superblocks on the E-network representation
of the ISCU using sets of classifiers integrated into each block of the superblock that capture the fact of exceeding the corresponding thresholds by weighted degrees of identity of the attributes of the object that wants to access, which allows us to classify the identified information threat and initiate the corresponding reaction described in the system security policy. The analysis of the
results of the experiments allowed to obtain optimal parameters of groups of classifiers, which, in the framework of global, local and discretionary security policies, prevent the unauthorized access to system information resources or attempts to violate their integrity.
Conclusions. The article presents for the first time the mathematical model of the information system of critical use, in which, unlike the existing ones, a single approach has been introduced to describe information processes within the global, discretionary and local security policies with an attachment to the hierarchical structure of the information system, which allows analysis and synthesis
of functions services supporting user roles based on the object-relational model of organization of information resources of the system, to perform their integration, induction and ensure compatibility within a single security policy, to control the information and the authenticity of static and dynamic access to it.


Keywords


information system for critical use; security policy; data processing unit; access separation unit; automated speaker recognition system for critical use.

References


Conceptual Modeling of Information Systems [Electronic

resource]. Access mode:

http://infocat.ucpel.tche.br/disc/mc/cmis.pdf

Peltier T. Information Security Policies, Procedures, and

Standards: Guidelines for Effective Information Security

Management. Auerbach Publications, CRC Press, 2001,

p.

ISO/IEC 27001 Information Security Management Standard

[Electronic resource]. Access mode: http://pqmonline.

com/assets/files/pubs/translations/std/iso-mek-27001-

(rus).pdf

ISO/IEC 2382:2015 Information technology Standard

[Electronic resource]. Access mode:

https://webstore.iec.ch/publication/22380

Alani M. Guide to OSI and TCP/IP Models. Springer

Publishing Company, 2014, 50 p. DOI: 10.1007/978-3-319-

-9

Discrete System Models [Electronic resource]. Access

mode:

http://laser.inf.ethz.ch/2004/papers/abrial/discrete_system_

models.pdf

Chen Y.-L., Feng Lin Modeling of discrete event systems

using finite state machines with parameters, Proc. of the

IEEE International Conference on Control

Applications. (Cat. No.00CH37162), 27–27 Sept. 2000 :

proceedings, USA, Anchorage, 2000, P. 941–946. DOI:

1109/CCA.2000.897591

Nikolaidou M. Dimosthenis Anagnostopoulos Exploring

Web-Based Information System Design: A Discrete-Stage

Methodology and the Corresponding Model, International

Conference on Advanced Information Systems Engineering

CAiSE 2003. Berlin, Springer, 2003, pp. 159–174. DOI

1007/3-540-45017-3_13

Mehler A., Kühnberger K.-U., Lobin H., Lüngen H.,

Storrer A., Witt A. Modeling, Learning, and Processing of

Text-Technological Data Structures. Berlin, Springer-

Verlag, 2012, XVI, 400 p. DOI 10.1007/978-3-642-22613-7

Balle B., Castro J., Gavaldà R. Learning probabilistic

automata: A study in state distinguishability, Theoretical

Computer Science, 2013, Vol. 473, pp. 46–60. DOI

1016/j.tcs.2012.10.009

Kim D., Solomon M. Fundamentals of Information System

Security, Third Edition. Jones & Bartlett Publishers, 2010,

p.

Analysis of Probabilistic Processes and Automata Theory

[Electronic resource]. Access mode:

http://homepages.inf.ed.ac.uk/kousha/etessami-probprocesses-

chapter-handbook-of-automata-theory-

DRAFT.pdf

Falley P. Categories of Data Structures, Journal of

Computing Sciences in Colleges, Papers of the Fourteenth

Annual CCSC Midwestern Conference and Papers of the

Sixteenth Annual CCSC Rocky Mountain Conference, 2007,

Vol. 23, Iss. 1, pp. 147–153.

Bisikalo O. V., Grischuk T. V., Kovtun V. V. Optimizatsiya

klasifikatora avtomatizovanoyi sistemi rozpiznavannya

movtsya kritichnogo zastosuvannya, Radio Electronics,

Computer Science, Control, 2018, No. 2, pp. 30–43. DOI

15588/1607-3274-2018-2-4

Bikov M. M., Gafurova A. D., Kovtun V. V. Doslidzhennya

komitetu neyromerezh u avtomatizovaniy sistemi

rozpiznavannya movtsiv kritichnogo zastosuvannya, Visnik

Hmelnitskogo natsionalnogo universitetu, seriya: Tehnichni

nauki. Hmelnitskiy, 2017, No. 2(247), pp. 144–150.

Grischuk T. V., Kovtun V. V. Kontseptsiya vprovadzhennya

avtomatizovanoyi sistemi rozpiznavannya movtsya u protses

avtentifIkatsiyi dlya dostupu do kritichnoyi sistemi, Visnik

vinnitskogo politehnichnogo institutu, 2018, No. 6, pp. 98–


GOST Style Citations


1. Conceptual Modeling of Information Systems [Electronic
resource]. – Access mode:
http://infocat.ucpel.tche.br/disc/mc/cmis.pdf
2. Peltier T. Information Security Policies, Procedures, and
Standards: Guidelines for Effective Information Security
Management / Thomas R. Peltier. Auerbach Publications:
CRC Press, 2001. – 312 p.
3. ISO/IEC 27001 Information Security Management Standard
[Electronic resource]. – Access mode: http://pqmonline.
com/assets/files/pubs/translations/std/iso-mek-27001-
2013(rus).pdf
4. ISO/IEC 2382:2015 Information technology Standard
[Electronic resource]. – Access mode:
https://webstore.iec.ch/publication/22380
5. Alani M. Guide to OSI and TCP/IP Models / Mohammed
M. Alani. – Springer Publishing Company, 2014. – 50 p.
DOI: 10.1007/978-3-319-05152-9
6. Discrete System Models [Electronic resource]. – Access
mode:
http://laser.inf.ethz.ch/2004/papers/abrial/discrete_system_
models.pdf
7. Chen Y.-L. Modeling of discrete event systems using finite
state machines with parameters / Yi-Liang Chen, Feng Lin //
Proc. of the 2000. IEEE International Conference on Control
Applications. (Cat. No.00CH37162), 27–27 Sept. 2000 :
proceedings. – USA, Anchorage, 2000. – P. 941–946. DOI:
10.1109/CCA.2000.897591
8. Nikolaidou M. Exploring Web-Based Information System
Design: A Discrete-Stage Methodology and the
Corresponding Model / Mara Nikolaidou,
Dimosthenis Anagnostopoulos // International Conference
on Advanced Information Systems Engineering CAiSE
2003. – Berlin : Springer, 2003. – P. 159–174. DOI
10.1007/3-540-45017-3_13
9. Mehler A. Modeling, Learning, and Processing of Text-
Technological Data Structures / [A. Mehler, K.-U.
Kühnberger, H. Lobin et al.]. – Berlin : Springer-Verlag,
2012. – XVI, 400 p. DOI 10.1007/978-3-642-22613-7
10. Balle B. Learning probabilistic automata: A study in state
distinguishability / Borja Balle, Jorge Castro, Ricard
Gavaldà // Theoretical Computer Science. – 2013. –
Vol. 473. – P. 46–60. DOI 10.1016/j.tcs.2012.10.009
11. Kim D. Fundamentals of Information System Security,
Third Edition / David Kim, Michael Solomon. – Jones &
Bartlett Publishers, 2010. – 514 p.
12. Analysis of Probabilistic Processes and Automata Theory
[Electronic resource]. – Access mode:
http://homepages.inf.ed.ac.uk/kousha/etessami-probprocesses-
chapter-handbook-of-automata-theory-
DRAFT.pdf
13. Falley P. Categories of Data Structures / P. Falley // Journal
of Computing Sciences in Colleges, Papers of the
Fourteenth Annual CCSC Midwestern Conference and
Papers of the Sixteenth Annual CCSC Rocky Mountain
Conference. – 2007. – Vol. 23, Iss. 1. – P. 147–153.
14. Бісікало О. В. Оптимізація класифікатора
автоматизованої системи розпізнавання мовця
критичного застосування / О. В. Бісікало, Т. В. Грищук,
В. В. Ковтун // Радіоелектроніка, інформатика,
управління. – 2018. – № 2. – C. 30–43. DOI
10.15588/1607-3274-2018-2-4
15. Биков М. М. Дослідження комітету нейромереж у
автоматизованій системі розпізнавання мовців
критичного застосування / М. М. Биков, А. Д. Гафурова,
В. В. Ковтун // Вісник Хмельницького національного
університету, серія: Технічні науки, Хмельницький. –
2017. – №2 (247). – C. 144–150.
16. Грищук Т. В. Концепція впровадження автоматизованої
системи розпізнавання мовця у процес автентифікації
для доступу до критичної системи / Т. В. Грищук,
В. В. Ковтун // Вісник Вінницького політехнічного
інституту. – 2018. – № 6. – C. 98–110.







Copyright (c) 2019 O. V. Bisikalo, V. V. Kovtun, M. S. Yukhimchuk

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Address of the journal editorial office:
Editorial office of the journal «Radio Electronics, Computer Science, Control»,
Zaporizhzhya National Technical University, 
Zhukovskiy street, 64, Zaporizhzhya, 69063, Ukraine. 
Telephone: +38-061-769-82-96 – the Editing and Publishing Department.
E-mail: rvv@zntu.edu.ua

The reference to the journal is obligatory in the cases of complete or partial use of its materials.