ASSESSMENT OF THE IMPACT OF INFORMATION SECURITY ON THE PERFORMANCE OF AUTOMATED CONTROL SYSTEMS FOR
SPECIAL PURPOSES
DOI 10.24411/2072-8735-2018-10326
Alexey A. Adarichev,
Federal State Fiscal Establishment "12 Central Scientific Research Institute" of the Ministry of Defence of the Russian Federation, Moscow, Russia, [email protected]
Keywords: infosecurity, performance of automated control systems, infosecurity tools, data recovery, simulation model of infosecurity system.
High demands are placed on automated control systems to ensure efficiency in current conditions. Particularly acute are the problems of operational efficiency in automated control systems for hazardous industries, in transport, and also in military control systems, i.e. in special purpose automated control systems (ACS SP). Innovative ACS SPs are basically a computer networks, as a rule, with dedicated servers for centralized data storage. Information protection tools (IPT) used as part of ACS SP is surely to affect the efficiency of solving functional problems in such computer networks. On the one hand, the functioning of the IST increases the total time of completing tasks in the automated control system by reducing the speed of the informationcomputing processes. Keeping data secure is one of the tasks to be solved in the constructing of automated control systems for special purposes (ACS SP). The functioning of infosecurity systems has a significant impact on the information's speed and computing processes in the ACS SP. The article deals with the concept of dual influence of infosecurity on the ACS SP performance under the influence of infosecurity's threats. The impact of infosecurity's researching proposed to use simulation on the ACS SP. The results of modeling have shown that in the conditions of intensive impact of is threats it is expedient to use specialized data recovery tools as part of information protection facilities complexes.
Для цитирования:
Адаричев А.А. Оценка влияния средств защиты информации на производительность автоматизированных систем управления специального назначения // T-Comm: Телекоммуникации и транспорт. 2019. Том 13. №11. С. 53-59.
For citation:
Adarichev A.A. (2019). Assessment of the impact of information security on the performance of automated control systems for special purposes. T-Comm, vol. 13, no.11, pр. 53-59.
High demands are placed on automated control systems to ensure efficiency in current conditions. Particularly acute are the problems of operational efficiency in automated control systems for hazardous industries, in transport, and also in military control systems, i.e. in special purpose automated control systems {ACS SP).
Ensuring the protection of the processed information is an integral part of the automation task with creation an automated control system. ACS SP confidentiality, integrity and accessibility should be ensured according with the principle of comprehensiveness of ACS SP inibsecurity [1|. The information security system (ISS) should include means of inibsecurity from unauthorized access, as well as from leakage through technical channels to ensure confidentiality. The ISS should include means of protecting information from accidental and deliberate destructive program-mathematical influences, as well as means of restoring information-computing processes and means of backing up information to ensure the integrity and accessibility of information. It should be noted that for most ACS SP processing the operational information, the priority direction of protection is precisely the integrity and accessibility of data, and the most likely is the impact of internal violators 111 J.
The destination of the ACS SP assumes their categorical critically to the time of information processing and the transfer of control actions. For ACS SP, as a rule, standard values are set for the duration of control cycles. Consequently, the tasks of ensuring the required probabilistic-temporal characteristics of the functioning of the ACS SP, the uninterrupted operation of the information-computing processes and the rapid restoration of information resources and the software environment of the ACS SP under the influence of an infosecurity violator are especially relevant.
Innovative ACS SPs are basically a computer networks, as a rule, with dedicated servers for centralized data storage. Information protection tools (IPT) used as part of ACS SP is surely to affect the efficiency of solving functional problems in such computer networks. On the one hand, the functioning of the 1ST increases the total time of completing tasks in the automated control system by reducing the speed of the information-computing processes. Firstly, it decrease is due to use of software for computer-aided protection working on automated workstations (AWS) and servers in parallel with application software which is a part of their computing resources (processor time, RAM and disk memory, LAN communication channels, etc.). Secondly, it is necessity for ACS SP users to perform additional actions when information processing tasks are performed on automation tools with installed and configured security tools (presenting access identifiers, entering passwords, changing sessions when processing information of various levels of confidentiality, performing data archiving tasks, etc.).
Thirdly, it is their own final performance of data protection devices that process information flows (firewalls, crypto routers, drive interface encoders, etc.), which can be a bottleneck in information processing. This factor need to be defined in the most general way in the guidelines for infosecurity. So software and hardware protections should not significantly degrade the main functional characteristics of the computer system (reliability, speed, ability to change the configuration of the system) in accordance with [2]. However, the attribute for this influencing materiality and the evaluating methods are currently missing in the regulatory and methodological documents.
On the other hand, using of IPT obvious reduces the probability of destructive information influences and also provides quick recovery with implementation of computer attacks, human errors, accidents and failures. Therefore, application 1ST helps to reduce the total execution time of tasks in ACS SP in terms of the impact of information threats.
Based on the foregoing, it can be argued about the dual influence of the applied means and methods of infoprotection on the ACS SP performance. Analysis of scientific articles in the field of information protection in automated systems have shown [12, 13, 14, 15] that the researching of this question is still being overlooked. However, these research findings indicate that the functioning of IPT can have quite a significant impact on the flow of the information-computing processes at ACS SP and therefore it should be considered when designing infosecurity system.
1 ^^^ selictmo
;¥) Authorization fen the operation *T) Authorization for the operation V) Author Jiatfon for the operation
■■ . Creation of an ;i ►.■\ .:i,\ ,:i v 0i Q
mftymalHHi rasuurca ~ informalron resource
Fig. 1. Algorithm for performing ACS SP user's tasks
Since the ACS SP occurs in conditions of exposure to real infosecurity threats when the in flue nee the complex IPT evaluates the ACS SP performance it is advisable to explore comprehensively "regular" and "emergency" modes of automation equipment's operation. This will allow assessing the time change of the ASC SP users' tasks which associated with the regular operation of protection mechanisms and elimination with IPT intruder activity effects.
The performance of the ASC SP to assess with the IPT which included in its "standard" mode structure, we consider the algorithm for performing user's tasks (Pig. I) and meaning the task as a set of interrelated information processing functions (usually implemented in a separate program) designed to process the set information resources (IR) according to certain rules.
The task execution begins with waking on hardware and starting operational system (Pos. 1,2), At this stage, trusted boot facilities is used. Further, the user selects the required operating modes depending on the task being performed: a system role, mandate level, and category, etc. The user is identificated and authenticated in the system with these input data (Pos. 3,4). The next step, is boot the work environment and required special software (Pos. 5). The launch of the special software is monitored by IPT. The immediate solution of the task presented in the operations sequence form with IR. All possible user actions can be reduced to three accessible options: the creation, destruction or modification of IR (Fig. 6-11). In each case, the performed actions are controlled by the IPT performing user authorization.
Serial execution of multiple tasks ean be performed within a single user session (switch Pos. 12 - Pos. 5) and with different sessions (switch Pos. 13 - Pos. 3). Tasks may experience blocking of AWS (console) during execution, for example, by timing out or due to attempts at unauthorized access.
The actions are not met in positions 1,2, 14 for AWS with operating in the continuous mode.
Consider the process when the user performs a task in the sequence form of events. It is schematically shown in Fig. 2.
/u \ Time
ç
request
User
answer.
complex of IPT
access manager
IPT database
audit subsystem
ASC SP
Informational resources
Fig. 3, Scheme of user access to information resources
The time course researching of processes in computing systems widely uses the theory of queuing systems [3, 4, 5], Indeed, the facilities of ASC SP can be considered as service devices that handle user requests. As applications perform a variety of commands and requests for access to information resources. Information protection tools intercept incoming requests, check their compliance with the defined security policy, and either approve them for further processing, or block it with returning error message to the user.
The periods duration of user actions is determined by many different factors: software technology, data access, type, and stage of task execution, skills and user experience etc. Therefore, the results of requests occur at random points in a time. Assuming that the degree of inlluencc of different factors docs not change in the task progress, then the flow of requests can be taken close to a simple stream [6, 7J. Such a stream is completely determined by the average intensity of applications receipt. If we assume the same type application, which is typical for simple tasks, the events number in the applications stream over lime has a Poisson distribution:
_ (i) ft!
issue ot application end of application processing
processing an application by information protection loots
Fig. 2. Timing diagram of the task execution by the user
The diagram (see Fig. 2) shows that the user's task performs is a process of alternating periods corresponding to actions that are not related to interaction with IPT (for example, analysis of output information or entering data in a screen form), and waits for a user response from IPT issued on request (a request to open the file, a request to write information to a database, etc.). The simplest case of a user accessing an IR through the complex IPT, consisting of access controls and audit tools, as shown in Fig. 3. Depend on impossibling to continue a user work without receiving a response from the IPT to their application, the total slowdown of the information-computing processes in the system as a result of the functioning of the complex IPT will be determined by the sum of the elementary delays of each application for access to IRs,
The value of the average intensity of applications receipt may be determined by calculation or experimentally. For example, the value \ ean be calculated according to the formula (2):
'tp
where N is the number of queries to the IR that must be performed during task execution; Tqp - average execution task time. We may determine the time required to complete the task using the formula (2), if the performed requests number is known and the user requests frequency to the IR.
Incoming applications are processed in accordance with the settings for IPT tasks, while the application process is done consistently by all involved IPT in accordance with implemented in the task by the information processing technology. So, for example, we use the following function remedies to read the record from the remote server database [8]:
mandatory access control to the table and record; discretionary access control the table and record; anti-virus control on the server, logging user action on the server, antivirus monitoring on client workstation; logging user action on the client workstation. It is obvious that the application will be granted only after the successful completion of all IPTs actions. Performing each of the functions IPT can be represented in a model of the queueing
system without any loss with one servicing device [4], in which arriving requests are processed in the order they are received and losses applications are prevented by buffer including (see Fig. 4).
tion specified in a table form. For example, the AnyLogic simulation environment contains ready-made components for creating required structure models.
service device
A|
• t *
buffer handler
Fig. 4. Model for the implementation of security functions by infbsccurity toot
Accordingly, the general functioning model of the complex IPT is a circuit which based on the principle of sequential processing, in which the subsequent maintenance input of the device is connected to the output of the previous one.
Such model can be studied simply and analytically in the case when distribution law of applications service time is known [3, 4]. The exponential distribution character of the applications processing time by IPTs is assumed in several papers. However, the experiments results indicate the incorrectness of this assumption in many cases. The distribution values of processing subsystems time discretionary, mandatory control and audit have complex views distributions in the national protected operating system AstraLinux SE 1.5 as follows from experimental data {Fig. 5) and their description is difficult in any one of the standard. In this case, a convenient way to study the functioning process of the complex IPT in ASC SP is simulation models using.
A simulation model of the access process to IR which use the task as carrying out the operations of reading information from the database is shown in Fig. 6. The initial data for the model are the technical characteristics of the IPTs, as well as the experimental measurements results of their performance indicators.
By measuring the time, it takes for applications to pass through the model, it is possible to evaluate the speed of the information flow and computing processes in the ASC SP.
If the user simultaneously performs various operations during the task execution, for example, reads and writes information to the database, generates and sends documents for printing, etc., then such actions should be modeled by several sources of applications and setting different routes for them processing.
Simulation is an effective method for studying the processes of information-computing systems functioning [9-12] and it allows you to work with the experimental time distribution func-
tmandatory control disabled
mandatory control enabled
event audit enabled
29 31 33 33 37
access time to file system objects, mks
Fig. 5. The distribution probability density of requests processing time to file system objects
With the help of simulation models, it is possible to conduct research on the restoration processes of information-computing processes. In this case, the flows of realized destructive informational influences and the delay times for the restoration are modeled by changing the model blocks states of the "resourcepool" type ("resource set") associated with the request processor blocks. In this case, it is possible to evaluate both state with decrease in the ASC SP performance due to the functioning of the IPT protective mechanisms, as well as the contribution of recovery tools for changing in the probability of performing control tasks in a given {standard) time.
The classification of the possible violations set of the information-computing processes in the ASC SP by the impending consequences was classified to improve the modeling accuracy the reconstruction processes of the information-computing processes. Since destructive impacts can be aimed at blocking information exchange in a ASC SP, the destruction of information resources and (or) software of a system, the following consequences classification of the threats implementation is proposed (Fig. 7).
application counflef
o
Siivti o pi .'I : ,:j eysl em audit
count_:i Mandat oiy Manager 0r server Obel anritt syst ein
queuel
defeiyl
(THS-s^IUpB—B-fTy-s-
©
Lambda_r>t
O Dstrfcutjorl taWeFunctionl
qut3je2 detsy2
Q Dstrbut]Ori2 t3bferuflCDOn2
DBMS discretionary manager
queue]. detey3
-SkTTTF^K-B-iT>-0 app*cJtBn count«
Q D5trfajt)Wl3
(J) M№Functon3
o
count_2
statist tes me
Fte5tatt
TOMS Jim«
queued dets/4
À Q DstrtJutorW (¿1 raWeFuncDon4
server antMrus
queues defeyS
jS.
O DÈtrtxjtiOnS (¿1 GtWeFuncBonS
CNentarilMIU*
queues deteyi
jL
O DStrtujtOnS Q- taWeFuncttJn6
Chem audit
queue7 detsy7
D
■sink
o D£trtnjtOrt7 ObteFij nctün7
Fig. 6. The simulation model of processing requests for reading information from ilie database
Consequences of the implementation of destructive Impacts
1 ~
Violation oí information and computing processes
Damage of Information resources
Violation of information exchange over the network
Disruption of network services
Software destruction
Single resource corruption
—User resources damage
Destruction of common
Domain resources damage
Destruction of special software
Fig. 7. Implementation consequences of the of destructive impacts
The destructive effects implementation of the offender is possible after receiving them some privileges in system. Suppose that the database server and network equipment is physically protected. Then, there are the following levels of authority for an internal intruder: unauthorized user having access to the workstation, the domain user, local administrator on a workstation, the administrator of the database server domain, the administrator of the network equipment. You must have privileges of user or local administrator for receiving the network administrator or the server.
During the implementation of destructive threats, in accordance with the principle of maximizing the damage the intruder will seek to realize the threats aimed at the destruction of availa-
ble information resources and the violation of informationcomputing processes in accordance with the acquired rights.
An unauthorized user can not realize the destructive impact (not considering the threats of vandalism) and seeks to obtain the rights for authorization. Acting on behalf of the legitimate user, the intruder can affect the information resources of the user. With the powers of the local administrative arm, the intruder can suppress the interaction network attacks like "denial of service", to destroy common software. Once in administrator of network equipment, the intruder can disrupt connectivity throughout the LAN segment. Having administrative privileges of the database server, the intruder can destroy all information in the database and destroy server software; and broke network communication in the LAN segment.
Figure 8 shows the fragment of simulation model describes the loop control of some automation for example, implementation of five tasks for three AWS in a network with a dedicated database server. Let ACS SP adopted the following priority tasks: 1—>2—* (3,4) —»5. The task 2 is in distributed mode on two AWSs (#1 and # 2), The management cycle is completed, when completed all tasks. The number of information sourccs corresponds to the number of tasks. The number of administrators in ACS SP - 1. We assume that the administrator at a time can recover only one resource.
_ louKrui«.uuin MJ
Q dtstrtnj ttXl 1
source!
Lambdajnt
BiQA
resourcePooll w ata of №f<M m.iiniii re*(M4K*£ of U»k*
o y&u
Larr>bda_]R_l 1
f workhg_l
Repar_IR_l
eras»®
"lit pfttfoorwl on AWS « 1 lofik »21« pcifottitod on AWS * 1
servicel „ senrtce2
raoefti-icm» % «tewtwon« „***
dtotxittons dstrtxiticwvt Fueran
© O
tJrtk S 3 te ¡»«fwirwd on AWS * 1 Usk f 5 is petloniwd on AWS f 1
servte4 serveeé U
combine spfcl combine 1 snk
k* ¿n perform«! on AWS * 2
service3
«Sth
resource PooW \atH a 4 is p*rfornted on AWS* 3
servceS
1-fï
I OuîOTOrdef_|
i-ÎÎ-I
1
dîne Ikigi
O RMJWWJ5L8t)Sr © FlAG.SEEVEK.DOWN O FlAG_NETWORK_DOWti
® T
j" wortdng_2
ER_2
lR_user_l
i
Blfen "ou
/r
OutüfOrder_¡
O 7
UmbdaJR_Jsef_l 1
wofWng_6
3R_ARM1
o
LambdaJR„3
ER_3
~~i ftepôir_R_user_l
CrastipR_usef_ 1 ^ I OutOFOnJer
° I
lambda.tfLAftMl j
KLSEBVER.
o 7
Umbua.SSRvett I ^ wwtai
T ï*Repsir_ARML T r (tetaiJERVER
CrasftMtMl [L CrasteEJWER ¿
OutOFOrder.li
T r
CfaslipR_3 tj.
C outoford«-^ rm.4
O f lfti.ijser_2
lambcia_IR_user_2 1
O t :
Umbda_lR_4 1
¡ workinfl_4 j
T )Rep»Jft4
Ciasfps_4 tj.
I %ÛE5rônSj
T~~ î ftepa«_iR_iJser_ï
I OutOFOrder_î
O
Lamtx!a_I«_ARM¡ J
I WDrtmg_lfJ~
O
Lämbia.NfT
O
LambdaJÍ^S
■ DL5
Q * IR_user_3
Umbda_TR_user_3 1
p=H5T~)
1 I Rtpa*_R_uset_3
Cras^tft_user_3 ¡^
(OMKMrJf
1 T Hep»_ARM2
CrasI^ARftï
■ ûutOfOrderJ
¿o
1 T flepar.NET
Ci^ttlijTKET
¡ outoF0ider_)3
O
t¿Mlbda_R_AÍM3
' wortBHj_ll i
1 i Repai.ARMî
CrasÍTARM} [L
i' outOFOr(»er_| 1
I *ortdng_5 I
1 (Ri
CraslÇw_S ij.
pBüwröSp
Fig. 8. A simulation model of a task in ASC SP under the threats influence (fragment)
The execution times for each task are determined by the table distribution obtained using the model described above. For example, we used tasks with a mathematical expectation of the execution duration given in Table I. The standard normal time (Tnorm) for the execution of the control cycle (Tcc) with a probability of 0,9 is set equal to 125 minutes.
Table 1
Task number 1 2 3 4 5
M(x), minutes 13,5 26,1 18,5 22,1 12,8
Failures and recoveries associated with the destructive actions of the intruder are modeled by blocks of the "resource set" type associated with blocks of the "state diagram7' type.
The relative frequency of threats from violators with different levels of authority, taking into account the statistical data on information security incidents in various ACSs, is adopted in accordance with table 2.
Table 2
Violator's authority level Relative frequency of manifestation
AWS user 10
AWS administrator 5
network equipment administrator 2
database server administrator 1
The recovery time of the information-computing processes depends on the applied methods and means of backup (archiving) so recreation of information resources. The traditional means of recovery include distribution media for common software, special software, backup copies of user working directories. We mean programs for creating "images" of disks, partitions (logical disks), incremental and differential data archiving by specialized recovery tools.
The initial data for modeling the reconstruction processes of the information-computing processes were obtained experimentally. The estimates results of the recovery time with traditional cases and specialized recovery means are shown in table 3.
Table 3
Damaged information Average recovery time, min
resource Specialized Without the use
recovery tools of recovery tools
Single document file, database 5,5 15,5
table entry
Director,', data set in user database 15 60
AWS software 26 133
Database on the server 34,5 310
Server software 30,5 540
Network switch software 22 22
The simulation results of the in format ion-computing processes in the ACS SP with various values of the occurrence intensity of information security incidents are shown in Figure 9.
Graphic dependence No. 1 corresponds to the distribution function of the execution tasks time during the ACS SP functioning in the absence of threats. Schedule No. 3 corresponds to the maximum permissible intensity of the threat realization, at which the required probability of the control cycle at the specified standard time is provided (the calculated intensities in accordance with Table 2 are 0.098; 0.049; 0.0196 and 0.0098 (hour-1),
respectively) Schedule No. 4 corresponds to the ACS SP functioning in conditions of simulating common types of attacks by a trained intruder using standard data recovery tools. Attack intensities were set based on [11, 16] and the results of field experiments. Schedule No, 2 corresponds to the functioning of ACS SP in the conditions of attacks when using specialized data recovery tools.
1
y/
/\ / V V
I04 •S OS y A
•8 1 1
/ /4
V ~\/
0,1 s
i-Si
№ 90 Tcc' oo no Time, ml IÎ0 Til orrrmo 140
Fig. 9. The results of simulation tasks modeling in the ACS SP under the intruder influence
The obtained results of simulation experiments show that, for the accepted initial data, under the influence of a trained intruder, achievement of the required efficiency values in the ACS SP (ensuring the fulfillment of the condition Tcc< Tmrm) when using only traditional recovery tools in the IPT complex is not provided. Thus, the use of specialized tools of information recovery as part of IPT complexes in the investigated ACS SP is necessary under the conditions of specified intensities of the impact of information security threats.
Conclusion
In the article, the features analysis of modern special purpose automated control system. The conclusion is drawn about the dual nature of the effect of the functioning of the complexes of information protection tools on the performance of the automated control system. To study the functioning processes of the automated control system taking into account the use of complexes of information protection tools, the use of simulation models is proposed. Based on the results of the simulation using a set of developed simulation models, quantitative estimates of the effect of various versions of the complexes of information protection tools on the performance of automated control systems under the influence of information threats are obtained.
The approach proposed in the article to assess the impact of infosecurity tools on the special-purpose automated control systems performance under the destructive information impacts conditions which based on the using simulation models, can be used to assess the compliance of current and planned automated control systems with the requirements and for a comparative assessment of alternative options for systems of protect information tools.
References
1. GO ST R 51624-2000. Information protection. Automated systems in a secure execution. General requirements.
2. Guidance document. The conccpt of information protection from unauthorized access. Stale technical Commission of Russia (1992).
3. Kleinrock L. (1979) Computing systems with queues. Moscow. 600 p,
4. Klein rock L. (1979) Theory of Queuing. Moscow.432 p.
5. Ferrari D. (1981) Performance Evaluation of computing systems. Moscow.
6. Kovalenko I.N., Filippova A. A. (1982) Probability Theory ami mathematical statistics: Studies, benefit. Moscow.256 p.
7. Veiitzel E.S., Ovcharov LA. (2003) Probability Theory and its engineering applications. Moscow. 464 p.
8. Special-purpose operating system "Astra Linux Special Edition" Manual for PFC. Part I. RUSB. 10015-01 9701-1.
9. Maksimey I.V. (1988) Imitating modeling on computers. 323 p.
10. Kelton, V., Lowe, A. (2004) Simulation modeling. Classic CS. 847 p.
11. Rosen ko. A, P. (2010) Internal threats to the security of confidential information: Methodology and theoretical research. 160 p.
12. Kliiliov, S.M. (2008) Methods and models of counteraction i computer attacks. 316 p.
13. Yazov, Yu.K. Fundamentals of the methodology ofquantitath evaluation of the effectiveness of information security in computer sy. terns. Rostov-on-don: Izd-vo sknts VSFi, 2006, 274 p.
14. Melnikov V,V. Information Security in automated system Moscow: Finance and statistics, 2003. 368 p.
15. Kiselev V.D., Esikov O.V., Kislitsyn A.S. Theoretical bases t optimization of information-computing process and structure of con plexes of information security in computer networks. Moscow: publisl ing house of Poligrafservis twenty-first century. 2003, 145 p,
16. Radko N. M. Skobelev I. O. Risk-models of information and te ecommunication systems in the implementation of threats of remote an direct access. Moscow: Radiosoft, 2011. 232 p.
ОЦЕНКА ВЛИЯНИЯ СРЕДСТВ ЗАЩИТЫ ИНФОРМАЦИИ НА ПРОИЗВОДИТЕЛЬНОСТЬ АВТОМАТИЗИРОВАННЫХ СИСТЕМ УПРАВЛЕНИЯ СПЕЦИАЛЬНОГО НАЗНАЧЕНИЯ
Адаричев Алексей Александрович, ФГКУ "12 Центральный научно-исследовательский институт" Минобороны России,
Москва, Россия, [email protected]
Аннотация
Одной из задач, решаемых при создании автоматизированных систем управления специального назначения (АСУ СН), является обеспечение защиты информации. Функционирование комплексов средств защиты информации оказывает существенное влияние на скорость протекания информационно-вычислительных процессов в АСУ СН. Раскрывается понятие двойственного влияния средств защиты информации на производительность АСУ СН в условиях воздействия угроз информационной безопасности. Для исследования влияния средств защиты информации на АСУ СН предложено использовать имитационное моделирование. Результаты моделирования показали, что в условиях интенсивного воздействия угроз ИБ целесообразным является применение в составе комплексов СрЗИ специализированных средств восстановления информации.
Ключевые слова: информационная безопасность, производительность автоматизированных систем управления, средства защиты информации, восстановление данных, имитационная модель системы защиты информации.
Литература
1. ГОСТ Р 51624-2000. Защита информации. Автоматизированные системы в защищенном исполнении. Общие требования.
2. Руководящий документ. Концепция защиты ЗИ от НСД. Гостехкомиссия России 1992 г.
3. Клейнрок Л. Вычислительные системы с очередями. Пер. с англ./Пер. под ред. Б.С. Цыбакова. М.: Мир, 1979. 600 с.
4. Клейнрок Л. Теория массового обслуживания. Пер. с англ./пер. И.И. Грушко; ред. В.И. Нейман. М.: Машиностроение, 1979. 432 с.
5. Феррари Д. Оценка производительности вычислительных систем. М. Мир, 1981.
6. Коваленко И.Н., Филиппова А.А. Теория вероятностей и математическая статистика: Учеб. пособие. 2-е изд., перераб. и доп. М.: Высш. школа, 1982. 256 с.
7. Вентцель Е.С., Овчаров Л.А. Теория вероятностей и ее инженерные приложения. Учеб. пособие для втузов. М.: Высшая школа, 2003. 464 с.
8. Операционная система специального назначения "Astra Linux Special Edition" Руководство по КСЗ. Часть 1. РУСБ.10015-01 9701-1.
9. Максимей И.В. Имитационное моделирование на ЭВМ. М.: Радио и связь, 1988. 323 с.
10. Кельтон В., Лоу А. Имитационное моделирование. Классика CS. 3-е изд. СПб.: Питер; Киев: Издательская группа BHV, 2004. 847 с.
11. Росенко А.П. Внутренние угрозы безопасности конфиденциальной информации: Методология и теоретическое исследование. М.: КРАСАНД, 2010. 160 с.
12. Климов, С.М. Методы и модели противодействия компьютерным атакам. Люберцы: КАТАЛИТ, 2008. 316 с.
13. Язов Ю.К. Основы методологии количественной оценки эффективности защиты информации в компьютерных системах. Ростов-на Дону: Изд-во СКНЦ ВШ, 2006. 274 с.
14. Мельников В.В. Безопасность информации в автоматизированных системах. М.: Финансы и статистика, 2003. 368 с.
15. Киселев В.Д., Есиков О.В., Кислицын А.С. Теоретические основы оптимизации информационно-вычислительного процесса и состава комплексов средств защиты информации в вычислительных сетях. М.: Изд-во Полиграфсервис XXI век, 2003. 145 с.
16. Радько Н.М., Скобелев И.О. Риск-модели информационно-телекоммуникационных систем при реализации угроз удаленного и непосредственного доступа. М.: Радиософт, 2011. 232 с.