CC BY
93
Khalmuratov Omonboy Utamuratovich, Researcher, Computer engineering department Urgench branch of Tashkent University of Information Technologies E-mail: [email protected]
IMPROVEMENT OF INFORMATION SECURITY CASES AND CLASSIFICATION SYSTEMS
Abstract: This article describes the Stages and Structure of Information System Security Criteria and Indicator Structure, and a method and algorithm for assessing the relevance coefficients of criteria and indicators. In addition, in the evaluation of information security, the use of knowledge base has been considered and based on expert opinions.
Keywords: information security, information security criteria and indicators, server operating system, database management system, local network, client operating system, special software, document management system.
1. Introduction - first stage. Points of information security criteria and
It is necessary to develop a specific method consisting of indicators based on the priorities of information security
principles by experts and the formation of a database on them;
- second stage. Formation of knowledge base. Determining the linguistic scale in the evaluation. Evaluation of the lowest level of evaluation criteria. Construction functionality;
- third stage. Creating informational database. These are the principles of conflict and the emergence of complex situations. Defective value deduction.
- fourth stage. Determination of the priority of the components of the information system and calculation of efficiency coefficients;
- the fifth stage. Assessing all components of the information system based on linguistic terms based on the lowest level of information security criteria;
- the sixth stage. Calculate the values of the components of information security criteria based on the knowledge base, by the clerical function;
- seventh stage. Calculation of connections between indicators. In turn, calculate family and class values of security criteria;
- eighth stage. Computing the system components and systems total cost;
- the ninth stage. Analyzing the evaluation results. Writing Reports.
Thus, the expertise team of the Information Security Measurement and Indicators Formation scores the three main information security criteria, such as scoring criteria for information security criteria based on the priority of confidentiality, user-friendliness and integrity, and the expertise of the findings on the basis of the scores obtained and assessing the security of the information system, the development of rules based on the theory of logic. In addition, the calculation of the
rules and algorithms that allows evaluating information systems based on specific security models.
The methodology should describe the actions to be taken by using evaluation criteria and tools to assess the security of the information system. This method is designed to assess the protection of the information system by an organization's information security expert on the basis of criteria based on expert opinions. In addition, the method can be used by developers of information systems, system protection profile and application for initial security information.
The method is designed to combine the process of evaluating information security with a view allowing them to evaluate the effectiveness of different security tools.
Principles of information security protection.
The following guidelines are useful when creating a method:
- the results of objectivity assessment are based on evidence and independent from the evaluator's judgment;
- impartiality - when the results of evaluation are subject to subjective considerations;
- recycling - the same appraisal always results if the same appraisal is used;
- correction - provides an accurate assessment of the appraiser's behavior;
- suitability - all types of assessment are carried out to the extent required to meet the assurance requirements;
- conformity - Each action of the appraiser will help to increase the confidence in proportion to the performance of at least the appraiser.
Formation stages of information security criteria and indicators system. Lines of formation of information security criteria and indicators system:
degree of protection of the information system is based on the scores awarded to the end.
Assessing the protection of the information system involves steps that combine the sequence of events to address the problem. They can be divided into the following groups:
- Formation of criteria. This group can include the first, second, and third steps;
- Evaluation of the information system. This group goes from the fourth to the eighth stage;
- Completing the evaluation. At the ninth stage, assessment results of the information system are analyzed and documented.
2. Calculation of the parameters of information security criteria and indicators
The quality of the protection mechanisms used in the information systems is determined by the degree of compliance with the security functional requirements that cover the security policy and counteract threats within the context of approximate exploitation. Different levels of protection quality are varied. Therefore, it is proposed to prioritize the information security policy adopted by the organization in order to determine the importance of the required security functin.
Table 1. - highlights the prioritized level of information security
Priority Basic principles of information security
1. Confidentiality integrity Availability integrity Confidentiality Availability
2. integrity Availability confidentiality Confidentiality Availability integrity
3. Availability confidentiality integrity Availability Integrity confidentiality
This method is based on the evaluation of the expert group's assessment of the importance of each criterion in the range 0-10. This method allows a few experts to summarize their scores on the significance of the criteria and to print the decimal numbers [11].
Let's assume, let the expert evaluate the importance of the criterion. Then the criterion can be written down as follows:
k1 km _
where hij is the case that the ¡-Expert puts it in j-dimension. Matrix elements are vectorized as:
h =
j=i
where hi is the sum of the matrix i in the matrix. Based on the following formula, the significance coefficients are determined:
=hi
T,i k
the matrix of materiality is based on:
the vector image of the matrix is as follows:
m
r. = "Vr..
iii
i=1
the criterion of gravitation rate can be written as follows:
Tk ,
Where A is the security coefficient of security classes
( ¿4- = 1 ).
Figurel. shows the structure of the information security overall criteria requirements.
Using the above method, the classifications of information security criteria, families and components are calculated. It also identifies the priorities of the information system components, and they are also the robustness factors.
It is well known that information security information security technologies will be evaluated and recommendations will be made to improve the security level. It should be noted that the classification of the classification factor based on the priorities of security (privacy, integrity, and use), based on the nature of the object of evaluation, will allow for objective and clear assessment of security. It is also possible to define the priority of measurements [1].
3. Forming non-public information in the assessment of information security.
It is well known that experts can not always participate in internal evaluation of the organization's information security. Therefore, it is expedient to use the knowledge base formed on the basis of expert opinions in the evaluation of information security. Compliance with system security information security requirements is assessed using the following linguistic terms:
- "incompatible";
- "Partially compatible";
- "most consistent";
- "Compatible".
ISO / IEC15408 includes components 12, 9, 7, 5, 4, 3, 2, 1. In this context, they can be divided into eight classes. Elements group hierarchy can be expressed in (Figure 1).
=1
Information security assessment criteria
Functional components of security
. . I ~
Security assurance components
1-rank
N-rank
1-family [
K-family
1-rank M-rank
1-family L-family
m
1-component
IL
R-component
1-component
1-element
S-element
H-component
1-element
D-element
Figure 1. The structure of information security evaluation criteria
Figure 2. Hierarchy of relationships between information security elements
If linguistic terms are used in decision-making, the number of rules will be 412 + 49 + 47 + 45 + 44 + 43 + 42 + 4, which will take a long time to get information from experts. For this reason, it is expedient to use the methodology of the theory of nontraditional collections [2].
For this purpose, eight sets of rules are developed by experts according to the number of classes in the components:
- set of rules for components with one element;
- set of rules for components with two elements;
- set of rules for components with three elements;
- set of rules for components with four elements;
- set of rules for components with five elements;
- set of rules for components with seven elements;
- set of rules for components with nine elements;
- set of rules for components with twelve elements. The set of rules is based on the non-conventional logic
theory and is made by the Gaussian function.
The linguistic variables are denoted by the <X, T, U> triangles. Here is the name of the X-variable, the term-term package, each element (term) that appears in the universal collection as an unobtrusive set [3].
In this case, X = "Elemental Value", T = {"Incompatible", "Partially Compatible", "Compatible", "Compliant", Y = [0.1].
Based on the capacities of the components, the set of rules is defined:
rule-1: if x11 and x and ... and x1n then y1;
11 12
rule-2: if x and x„ and
21 22
and x2n then yv
rule-1: if x1 and x12 and ... and x1n theny;
and x+1n then y2; n then y2;
rule-1+1: if xl+11 and x+ and rule-1+2: if x+ and x++22 and ... and x+ -
rule- m: if x , and x „ and ... and x then y;
-> m1 m2 mn s 2J
rule- m+1: if x „ and x ,„ and ... and x , then y;
m+11 m+12 m+1n s y
rule-m+2: if x „, and x „„ x „„ and ... and x „ then y;
•> m+21 m+22 m+22 m+2n ' y
rule- j: if x1 and x.2 and ... and x.n theny3; rule- j+1: if x++11 and x++12 and ... and x++1ntheny4; rule-j+2: if x and xm+22 x.+22 and ... and x.+2ntheny4
m+22 j+22
j+2n
rule-k: if xk1 and xk2 and ... and xkn theny4; The set of rules can be written as matrix:
xll ■ xin yi
xll ■ xln yi
xl+11 xi+ln y 2
X = xri • xm y 2
Xr+11 xr+ln y3
xi ^ ■ x jn y3
xj+11 ■ xj +ln y 4
xkl xkl _ y 4 _
Here is n = {2,3,4,5,7,9,12}, 1<l<m<j<k.; If the elements of the elements are A={a1, a2,..., a2}, then the component value is determined by the Gaussian function.
H = e
With this formula, the matrix M is constructed and is minimal for each line, ie mini=min( niV ni2,...,pin)
M =
Hi * • Hin mini
Hi * ■ Hin minl
H+11 ■ H+in min+i
Hi * ■ Hn minr
Hr+ii * H+in minr +i
Hi * • Hjn minj
H+ll ■ Hj+in minj+i
Hi * ■ Hi mink
The maximum set of maximum limits for each round of rule sets is:
max1=max(min1, min2,..., min);
, min);
max2=max(mmi+1, min+2,. max=max(minr+1, min+2,..., min); max4=max(min+1, min.+2,..., min)
Component value is determined by the following formula:
X yx* maxx + y2* max 2 + y 3 * max 3 + y4 * max 4
component
maxx + max2 + max 3 + max 4
The hierarchical relationship of a component group can be expressed inFigure3.
Figure 3. Hierarchy of relationships between information security elements
The following formula is based on family values.
Xfamily = ^ H i
1=1
X, 1 x- the value of the family of information security
family ' »
criteria,
\ - i-component coefficient, X i-component value collected from the elements.
Table 2. - The information security assessment model is presented
Class dimensionality Rank Indicators number Overall indicators
SOS J=1 DBMS J=2 LNJ=3 COS J=4 SS J=5 DMS J=6
1 2 3 4 5 6 7 8 9
1 FCS 4 X1.1 X1.2 X1.3 X1.4 X1.5 X1.6
2 FTP 2 X2.1 X2.2 X2.3 X2.4 X2.5 X2.6
3 FIA 12 X3.1 X3.2 X3.3 X3.4 X3.5 X3.6
4 FPR 2 X4.1 X4.2 X4.3 X4.4 X4.5 X4.6
5 FDP 7 X5.1 X5.2 X5.3 X5.4 X5.5 X5.6
6 FAU 11 X6.1 X6.2 X6.3 X6.4 X6.5 X6.6
7 FMT 11 X7.1 X7.2 X7.3 X7.4 X7.5 X7.6
8 FPT 13 X8.1 X8.2 X8.3 X8.4 X8.5 X8.6
9 FRU 2 X9.1 X9.2 X9.3 X9.4 X9.5 X9.6
10 FTA 7 X10.1 X10.2 X10.3 X10.4 X10.5 X10.6
11 Reliability classes 18 - - - - - X11.6
1 2 3 4 5 6 7 8 9
Xj line additive measures X1 X2 X3 X4 X5 X6
Oi Line importance O1 O2 O3 O4 O5 O6
Overall rating Q = ¿O, * X, i=i
Here DMS - Document management system SOS - Server operating system Q- is object information security overall rating, Ot -i - is DBMS - Database management system class efficiency coefficient, Xt - i is the class rateAs a result, the LN - Local network final assessment is in the range of [0.1], and the scale is deCOS - Client operating system scribed in Table 3.16 below. Table 3.16 SS - Special software
Table 3.
Interval estimation, Q Ball estimation B Linguistic evaluation, L.
0.9-1.0 5 - excellent The requirements are fully met. All connections to the security functionality have been reviewed and implemented. Security requirements are coordinated by interconnected information technologies and are shown in documents.
0.7-0.9 4- good The requirements are almost satisfied. All links to the security functionality have been reviewed and implemented, but the security requirements have not been documented in the compilation of information technologies.
0.5-0.7 3 -satisfactory The basic requirements are satisfied. The basic requirements have been done; all the dependencies have not been taken into account and have not been completed.
0.3-0.5 2-unsatisfactory The requirements are not satisfactory. All the basic requirements were not met.
0-0.3 1-completely unsatisfactory The requirements are generally not satisfactory. Most of the basic requirements were not met.
4. Summary.
A method of formulating and assessing the criteria and indicators for internal evaluation of the organization's security are produced.
The algorithm for forming information security criteria and indicators has been developed, taking into account the nature of the organization, the priorities of information security policy, components of information technology and information security.
References
1. Ganiev S. K. Xalmuratov O. U., Xudoyqulov Z. T. Detection weighty coefficient of functional requirements classes of standard "Information technology. Security techniques evaluation criteria for in security"// International science-technical Journal Kimyo texnologiya. Nazorat va boshqaruv. Uzbekistan. - 2014. - Vol-2. ISSN-1815-4840.
2. Aliev R. A., Barak D., Chew G.at all. SOFT COMPUTING: Fuzzy Logic. Neural Networks and Distributed Artificial Intelligence. F. Amin zadeh. Jamshidi M. (Eds.), PTR Prentice Hall Englewood Cliffs, New Jer sey, - 1994.-301 p.
3. Rotshteyn A. P. Intellektualnoe texnologii identifikatsii: nechetkaya logika, geneticheskie algoritmo, neyronnoe seti. - Vinnitsa: UNIVERSUM-Vinnitsa. - 1999.- 320 s.
