CC BY
68
ПРОГРЕСИВН1 ШФОРМАЦ1ЙШ ТЕХНОЛОГИ
ПРОГРЕССИВНЫЕ ИНФОРМАЦИОННЫЕ
ТЕХНОЛОГИИ
PROGRESSIVE INFORMATION TECHNOLOGIES
UDC 681.327.12
MODELING THE SECURITY POLICY OF THE INFORMATION SYSTEM
FOR CRITICAL USE
Bisikalo O. V. - Doctor of science, Professor, Dean of the Faculty of Computer Systems and Automatics, Vinnitsa National Technical University, Vinnytsia, Ukraine.
Kovtun V. V. - PhD, Associate Professor, Assistant Professor of Computer Control Systems of Vinnitsa National Technical University, Vinnytsia, Ukraine.
Yukhimchuk M. S. - PhD, Associate Professor, Assistant Professor of Computer Control Systems of Vinnitsa National Technical University, Vinnytsia, Ukraine.
ABSTRACT
Context. Compared to universal information systems, the information system for critical use has a simplified structure of the information environment and specific requirements regarding the volumes and nature of information resources. This fact allows us to refuse excessive detail and to narrow the simulation object to the process of forming a security policy for an information system for critical use, an adequate problem description of which is achievable under the condition of a rational choice of the mathematical apparatus.
Objective. Synthesis of mathematical apparatus for the complex unified description of static and dynamic, controlled by integrity and authenticity, processes in the information system for critical use in its hierarchical representation.
Method. In the article new complex mathematical models of processes of information processing and access separation to it are obtained, which, in contrast to the existing ones, describe in the framework of the mathematical apparatus of E-networks mechanisms for protecting the environment and resources of the information system for critical use and allow to quantify the integrity of its information resources. The mathematical models of the synthesis of the policy of safe information processes interaction in the information system for critical use are developed, which allow guaranteeing the observance of local security policies on the various structural elements of the system and integrating them into the global security policy, observing a single discretionary policy everywhere in the system.
Results. The practical consequence of the obtained theoretical results is the methods of optimizing the operation of the data processing and the access separation units, which are responsible in the information system for critical use for controlling the information integrity and the authenticity of access to it, respectively. In particular, the model of security policy of a information system for critical use adapted for practical application, a method for dynamically information integrity controlling with a corresponding criterion based on the mathematical apparatus of semi-Markov networks for a comprehensive stochastic description of discrete states of the information integrity control at selected hierarchical levels of the system during the continuous discretionary access. The method allows us to select the maximum allowable values of information integrity control coefficients at the sub-levels of the OSI application level allocated in the information system for critical use based on the pre-set amount of the size of controlled information, the speed of information integrity control and the maximum period of the system is in the appropriate state. Also describes a method for controlling access to information processes that are described by superblocks on the E-network representation of the ISCU using sets of classifiers integrated into each block of the superblock that capture the fact of exceeding the corresponding thresholds by weighted degrees of identity of the attributes of the object that wants to access, which allows us to classify the identified information threat and initiate the corresponding reaction described in the system security policy. The analysis of the results of the experiments allowed to obtain optimal parameters of groups of classifiers, which, in the framework of global, local and discretionary security policies, prevent the unauthorized access to system information resources or attempts to violate their integrity.
Conclusions. The article presents for the first time the mathematical model of the information system of critical use, in which, unlike the existing ones, a single approach has been introduced to describe information processes within the global, discretionary and local security policies with an attachment to the hierarchical structure of the information system, which allows analysis and synthesis of functions services supporting user roles based on the object-relational model of organization of information resources of the © Bisikalo O. V., Kovtun V. V., Yukhimchuk M. S., 2019 DOI 10.15588/1607-3274-2019-1-13
system, to perform their integration, induction and ensure compatibility within a single security policy, to control the information and the authenticity of static and dynamic access to it.
KEYWORDS: information system for critical use, security policy, data processing unit, access separation unit, automated speaker recognition system for critical use.
ABBREVIATIONS
ASU is an access separation unit;
DB is a database;
DMS is a database management system;
DPU is a data processing unit;
IICS is an information integrity control subsystem;
IS is an information system;
ISCU is an information system for critical use;
ISSS is an information system security subsystem;
SP is a security policy;
NOMENCLATURE
a is a type of authorization procedure;
9b (t) is a Laplace-Stieltjes transformation of the basic probability distribution of a random variable t ;
Oi (j) is a result (marking) for the access points within the type of SP for the i -th structural element of the E-network;
| is a vector of parameters of the basic distribution law;
Tdm is a random value of the duration of the process of the information integrity control during discretionary access m ;
T is a random value of the time of the IICS's stay in the state i;
c is a speed of the information integrity control;
D is a set of precedents;
B is a set of superblocks allocated on the E-network of the ISCU, in the formation of its SP;
Bl is a superblock of E-network order l ;
E(rm) is a dynamic performance criterion for IICS of ISCU;
E is a formalized description of the E-network of the ISCU;
E f is an ability of the ISCU to perform its functional duties while maintaining the data integrity;
Es is an ability of the ISCU to maintain a given performance indicator without the information integrity controlling;
Es min is a operational constant;
Fb (t) is a function of the basic law of the probability distribution of a random variable t ;
fb (t) is a density of the basic law of the probability distribution of the random variable t ;
G is an E-network representation of the software and hardware component of the ISCU;
Ga is a set of arcs of the state graph of the E-network of the ISCU, which describes the actions of active users within the roles defined for them;
Ge is a set of entities-superblocks of the ISCU, described by sets of vertices of the graph of the E-network;
GI is a function of the hierarchical structure of the ISCU;
GM is a set of arcs of the state graph of the E-network of the ISCU, which describe the information flows between the entities of the ISCU;
Gr is a set of arcs of the state graph of the E-network of the ISCU, which describe the users roles;
H (t) is a characteristic matrix of the semi-Markov process of information integrity controlling in the ISCU in time;
I is an index of module u and a block, in which this module is upper;
i is an iterator;
J is a sub index of the index I ;
j is an iterator;
K is a number of lower modules in the block with the index I ;
Kdm is a random variable of the coefficient of the information integrity control during discretionary access
m ;
Ki is a coefficient of the information integrity control when the IICS is in a state i ;
Kmax i is a maximum predicted value of the coefficient Ki ;
k is an ISCU's level number;
L is a number of levels of the ISCU;
I is an ISCU's level number;
lh is a number of the higher level of this layer of the ISCU;
II is a number of the lower level of this layer of the ISCU;
Ma is a set of the ISCU administrators;
Min is an input marking function that determines the state of the input positions of the module with the index by the types of authorization procedures a ;
MF is a set of functions that provide the performance of defined ISCU roles;
Mout is an initial marking function that defines the status of the source positions of the module with the index by type of authorization procedures a ;
MR is a set of roles, each of which defines the limits of the capabilities allocated by the administrators for the corresponding classes of users;
MU is a set of the ISCU users;
P is a set of positions for obtaining access to the E-network-based ISCU;
Pi is a set of positions for obtaining access to the l hierarchy level of the ISCU;
Q is a set of simple positions of the E-network of the ISCU;
Qi is a set of simple positions of the l hierarchy level of the ISCU;
Qz is a set of potential targets of intruders that are elements of the E-network representation of the ISCU;
r is a logical variable of the permissibility of an authorization;
S is a set of positions (layers) of E-networks of the ISCU;
Si is a set of positions (layer) of the l hierarchy level of the ISCU;
t is a time variable;
Ti is a maximum permissible time of stay of the IICS in a state i;
U is a set of modules of the E-network of the ISCU;
Ui is a set of modules of the l hierarchy level of the ISCU;
u is an element of a set of modules of the E-network of the ISCU;
Vdm is an entire amount of information, the integrity of which has to be controlled;
Vi is an entire amount of information, the integrity of which has to be controlled when the IICS is in a state i ;
vi is a random amount of information, the integrity of which has to be controlled during the period of the IICS being in a state i ;
vdm is a random amount of information, the integrity of which has to be controlled during discretionary access m;
Z is a set of classes of information threats.
INTRODUCTION
The information system [1] is a structural and functional set of technical, software and other means created to support one or more types of information processes and provide information services. Actual IS are inherent hierarchy, decentralization, functional distribution, parallel execution of custom tasks, etc. Such systems function in conditions of active information exchange under the influence of random and negative factors with high cost of consequences of possible violations or errors in their work. The structure of such systems is formed according to the purpose of functioning and is characterized by high complexity on elemental saturation at the software and hardware levels, which is reflected in the complexity of control algorithms and mechanisms of switching elements of the system.
Critical use of IS due to the importance of the information resources of such a system leads to the need for an integrated approach to the implementation of its
security, including protectiFon of communication channels, protection of the authorization process for users (authentication) and programs, protection of remote elements of the system, holistic protection of the whole system and the creation of algorithms system behaviour when detecting information threats. Accordingly, the protection subsystem of such an IS must combine the mechanisms of protection of the components of the information environment (IS as such), mechanisms for minimizing risks for components of the information environment and information resources (data present in the IS), a set of procedural, logical and physical measures aimed at countering threats to information resources and components of the information environment. Since the security of the information resource implies the impossibility of its loss due to failures of the components of the information environment, the task of securing the information resource is decomposed into the task of ensuring the reliability of the computer database, which guarantees the continuity of the functioning of the information environment, and the problem of counteraction and prevention of threats to information resources. The requirements for ensuring the safe operation of IS are embodied in security policies [2]. The execution of the SP ensures that, in case of occurrence of foreseeable problem situations as a result of unwanted factors of different kinds, the system will be able to fulfill its target function in full.
The above information allows us to assert the impossibility of constructing an adequate mathematical model for an exhaustive description of the functioning of the IS. However, the critical use of IS narrows as characteristics of the information environment and the amount and nature of information resources that are in such an information system. This circumstance allows us to abandon excessive detail and to narrow the simulation object to the process of shaping the security policy of an information system for critical use, an adequate problematic description of which is achievable under the condition of a rational choice of the mathematical apparatus.
The object of study - the process of synthesizing an adequate SP for an ISCU.
The subject of study - the mathematical apparatus of E-networks for describing the mechanisms of security of environment and resources of ISCU in the form of SP. Mathematical apparatus of semi-Markov models for a comprehensive stochastic description of discrete states of the information integrity control at selected hierarchical levels of ISCU during continuous discretionary access.
The purpose of the work is to create an adequate mathematical model of the SP for ISCU and to generate methods for the practical application of the results of such simulation.
1 PROBLEM STATEMENT
We represent the generalized mathematical model of ISCU in the form of a tuple (MA,MC,MR,MF, t). Under security policy we will understand a complex of methods
that regulates the management, protection and distribution of information. Sources of danger in this case will be: the unpredictability of the result of intersection of the roles and functions of a particular user MR n MFVc e Mc due to the imperfection of the formal description of the system, imperfection of the users and services authentication process, the potential incompleteness or unauthorized loss of information resources. Therefore, only the adequate security policy, which is strictly formalized within the framework of the chosen mathematical apparatus, describes the permitted processes of formation and interaction of the elements of the sets from the above-mentioned tuple, controls the completeness and predictability of the results of this interaction, detects and identifies the unauthorized processes, ensures the users and services authentication processes, controls the integrity of information resources and allows us to detect deviations from the provisions of the SP and uniquely regulates the corresponding system response for such cases.
2 REVIEW OF THE LITERATURE
At the international level, the notion of information security is generally regulated by ISO/IEC 27001:2013 [3], whose annexes describe a set of measures for information security management. Directly on the issue of information security is devoted to 14 sections of Annex A of the standard: A.5 "Information Security Policies" -defines how information security policy is created, verified and managed; A. 6 "Information Security Organization" - defines the list of types of users and their privileges, and also describes the organization of remote access to information, including using mobile technologies; A.7 "Safety of human assets" - fully describes the staff interaction with a controlled by IS environment; A. 8 "Asset Management" - clustering information resources of IS. Identifies the peculiarities of the storage, management and information access processes at the hardware level; A.9. "Access Control" describes measures for the safe access to information resources within the framework of a defined security policy and taking into account the provisions of sections A.6-A.8 of the standard; A.10 "Cryptography" - describes the admissible technologies of information encryption and key management process; A. 11 "Physical security and environment security" - describes the procedure for organizing security zones, the order of protection against identified threats, the order of security of equipment, the order of information destruction and the policy of "clean table" and "clean monitor", etc.; A. 12 "Operation Safety" - describes the process of managing the proper functioning of the entire complex of software that supports functioning of the information environment of IS; A.13 "Communication security" - defines network security measures; A.14 "Acquisition, development and maintenance of systems" - describes the steps taken to ensure the development, acquisition and maintenance of software and hardware components for functioning of IS; A.15 "Relations with suppliers" - describes a safe
© Bisikalo O. V., Kovtun V. V., Yukhimchuk M. S., 2019 DOI 10.15588/1607-3274-2019-1-13
procedure for work with equipment, software and services suppliers; A. 16 "Information Security Incident Management" - describes the procedure for writing reports of disadvantages, imperfections and vulnerabilities of IS, and procedures for responding to them; A.17 "Information Security Aspects for Ensuring Business Continuity" - describes the order of work planning for the continuous operation of IS; A.18 "Relevance" - describes the issues of compliance of information resources and the way in which the information environment of IS is organized in accordance with applicable law, in particular, on the protection of intellectual property, personal data, and the order and organization of information security checks. In general, the standard lists 114 aspects for the security of the information environment and information resources of IS, which in general describe the mechanisms of information security, mainly without guidance on the application of specific technologies, due to their rapid evolution. According to ISO/IEC 27001:2013, protected IS have to successfully counteract the types of attacks defined during its design stage for given external operating system conditions. Usually, in order to achieve such a result, the SP of IS includes mechanisms that implement only part of the 114 aspects formulated in the standard [3]. This way of creating a SP is much faster, cheaper, and generally satisfies the standard [3], but does not guarantee the absence of vulnerabilities due to the lack of a systematic approach in its implementation.
The information search did not reveal studies where the concept of security organization of the ISCU is described at the proper level of formalization, which determines the relevance of the research presented in the article.
3 MATERIALS AND METHODS
Of course, research on the issue of the safety of ISCU should begin with its definition as a research object. ISCU is a partial case of ISs that, according to ISO/IEC 2382: 2015 [4], includes systems for the storage, retrieval and processing of information and related organizational resources that provide and distribute information.
In the broad sense, the integral components of IS are data, hardware (including communications) and software, personnel and organizational measures. ISCS, respectively, is an information system that operates so much important data that unauthorized access can lead to significant material or human losses. For the system representation of ISCU, we will use the OSI hierarchical network model [5], which, however, focuses on the communication component, while the program component is represented only by the application layer. Adapt the OSI model to describe the ISCU by breaking down its application level by sub-level, as presented in Table 1.
Further formalization of the description of the ISCU, based on the hierarchical structure presented in Table 1, is proposed to be carried out on the basis of the mathematical model of information circulation [6-9] in which, by standardizing the interfaces of the conjugation
Table 1 - The hierarchical structural organization of the ISCU within the application level of the OSI model
Structural element of the ISCU The role of the structural element Sub-level of the application level OSI, allocated within the framework of the ISCU
Administration unit Set privilege for a set of user roles Administrative
Access separation unit Recognize the identity of the user to decide on his rights to an appropriate role in the ISCU. Supports functioning of the highest level of software of the ASU of ISCU. Identification
Virtualization unit Create a virtual working environment for an authorized user in accordance with its role Integration
The ISCU resource access organization unit Launches program manager of ISCU, which, in accordance with the role of an authorized integrator, launches system applications, utilities and access services to the ISCU resources. Supports the work of high-level software of DPU of ISCU. Dispatching
Network navigation unit Provides initiation and support of information exchange with the corresponding ISCU servers by the generated authorized program manager for the search for information Navigational
Data transfer unit Supports access to the authorized navigation tool to two types of the ISCU servers: Server
Registration server Unique data server
Object control unit Provides support for user authentication procedures (low level of software for the ASB) and data integrity monitoring (low level of software for DPU) Organizes the work of the authorized navigation tool with the data placed on the server according to the formulated request using the application-applied interpretations installed on the server Applied
Resource management unit Provides access for the authorized interpreter to the server resources manager. Supports the operation of the DMS kernel as the lowest level of software for DPU Managerial
Data unit Provides access to the authorized resource manager to the server databases, among which, according to the type of server, distinguish: Informational
Access authorization database, database subsystem of communication, database of information records Database for the authentication procedure, database of profile data
of application processes and service complexes with decomposition of the levels of access to ISCU resources, combining flexibility with each aspect of data security: confidentiality, availability and integrity. Under the flexibility of protective mechanisms in the context of confidentiality and accessibility, we will understand the rationale of the delineation of access to information, and under the inviolability - the quality of the SP model used in the ISCU. Necessary for SP modelling is the creation of its global (syntactic) model that describes the desired properties of DPU of ISCU, and sufficient - the creation of a local (semantic) SP model that describes the rules for the transition between the established states of the DPU. In the presence of a local model of SP is considered dynamic, and in its absence - static. A dynamic model of SP with a finite set of states is called a model of finite states [10]. The basic safety theorem [9] theoretically substantiates the fundamental safety of the model of the final states of the DPU of ISCU: if at the initial moment of time the global security policy is implemented and all the transitions between the DPU of ISCU satisfy the local SP model, at a later time, the global safety model will also be implemented, that is, ISCU vulnerabilities appear at the stage of its practical implementation, and not laid directly into a correctly synthesized SP model. The second indispensable component of the security of the ISCU is the ASB, which is best described in the context of the global SP by the discretionary model [11], which regulates the process of user progress towards resources of ISCU within defined roles, not taking into account the state and interconnections of DPU. However, unlike the model of finite states, the discretionary model is
potentially dangerous. Secure the discretionary access processes by running each one in a dedicated, controlled, and independent process with a uniquely defined sequence of end-to-end transitions. In such a concept, the arbitrary discretionary access process, governed by global SP rules, will represent the corresponding algorithmic sequence of authorized accesses of higher-level components to the resources of the current or lower level components that are combined into a clear vertical hierarchy of ISCU, with the parameters set by the local SP rules.
In order to convey the specifics of the global and local SP organization of discretionary access to the resources of ISCU, the structure of which consists of DPU and ASU components with the above characteristics, we use the mathematical apparatus of E-networks [6-9]. Within the framework of the E-network concept, a structured process in the ISCU is presented as a basic element - a number j
level lh module, which is the result of grouping according to the meaning of the process of several neighboring levels of the ISCU with numbers l = li, lh where li = lh - j +1. The structure of the E-network is blocked. Each module of the E-network contains a set of pairs of opposite input (simple) and output (access) positions, which differ in a unique mechanism of authorization. Number of items in the module is equal to the number of authorization mechanisms.
To identify the modules and blocks of the E-network of ISCU we will introduce a system of indices, based on the module's membership to the levels of the ISCU and the internal numbering of modules in the blocks. Define
the j order index as a sequence i1.i2.....ij. The level l
modules are identified by the (L -1) order indexes
l = 1.L . All modules of a certain block are divided into upper and lower ones, according to their location at the levels of the ISCU. An arbitrary block of an E-network with an index I contains a single top module with an index I and K [] lower modules with numbers
j = 1, K[l] correspondingly, which is equivalent to the I.j expression for any j module of the lower level of the I block. Accordingly, we will consider the J index as a sub-index of I index - J c I = 13 J if
I = Jili2.....it, and the case (( c I)v (( = I)) we will
mark as J c I = I 3 J. The logical variable r = r (I, a) describes the result of the type a authorization procedure in the module with the index I. With each idle position associated time delay procedure and conversion procedure, which is accompanied by an appropriate change in the values of the characteristic attributes of the user object. With each access point, the conditional branching operation is associated with different types of authorization procedures, the results of which are marked by the system for the user object characterized by a set of features - attributes. Each object can be moved by the positions of one authorization procedure, which is indexed in the set of authorization procedures for the transaction. Moving an object, depending on the result of the authorization procedure, can occur either from the input position of the module in to the opposite to it output or in to the input position of the same authorization procedure of the second module of the same block with the descent to one level of the hierarchy of the ISCU, or in to the input position of the same authorization procedures of the module L -level hierarchy of the ISCU. At the same time (in parallel) a lot of objects can be processed in the system, with some authorization procedure can be deferred by the time delay procedure set by the system for the corresponding module. Upon completion of the time delay procedure, the object moves with possible absorption or reproduction procedures, accompanied by corresponding transformations of the values of its attributes. Sum up the above described describing the E-network module in the form
= {I,q,p) e UI
(1)
where I = I(u) = ¿1.Z2.Z3.....z'l-1, q = q[l, a]e Qi,
p = p[/,a]e Pi, Q = P * 0 - a set of modules Ul, simple positions Qi and access point positions Pi from level l are the basis for synthesizing sets of modules U , simple positions Q , access point positions P for the L
entire E-network: Q = U Ql * ©, Q| < œ, Qk n Qi * © ;
l=1
L L
P = U Pi * ©, PI <ro , Pk n Pi * © ; U = \JUi * ©,
1=1 1=1
|U| < ro, Uk n Ui * ©. Based on (1) the structure of the E-network itself we describe by the tuple
E = (N,K,r,Mln,Mu),
(2)
where K = K [i] , r = r[l, a], Min = Min [I, a],
Mout = Mout[I, a].
Also, we introduce the concept of the E-network positions (layers) S, S = Q u P * 0 , Q n P * 0,
IS < ro, Q| = P|, which generalizes the set of simple positions Q and access point positions P . The level Sil _ih layer lh with the lower level li - is part of the E-network B0 = S1 l with an order j = lh - li +1, which belongs to the layer of E-network order j level lh and contains only modules of this layer of the E-network and connecting their arcs. For the first-order layer equality Si 1 = Ui is true. E-network layers Si 1 and
h - - - h h J Hi - - - hi
Sl l intersect if they have at least one common E-
llj - - - lhj J
layer: (max (4-, l )< min (h, lhj)), otherwise the layers do
not overlap. If the layers intersect, then it is possible to define join and intersection operations for them. The join of the E-network layers Siu - iu and Si^ - ihj there will be
a layer Sh -.. lh = Slu -.. lh,u Shj - - - lhj, where ll = min(lli ,lij),
lh= max(lhi, lhj), and the intersection of these layers will
be a layer Sh - . . ih = Siu - . . ihi n Shj - . . ihj.
The foregoing allows us to introduce yet another level of generalization in the ISCU simulation on the E-network which will be called the level l h superblock Bl l with the lower level ll and the index I, which is part of the B0 = B1 - L (0) E-network of j = lh - lt +1 order, which is inscribed in the Sll lh layer whose
modules indexes satisfy J c I. The order of the superblock shows the number of E-network levels, which contain the modules that are part of it, and the level of the superblock shows the highest E-network level in its composition. Superblock B covers a set of E-network levels, among which are the highest, lowest and intermediate levels, each of which has modules, for determination of which we introduce variables Qi (B), Pi (b) , Ui (b), which, respectively, represent the set of simple positions, the set of access point positions and the set of modules on the levels l of the superblock. Summarizing the introduced symbols for all levels of the
superblock, we obtain the corresponding supersets:
Q(B) = [J&(B), P(B)= \JPl(B), U(B) = \JUl(B). l=lt l=li l=li We will analyze operations on superblocks, taking on analogy with the above-described operations over ISCU E-network layers. So superblocks cross over if they have at least one common module, that is, two ISCU E-networks superblocks intersect if the top module of one of them is a part of another. This assertion has a number of consequences, namely: superblocks inscribed in the same layer do not intersect; Superblocks of the same level, but of different order or not overlapping, or have a common top module and a super-block of higher order includes a superblock of the lower order; if superblocks with the same lower level intersect, then the faults have a different order and the superblock of higher order includes a superblock of lower order. In the end, the result of the intersection of superblocks will be a superblock, which includes all the shared modules of output superblocks, thus creating a new superblock: let
Bh.lh (i) = ^Bhj...ij, (IjI lh = mm^lhjI
¡1 = max(l, llj) then, if lj = lji, then I = Ii, or if lj = ljj
then I = Ij . Such an interpretation of operations on
superblocks of the ISCU E-network is in line with the process of forming the global SP of ISCU. If the system of marking the results of discretionary access to the ISCU information resources is included in the concept of the global SP of ISCU, then its mathematical model at the level of the superblock B = Bl j (l0) will be a subset of
access point positions QG (B) for the lower level of the superblock: QG (b)c Pi (b). Accordingly, all access
point positions for the lower level will be marked by the compliance of the global SP:
(Vp = p[l, a] e Ph (B) \ QG (B))MOTf [, a] = 0), which
prevents unauthorized discretionary access to the lower level resources without breaking the mark:
(3p = p[, a] e Ph (B) \ QG (B))(MOTf [/, a] = 1) .
In order to integrate the discretionary authentication model into the created model of ISCU in the context of the above-described approach to the formation of its global SP, we introduce the concept of discretionary SP of ISCU, which will determine the privileges of discretionary access of the given authorization to objects at the selected level of ISCU. By analogy with the above, we introduce a discretionary SP of level l on a superblock B = Bl lh (l0) by a subset of the access point
positions QDl (b) for a l level of a super-block: Q Dl (B Pl (B), ll < l < lh. Performing a discretionary l -level SP qdi (b) on a superblock B will mean the appropriate marking of all access point positions at this level: (Vp = p[/, a] e Pi (B) \ qdi (b ))iout [l, a] = 0),
while an attempt to violate it is marked as (3p = p[l, a]e Pi (B) \ Qdi (B))((out [[, a]= 1).
Unlike the global SP, the local SP of ISCU regulates the inter-entity interaction with the projection on the concept of the hierarchical ISCU representation by applying a "control-controlled" rule for pairs of entities located at neighboring levels of ISCU. In accordance with this rule, the subjects of the current level are controllable in relation to the subjects of the higher adjacent level. The local l -level SP QLi (B) on the superblock B = Bl. ih (l0) will be described by a set
QLl (b)= {I(u), a,r[l(u), a^|u e Ul (B), a = },
ll < l < lh and will set the attributes of the possibility of authorization in the modules of this superblock level. Accordingly, a subset of positions allowed by the local l -level SP on the superblock B will be described by a
subset {p = p[I(u),a]e P (B)u e U, (B),a= 1,
^I(u),a,^ eQs (B)} , which allows to describe situations when a local SP is executed, and when not, by expressions (vp = p[I(u), a] e Pi (b)u e Ul (B), a = 1, N,
P (B)|u e U, (B),a = 1N^I(u),a,^ e Ql, (B))•
■(Mout [I,a] = 0) and (3p = p[I(u(u),a,0)
eQLl (B))(Mcmt [I,a]= 1) respectively. Detailing the
process of forming a local SP of ISCU requires differentiation of the rules of safe inter-entity control over the controlling entities at the level of the block of the E-network. The only top module of an arbitrary block of an E-network of ISCU with an I index is associated with the controlling entity, and its lower modules (with numbers 1, K [I] within the block or with numbers 1.1, I.K [I ] within the E-network) are associated with actual or potentially managed entities. We will develop this concept in the notion of block SP of ISCU, which establishes the attributes of permissibility of obtaining access for all modules of a block. To formalize the block SP we will describe the mechanism for reconciling the attributes permissibility of obtaining access and the corresponding sets of marked access point positions between the upper module and all the lower modules of the block. Based on the fact that the access processes for the controlling and the controlled entities are the same, it can be argued that the permissibility of obtaining access for a controlled entity requires the admissibility of a similar procedure for a controlling entity and vice versa, the inadmissibility of obtaining access to the controlling entity requires a similar for all managed entities. These conclusions allow us to formulate rules for agreeing attributes of permissibility of obtaining access in a blocked SP:
(з/ e .j,a] = 1) ) ( [,a] = 1),
(r[, a] = 0) => (Vj e CK/](.j, a] = 0),
(3)
(4)
where a = 1, N , I = I(и ), и eU \ Uj.
Consider the concept of block SP in the formation of a local SP on the basis of a superblock B = Бц j (l0 ) in
the form of expression
О L (B ) = U Q Ll (B ) = {/ (u ), a, r [ (u ), a]u e U (B ), l=ii
(5)
a = 1, N
}
where all the attributes r[l(u), a] for all blocks are mutually agreed with the help of rules (3), (4).
We extend the application of the rules (3), (4) to the process of solving the local SP on the superblock B = B[ - ih (l0) in the form of rules
(r[, a] = 1) => (VJ c l\p[J, a] e P(B))(r[j, a] = 1), (6) u eU (B)\Uih (B),
((, a] = 0) (VJ c l|p[j, a] e P(B))(r[j, a] = 0), (7) u e U(b)\ Uh (B),
at a = 1N , I = I (u).
Finally, based on the rules (3)-(7) we will formulate the process of agreeing the privileges of discretionary access for the entire SP of ISCU by combining the level of discretionary SP for all levels of ISCU with their agreement on the basis of block SP:
qdp (b)= u qdi (bk P(B),
(8)
l=ll
where B = Щ _ ih (/0)
the sets
at a = 1, N , I = I (u ), u eU \ U1.
Summarizing the rules (9) and (10) formulated for different levels of ISCU, we obtain the rules for agreeing the access point positions at the discretion of a discretionary SP on a superblock B = Bt _ , (I0 ) :
(p[l,a]e ОDP (B))^ (VJ с l\p[j,a]e P(B))x
x (p[j, a] e Qdp (b)) , u e U(b)\Ulh (b),
(p[/, a] g ОDP (B)) ^ (VJ 3 /|p[j, a] e P(B))x x(p[j, a] g О DP (B)), u e U(b)\U h (b),
(11)
(12)
at a = 1, N , / = / (u ).
Consequently, the discretionary SP of ISCU, represented by the E-network, can be set up by a set of access point positions according to the rules (11), (12), but such representation is characterized by information redundancy, which is deprived the globalized representation of the discretionary SP on the E-network:
qdg (b)eqdp ()=> (p[/,a]eqdg(b))» (p[,a]eQDp(b))
л ((VJ 3 /|p[j, a] e P(B))(p[j, a] g ОDp (B)))
л
(13)
where a = 1, N , I = I (u), u e U(b) . There is a reverse possibility - to represent Q.DP (B) having a set of
^dg (B):
(p[/, a]e О dp (B))» ((з J 3 /|p[j, a] e P(B ))(p[j, a] e О dg (B ))).
(14)
q.di (b) are agreed
according to rules (3), (4) and the processes of agreeing the marked access point positions and attributes of permissibility of obtaining access are equivalent, that is, the permitted position corresponds to the true value of the attribute of permissibility of obtaining access, while the wrong position is false.
Equivalently (3), (4) we have rules for coordinating the access point positions when set up a block SP on an E-network:
(З/ e JK)((.j, a] e Q dp ) => ((, a] e О dp ), (9) ((, a] g Qdp ) ) (vj e Щ1])([/ .j, a] g О dp ), (10)
As a result, the index of one of the two access point positions p' and p" from the globalized set of allowed access point positions Q ^ (B ) for a same authorization can't be a subindex of another:
(p = p[/ ', a] e Оdg (В)л p" = p[ ", a] e О dg (B )) 'e / "л / / ').
(15)
Lets get a set Q Dp (B ) of this same SP on the basis of (14), taking into account (15), which will include in to Q Dp (B ) each element of Q DG (b ) and all access point positions whose indexes are its subexpectives:
(Vp = p[I, a]e P(B ) \ QDp (B%Mout [I, a] = 0), (16)
which makes all access point positions that are not marked by this SP unavailable, and an attempt to initiate them will take into account with the help of the expression:
(3p = p[l, a] 6 P(B )\ nDp (B)lMout [, a] = 1). (17)
The implementation of the discretionary SP at the DPU level is guaranteed by an execution of the local SP QL (b), defined in (5), the discretionary SP QDp (b) ,
defined in (8), and expression (Vp = p[l, a] 6 P(b))-•((p 6 QDp (B))»(r[, a] = 1)) on the superblock B of
E-network. Accordingly, if at a certain time a discrete SP is executed on a certain superblock of the E-network of ISCU, and all objects moving in this superblock satisfy the inductive superblock of the local SP, then at any later time the discretionary SP on the superblock will also be executed. Perform marking of the positions allowed by the selected local SP on a superblock B = B,, ,(l0) of
the E-network like:
(Vp = p[, a] 6 Ph (B)( [, a] = 1) ((out [, a] = 0)) a /(Vp = p[,a]6 P(B)\Plh(B)\Mln[I,a] = Mout[,a] = 0). (18)
We will call marking (18) basic. On its basis we get the induced by discretionary SP marking
(Vp = p[,a]6 QdGBK[I,a] = 0)a(Mout[,a] = 1))a ^ a (Vp = p[, a] 6 P(b)\ QDG(B))(M!n [, a] = Mout [, a] = 0). ( )
Expression (19) describes the discretionary access to the resources of the lower level of the ISCU hierarchy with the privileges that are maximally permissible within the framework of the discretionary SP specified on the superblock. In the framework of expressions (18), (19) we formulate the notion of global SP QG (B) on a superblock B, as induced by a discrete SP provided on the same superblock Qgd (b), if QG (B) = QGD M). A subset Q G (b)c p(b) satisfies (15) since all its elements belong to the lower level of the ISCU hierarchy, therefore, on any arbitrary superblock, any global SP is induced by a single discretionary SP, which, in turn, is induced by a local SP. Thus, for an arbitrary global SP, which is given by (15) on the superblock of an E-network, it is possible to define the access operations (11) and the transformation operations (12) on this superblock so the induced by the given global SP marking of the superblock (19) may be derived from the basic marking (18) within the local SP, which induced by this global SP.
The above expressions mathematically correctly and holistically describe the interaction of all levels of SP in a hierarchical ISCU with DPU and ASU, but, given the complex nature of the ISCU, the question of agreeing of SPs of superblocks on the scale of whole ISCU is relevant. To study this issue, we will define the concept of weak and strong compatibility (incompatibility) of SP. Weak compatibility (incompatibility) of SP Q. and Qj we consider like the absence (existence) of direct contradictions between them and denote Q. ~ Qj
(Q. ~ Qj). Strong compatibility (incompatibility) of SP Q. and Qj we consider like the absence (existence) of contradictions in the distribution of their SP to the entire E-network and denote Q. «Qj (Q. «Qj). We also
consider that two arbitrary SPs are the same type if they relate to one level of the E-network representation of ICU (both global, both local, etc.), or different types in opposite cases.
Let's describe the concept of compatibility (incompatibility) of the same type of SP with such expressions
(Qg (b.) ~ Qg(Bj ))«(Qg (b. ) nP(Bj) = Qg(Bj )nP(B.)), (Qg(b.)~QG(Bj))» (QG(B.)npN(bJ)=QG(Bj)nPN(B.)).(20)
(Qa (B,)~ QD, (Bj))»(Qd,(B, )nPN(Bj) = Qa (Bj )nPN(B,)), (Qa(B,)~ Qa(Bj))» (Qa(B, )nPN(Bj )= Q^nPN(B, )). (21)
(Qa (b.) ~ Q, (bj))» (Qa (b. )nQ L, (bj) = n\U, (b, )nu, (bj ^ Q (B.) ~ Qa (Bj))» (Ql, (B. )n Qa (Bj) < N\U (B. )n U, (Bj)).(22)
(Ql (B. ) ~ Q L (Bj))» (Q l (B. )n Ql (Bj) = N|U, (B, )nU (Bj)), Q(b.)~QL,(Bj))»(Ql(B.)nQL(Bj)<n\U(B,)nU(Bj)). (23)
(qdp(B,)~ QDp(Bj))» (qdp(B,)np(Bj )= QDp(Bj)nP(B,)),
(Qdp (b,) ~ Q DP (Bj))» (Qdp (B, )n p(Bj) = QDP (Bj )np(B)). (24)
From (20)-(24) it is evident that the weak compatibility (incompatibility) of the same type of SPs on the same superblock is interpreted as their equality (inequality):
((q(b, ) ~ Q(Bj )) a (b, = Bj ))» (q(b, ) = q(b j )), ((q(b,)~Q(Bj))v(b, = Bj))»(q(b,) = q(bj)). (25)
Strong compatibility of the same types of SPs Q(B,) and q(bj ) on the superblocks B, and Bj accordingly
will be interpreted as their simultaneous weak compatibility with a certain single SP of the whole E-network B0 of the same type:
(q(b, )« Q(bj))»((3Q(bb ))i(Q(b,)~ Q(B0 ))A(Q(BJ ) ~ Q(B0 )))), (q(b, )«Q(Bj))» ((vq(b0 ))M(q(b, )~ Q(B0 ))v (q(bJ ) ~ Q(B0)))). (26)
From (26) it is seen that the strong compatibility (incompatibility) of the same type of SPs on the same superblock is interpreted as their equality (inequality):
((Q(B,)~ q(bJ ))a (Bi = Bj))o ((Q(B,) q(bJ ))a b = Bj))o
»(q(b, )=Q(Bj )) , (27)
((Q& )~q(Bj ))v B = Bj )M(Q& )^Q(Bj ))v (Bi = Bj ))o «(q(b, )=q(bj )).
On the basis of already formulated, we will analytically describe the concept of compatibility (incompatibility) of different types of SPs. We describe the weak compatibility (incompatibility) of the l -level discretionary SP QDi (Bi) on a superblock Bt with a discrete SP with a permissive representation Q Dp (Bj) on the superblock Bj witch an expressions:
(q a (B ) ~ Q dp (bj fl» (Q Dl (Bi)n P(Bj )= Q dp (bj )n P (B )) , (q di (B Q dp (Bj (Q Dl (Bi )n P(B )= Q dp (Bj )n P(Bi )) . (28)
Weak compatibility (incompatibility) of the level discretionary SPs of different levels will be considered as weak compatibility (incompatibility) of certain discretionary SPs with which these level discretionary SPs are weakly compatible (incompatible):
(QDIi (BI )~ QDIj ( ))O ((3QDP(BI ^ (BI )~ QDp& ))X
X^BQDP(Bj)QDIj(Bj)~ QDP(Bj)))(QDP(&-)~ QDP&),
(QDIi (BI QDI . (Bj))» ((VQDP (BI )QDIi (BI )~ QDP (& ))X (29)
X ^VQDP & )QDIj (Bj)~ QDP (Bj ))( (&) ~ QDP (Bj )
Similarly, we define the weak compatibility (incompatibility) of the l -level single local SP QLi (Bi) on the superblock Bt witch the local SP QL &) on the superblock Bj:
( (Bi )~ Ql (Bj )) (Qli (Bi )nQ! (Bj ) = Npi (Bi )n u(Bj )) ((biql (bj))« (qli (bi)n ql (&) < n|ui (bi)n u(& )) (30)
Weak compatibility (incompatibility) of the level local SPs of different levels will be considered as weak compatibility (incompatibility) of certain local SPs, with which these level local SPs are weakly compatible (incompatible):
(q Li- (bi )~ QLlj (Bj ))« ((3ql (bi ^\QUj (Bi )~ QL (Bi ))x
X {3ql (Bj )Q li (Bj ql (bj )')(ql (bi )~ Q l (Bj ft
i \ ) ) (31)
Ql (BI ) ~ Qlij (Bj ))O ((VQL (BI )QH (BI ) ~ QL (BI ))X
X(VQL (Bj )QliJ (Bj)~ QL (Bj ))( (BI )~ QL & )
The mutual weak compatibility (incompatibility) of the local, discretionary and global SPs on the same
superblock will be considered as induction of given local SP by the discretionary SP and, in turn, by the global SP:
(Ql (BI ) ~ QDP &))» (^Dp B )Q L B)~ QDP B ))X x (q Dp (Bi )~ Q Dp (Bj )))
(Q L (Bi ) ~~ QDP &))» ((VQDP B )QL (&-)~ QDP B ))X (32) X(QDP (Bi )~~QDP (Bj)))
(ql(Bi)~ qg(Bj ))« ((3qg(Bi)ql(Bi)~ qg(Bi))x x(qg (Bi )~ qg (Bj )))
(ql(Bi)~qg(Bj))« ((vqg(Bi)ql(Bi)~ qg&))x (33)
x(qg (Bi )~Qg (Bj )))
(qdp (Bi) ~ qg (Bj))« ((3qg B )q Dp &)~ qg & ))x
x(qg(bi)~ QG(bj 1 (34)
(QDp (Bi ) ~ qg (Bj))» ((vqg & )qDp &) ~ qg & ))x x(Qg (Bi )~~Qg (Bj )))
Weak compatibility (incompatibility) of the level local SP witch level discretionary SP will be considered as weak compatibility (incompatibility) of a certain local SP with a certain level discretionary SP, with which output SPs are weakly compatible (incompatible):
(qli; (Bi ) ~ Qdij (Bj ))« §3q L (Bi ^ B)~ ql (Bi ))•
• ^3qdp (Bj )q Dlj (Bj )~ qdp (Bj ))(( (Bi)~ qdp (Bj ), (Qli- (Bi) +QdIj (Bj))» ((vQl (Bi pli (Bi ) ~ Ql (Bi ))• (35) •(vQ Dp (Bj ]QdI, (Bj )~ Q Dp (Bj )))(Q L (Bi Qdp j )))
Weak compatibility (incompatibility) of the level local SP witch the discretionary SP will be considered as weak compatibility (incompatibility) of given discrete SP with a certain local SP, with which the source level local SP is weakly compatible (incompatible):
(QLI (Bi) ~ QDp (Bj )) « ((3QL (Bi )QLI (Bi ) ~ QL (Bi ))x x[(Q l (Bi)~ Q Dp (Bj ))
(QLl (Bi) QDp (Bj ))» ((VQ L (Bi )QLl (Bi )~ ql (Bi ))x (36) x(ql (Bi )~~QDp (Bj ))
Similarly, the weak compatibility (incompatibility) of the level local SP witch a global SP will be considered as weak compatibility (incompatibility) of given global SP with a certain local SP, with which the source level local SP is weakly compatible (incompatible):
(Qli (Bi) ~ Qg (Bj))«((3Q l (Bi )Qli &) ~ Ql & ))X x (Q l (Bi)~ Qg (Bj)), (37)
(Ql, (b, )~QG (Bj))» ((VQL (b, )QLI M) ~ QL (B,))X x(Ql (B,)~ QG (Bj )))
Weak compatibility (incompatibility) of the level discretionary SP witch a local SP will be considered as weak compatibility (incompatibility) of a given local SP witch a certain discretionary SP, with which the output level discretionary SP is weakly compatible (incompatible):
(Qd,(B,) ~ Ql (Bj))» ((eqDp (B, )qd,(B,) ~ QDp (B, ))x x(q Dp (B,)~ Q L (Bj I (38)
(q d, (B,) ~ Q L ((j ))<» ((vQDp (B, )q di (B,) ~ Q Dp (B, ))x x (q Dp (B, )~Q L (Bj)))
Similarly, the weak compatibility (incompatibility) of the level discretionary SP and global SP will be considered as weak compatibility (incompatibility) of given global SP with a certain discretionary SP, with which the output level of the discretionary SP is weakly compatible (incompatible):
(qd, (B,) ~ Qg (Bj))» ((3QDp (B, )Qd, (b, ) ~ QDp (B, ))x x(q Dp (B,)~ qg (Bj I
(qdi (b, ) ~ Qg (Bj))»((VQDp (B, )Qdi (b, ) ~ QDp (B, ))x x (q Dp (B, )~Qg (Bj)))
On the strong compatibility (incompatibility) of different types of SPs on superblocks, we will understand the weak compatibility (incompatibility) of some of the same type SPs across the whole E-networks of ISCU, which are weakly compatible (incompatible) with the corresponding output SPs on superblocks (situation (26) is a partial case of the newly described):
(q, (B,)« Qj (Bj))» ((, (B0 )Q, (B,) ~ Q, (B0 ))x x (j B)Qj (Bj)~ Qj (B0)) B)~ Qj (b} )
(40)
(Q, (B,) « Qj (Bj)) » ((VQ, (B0 (B,) ~ Q, (B0 ))•
•(VQ j (B0 j (Bj )~ Q j (B0 )) (B0 j (Bj )))l
Let us generalize the formalization of the concept of weak and strong compatibility of SPs on the superblocks
for the case when we have two different types of SP Q.i
and Qj on the superblocks Bi and Bj with the
corresponding indexes L = I (B ) and Ij = I (Bj ). If these
superblocks intersect, then the weak and strong compatibility of their SPs is equivalent: (Bt ) ~ Q j (Bj & j (Bj )), but if these
superblocks also coincide ( Bi = Bj = B and SPs are of
the same type), then the weak and strong compatibility of their SPs is equivalent to:
(Qi (B ) ~ Q j (B )) « (Qi (B) « Q j (B )) « (Qi (B ) = Q j (b)) . If superblocks do not overlap, but the index of one of them is a subindex of another: I j c Ii, then their SPs are
necessarily weakly compatible, but not necessarily strongly compatible. If the index of any of the superblocks is not a subindex of another I £ Ij)a(/j £ I, ), then their SPs are necessarily
strongly compatible and, accordingly, weakly compatible. The obtained expressions are presented in Table 2 for ensuring weak and strong compatibility (incompatibility) of different types of SPs on the superblocks of the ISCU E-network for convenience of use.
To sum it up, we suppose that a complex of SP Q(B) = (QG (B), Q (B ), Q ^ (B), Q x (B )) is defined on the
superblock B of the ISCU E-network if of all types of SPs on the superblock has defined and they are at least weakly compatible ( QG (b) , QL (b) are a global and a local SP respectively for which DPU meets the requirements, and Q Dp (B ) and QDg (B ) are an
authentication and a globalized representation of the discretionary SP for which ASU meets the requirements). In this representation, the discretionary SP is induced by the local SP, and the global one SP is induced by a local and discretionary SPs respectively. Taking into account that the ISCU E-network is a composition of superblocks, it is possible to extend the above formulated concept of SP setting on the superblock to the scale of the entire ISCU while preserving the correctness and compatibility of mathematical representations and the possibility of the formal synthesis of a protected hierarchical ISCU with any complexity level in accordance with the ISO/IEC 27001:2013 standard.
Table 2 - Expressions to provide weak and strong compatibility (incompatibility) different types of SPs on the superblocks of the
ISCU E-network
Type of SP Global SP Level discretionary SP Level local SP Local SP Discretionary SP
Global SP (20), (26) (39), (40) (37), (40) (33), (40) (34), (40)
Level discretionary SP (21), (29), (26), (40) (35), (40) (38), (40) (28), (40)
Level local SP (22), (31), (26), (40) (30), (40) (36), (40)
Local SP (23), (26) (32), (40)
Discretionary SP (24\ (26)
Consequently, new flexible mathematical models of reliable information processing are described which, in contrast to the existing ones, comprehensively describes mechanisms for providing authenticationly access to information resources of ISCU within the framework of the chosen mathematical apparatus which allows to quantify the integrity of information processes in the system. The mathematical models of the synthesis of the policy of secure interaction of information processes in the ISCU are developed, which allow to separately considering SPs on various structural components of the ISCU represented by the E-network with the possibility of their further integration. In particular, mathematical models of SPs for ISCU with object-relational model of an informational environment organization are developed and mechanisms of SPs integration, induction and compatibility within the hierarchical representation of the ISCU are proposed.
4 EXPERIMENTS
The correspondence of the selected model of SP to the proposed in the Table 1 hierarchical structure of the ISCU is ensured by the operation of DPU and ASU. Empirical investigations of those units will verify the adequacy of the above mathematical models. Let's make an experimental statement to evaluate the work of these units. The DPU implements an efficient information processing in the ISCU according to actions of users witch segregated by roles. The information security of these processes is provided by the work of the IICS, which is hosted on the registration server, and structurally attributed to the application level of the system hierarchy. As the integrity of information we will understand the qualitative state of the software and information components of the ISCU. Accordingly, information integrity controlling involves the regulated functioning of the services of its definition, preservation and restoration. However, controlling the information integrity, like any process, requires resources that will increase with the system operation time. Given the critical use of the described IS, it is necessary to create a mechanism for controlling the integrity of its information, which will function efficiently by giving priority to the use of resources for the functional purpose of ISCU in real time, while guaranteeing a given level of information security. Taking into account the above, we will determine the optimal scenario of the IICS operation a e A as the result of solving the mathematical programming task with the target function Ef (a max and the limit
Es (a)> Es min , where Es min is specified by the administrator. Asserting that the degree of completeness of the information integrity controlling process is reversed to its duration, we will present this process in time as:
Ef = P(Kdm > Kdmmin) = 1 -P(,Tdm — Tmin f ) = 1 -E{Tmf ), Es = P((dm — Kdm max ) = 1 — P((Tdm — Tmax s ) = 1 — E(lms ),
-1
Kdm vdmVdm cTdmVdm,
a
where Tdm = vdmc
Kdm min , Kdm max , Tmin f , Tmax « - the limit values °f
the corresponding variables set by the administrator. Let's summarize the variables Ef and Es in the form of a
dynamic criterion of the IICS effectiveness:
E(Tm ) = p(Tdm ^ Tmax (m )), (41)
where the function Tmax (xm ) is exponentially distributed with the mean Tm .
Taking into account criterion (41), the random information integrity controlling process in ISCU is characterized in time by a sequence of random duration states with different probability distribution laws, that is the semi-Markov process [12, 13], which is characterized
by a matrix H (t) = ||Hj (x|, the arbitrary element of which Hj (t) is the probability that the simulated process while in a state i goes to the defined by the E-network architecture state j in a time less than t , i = 1, n -1,
j = i + ^ n = /max + ^ 1 ^ lmax ^ L .
Consequently, the number of states i = 1, /„
the
amount of information, whose integrity is controlled when the ISCU is in the state i, V,, the basic distribution law Fb(t) with parameters | = {P0,P1,a,b,d}, P0 >0,
P1 > 0, P0 +P1 — 1, 0 — a — b — 1, 0 — d — ^,
(P0 + P1 * i)A(a = b = i)A(d = »),
(P0 + P1 * 1) a (a = b = d = 0) and the density
fb (t) = P05(t)+P15(t — 1)+f (0, a,0, fb (a), t) +
+ fl (a, b, fb (a), fb (b), t)+ fl (b,1, fb (b),0, t) at
d fb(b) = dfb(a), d = fb(a) = 0 and
0,if x e [0; x1 ]u [x2;to], f ((1, X2, >-1, >-2, x) = i ((2 — y — x1 )(xx2 — x1)—1 are the
+ >1, ifx e x2 ], input parameters for generating control decision, which is to choose a corresponding value Kmax, for each from the
i = 1, lmax states and the parameters of the basic probability distribution. Control influences are determined through the assignment of quantities Ki = Kmax^ .
To evaluate the criterion of the dynamic efficiency of the IICS, first we calculate the basic probability distribution density values
fb(a ) =
0, if (d = œ)v(a = b = d = 0), 2(1 - P0 - P1 )b - ad + d)-1, if e/se,
fb (b) = [2(1 - P0 - P ) - a)-1, ifd = »,
[ dfb (a), if e/se.
(42)
for each state i = 1,/max on the basis of values
| = {P0, P1, a, b, d }.
Further, on the basis of Ti = KmaxiVic-1 - the maximum duration of the semi-Markov process in a state i, we calculate the value v = Titmi = KmaxiVi (cxm )-1 and the Laplace-Stieltjes transformation of the basic probability distribution function
9b, (W^ P0 + P1e_v + 9bl (v) + 9b, () + 9bn (v), (43)
0,ifb = 1,
f (b)(2e"bv - e"v) - b))-1,ifb < 1,
(v)=i 0'ifa = 0,
9bl (V) = \vfb (a)(1 - e"av) - e~av )"1, if a > 0,
G = {Ge , Gr u G A u Gm ,Gi }.
(46)
where 9bn(vH../. (b)( --vl
0, if a = b, v (fb (b )- fb (a))(e^ - e~bv )•
•(v(b - a) + fb (a)e-av - fb (b)bv) ,f a < b, and represent the criterion (41) in the applied form
<L (v ) =
•"max 1
E(Tm ) = n 9b/ (T, T~m )
(44)
Consequently, the expressions (42)-(43) formalize the associate with the E-network representation of SP of ISCU, adapted for practical application, a method for evaluating the effectiveness of the IICS functioning on the basis of a dynamic control of the information integrity (44). The criterion (44) is based on the mathematical model of semi-Markov networks for a comprehensive stochastic description of discrete states of the information integrity control at selected hierarchical levels of the ISCU during continuous discretionary access. The method allows us to select the maximum allowable values of information integrity control factors at sub-levels of the applied level of OSI allocated in the ISCU, at which value of the criterion (44) is maximized, based on the predetermined amount of controlled information, the speed of the information integrity control and the maximum duration of the system's presence in the appropriate state.
Now let's look at the work of ASU, for which we will generalize the model of SP of ISCU in the form of a tuple
M
Mu, M
A>1V1U
G.
(45)
The first position of the tuple (45) corresponds to the administrative sublevel of the application level of the ISCU from Table 1, the second - corresponds to the identification, the third - corresponds to the integration, the fourth - corresponds to the remaining sublevels and G is a set of subsets
Given (45), (46), we isolate in the OSCU E-network the set of potential targets of intruders Qz = {1,..., qzn}, which on a system scale is formed as a result of the unification of disjoint sets of classes of information threats Z = {z1,..., zm}. The set of objects D = {d1,..., dm }e Q, categorized by types of information
threats is a set of precedents that we will use to train the ASU.
A trained ASU is represented in each block of the E-network structure of the ISCU by a set of classifiers that determine the weighted identity degree of the attributes of the analyzed object qzi, 1 < i < n to the classes of
information threats zj , j = 1, m, and compare these
degrees with the corresponding threshold values. Situations of excess of the identity degrees of the threshold values are qualified as appropriate information threats, which initiates the reaction of the system described in the SP. With such a mechanism of functioning, the efficiency of the ASU will be determined by the type of classifiers used, the representativeness of the set of precedents used for their training, and the correct choice of weights for classes of information threats and threshold values for the ASU operation. Next, we will investigate the influence of the values of the third and fourth of the listed factors on the quality of the functioning of the ASU, because the first two factors were investigated in previous studies [14, 15].
5 RESULTS
Adjust the operation of the video surveillance center ISCU ASU and the DPU, the structure of which is organized in accordance with the information given in Table 1, so as to optimize the values of the criteria (44) and (45), respectively. The analytical form of expression (43) allows us to predict that the most appreciable dynamics of the value of the criterion (44) can be observed with significant segregation in terms of the volumes of information controlled for integrity by the levels of the hierarchy of the ISCU. However, as with most powerful ISs, more than 99% of all ISCU's data is located at the first (information) level of the ISCU (or at 7 level 1 sub level if consider the ISCU in the OSI model). In particular, in the described system the video archive is 10 Tb and the rest of the software together with the server operating system and all specialized software with the automated speaker recognition system for critical use is about 70 Gb. In this situation, the greatest imbalance in the volumes of information controlled for integrity on levels of ISCU can be observed when powerful data manipulation processes are initiated, the most common of which are: 1) the data backup process initiated by the administrator; 2) initiated by the authorized user process of searching information on the entire database of the ISCU. Let's analyze the relative volumes of information controlled for integrity on the sub-levels of the ISCU
hierarchy for these two processes, presenting the result of the analysis in the form of Table 3.
On the basis of the data obtained in Table 3 on the relative volumes of information controlled for integrity on the corresponding sublevels of the application level of the ISCU let's find the relationship between the value of the dynamic performance criterion DPU (44) and the values of the duration and the coefficient of the of the ISCU information integrity control for the processes 1 and 2, which are performed during the corresponding discretionary accesses The results of the study is shown in the Fig. 1.
The purpose of the operation of ASU of the above-described video surveillance center ISCU is to identify and correctly classify attacks that aim either to obtain unauthorized access to the information resources of the ISCU or to violate their integrity. To test the performance of the ASU, typified attacks were formulated to check the adequacy of the global SP (attacks on the content of user roles, 5 types of attacks), the local SP (attack on the hardware and software components of the ISCU interaction processes, including at different levels of its
hierarchy, 12 types of attacks), the discretionary SP (attacks with attempted unauthorized authentication of users by password, identity card, individual voice parameters and attacks on the combined authentication procedure, 6 types of attacks, details are in [16]). The total number of types of attacks was 23.
The number of functions of the ISCU, described by the corresponding superblocks of different order, and related to the tasks of collecting, registering, storing, processing, updating and presenting of system information resources, was 41. The number of attributes whose values were evaluated by the classifiers for the recognition of the attack types were 9. The number of attacks of each type was 100 times, parameters of 40 of which for each type of attack were used to train ASU. The results of ASU's work on attack recognition were summarized in the form of a set of recommended weights for classifiers who are responsible for detecting attacks on the global, local and discretionary SP, respectively. The threshold of classifier sensitivity to detect the attack, given the critical use of IS, was set to 0.1.
Table 3 - Relative volumes of information controlled for integrity on the sub-levels of the ISCU hierarchy for the processes 1 and 2
e 13 e r e e iv
Sub-levels of the ISCU hierarchy ^ <2 e <u § s 3. Applied 4. Server 0 m 1 £ ). Dispatche T. Integratio: at c nt e •o ta tr ist "S 1 <
cs 00 cK
Process 1
Relative volume of information controlled for integrity Vj j^ V , % 1 1 1 1 1 1 1 1 92
Process 2
Relative volume of information controlled for integrity Vj j^ V , % 5 5 10 10 10 10 10 10 30
Process 1
Process 2
10 20 30 40 50 60 70 80 90 v/iv, %
10 20 30 40 50 60 70 80 90 VJ1V, %
k M, = 0.30
1: Tm = 0.03
2: TIT = 0.09
3: Tm = 0.15
4: Tm = 0.16
10 20 30 40 SO 60 70 80 90
wiv % 10 20 30 40 50 60 70 80 90
v/zv, %
Figure 1 - Dependence of the functional criterion (44) on the input parameters of DPU of ISCU
6 DISCUSSION
The conducted experiments proved the adequacy of the proposed model for the formation of SP of ISCU on the basis of its representation in the form of an E-network graph, which simulates the hierarchical structure of IS, describes in the form of superblocks the corresponding roles of users, which correspond functions in the form of software services, information integrity controlling processes and the processes for separating of the to system resources access. The analysis of the results of experiments allowed to reveal a number of regularities in the work of ASU and DPU of ISCU, in particular:
1. The influence of the Kmax t parameter of the i -level of the ISCU on the value of the criterion E (xm) depends on the volume of information controlled for integrity Vi at the i -level relative to the total volume of information controlled for integrity E V during the current discretionary access;
2. At close values of the Vi significant changes in the value of the criterion E(xm) can be achieved by changing the values Kmax, at the appropriate levels of ISCU;
3. By changing the values of xm and the values of Kmax, in one direction we can improve the dynamics of changing the value of the criterion E (xm);
4. At values of parameters Kmax, close to zero IICS as a part of DPU ceases to perform its functions, and at values Kmaxt close to one an efficiency of IICS as a part of DPU is completely determined by the value of the parameter xm;
5. The change of the level parameters Kmax t leads to
a synchronous change in the mathematical expectation of the duration of information integrity control in the ISCU, affecting the quality of the work of IICS, accordingly;
6. It is possible to improve the efficiency of the access separation process implemented in the ASU with the use of sets of classifiers by teaching them methods created for ensembles of decision rules.
CONCLUSIONS
The article presents a mathematical apparatus for a complex unified description of static and dynamic, controlled by integrity and authenticity, processes of the information system for critical use in its hierarchical representation.
The scientific novelty of the results can be attributed to the fact that for the first time a mathematical modeling of a critical information system was implemented, in which, unlike existing ones, a single approach was introduced for describing information processes in the framework of global, discretionary and local security policies with anchoring to a hierarchical structure of information system, which allows to perform analysis and synthesis of functions of support services for user roles based on the object-relational model of information
management system organization with the possibility of integration and interoperability induction within a single
security policy to control data integrity and authenticity of static and dynamic access.
The practical consequence of the obtained theoretical results is the methods of optimizing the operation of data processing unit and access separation unit, which are responsible for information integrity controlling and access authenticity controlling to the ISCU, respectively. In particular, it is formally adapted for practical use, the method of dynamic information integrity control with the corresponding criterion, which is based on the mathematical apparatus of semi-Markov networks for the complex stochastic description of the discrete states of the information integrity control at selected hierarchical levels of the ISCU during continuous discretionary access. The method allows to select the maximum allowable values of information integrity control coefficients at the sub-levels of the application level OSI allocated in the ISCU, based on the pre-set volume of information controlled for integrity, the speed of its integrity control and the maximum duration of the system's stay in a suitable state.
The article describes a method for controlling access to information processes that are described by superblocks on the E-network representation of the ISCU using sets of classifiers integrated into each block of the superblock that capture the fact of exceeding the corresponding thresholds by weighted degrees of identity of the attributes of the object that wants to access, which allows us to classify the identified information threat and initiate the corresponding reaction described in the system SP. The analysis of the experiments results allowed obtaining the optimal parameters of groups of classifiers, which, in the framework of global, local and discretionary SP, prevent the receipt of unauthorized access to information resources of the ISCU or attempts to violate their integrity.
Further research is planned to be devoted to the collection and analysis of empirical data on the results of practically implemented ISCUs on the basis of the proposed mathematical apparatus for the purpose of factor analysis of the characteristic parameters of its objects and optimization of the set of user roles and corresponding set of functions.
ACKNOWLEDGEMENTS
The work was carried out within the framework of the cathedral scientific research work number 46K4 "Methods of modelling and optimization of complex systems on the basis of intellectual technologies" at the department of computer control systems of the Vinnytsia National Technical University with the support of the staff of the department and related department of automation and information and measuring technology VNTU.
REFERENCES
1. Conceptual Modeling of Information Systems [Electronic resource]. Access mode: http://infocat.ucpel.tche.br/disc/mc/cmis.pdf
2. Peltier T. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. Auerbach Publications, CRC Press, 2001, 312 p.
3. ISO/IEC 27001 Information Security Management Standard [Electronic resource]. Access mode: http://pqm-online.com/assets/files/pubs/translations/std/iso-mek-27001-2013(rus).pdf
4. ISO/IEC 2382:2015 Information technology Standard [Electronic resource]. Access mode: https://webstore.iec.ch/publication/22380
5. Alani M. Guide to OSI and TCP/IP Models. Springer Publishing Company, 2014, 50 p. DOI: 10.1007/978-3-31905152-9
6. Discrete System Models [Electronic resource]. Access mode:
http://laser. inf. ethz.ch/2004/papers/abrial/discrete_sy stem_ models.pdf
7. Chen Y.-L., Feng Lin Modeling of discrete event systems using finite state machines with parameters, Proc. of the 2000. IEEE International Conference on Control Applications. (Cat. No.00CH37162), 27-27 Sept. 2000 : proceedings, USA, Anchorage, 2000, P. 941-946. DOI: 10.1109/CCA.2000.897591
8. Nikolaidou M. Dimosthenis Anagnostopoulos Exploring Web-Based Information System Design: A Discrete-Stage Methodology and the Corresponding Model, International Conference on Advanced Information Systems Engineering CAiSE 2003. Berlin, Springer, 2003, pp. 159-174. DOI 10.1007/3-540-45017-3_13
9. Mehler A., Kühnberger K.-U., Lobin H., Lüngen H., Storrer A., Witt A. Modeling, Learning, and Processing of
УДК 681.327.12
Text-Technological Data Structures. Berlin, SpringerVerlag, 2012, XVI, 400 p. DOI 10.1007/978-3-642-22613-7
10. Balle B., Castro J., Gavaldà R. Learning probabilistic automata: A study in state distinguishability, Theoretical Computer Science, 2013, Vol. 473, pp. 46-60. DOI 10.1016/j.tcs.2012.10.009
11. Kim D., Solomon M. Fundamentals of Information System Security, Third Edition. Jones & Bartlett Publishers, 2010, 514 p.
12. Analysis of Probabilistic Processes and Automata Theory [Electronic resource]. Access mode: http://homepages.inf.ed.ac.uk/kousha/etessami-prob-processes-chapter-handbook-of-automata-theory-DRAFT.pdf
13. Falley P. Categories of Data Structures, Journal of Computing Sciences in Colleges, Papers of the Fourteenth Annual CCSC Midwestern Conference and Papers of the Sixteenth Annual CCSC Rocky Mountain Conference, 2007, Vol. 23, Iss. 1, pp. 147-153.
14. Bisikalo O. V., Grischuk T. V., Kovtun V. V. Optimizatsiya klasifikatora avtomatizovanoyi sistemi rozpiznavannya movtsya kritichnogo zastosuvannya, Radio Electronics, Computer Science, Control, 2018, No. 2, pp. 30-43. DOI 10.15588/1607-3274-2018-2-4
15. Bikov M. M., Gafurova A. D., Kovtun V. V. Doslidzhennya komitetu neyromerezh u avtomatizovaniy sistemi rozpiznavannya movtsiv kritichnogo zastosuvannya, Visnik Hmelnitskogo natsionalnogo universitetu, seriya: Tehnichni nauki. Hmelnitskiy, 2017, No. 2(247), pp. 144-150.
16. Grischuk T. V., Kovtun V. V. Kontseptsiya vprovadzhennya avtomatizovanoyi sistemi rozpiznavannya movtsya u protses avtentifIkatsiyi dlya dostupu do kritichnoyi sistemi, Visnik vinnitskogo politehnichnogo institutu, 2018, No. 6, pp. 98110.
Received 01.11.2018.
Accepted 26.12.2018.
МОДЕЛЮВАННЯ ПОЛ1ТИКИ БЕЗПЕКИ ШФОРМАЦШНО1 СИСТЕМИ КРИТИЧНОГО ЗАСТОСУВАННЯ
Бiсiкало О. В. - д-р техн. наук, професор, декан факультету комп'ютерних систем i автоматики Вшницького национального техшчного ушверситету, Вiнниця, Украша.
Ковтун В. В. - канд. техн. наук, доцент, доцент кафедри комп'ютерних систем управлшня Вшницького нацюнального техшчного уншерситету, Вшниця, Украша.
Юхимчук М. С. - канд. техн. наук, доцент, доцент кафедри комп'ютерних систем управлшня Вшницького нацюнального техшчного ушверситету, Вшниця, Украша.
АНОТАЦ1Я
Актуальнiсть. Порiвняно iз уншерсальними iнформацiйними системами, iнформацiйна система критичного застосування мае спрощену структуру шформацшного середовища i специфiчнi вимоги щодо обсягiв i характеру iнформацiйних ресурсш. Це факт дозволяе вiдмовитися ввд надмiрноl деталiзацu i звузити об'ект моделювання до процесу формування полижи безпеки шформацшно1 системи критичного застосування, адекватний проблемний опис якого е досяжним за умови рацiонального вибору математичного апарату.
Мета роботи. Синтез математичного апарату для комплексного ушфжованого опису статичних i динамiчних, контрольованих за цiлiснiстю та автентичнiстю, процесш у iнформацiйнiй системi критичного застосування у 11 iерархiчному представленнi.
Метод. У статп отримано новi комплексш математичнi моделi процесiв оброблювання шформаци та розмежування доступу до не1, якi, на вiдмiну вiд юнуючих, описують в рамках математичного апарату Е-мереж мехашзми убезпечення середовища та ресурсш шформацшно! системи критичного застосування i дозволяють кiлькiсно оцiнити цшстсть 11 iнформацiйних ресурсiв. Розроблено математичш моделi синтезу полiтики безпечно1 взаемодп iнформацiйних процесiв у iнформацiйнiй системi критичного застосування, якi дозволяють гарантувати дотримання локальних полiтик безпеки на рiзних структурних елементах системи i iнтегрувати 1х у глобальну политику безпеки iз дотриманням едино1 дискрецшно! полiтики скрiзь у системi.
Результата. Практичним наслщком отриманих теоретичних результатiв е методи оптимiзацii роботи блокiв оброблювання даних i розмежування доступу, якi вщповщають у iнформацiйнiй системi критичного застосування за контроль цiлiсностi iнформацii та автентичшсть доступу до неi вщповдао. Зокрема, формалiзовано асоцiйований i3 моделлю полiтики безпеки iнформацiйноi системи критичного застосування, адаптований для практичного застосування, метод динамiчного контролю цiлiсностi шформацп iз вдаовщним критерiем, який базуеться на математичному апаратi напiвмарковських мереж для комплексного стохастичного опису дискретних станiв контролю цiлiсностi iнформацii на вибраних iерархiчних рiвнях системи тд час неперервного дискрецшного доступу. Метод дозволяе вибрати максимальнi допустимi значення коефiцiентiв контролю цiлiсностi iнформацii на пiдрiвнях прикладного рiвня OSI, видшених у iнформацiйнiй системi критичного застосування, на основi попередньо заданого обсягу контрольованоi iнформацii, швидкоста контролю ii цiлiсностi та максимальноi тривалостi перебування системи у вщповщному станi. Також представлено метод контролю доступу до системних шформацшних процесiв, який виконуеться множинами iнтегрованих класифiкаторiв, якi фжсують факти перевищення вщтаждних порогових значень зваженими ступенями iдентичностi атрибутiв об'екта, який бажае отримати доступ, класифжують виявленi таким чином iнформацiйнi загрози i iнiцiюють описанi в системнш полiтицi безпеки сценарii. Аналiз результата проведених експериментiв дозволив отримати оптимальш параметри для множин класифiкаторiв, яю, в рамках глобальноi, локальноi i дискрецiйноi полiтики безпеки, запобiгають отриманню несанкцiонованого доступу до системних шформацшних ресурсш або спробам порушення iх цiлiсностi.
Висновки. У статтi вперше представлено математичну модель iнформацiйноi системи критичного застосування, у якш, на вщмшу вiд iснуючих, введено единий пiдхiд для опису iнформацiйних процеав у рамках глобальноi, дискрецiйноi та локальноi полiтик безпеки iз прив'язкою до iерархiчноi структури iнформацiйноi системи, що дозволяе виконувати аналiз i синтез функцiй сервiсiв пiдтримки ролей користувачiв на основi об'ектно-реляцiйноi моделi органiзацii iнформацiйних ресурсiв системи, виконувати iх iнтеграцiю, iндукуванням i забезпечувати сумiснiсть в рамках единоi полггики безпеки, контролювати в системi цЫсшсть iнформацii та автентичнiсть статичного i динамiчного доступу до неi.
КЛЮЧОВ1 СЛОВА: iнформацiйна система критичного застосування, полгшка безпеки, блок оброблювання даних, блок розмежування доступу, автоматизована система розтзнавання мовцiв критичного застосування.
УДК 681.327.12
МОДЕЛИРОВАНИЕ ПОЛИТИКИ БЕЗОПАСНОСТИ ИНФОРМАЦИОННОЙ СИСТЕМЫ КРИТИЧЕСКОГО
ПРИМЕНЕНИЯ
Бисикало О. В. - д-р техн. наук, профессор, декан факультета компьютерных систем и автоматики Винницкого национального технического университета, Винница, Украина.
Ковтун В. В. - канд. техн. наук, доцент, доцент кафедры компьютерных систем управления Винницкого национального технического университета, Винница, Украина.
Юхимчук М. С. - канд. техн. наук, доцент, доцент кафедры компьютерных систем управления Винницкого национального технического университета, Винница, Украина.
АННОТАЦИЯ
Актуальность. По сравнению с универсальными информационными системами, информационная система критического применения имеет упрощенную структуру информационной среды и специфические требования по объемам и характеру информационных ресурсов. Это факт позволяет отказаться от чрезмерной детализации и сузить объект моделирования в процесс формирования политики безопасности информационной системы критического применения, адекватное проблемное описание которого является достижимым при условии рационального выбора математического аппарата.
Цель работы. Синтез математического аппарата для комплексного унифицированного описания статических и динамических, контролируемых на предмет целостности и аутентичности, процессов в информационной системе критического применения в ее иерархическом представлении.
Метод. В статье получены новые комплексные математические модели процессов обработке информации и разграничение доступа к ней, которые, в отличие от существующих, описывают в рамках математического аппарата Е-сетей механизмы защиты среды и ресурсов информационной системы критического применения и позволяют количественно оценить целостность ее информационных ресурсов. Разработаны математические модели синтеза политики безопасного взаимодействия информационных процессов в информационной системе критического применения, которые позволяют гарантировать соблюдение локальных политик безопасности на различных структурных элементах системы и интегрировать их в глобальную политику безопасности с соблюдением единой дискреционной политики в системе в целом.
Результаты. Практическим следствием полученных теоретических результатов являются методы оптимизации работы блоков обработки данных и разграничения доступа, которые отвечают в информационной системе критического применения за контроль целостности информации и аутентичность доступа к ней соответственно. В частности, формализовано ассоциированный с моделью политики безопасности информационной системы критического применения, предназначенный для практического применения, метод динамического контроля целостности информации с соответствующим критерием, который базируется на математическом аппарате полумарковских сетей для комплексного стохастического описания дискретных состояний контроля целостности информации на выбранных иерархических уровнях системы при непрерывном дискреционном доступе к ее информационным ресурсам. Метод позволяет выбрать максимально допустимые значения коэффициентов контроля целостности информации на подуровнях прикладного уровня OSI, выделенных в информационной системе критического применения, на основе предварительно заданного объема контролируемой информации, скорости контроля ее целостности и максимальной продолжительности пребывания системы в соответствующем состоянии. Также представлен метод контроля доступа к системным информационным процессам, © Bisikalo O. V., Kovtun V. V., Yukhimchuk M. S., 2019 DOI 10.15588/1607-3274-2019-1-13
который осуществляется множествами интегрированных классификаторов, которые фиксируют факты превышения соответствующих пороговых значений взвешенными степенями идентичности атрибутов объекта, который желает получить доступ, классифицируют выявленные таким образом информационные угрозы и инициируют описанные в системной политике безопасности сценарии. Анализ результатов проведенных экспериментов позволил получить оптимальные параметры для множеств классификаторов, которые, в рамках глобальной, локальной и дискреционной политик безопасности, предотвращают получению несанкционированного доступа к системным информационных ресурсам или попытки нарушения их целостности.
Выводы. В статье впервые представлена математическую модель информационной системы критического применения, в которой, в отличие от существующих, введен единый подход для описания информационных процессов в рамках глобальной, дискреционной и локальной политик безопасности с привязкой к иерархической структуры информационной системы, что позволяет выполнять анализ и синтез функций сервисов поддержки ролей пользователей на основе объектно-реляционной модели организации информационных ресурсов системы, выполнять их интеграцию, индуцирование и обеспечивать совместимость в рамках единой политики безопасности, контролировать в системе целостность информации и аутентичность статического и динамического доступа к ней.
КЛЮЧЕВЫЕ СЛОВА: информационная система критического применения, политика безопасности, блок обработке данных, блок разграничения доступа, автоматизированная система распознавания диктора критического применения.
.MTEPATyPA / .ÏÏHTEPATyPA
1. Conceptual Modeling of Information Systems [Electronic resource], - Access mode: http://infocat.ucpel.tche.br/disc/mc/cmis.pdf
2. Peltier T. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management / Thomas R. Peltier. Auerbach Publications: CRC Press, 2001. - 312 p.
3. ISO/IEC 27001 Information Security Management Standard [Electronic resource]. - Access mode: http://pqm-online.com/assets/files/pubs/translations/std/iso-mek-27001-2013(rus).pdf
4. ISO/IEC 2382:2015 Information technology Standard [Electronic resource]. - Access mode: https://webstore.iec.ch/publication/22380
5. Alani M. Guide to OSI and TCP/IP Models / Mohammed M. Alani. - Springer Publishing Company, 2014. - 50 p. DOI: 10.1007/978-3-319-05152-9
6. Discrete System Models [Electronic resource]. - Access mode:
http://laser. inf. ethz.ch/2004/papers/abrial/discrete_sy stem_ models.pdf
7. Chen Y.-L. Modeling of discrete event systems using finite state machines with parameters / Yi-Liang Chen, Feng Lin // Proc. of the 2000. IEEE International Conference on Control Applications. (Cat. No.00CH37162), 27-27 Sept. 2000 : proceedings. - USA, Anchorage, 2000. - P. 941-946. DOI: 10.1109/CCA.2000.897591
8. Nikolaidou M. Exploring Web-Based Information System Design: A Discrete-Stage Methodology and the Corresponding Model / Mara Nikolaidou, Dimosthenis Anagnostopoulos // International Conference on Advanced Information Systems Engineering CAiSE 2003. - Berlin : Springer, 2003. - P. 159-174. DOI 10.1007/3-540-45017-3_13
9. Mehler A. Modeling, Learning, and Processing of Text-Technological Data Structures / [A. Mehler, K.-U.
Kühnberger, H. Lobin et al.]. - Berlin : Springer-Verlag, 2012. - XVI, 400 p. DOI 10.1007/978-3-642-22613-7
10. Balle B. Learning probabilistic automata: A study in state distinguishability / Borja Balle, Jorge Castro, Ricard Gavaldà // Theoretical Computer Science. - 2013. -Vol. 473. - P. 46-60. DOI 10.1016/j.tcs.2012.10.009
11. Kim D. Fundamentals of Information System Security, Third Edition / David Kim, Michael Solomon. - Jones & Bartlett Publishers, 2010. - 514 p.
12. Analysis of Probabilistic Processes and Automata Theory [Electronic resource]. - Access mode: http://homepages.inf.ed.ac.uk/kousha/etessami-prob-processes-chapter-handbook-of-automata-theory-DRAFT.pdf
13. Falley P. Categories of Data Structures / P. Falley // Journal of Computing Sciences in Colleges, Papers of the Fourteenth Annual CCSC Midwestern Conference and Papers of the Sixteenth Annual CCSC Rocky Mountain Conference. - 2007. - Vol. 23, Iss. 1. - P. 147-153.
14. Бгсжало О. В. OnrnMi3a^M класифжатора автоматизованл системи розтзнавання мовця критичного застосування / О. В. Бгсжало, Т. В. Грищук, В. В. Ковтун // Радюелектрошка, шформатика, управлшня. - 2018. - № 2. - C. 30-43. DOI 10.15588/1607-3274-2018-2-4
15. Биков М. М. Дослщження комгтету нейромереж у автоматизованш систем розтзнавання мовщв критичного застосування / М. М. Биков, А. Д. Гафурова, В. В. Ковтун // Вюник Хмельницького нацюнального ушверситету, серiя: Техшчш науки, Хмельницький. -2017. - №2 (247). - C. 144-150.
16. Грищук Т. В. Концепщя впровадження автоматизованл системи розтзнавання мовця у процес автентифжацп для доступу до критичноï системи / Т. В. Грищук, В. В. Ковтун // Вюник Вшницького полгтехшчного шституту. - 2018. - № 6. - C. 98-110.
