Моделирование процессов функционирования автоматизированных систем при проведении мероприятий по оценке защищенности
Работая с нашим сайтом, вы даете свое согласие на использование файлов cookie. Это необходимо для нормального функционирования сайта, показа целевой рекламы и анализа трафика. Статистика использования сайта отправляется в «Яндекс» и «Google»
Научный журнал Моделирование, оптимизация и информационные технологииThe scientific journal Modeling, Optimization and Information Technology
Online media
issn 2310-6018

Modeling of automated system's functioning processes during security assessment activities

idKorolev I.D., idMarkin D.I., idLitvinov E.S.

UDC 004.942
DOI: 10.26102/2310-6018/2021.35.4.010

  • Abstract
  • List of references
  • About authors

The study is relevant due to the need for minimization of the negative impact on the integrity and confidentiality of data processed by the automated system, as well as on the state of the system components during penetration testing as part of the security control measure. In this regard, this article is aimed to identify methods for creating and using virtual system layouts for their subsequent use in testing. The leading research approach is the modeling of real-world processes of system users functioning: malicious users, officials, responsible for ensuring the security of information processed in the system based on the queuing theory, which makes it possible to comprehensively consider the functioning of automated systems in terms of processing user and attacker requests. The article presents an abstract model of the automated systems functioning. It makes it possible to assess the system security by analyzing the values of the probability that the system will process user requests for access to information resources and inquiry from intruders aimed at violating the confidentiality, integrity, and availability of system components and processed information resources. The article materials are of practical value for creating a virtual test bench for penetration testing, simulating the functioning of an automated circuit, and minimizing the impact on a real system.

1. The Federal Law of July 27, 2017 № 187-FZ "On the Safety of Critical Information infrastructure of Russian Federation", 2017.

2. Decree of the President of the Russian Federation of December 5, 2016 № 646 "On the approval of the Doctrine of information security of the Russian Federation", 2016.

3. Protection of information. Basic terms and definitions: GOST R 50922-20061, 2008.

4. Information technology. Set of standards for automated systems. Automated systems. Terms and definitions: GOST 34.003-90, 1992.

5. Cybersecurity Threatscape 2020 Q4. URL: https://ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2020-q4/ (date of access: 25.04.2021).

6. Information protection. Sequence of protected operational system formation. General provisions: GOST R 51583-2014, 2014.

7. Konovalenko S.A., Korolev I.D. Information system's vulnerabilities detection. Innovation in science. 2016;9(58):12-20.

8. Porokhnenko Y.S., Polezhaev P.N. Comparative analysis of computer network emulators. The university complex as a regional center of education, science and culture. 2017;3(18):3194-3199.

9. Samarov K.L. Study guide for the section "Elements of queuing theory". Novosibirsk: ООО «Rezolventa»; 2009. 19 p. (In Russ.)

10. Tomashevsky V.N., Zhdanova E.G. Simulation in the GPSS environment. M.: «Bestseller»; 2003. 219 p. (In Russ.)

11. Gmurman V.E., Theory of Probability and Mathematical Statistics. M.: "Vyshhaya shkola"; 2003. 479 p. (In Russ.)

Korolev Igor Dmitrievich
doctor of technical sciences, professor
Email: pi_korolev@mail.ru

ORCID | eLibrary |

Krasnodar Higher Military School

Krasnodar, Russian Federation

Markin Denis Igorevich

Email: denismark94@gmail.com

ORCID | eLibrary |

Krasnodar Higher Military School

Krasnodar, Russian Federation

Litvinov Evgeny Sergeevich

Email: litvinoves@rambler.ru

ORCID | eLibrary |

Krasnodar Higher Military School

Krasnodar, Russian Federation

Keywords: information security, automated system, information security system, information security control, active security check, queuing system, emulation

For citation: Korolev I.D., Markin D.I., Litvinov E.S. Modeling of automated system's functioning processes during security assessment activities. Modeling, Optimization and Information Technology. 2021;9(4). URL: https://moitvivt.ru/ru/journal/pdf?id=1001 DOI: 10.26102/2310-6018/2021.35.4.010 (In Russ).

505

Full text in PDF

Received 11.06.2021

Revised 05.10.2021

Accepted 21.10.2021

Published 31.12.2021