Modeling of automated system's functioning processes during security assessment activities

The study is relevant due to the need for minimization of the negative impact on the integrity and confidentiality of data processed by the automated system, as well as on the state of the system components during penetration testing as part of the security control measure. In this regard, this article is aimed to identify methods for creating and using virtual system layouts for their subsequent use in testing. The leading research approach is the modeling of real-world processes of system users functioning: malicious users, officials, responsible for ensuring the security of information processed in the system based on the queuing theory, which makes it possible to comprehensively consider the functioning of automated systems in terms of processing user and attacker requests. The article presents an abstract model of the automated systems functioning. It makes it possible to assess the system security by analyzing the values of the probability that the system will process user requests for access to information resources and inquiry from intruders aimed at violating the confidentiality, integrity, and availability of system components and processed information resources. The article materials are of practical value for creating a virtual test bench for penetration testing, simulating the functioning of an automated circuit, and minimizing the impact on a real system.

1. The Federal Law of July 27, 2017 № 187-FZ "On the Safety of Critical Information infrastructure of Russian Federation", 2017.

2. Decree of the President of the Russian Federation of December 5, 2016 № 646 "On the approval of the Doctrine of information security of the Russian Federation", 2016.

3. Protection of information. Basic terms and definitions: GOST R 50922-20061, 2008.

4. Information technology. Set of standards for automated systems. Automated systems. Terms and definitions: GOST 34.003-90, 1992.

5. Cybersecurity Threatscape 2020 Q4. URL: https://ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2020-q4/ (date of access: 25.04.2021).

6. Information protection. Sequence of protected operational system formation. General provisions: GOST R 51583-2014, 2014.

7. Konovalenko S.A., Korolev I.D. Information system's vulnerabilities detection. Innovation in science. 2016;9(58):12-20.

8. Porokhnenko Y.S., Polezhaev P.N. Comparative analysis of computer network emulators. The university complex as a regional center of education, science and culture. 2017;3(18):3194-3199.

9. Samarov K.L. Study guide for the section "Elements of queuing theory". Novosibirsk: ООО «Rezolventa»; 2009. 19 p. (In Russ.)

10. Tomashevsky V.N., Zhdanova E.G. Simulation in the GPSS environment. M.: «Bestseller»; 2003. 219 p. (In Russ.)

11. Gmurman V.E., Theory of Probability and Mathematical Statistics. M.: "Vyshhaya shkola"; 2003. 479 p. (In Russ.)