350 rub
Journal Radioengineering №8 for 2019 г.
Article in number:
Methods of identification and evaluation of vulnerable links of automated process control systems
Type of article: scientific article
DOI: 10.18127/j00338486-201908(11)-08
UDC: 004.056.53
Keywords: Information security automated control systems level threat model vulnerable link vulnerability security threat source of threat security measure attack probability of vulnerability realization.
Authors:

D.V. Chernov – Assistant, 

Department «Information Security», Tula State University; Head of the Information Security Sector, JSC ADC (Tula) E-mail: cherncib@gmail.com

A.A. Sychugov – Ph.D.(Eng.), Associate Professor, 

Head of Department «Information Security», Tula State University E-mail: xru2003@list.ru

Abstract:

The aim of the work is to improve the quality of the developed models of threats to information security of automated process control systems (ACS TP). In accordance with the purpose of the work, the authors set the task of developing a method for determining the potential vulnerabilities characteristic of multi-level ACS TP and their evaluation to calculate the probability of vulnerabilities through vulnerable links. The features of the APCS, causing the possibility of threats to information security and vulnerable links. The possible types of information security threats that can be implemented by an attacker in the APCS are given. In the course of solving this problem, the authors propose a way to identify relevant vulnerable parts of the system based on a survey of experts. An assessment of the security of the APCS on the basis of the analysis of the security measures used. The formulas for determining the probability of favorable conditions for the use of vulnerabilities in vulnerable links and the formation of the final list of vulnerable links of APCS are proposed. In the course of confirming the performance of the developed method, the authors the calculation of the assessment of the probability of vulnerabilities APCS using the actual vulnerable link. Implementation of the results in the APCS will improve fault tolerance, identify potential weaknesses developed APCS and reduce the cost of their operation and protection. The research results are recommended for use in the design of the information security system in the APCS.

Pages: 67-74
References
  1. Chernov D.V., Sychugov A.A. Analiz sovremennykh trebovanii i problem obespecheniya informatsionnoi bezopasnosti avtomatizirovannykh sistem upravleniya tekhnologicheskimi protsessami. Neirokompyutery. Razrabotka, primenenie. 2018. № 8. S. 38−46. (In Russian).
  2. Metodika opredeleniya aktualnykh ugroz personalnykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personalnykh dannykh. FSTEK Rossii. (In Russian).
  3. Chernov D.V., Sychugov A.A. Formalizatsiya modeli narushitelya informatsionnoi bezopasnosti ASU TP. Izvestiya TulGU. Tekhnicheskie nauki. 2018. № 10. S. 22−27. (In Russian).
  4. Chernov D.V., Sychugov A.A. Formalizovannoe predstavlenie potentsiala narushitelya informatsionnoi bezopasnosti ASU TP. Voprosy kiberbezopasnosti, modelirovaniya i obrabotki informatsii v sovremennykh sotsiotekhnicheskikh sistemakh. 2018. № 6. S. 49−55. (In Russian).
  5. Bolelov E.A., Sbitnev A.V. Informatsionnaya bezopasnost telekommunikatsionnykh sistem: posobie po vypolneniyu prakticheskikh zanyatii. M.: MGTU GA. 2014. (In Russian).
  6. Blinov A.M. Informatsionnaya bezopasnost: Ucheb. posobie. Ch. 1. SPb.: SPBGUEF. 2010. 96 s. (In Russian).
  7. Gatchin Yu.A., Sukhostat V.V. Teoriya informatsionnoi bezopasnosti i metodologiya zashchity informatsii. SPb.: SPbGU ITMO. 2010. 98 s. (In Russian).
Date of receipt: 5 июля 2019 г.