V.O. Volosenkov – Dr.Sc. (Eng.), Professor,
Russian Armed Forces Army Air Defense Military Academy n.a. Marshal of the Soviet Union A.M. Vasilevsky E-mail: vvolosenkov@yandex.ru
S.Kh. Ekshembiev – Dr.Sc. (Economic),
Deputy General Director − General Designer on the Cost of Production Management, Economics and Finance,
JSC «Concern «Morinsys-Agat» (Moscow)
E-mail: info@concern-agat.ru
E.S. Novikov – Dr.Sc. (Eng.), Professor,
Chief Designer of the Direction − Head of the Scientific and Methodological Center for Training and Retraining of Personnel, JSC «Concern «Morinsys-Agat» (Moscow) E-mail: Novik49@bk.ru
The article is devoted to the development of a method for assessing the level of security of information resources of special-purpose automated control systems. The modern automated control system for special purposes is a complex system consisting of a large number of components of varying degrees of autonomy, which are interconnected and exchange data. The structures of such systems are quite vulnerable, because they include a large number of various relationships and dependencies, and accordingly, when one of the key nodes fails, the so-called «cascade effect» can occur, which is expressed in failure or limitation of the functionality of nodes and subsystems lower in the hierarchy. One of the most important requirements for automated control systems for special purposes is the protection of information resources. Information resources are directly stored and circulating data in an automated control system. Assessing the security of information resources of automated control systems for special purposes is a complex, multi-stage process, which involves determining the values of the main indicators of individual nodes and subsystems, and the system as a whole, their relationships, followed by the formation of a generalized indicator.
Existing methods do not allow an unambiguous assessment of the security of automated control systems for special purposes and to obtain a quantitative parameter in view of their coverage of all components of protection, including protection against physical penetration of attackers to information processing facilities. In this regard, the development of a method for assessing the level of security of automated control systems for special purposes is an urgent scientific task.
The method is a system of actions, according to a quantitative assessment, of a multitude of parameters characterizing the level of security of information resources of an automated control system for special purposes under unauthorized influences based on the calculation of the probabilities of access to its information resources. The proposed method differs from the known ones by taking into account the influence of unauthorized influences and allows one to determine the probability of reflection of an attacker's threats in elements and nodes of a special-purpose automated control system based on mathematical modeling using the Kolmogorov system of equations for Markov random processes. The calculation of the probability of reflection of the threats of the attacker in the elements and nodes of the automated control system for special purposes is carried out using a discrete-stochastic mathematical scheme. Applying the method in practice will allow us to assess the quality of the functioning of automated control systems for special purposes in the conditions of unauthorized software and hardware impacts on its elements and ensure the required security of information resources.
Volosenkov V.O., Ekshembiev S.Kh., Novikov E.S. Assessment of security of information resources of automated management systems of special purpose. Radiotekhnika. 2020. V. 84. № 8(16). P. 13−17. DOI: 10.18127/j00338486202008(16)-02 (In Russian).
- Gavrilov A.D., Volosenkov V.O. Ugrozy informacionnoj bezopasnosti avtomatizirovannoj sistemy obrabotki dannyh. Problemy bezopasnosti rossijskogo obshhestva. 2013. № 4. S. 85−92 (In Russian).
- Gavrilov A.D., Volosenkov V.O. Klassifikacija modelej obespechenija informacionnoj bezopasnosti raspredeljonnyh vychislitel'nyh sistem. Problemy bezopasnosti rossijskogo obshhestva, 2013. № 4. S. 72−84 (In Russian).
- Shheglov A.Ju. Zashhita komp'juternoj informacii ot nesankcionirovannogo dostupa. Nauka i tehnika. SPb: «Piter». 2004 (In Russian).
- Mel'nikov V.V. Zashhita informacii v komp'juternyh sistemah. M.: Finansy i statistika. Jelektroninform. 1997 (In Russian).
- Domarev V.V. Bezopasnost' vychislitel'nyh tehnologij. Sistemnyj podhod. K.: «Diasoft». 2004 (In Russian).
- Hoffman L.Dzh. Sovremennye metody zashhity informacii. M.: Sovetskoe radio. 1980 (In Russian).
- Sovetov B.Ja., Jakovlev S.A. Modelirovanie sistem. M.: Vysshaja shkola. 2001 (In Russian).
- Pugachev V. Teorija verojatnostej i matematicheskaja statistika. M.: Nauka. 1979 (In Russian).