Quarterly journal published in SPbPU
and edited by prof. Peter Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217

№1

2018 year

INFORMATION SECURITY ASPECTS

Zegzhda P.D., Ivanov D.V., Moskvin D.A., Ivanov A.A.

APPLIANCE OF CONTIGUITY SEQUENCES FOR RECOGNITION OF SELF-SIMILAR GRAPHS FOR ASSESSING VANET NETWORKS CYBERSECURITY

Annotation:

In the paper, the possibility of applying the theory of self-similar graphs for ensuring Vehicular Ad-hoc Networks (VANET) cybersecurity is considered. Developed for this purpose algorithms for self-similar graphs recognition are mentioned.

Keywords:

Wireless self-organised networks; Vehicular ad hoc networks, VANET, self-similar graph; self-similarity.
Pages 10-26

Zegzhda P.D., Poltavtseva M.A., Pechenkin A.I., Lavrova D.S., Zaitseva E.A.

HETEROGENEOUS SEMI-STRUCTURED OBJECTS CASE-BASED REASONING IN INFORMATION SECURITY

Annotation:

The article is concerned with the development of decision support systems based on the case-based reasoning (CBR) for the problems of information security. Source data can be described as heterogeneous semi-structured objects and formalized as property vectors. The approach to the CBR database building includes a two-level representation: the level of objects-cases and the level of structure cases. The authors consider a method of cases modeling for preparing a basic data set. Methods of heterogeneous semi-structured objects and second level cases similarity evaluation are offered. The authors present the described methods experimental testing and the architecture of the relevant decision support system.

Keywords:

smart security, case-based reasoning, heterogeneous semi-structured objects analysis, case modeling, decision support systems, penetration testing
Pages 17-31

Kamennay E.V., Putilova S.E., Shcherbinina I.A.

OVERVIEW OF METHOD TO SECURING THE CLIENT PART OF WEB APPLICATIONS

Annotation:

The client part of modern web applications is constantly becoming more difficult. At the same time, information mechanisms of protection in the client part have to be developed with considering to modern and out-of-date technologies, because it requires compatibility. The article considers modern approaches of protecting the client part of web applications and presents typical techniques for circumventing the limitations of this approach.

Keywords:

Web application security, http connection, security policies
Pages 32-42
INFORMATION SECURITY ASPECTS, INFORMATION SECURITY APPLICATION

Kamennay E.V., Putilova S.E., Shcherbinina I.A.

OVERVIEW OF METHOD TO SECURING THE CLIENT PART OF WEB APPLICATIONS

Annotation:

The client part of modern web applications is constantly becoming more difficult. At the same time, information mechanisms of protection in the client part have to be developed with considering to modern and out-of-date technologies, because it requires compatibility. The article considers modern approaches of protecting the client part of web applications and presents typical techniques for circumventing the limitations of this approach.

Keywords:

Web application security, http connection, security policies
Pages 32-42

Zegzhda P. D., Anisimov V. G., Anisimov E. G., Saurenko T.N. Suprun A. F.

MODELS AND METHOD OF SUPPORTING DECISION-MAKING TO ENSURE INFORMATION SECURITY OF INFORMATION-CONTROL SYSTEMS

Annotation:

Models and a method of support of decision-making on maintenance of information safety are developed. Modeling is based on the representation of the procedure for forming a solution in the form of a discrete optimization problem. The proposed models and methods are the basis for the creation of specific methodologies for the justification of management decisions on the organization of information protection in information-control systems.

Keywords:

information-control system, information protection, decision support, model, optimization
Pages 43-47

Belim S.V., Belim S.Yu.

MANDATORY ACCESS CONTROL IMPLEMENTATION IN THE DISTRIBUTED SYSTEMS

Annotation:

In the article mandatory access control implementation in the distributed systems taking into account users hierarchy is considered. Access control is based on the keys preliminary distribution scheme, the similar KDP-scheme. The algorithm of subsets family creation considering users hierarchy is developed.

Keywords:

(Russian) мандатное разграничение доступа, предварительное распределение ключей, KDP-схема, иерархия пользователей
Pages mandatory access control, key predistribution, KDP-scheme, users hierarchy

V.P. Los, G.V. Ross, E.D. Tyshuk

ABOUT THE USE OF STATISTICAL PROCESSING OF REFERENCE IMAGES IN BIOMETRIC AUTHENTICATION SYSTEMS

Annotation:

The article gives an overview of the methods of using statistical methods for processing reference images in the formation of authentication when using a handwritten signature.

Keywords:

authentication, handwritten signature, statistical methods.
Pages 51-56
NETWORK AND TELECOMMUNICATION SECURITY

Markin D. O.

LOCATION-BASED MOBILE DEVICE SECURITY MODEL IN COMPUTER NETWORKS WITH DIFFERENT SECRECY

Annotation:

The article contains the description of Location-based Mobile Device Security Model In Computer Networks With Different Secrecy. The Model is based on classic Bell-LaPadula model, mandatory and role-based access control models. It’s offered to introduce new secure properties and definitions allowed to account objectively significant access conditions to secure services to provide information security. Proof of theorem is provided and based on new secure properties and definitions. Justification of model correctness is presented. The author describes also justification of the fact of the inability to make denied information flows from high level security object to lower security one.

Keywords:

mobile device, security model, computer network, networks with different security levels.
Pages 57-67

Ovasapyan T.D., Moskvin D.A., Kalinin M.O.

St. Petersburg, Peter the Great St.Petersburg Polytechnic University

THE APPLICATION OF NEURAL NETWORKS TO DETECT INTERNAL VIOLATORS IN VANET

Annotation:

The article considers the security of Vehicular ad hoc networks (VANET) against malicious nodes. The authors of the article analyzed the features of VANETs. They also analyzed threats and identified actual cyber-attacks. The proposed approach aimed at providing protection using radial-basis neural networks that allows detecting malicious nodes on the basis of behavioral indicators.

Keywords:

Vehicular ad hoc networks, VANET, Radial Basis Function Neural Network, RBFN, Ad hoc
Pages 68-73

V.V. Platonov, P.O. Semenov

ANOMALY TRAFFIC DETECTION IN DYNAMIC COMPUTER NETWORKS OF MOBILE CONSUMER DEVISES

Annotation:

Proposed the adaptive model of intrusion detection system for distributed compute network. The intrusion detection system is based on different data mining methods that allow analyzing a set of network traffic attributes and determining whether network interaction is normal or anomalous. The proposed model of an intrusion detection system makes it possible to protect a range of Internet of things devices.

Keywords:

intrusion detection system, distributed computer network, data mining methods, Internet of things.
Pages 74-81

M. Kalinin, V. Krundyshev, E. Rezedinova, D. Reshetov

THE HIERARCHIC SOFTWARE-DEFINED SECURITY CONTROL FOR LARGE SCALE DYNAMIC NETWORKS

Annotation:

The paper suggests an approach to building the hierarchical security control system for large scale dynamic communication networks (MANET, VANET, FANET, WSN, etc) using technologies of software-defined networks (SDN) and elastic supercomputing. The experimental results of efficiency evaluation obtained for the proposed approach are presented.

Keywords:

security control, dynamic networks, hierarchic architecture, software-defined network, supercomputer, elastic computing, adhoc, SDN, VANET.
Pages 82-88

M. O. Kalinin, E. A. Zubkov

Peter the Great St.Petersburg Polytechnic University

PROTECTION AGAINST ATTACKS ON DYNAMIC ROUTING IN SELF-ORGANIZING AD-HOC NETWORKS USING SWARM INTELLIGENCE

Annotation:

The paper reviews a new technology for detecting the full range of attacks on dynamic routing in self-organizing adhoc networks (MANET, VANET/FANET/MARINET, IoT/IIoT, WSN, mesh networks, M2M networks, etc.). This technology develops the Watchdog method and the P-Secure method by implementing an ant swarm algorithm for building a safe route at the network in which all hosts act as swarm agents for analyzing security of neighboring hosts. An example is given of constructing a safe route in VANET using the proposed ant algorithm.

Keywords:

VANET, MANET, black hole attack, grey hole attack, worm hole attack, DoS attack, swarm intelligence, swarm algorithms, Watchdog, P-Secure, routing.
Pages 89-98
APPLIED CRYPTOGRAPHY

E.B. Aleksandrova, E.N. Shkorkina

ELLIPTIC CURVE UNDENIABLE SIGNATURE FOR SERVER VERIFICATION IN OUTSOURCE COMPUTATIONS

Annotation:

When executing cryptographic outsource computations, not only errors in server calculations are possible, but interaction with malicious computing server may also occur. The undeniable signature protocol adapted for elliptic curve points group is offered. The outsource algorithm of elliptic curve point multiplication is given.

Keywords:

lightweight cryptography, FANET, undeniable signature, outsourcing algorithm.
Pages 97-101

Il’chenko L.M., Zajcev S.I., Bragina E.K., Egorov I. EH.

DEVELOPMENT OF THE INFORMATION CUSTOMER CENTER PROTECTION SYSTEM IN THE EXECUTIVE AUTHORITY BODY

Annotation:

In the article features of creation of system of protection of the certifying center in the executive authority are considered. The main stages of the establishment of the certifying center are given, with an emphasis on the expected duration of each of the necessary activities. It also compares the information protection certified by the FSTEC of Russia and special cryptographic, on the basis of which an accredited certification center can operate.

Keywords:

Certification authority, electronic document management, information security, information security means, cryptographic means of information protection, state information system, information system processing personal data.
Pages 102-112

Dali F.A., Mironkin V.O.

ON THE TREE MODES OF HASH FUNCTIONS

Annotation:

Two models of the tree modes of hash functions are introduced. For each model algorithms of computing of the hash code are formulated and their numerical characteristics are obtained. In terms of the constructed models we classify some existing algorithms for parallel hashing and identify some weaknesses of corresponding primitives.

Keywords:

hash function, mode, tree, hashing, algorithm, complexity, absorbing phase, squeezing phase, collision, the second preimage
Pages 113-121

V. S. Gorbatov, I. Y. Zhukov, O. N. Murashov

THE SECURITY OF THE KEY SYSTEM OF THE FISCAL INDICATION

Annotation:

The paper describes a master-key generation protocol for fiscal signs exchange system. The key is used for generation of a fiscal sign key with authentication of fiscal creation and verification tools installed on a fiscal storage system in a cash register or on-line cash register and fiscal data operator or authorized authority. The protocol was developed in accordance with the Rosstandart recommendations and complies with the development and modernization principles for data protection encryption (cryptographic) means. The protocol was suggested as a national standard draft and is open for public discussion in accordance to the established procedure. The study is based on formulating certain security tasks identical to those used by potential intruders to compromise the protocol. This allows to account for structural features that will ensure further protocol compliance to the target security characteristics. It also guarantees subsequent justification of feature set sufficiency.

Keywords:

Fiscal sign, cash register, cryptographic protocol, evaluation of cryptographic properties, security properties
Pages 122-128
TECHNICAL SOLUTION

A.A.Sikarev, I.A. Sikarev, A.V.Garanin

INTERFERENCE MARGIN OF INCOHERENT RECEPTION UNDER THE COMPLEX NOISES INFLUENCE TO MONITORING AND COMMUNICATION CHANNELS OF AUTOMATED INFORMATION SYSTEMS ON THE INLAND WATERWAYS OF THE RUSSIAN FEDERATION

Annotation:

Interference margin of single incoherent reception algorithms optimal in monitoring and communication channels of automated information systems (AIS) with noises, concentrated interferences under the influence of fluctuation noise, concentrated interference and impulsive interferences is investigated. Expressions for error probabilities are obtained, examples of calculation are given.

Keywords:

Interference margin, inland waterways, AIS, fluctuation noise, concentrated interferences, impulsive interferences.
Pages 129-135
SOFTWARE SECURITY

K.I. Salakhutdinova, I.S. Lebedev, I.E. Krivtsova, Sukhoparov M.E.

STUDY OF THE EFFECT OF SELECTION FEATURE AND COEFFICIENT (RATIO) IN THE SIGNATURE FORMATION IN THE TASK OF PROGRAM IDENTIFICATION

Annotation:

Peculiarities of using different assembler commands are discovered, their collective application to create the final grade of belonging to a certain program. Conclusions for the impact of coefficient (ratio) used in the formation of the unified signature on the identification results are presented.

Keywords:

information security, program identification, elf-files, assembler commands
Pages 136-141

Demidov R.A, PechenkinA.I., Zegzhda P.D., Kalinin M.O.

APPLICATION MODEL OF MODERN ARTIFICIAL NEURAL NETWORKS FOR THE SECURITY ANALYSIS OF INFORMATION SYSTEMS

Annotation:

The paper deals with the problem of security analysis for software control mechanisms of the modern cyber-physical and industrial information systems, of distributed cyberspaces of VANET, FANET, MARINET, IIoT and WSN. There is proposed a representation of the security threat as the system’s property described by the complex function. As a part of this representation, security analysis method is described in the form of approximation of this function and calculation of its values for specific conditions. The paper considers different approaches to interpolation of this function, and it shows that the most promising option is the use of modern artificial neural networks, especially deep neural network.

Keywords:

security analysis, deep learning, distributed representations, artificial neural network, security threat, security
Pages 142-148
INFORMATION SECURITY CYBER-PHYSIC SYSTEMS

Pavlenko E.Y., Lemets A.A.

OBTAINING INFORMATION ABOUT USERS OF SOCIAL NETWORKS BASED ON PUBLICLY AVAILABLE INFORMATION WITH DATA MINING TECHNIQUES

Annotation:

This article describes the developed approach for obtaining information about social networks’ users based on methods of data mining. The hierarchical model for classification of the received data is represented here. This model describes the information extracted from social networks and allows choosing which algorithms should be used for a particular class of information. It is proposed an iterative deep searching method, intellectual analysis and revealing information about account owner identity using the developed algorithms for social graph analysis. The feature of the algorithm is to cluster and further analyze user communities within social graph, identify users on different social networks, analyze text information. The results of testing the proposed method show high accuracy in determining information about owners of social network accounts.

Keywords:

data mining; social networks; social graph; social mining; information security; social networks security
Pages 149-159

Zegzhda D.P., Pavlenko E.Y.

Peter the Great St. Petersburg Polytechnic University

SITUATIONAL MANAGEMENT FOR CYBER-SUSTAINABILITY OF SOFTWARE-DEFINED NETWORKS

Annotation:

Proved the viability and efficiency of homeostatic approach implementation to achieving cyber-sustainability based on software defined networking technology. Using of this technology cyber-physical system of “Smart home” was simulated. Authors conducted a number of experiments in which system counteracted to various attacks. As part of the experiment, software-defined network applied three self-adaptation mechanisms that provide cyber-sustainability. Experiments have confirmed that the “Smart home” system, built on the basis of software-defined networks, has retained the stability of its functioning within the framework of destructive actions.

Keywords:

software-defined network; situational management; homeostasis; sustainability; information security; self-similarity.
Pages 160-168

Dakhnovich A.D., Moskvin D.A., Zegzhda D.P.

Saint Petersburg, Peter the Great St.Petersburg Polytechnic University

APPLIANCE OF GARLIC ROUTING TO SECURE NETWORK COMMUNIATIONS IN DIGITAL MANUFACTURING

Annotation:

In the paper, specifics of ensuring cybersecurity and weaknesses of existing tools for information security in next-generation digital manufacturing networks are considered. To provide secure communication between digital manufacturing network segments new approach based on garlic routing principals is proposed.

Keywords:

digital manufacturing, industrial control systems, information security, cybersecurity, cyber-physical systems, industrial internet of things, garlic routing, network segmentation
Pages 169-176

№2

2017 year

APPLIED CRYPTOGRAPHY

A. Baranov, P. Baranov

Models of CRC and checksum values forming in multiple distortions conditions

Annotation:

The paper considers certain probability-theoretic models of packet mode-transferred information distortions. Attention is drawn mainly to distortions, including possible interferences influencing multiple transfer cycles. Distortions are modeled by a consequential impacts that are defined by dependent random variables. K-dimensioned values of CRC, respectively allow representation as a sum of k-dimensioned independent random variables.

In some cases it is possible to bring them to a sum of independent terms in a k-dimensioned vector space over a two-element field and, afterwards, apply to them existing limit theorems dealing with convergence to uniform distributions.

The paper discusses prospects for impacts stretching to m cycles of acquiring convergence conditions for CRC distribution as a sum of m-dependent terms or ones not interconnected to a non-homogeneous Markov chain.

Keywords:

information security, CRC, error probability, multiple distortions, telecommunication protocols.
Pages 39-45

Dali F.A., Mironkin V.O.

A SURVEY OF SEVERAL TREE-HASHING MODES

Annotation:

Some tree-hashing modes are considered. The main requirements to tree-hashing modes are formulated.

Keywords:

A HASH FUNCTION, A TREE MODE, A HASH TREE, AN ALGORITHM.
Pages 46-55

N. N. Shenets

AUTHENTICATION IN DYNAMIC AD-HOC NETWORKS BASED ON HOMOMORPHIC SECRET SHARING

Annotation:

In this work a new authentication and key establishment method in ad-hoc networks without secure channels, which is used only verifiable homomorphic secret sharing, is presented. The security of the method in standard assumptions to active adversary model which includes pre-threshold number of the network nodes is proven. In the passive adversary model this method provides perfect security.

Keywords:

authentication and key establishment protocol, ad-hoc networks, verifiable secret sharing, perfectness, homomorphic property
Pages 56-67

E.B. Aleksandrova

Methods of group authentication for low-resource vehicle and flying self-organized networks

Annotation:

Group authentication in self-organized networks with group signature is suggested. Besides of technical features of unmanned aerial vehicles, elliptic curve EDR-BBS scheme is chosen for FANET. Elliptic curves over extended fields of pseudo-mersenne characteristic are used.

Keywords:

VANET, FANET, group authentication
Pages 68-83
SPECIAL IT

Sikarev I.A., Shahnov S.F.

PROTECTION OF INFORMATION IN THE RADIO CHANNELS OF LOCAL DIFFERENTIAL SUBSYSTEMS SATELLITE NAVIGATION

Annotation:

The article deals with the issues of the information protection in radio channels of control and correction stations (CCS) of river local differential GPS/GLONASS subsystem on the inland waterways of Russia under the influence of mutual and industrial interference. Criteria of assessment of interference resistance and functional sustainable of radio channels are introduced on the basis of a study of coefficients of relative sensitivity to variations in parameters and structure of signals and interference and the required probability of the error of piece-by-piece method of digital communication. Method of calculating interference resistance and functional stability of radio channels is presented. Variation-parametric sensitivity of the size of CCS coverage area to variations in parameters of mutual and industrial interference is investigated, as well as its variation-functional sensitivity to variations in frequency-time signal structure and mutual interference. It has been established that the size of CCS coverage area is most sensitive to the variations in the parameters of industrial interference.

Keywords:

interference immunity, functional stability, mutual and industrial interference, coefficient of mutual difference, the probability of the error of piece-by-piece method.
Pages 84-91
INFORMATION SECURITY CYBER-PHYSIC SYSTEMS

Zegzhda P. D., Poltavtseva M. A., Lavrova D. S.

CYBER-PHYSIC SYSTEMS SYSTEMATIZATION AND SECURITY EVALUATION

Annotation:

In this paper, the cyber-physic systems features are considered, and the difficulties in ensuring their security are identified. CPS are classified according to the main distinctive features. The authors analyzed the security evaluation approaches and identified the requirements for the CPS information security indicators. The article suggests a specific CPS information security evaluation indicators system based on the sustainability criterion and homeostasis.

Keywords:

CYBER-PHYSIC SYSTEMS, CYBERSECURITY, CYBER-PHYSIC SYSTEMS MODELING, security evluation.
Pages 127-138

№4

2017 year

INFORMATION SECURITY APPLICATION

Falcone I.I., Gatsenko O.Yu.

MODELING OF DISTRIBUTION OF INFORMATION THREATS IN SOCIAL NETWORKS

Annotation:

He purpose of this article is to increase the efficiency of predicting the spread of information in social networks. In order to achieve the goal of the research, it is necessary to solve the following scientific problem: by the given structure of the social network, typical social interaction algorithms, coverage statistics of certain profile groups of users of the social network, it is required to find a probability distribution of the destructive spread of information in social networks that will provide an oppor- tunity to predict the coverage of this information by various social groups.

Keywords:

SOCIAL NETWORKING, INFORMATION SECURITY, THREATS
Pages 9-16

Akimov D.A., Sachkov V.E., Lesko S.A., Rastorguev S.P.

DEVELOPMENT BIOMETRIC DATABASE ENTITIES TO CONTROL ACCESS TO PERSONAL DATA.

Annotation:

This article discusses the problem of creating a database of biometric recognition systems for storing personal data. Analyzed parameters of biometric data base of persons on the basis of already existing databases.

Keywords:

Facial recognition, computer vision , biometric database , LFW, FERET.
Pages 17-26

Anisimov V. G., Anisimov E. G., Zegzhda P.D., Suprun A.F.

THE PROBLEM OF INNOVATIVE DEVELOPMENT OF SYSTEMS OF INFORMATION SECURITY IN THE SPHERE OF TRANSPORT

Annotation:

Describes the structure of the process and the model of formation of strategy and programs of innovative development of system of information security in the transport sector.

Keywords:

transport system, information security, innovative development, model.
Pages 27-32

Zegzhda D.P., Usov E.S., Nikolsky A.V., Pavlenko E.Y.

Peter the Great St. Petersburg Polytechnic University

Security operations I/O data for SGX ENCLAVE

Annotation:

In the paper the problem of secure data input/output operations in Intel SGX technology is investigated. The problem is extremely urgent and its solution will protect confidential data of users from attacks from various malicious software, for data outside the enclave. The paper presents various methods for solving the problem posed, which were developed by the authors of the article. The complexity of the application of these methods in practice, their main disadvantages and advantages are analyzed. Also, the most preferred method was chosen, which ensures the safe storage and processing of data outside the enclave.

Keywords:

Intel SGX, enclave, data confidentiality, encryption, secure file system, I/O operations.
Pages 33-40
INFORMATION SECURITY CYBER-PHYSIC SYSTEMS

Dakhnovich A.D., Moskvin D.A., Zegzhda D.P.

Saint Petersburg, Peter the Great St.Petersburg Polytechnic University

INFORMATION SECURITY THREATS ANALYSIS IN DIGITAL MANUFACTURING NETWORKS

Annotation:

In the paper, main information security threats that occur in digital manufacturing networks are considered. The tasks and new approach of implementation of cybersecurity management systems are mentioned.

Keywords:

digital manufacturing, industrial control systems, information security, cybersecurity, cyber-physical systems, industrial internet of things.
Pages 41-46

Vasilev U.C., Zegzhda D.P., Poltavtseva M.A.

PROBLEMS OF DIGITAL INDUSTRY SECURITY AND SUSTAINABILITY TO CYBER THREATS

Annotation:

The article is concerned with digital manufacturing as a new type of industrialization. The number of threats to such systems and the damage from incidents is increasing every year. At the same time, digital transformation of control systems takes place. For safe functioning of cyberphysical systems (CFS), within the framework of digital manufacturing, the paper describes the provision of a trusted environment and trusted communications by the example of the SPbPU specialists information security school works. The paper novelty is in the mechanism of self-similarity as a criterion for the stability of systems, and a homeostatic approach to the CFS management to provide destructive influences resistance. The authors submit some experimental results of this approach practice. Software defined networks are proposed as a tool for implementing homeostatic management.

 

Keywords:

security, digital manufacturing, cyberphysical systems, cyber threats, digital transformation
Pages 47-63
NETWORK AND TELECOMMUNICATION SECURITY

Ovasapyan T.D., Ivanov D.V.

St. Petersburg, Peter the Great St.Petersburg Polytechnic University

TRUST MODEL BASED APPROACH TO WSN-NETWORKS INFORMATION SECURITY

Annotation:

The article deals with ensuring the cybersecurity of a wireless sensor network using a trust model. The authors analyzed the principles of the functioning of wireless sensor networks, and classified routing methods. Typical threats were analyzed and actual attacks on wireless sensor networks were found out. Existing safety methods were reviewed and their disadvantages were defined. Safety method of malicious nodes protection with usage of trust model was worked out. Experimental estimation of effectiveness of the worked out method was performed on the basis of modeling its operation in the simulated wireless sensor network.

Keywords:

wireless sensor networks; WSN; routing protocols; threat model; trust model.
Pages 64-72
SOFTWARE SECURITY

Pavlenko E.Y., Ignatiev G.Y., Zegzhda P.D.

Peter the Great St. Petersburg Polytechnic University

Static Security Analysis of Android Applications

Annotation:

This article explores the problem of developing a high-performance Android applications analyzer, which capable of processing a large number of applications in a very short period of time. A method for analyzing security of Android applications is proposed, based on the use of machine learning algorithms in static analysis. The paper describes dataset, application features and machine learning algorithms used to build a classifier. The results of an experimental evaluation of effectiveness of the proposed method are presented, demonstrating it high performance and high accuracy of detecting malicious Android applications.

Keywords:

information security; Google Android; malware; static analysis, machine learning.
Pages 73-86

AdadurovS.E., KrasnovidovA.V., KhomonenkoA.D., KoroteevI.V.

METHODS OF INTEGRATION OF INSTRUMENTAL SYSTEMS IN DEVELOPMENT PROCESS OF SAFE APPLICATIONS

Annotation:

The main methods, merits and demerits of integration of mathematical packets and programming systems are characterized. Mathematical packets possess the developed and graphic interface easy in use, are the instrument of application creation, the computing tasks used for the decision, data analysis and visualization of results of operation. It is especially important in development process of safe applications. In languages of the high level it is expedient to use programs together with mathematical packets for data collection, control of technological processes and support of information security. The advantage of conversion of the Matlab program to the program in language C++ is creation of independent application. Advantages of use of a common language runtime environment of Common Language Runtime are shown.

Keywords:

Matlab, integration, programming systems, safe application, mathematical packets.
Pages 80-86

Pechenkin A.I., Demidov R.A.

APPROACH TO SOFTWARE SECURITY ANALYSIS BASED ON VECTOR REPRESENTATION OF A MACHINE CODE

Annotation:

In this article the authors propose an approach to code security analysis using vector representations of machine instructions, as well as argue the usefulness of vector representations in information security tasks. Building semantically expressive vector representations of machine instructions is considered as one of the subtasks on the way to building a neural network classifier code for vulnerabilities. The authors experimentally show the applicability of the transfer learning for the machine code with the example of a simple command set.

Keywords:

vector representations, vulnerability finding, deep learning.
Pages 87-94
APPLIED CRYPTOGRAPHY

Akimova G.P., Danilenko A.Yu., Pashkin M.A., Pashkina E.V., Podrabinovich A.A.

 

FEATURES OF USING ELECTRONIC SIGNATURE IN PROTECTED INFORMATION SYSTEMS

Annotation:

The variants of application of the technology of electronic signatures (EP) in information systems in protected execution are considered. An assessment is made of the conformity of the practice of using EPs to the current legislation. Situations in which the use of simple EP are preferred are considered.

Keywords:

Information Security; Electronic signatures; Automated information systems; Means of information protection.
Pages 95-101

N. N. Shenets

AUTHENTICATION PROTOCOL BASED ON HOMOMORPHIC SECRET SHARING: NEW VERSION

Annotation:

In this work the authentication and key establishment protocol [1], which is used only verifiable homomorphic secret sharing, is considered. It is shown that this protocol has vulnerabilities. A new secure version of this protocol is presented.

Keywords:

authentication and key establishment protocol, verifiable secret sharing, perfectness, homomorphic property.
Pages 102-112

A. Baranov, P. Baranov

CRC ERROR PROBABILITY IN CASE OF RANDOM PACKET INTERFERENCE

Annotation:

The article analyzes possibilities of errors in telecommunication protocols using packet data transmission. Probabilistic model of a prolonged-action additive interference is represented as a sequence of executions of independent interference blocks with definite length. The paper shows that in certain conditions concerning a polynomial of degree k, used for creation of CRC code, with block size s, probability of error occurrence is close to and doesn’t depend on s if distortion probability is significant.

Keywords:

information security, data consistency, CRC, error probability, packet interference, electromagnetic interference, telecommunication protocols.
Pages 113-121
SPECIAL IT

Kustov V.N., Yakovlev V.V., Stankevich T.L.

COMPANY INFORMATION SYSTEM EFFECTIVE FUNCTIONING AT THE OPTIMUM LEVEL OF ITS PROTECTION

Annotation:

The necessary and sufficient level company’s information and computing resources security while providing the required production capacity, allowing to meet specified work volumes in established time periods with the optimal use of available material resources, is an urgent task for modern effective business. And what methods and approaches should be used to solve it? One of the possible options is described in this article.

Keywords:

information security system, the synthesis, graph theory, scheduling theory, section, stage, work, trusted third party, DTS.
Pages 122-127
EDUCATION PROBLEMS

Reshetov D.V., Semjanov P.V.

AUTOMATION OF TEACHER JOBS WHEN TEACHING INFORMATION SECURITY SPECIALISTS

Annotation:

The purpose of creation an automated student labs checking and testing system is discussed in this article. Requirements to an automated system are described. An automated testing student labs system that created in SPbSTU is described.

Keywords:

automation, checking, testing, student, lab, teacher, system, information, security, automated, plagiarism, borrowings
Pages 128-134

№3

2016 year

INFORMATION SECURITY APPLICATION

A. S. Zaitsev, A. A. Malyuk

THE IDENTIFICATION OF POTENTIAL INSIDER USING CLASSIFICATION MODELS

Annotation:

The paper considers classifying models that allow to detect potential insider basing on technical and behavioural indicators under conditions of incomplete information about his behaviour.

Keywords:

information security insider threats, data mining, classifying models, CHAID, neural networks, decision trees
Pages 34-42

Sh. G. Magomedov, T. Yu. Morozova, D. A. Akimov

SECURE DATA TRANSMISSION IN COMPUTER NETWORKS BASED ON THE USE OF RESIDUAL CLASSES OF SYSTEMS

Annotation:

The paper proposes a procedure for the use of residual classes of systems in the formation of the encryption keys that allows for modification and key exchange without any interaction with the network security system in a continuous mode as needed on the basis of residual classes of systems.

Keywords:

residue number system, encryption, information security, computer network
Pages 43-47

O. V. Trubienko, V. I. Kuznetsov

SYSTEM INTELLIGENT MONITORING THE FUNCTIONAL STATUS OF DYNAMIC OBJECTS

Annotation:

On the basis of statistical data the EMERCOM of Russia on emergency situation the authors come to the conclusion about the need to create a complex system of intellectual-term monitoring of dynamic objects of industrial facilities and residential buildings. The article describes the composition and operation of the monitor system of complex the monitor.

Keywords:

innovation, safety, security complex
Pages 48-54

A. A. Grusho, N. A. Grusho, M. I. Zabezhailo, E. E. Timonina

DATA MINING IN ENSURING INFORMATION SECURITY

Annotation:

Now there is a large number of the directions and of the results of development of artificial intelligence systems. The paper is devoted to the available description of connection of some problems of information security and the opportunities given by data mining.

Keywords:

information security, data mining, the distributed information systems
Pages 55-60

V. G. Anisimov, E. G. Anisimov, D. A. Bazhin, P. D. Zegzhda, A. F. Suprun

THE RISK-BASED METHOD FOR ORGANIZATION OF MONITORING IN INFORMATION SYSTEMS SECURITY FACILITIES

Annotation:

The article considers the methodological statements, concerning the creation of models and methods for decision support in the sphere of security monitoring organization for information systems. The designation of monitoring is to neutralize the internal and external impacts leading to occasional or intentional access to stored or processed data, as well as to its damage or distortion.

Keywords:

information system, security, risk, monitoring organization, model
Pages 61-67
NETWORK AND TELECOMMUNICATION SECURITY

D. S. Lavrova

ONTOLOGICAL MODEL OF SUBJECT FIELD OF THE INTERNET OF THINGS FOR SECURITY ANALYSIS

Annotation:

In this paper proposed an ontological model of the subject field of the Internet of Things, which provides a detailed view of the linkages and relationships between the elements of the system at different levels of abstraction, with varying degrees of detail. Designed ontological model allows us to understand the technical aspects of the development of SIEM-system for the identification and analysis of security incidents in the Internet of Things

Keywords:

Internet of things, security incident, data analysis, aggregation, large volumes of data, SIEM system, ontology
Pages 68-75

N. A^. Bazhaev, I. E. Krivtsova, I. S. Lebedev, M. E. Sukhoparov

MODELING OF INFORMATION INFLUENCE ON THE REMOTE DEVICE WIRELESS

Annotation:

Considered a wireless network under “broadcast storm” attack, in order to determine the availability of stand-alone units, the ability to carry out their tasks in the functional impact of the information. Identified a number of conditions for the  organization of attack by a potential intruder. The analysis of system availability of devices based on wireless technologies.
Proposed model can be used to determine the technical characteristics of a wireless ad hoc network of devices.

Keywords:

information security, wireless networks, multi-agent systems, vulnerability, accessibility of devices, information security model
Pages 76-84

D. V. Ivanov, D. A. Moskvin, A.V. Myasnikov

THE USE OF NFC TECHNOLOGY FOR USER DATA AUTOMATED REPLICATION

Annotation:

The article presents results of analyze of user data replication mechanisms. The authors have classified replication mechanisms, have identified its advantages and disadvantages, and have proposed a method that uses NFC technology to establish a secure channel data replication.

Keywords:

REPLICATION, USER PROFILE, SECURE CHANNEL, NFC, EMULATION, DATA TRANSFER
Pages 85-90
APPLIED CRYPTOGRAPHY

N. N. Shenets, I. V. Bulatov

COMPARATIVE ANALYSIS OF MODULAR THRESHOLD SECRET SHARING SCHEMES

Annotation:

In this work the modular threshold secret sharing schemes are considered, in particular, Shamir’s scheme and general modular scheme in the univariate polynomial ring over Galois field. Different qualitative and numerical properties of such schemes are compared; the problems of its optimal realization are studied.

Keywords:

words: modular secret sharing schemes, ideality, perfectness, computational complexity.
Pages 91-101

E. B. Aleksandrova, E. N. Shkorkina

TRIPARTITE OUTSOURCING KEY-AGREEMENT PROTOCOL ON BILINEAR PAIRINGS

Annotation:

In cryptographic protocols, being implemented in the systems using resource-constrained devices, hard computations can be outsourced to cloud servers. Light-weight arithmetic operations are carried out on the device. The tripartite key-agreement protocol with two servers in the one-malicious version of two untrusted program model is suggested.

Keywords:

Outsourcing algorithm, bilinear pairing, tripartite Diffie–Hellman protocol
Pages 102-108

D. P. Zegzhda, E. B. Aleksandrova, A. S. Konoplev

APPLYING THE GROUP SIGNATURE FOR ENTITY AUTHENTICATION IN DISTRIBUTED COMPUTING NETWORKS SUCH AS “GRID”

Annotation:

The paper reviews the problem of unauthorized access to the data in distributed computing networks. Available implementations of authentication mechanisms in Grid systems are discussed, their disadvantages are considered. The group signature approach is proposed, which exceeds unauthorized access to computing environment and provides integrity of transmitted data.

Keywords:

distributed computing networks, Grid system, unauthorized access, authentication, group signature, elliptic curve
Pages 109-114
TECHNICAL SOLUTION

Sikarev I.A., Volkova T.A., Galochkin R.N.

COEFFICIENTS OF MUTUAL DIFFERENCE FOR COMPLEX DISCRETE-MANIPULATED SIGNALS WITH DISCONTINUOUS IN TIME STRUCTURE

Annotation:

The problem of calculating coefficients of mutual difference (CMD) for complex discrete-manipulated signals (DMS) with discontinuous in time structure in terms of (measure of) determining the degree of electromagnetic protection is considered.

Keywords:

DISCRETE-MANIPULATED SIGNALS (DMS), SIGNALS WITH DISCONTINUOUS IN TIME STRUCTURE, NARROW-BAND INTERFERENCE, COEFFICIENT OF MUTUAL DIFFERENCE (CMD).
Pages 115-118
SOFTWARE SECURITY

PavlenkoE.Yu., YarmakA.V., MoskvinD.A.

USE OF CLUSTERING METHODS FOR THE ANALYSIS OF SECURITY ANDROID APPLICATIONS

Annotation:

The article presents results of the malware identification problem research in Google Android operating system. To resolve this problem authors have created the system, based on the fuzzy clustering method which use an application parameters vector. This vector is result of the static and dynamic analysis of the application code. The paper describes the application settings that are used for drawing vector features, and also highlights the efficiency of the use of different criteria of separability in relation to the task and given the format of the input data. An experimental evaluation of the proposed system, showing a high level of malware detection for the Google Android operating system.

Keywords:

Google Android, security of mobile devices, cluster analysis, machine learning, malware, static analysis, dynamic analysis.
Pages 119-126

№4

2016 year

INFORMATION SECURITY APPLICATION

ZegzhdaP.D., MalyshevE.V., PavlenkoE.Y.

USE OF NEURAL NETWORK FOR DETECTION AUTOMATICALLY CONTROLLED ACCOUNTS IN SOCIAL NETWORKS

Annotation:

In this paper, authors consider the problem of identifying automatically managed accounts (bots) in social networks and propose a method for bots detection based on machine learning methods. The paper describes an example of a method based on artificial neural network training, also were represented parameters of user account in social network for bots detection. An experimental evaluation of the proposed system shows a high degree of bots detection in social networks.

Keywords:

information security, social networks, bots in social networks, neural network, bot detection
Pages 9-15

Kalinin M., Busygin А., Konoplev A.

SECURITY APPROACHES TO TLS PROTOCOL BASED APPLICATIONS FROM CERTIFICATE REVOCATION ATTACKS

Annotation:

The paper reviews the problem of TLS protocol based applications. It highlights attack scenarios to such applications, using certificate revocation vulnerabilities. There is a comparison of X.509 certificate status verification methods is presented which is applied in conjunction with TLS protocol, their advantages and disadvantages are specified.

Keywords:

certificate revocation, TLS protocol, authentication, man-in-the-middle attacks, Grid system, X.509 standard.
Pages 16-22

M. O. Kalinin, A. A. Minin

DETECTION OF INFORMATION SECURITY THREATS IN COMPUTER NETWORKS WITH DYNAMIC TOPOLOGY USING HOSTS ACTIVITY MONITORING

Annotation:

This paper reviews security problems in computer networks with dynamic topology (e.g. mesh, MANET, computing grid). There is suggested a method of security threats detection in such networks based on graph modeling

Keywords:

network with dynamic topology, mesh, adhoc, sensor network, security, security node, traffic statistics
Pages 23-31

A. A. Grusho, N. A. Grusho, M. V. Levykin, E. E. Timonina

SECURE ARCHITECTURE OF DISTRIBUTED INFORMATION SYSTEMS ON THE BASIS OF INTEGRATED VIRTUALIZATION

Annotation:

In the paper the concept of integrated virtualization of information technology and tasks for the purpose of isolation of valuable information from risk hosts is entered. The technology of realization of business processes and in parallel the technology of realization of the principles of isolation for ensuring information security is considered. At a certain stage of realization of business processes the security model and model developed for business process is unified. The resulted model can be implemented with the help of integrated system of virtual computers and the operated information flows.

Keywords:

information security, the distributed information systems, virtualization
Pages 32-35

A. Y. Chernov, A. S. Konoplev

TRUSTED EXECUTABLE ENVIRONMENT CONSTRUCTION TASK ON INTEL-BASED PC

Annotation:

The paper reviews the problem of construction trusted executable environment on modern PC architecture. It shows main features of software execution on different privilege levels. Intel ME architecture has been reviewed. There are Intel ME potential threats highlighted and shown possible ways to solve them.

Keywords:

Trusted execution, PC architecture, hypervisor, virtualization, BIOS, Intel ME
Pages 36-41
NETWORK AND TELECOMMUNICATION SECURITY

Zegzhda D.P., Moskvin D.A., Dakhnovich A.D.

WIFI USER PROTECTION FROM FAKE ACCESS POINTS

Annotation:

The article presents results of analyze of WiFi network protection mechanisms. The authors propose the access point authentication method, which can be used in various designed networks.

Keywords:

WiFi, client protection, access point, wireless client, authentication
Pages 42-49

D. P. Zegzhda, E. S. Usov, A. V. Nikolsky, E. Y. Pavlenko

USE OF INTEL SGX TECHNOLOGIES OF ENSURE THE CONFIDENTIALITY OF DATA CLOUD SYSTEMS USERS

Annotation:

In this paper is considered the problem of users’ data confidentiality in cloud systems from attacks by the provider. The system of secure cloud computing using Intel Software Guard Extensions technology (SGX) is also considered. The paper describes Intel SGX technology, the basic concepts and security mechanisms. Possibility of using this technology in the cloud system is shown. An experimental scheme of the proposed system provides data confidentiality for cloud systems users, and provides a method of implementation of the scheme in existing cloud systems.

Keywords:

Intel SGX, enclave, cloud systems, data confi dentiality, encryption, hypervisor, protected memory.
Pages 50-57

D. V. Kostin, O. I. Sheluhin

MACHINE LEARNING BASED ENCRYPTED TRAFFIC CLASSIFICATION TO DETECT NETWORK INTRUSIONS

Annotation:

The objective of this work is to assess the robustness of machine learning based encrypted traffic classification to detect network intrusion. In this work, we have focused on the identification of four types of encrypted traffic: Skype, Tor, PuTTY (SSHv2) and CyberGhost (VPN). In order to classify encrypted traffic five different machine learning algorithms are employed. These are Naive Bayes, C4.5, AdaBoost and Random Forest. We describe a comparison the two methods of traffic classification based on machine learning: generation and analysis of network flows and analysis of each network packet.

Keywords:

TRAFFIC CLASSIFICATION, ENCRYPTED TRAFFIC, MACHINE LEARNING, INTRUSION DETECTION SYSTEM.
Pages 57-67

D. V. Ivanov, D. A. Moskvin, T. D. Ovasapyan

APPROACHES FOR DETECTION OF ACTIVE NETWORK NODES IN THE IPV6 ADDRESS SPACE

Annotation:

The article describes the approaches to the detection of active network nodes in the IPv6 address space. Two main families of approaches are described: with and without using the initial sample.

Keywords:

networks, information security audit, internet, ipv6, network nodes
Pages 68-73

I. V. Alekseev, V. V. Platonov

IDENTIFICATION OF THE ENCRYPTED EXECUTABLE FILES BASED ON THE ENTROPY ANALYSIS FOR DETECTION VALUE RANDOMNESS OF BYTE SEQUENCES

Annotation:

Method of detecting malware that uses encryption as a disguise. The paper describes the modification of statistical spectral test based on entropy analysis.

Keywords:

potential malware detection, cryptоr, statistical tests, entropy.
Pages 74-79

L. V. Utkin, V. S. Zaborovsky, S. G. Popov

SIAMESE NEURAL NETWORK FOR INTELLIGENT INFORMATION SECURITY CONTROL IN MULTIROBOT SYSTEMS

Annotation:

Anomaly detection of the robot system behavior is one of the important components of the information security control. In order to control robots equipped with many sensors it is difficult to apply the well-known Mahalanobis distance which allows us to analyze the current state of the sensors. Therefore, the Siamese neural network is proposed to intellectually support the security control. The Siamese network simplifies the anomaly detection of the robot system and realizes a non-linear analogue of the Mahalanobis distance. This peculiarity allows us to take into account complex data structures received from the robot sensors.

Keywords:

multi-robot system; security control; anomaly detection; Siamese neural network; Mahalanobis distance; sensor
Pages 80-88
APPLIED CRYPTOGRAPHY

Styugin M.A.

ESTABLISHING SYSTEMS PROTECTED FROM RESEARCH WITH IMPLEMENTATION IN ENCRYPTION ALGORITHMS

Annotation:

Systems that have a complex technical implementation usually contain many vulnerabilities which cannot be found at the development stage. The present paper reviews a method of modeling information systems, which allows formalizing the amount of information obtained by a researcher. Two methods of establishing systems protected from research are presented. One method is related to complicating the algorithms and the other one is related to their multiplication.

Keywords:

protection from research, researcher model, indistinguishability, cryptography, block ciphers.
Pages 89-96

Sergeev A.S.

APPLICATION OF THE BIOINSPIRED EVOLUTIONARY OPTIMIZATION METHODS FOR REALIZATION OF CRYPTANALYSIS OF BLOCK ENCIPHERING METHODS ON THE EXAMPLE OF THE AES STANDARD

Annotation:

The task of cryptanalysis of methods of cryptography protection with use of new model of optimization methods – the genetic algorithms imitating processes of evolution of wildlife is considered. Application of genetic algorithms for cryptanalysis of the block standard of encoding of AES is described. The block diagram and a information -logical graph-scheme of algorithm, an estimation of necessary minimum number of processors for implementation of algorithm of cryptanalysis, and also some experimental results and the main conclusions are provided.

Keywords:

CRYPTANALYSIS, GENETIC ALGORITHM, BLOCK METHODS OF ENCIPHERING, INFORMATION-LOGICAL GRAPH SCHEMЕ, POPULATION OF KEYS, СROSSING-OVER, QUASI-OPTIMUM KEY, INDEPENDENCE MATRIX
Pages 97-105

Shenets N., Truhina E.

X‑PACE: MODIFIED PASSSWORD AUTHENTICATED CONNECTION ESTABLISHMENT PROTOCOL

Annotation:

In this work the Password Authenticated Connection Establishment (PACE) protocol, wish is used in European smartcard environments, is considered. The modifications of the PACE are proposed. They accelerate the protocol but don’t reflect on its overall security. The new version of PACE is called X‑PACE.

Keywords:

password authenticated connection establishment protocol, smartcard security.
Pages 106-112
FUNDAMENTAL THEORY OF INFORMATION CONFRONTATION

R. N. Zharkih, A. A. Kornev

CONCEPTUAL QUESTIONS OF PROTECTION OF NETWORK-CENTRIC CONTROL SYSTEMS IN THE ERA OF INFORMATION CONFRONTATION OF CONFLICTING PARTIES

Annotation:

Outlines the conceptual aspects of the problems of protection management systems that implement the principle of setecentrizma, characteristic of the era of information confrontation between the conflicting sides. Discusses possible directions of studies based on extensive use of mathematical modeling to enable system positions analyze problematic aspects of control systems. Attention is drawn to the logical dependence of the investigated issues of modern network-centric paradigm of governance.
Shows preference for the proposed solutions to the problem as compared to traditional management methods and technologies.

Keywords:

data protection, information confrontation, modeling, network-centric technology paradigm real-time management, control system
Pages 113-118
TECHNICAL SOLUTION

R. N. Zharkih, A. A. Kornev

CHOOSING A SENSOR PANEL FOR APPLICATION IN SECURED PORTABLE DEVICE.

Annotation:

The paper reviews problems of usage of sensor input panels in secured computer equipment. The challenge is to implement both sufficient screening of device’s electronic components, including display as well, and provide usage of the panel at the same time. The article provides survey of different aspects of using existing sensory panels and a possibility of developing an own one, designed in accordance with the formed requirements. Described the concept of building such a panel and technical details obtained with a prototype are given.

Keywords:

optical sensor panel, secured input device, information security
Pages 118-126

Parshutkin A.V., Egin A.V., Zaytsev S.A.

THE MODEL OF JAMMING INTERCEPT STRAY ELECTROMAGNETIC RADIATION OPTIMAL RECEIVER OF RASTER DISPLAY SYSTEMS WITH DVI STANDART

Annotation:

This article discusses formation of stray electromagnetic radiation from raster display systems using interfaces data organization exchange standard DVI. Submitted description model of jamming intercept stray electromagnetic radiation optimal receiver.

Keywords:

JAMMING, STRAY ELECTROMAGNETIC RADIATION, RASTER DISPLAY SYSTEMS, DVI INTERFACE
Pages 127-133

Rudy’kh S.V., Sikarev I.A., Galochkin R.N., Kiselevich G.V.

ELECTROMAGNETIC IMMUNITY OF THE MONITORING SYSTEMS OF AIDS TO NAVIGATION ON THE BASIS OF AUTOMATIC INFORMATION SYSTEMS

Annotation:

The purpose of article is research of questions of fight against the narrow-band hindrances on a range in automated control systems of technical and auxiliary fleet and system of monitoring of navigation signs.

Keywords:

INTERNAL WATERWAYS, AUTOMATED IDENTIFICATION SYSTEMS (AIS), ADDITIVE AND MULTIPLICATIVE INTERFERENCE, COEFFICIENT OF MUTUAL DIFFERENCE (CMD)
Pages 134-139
INFORMATION SECURITY ASPECTS

Anisimov V.G., Anisimov E.G., Zegzhda P.D., Saurenko T.N., Prisyazhnyuk S.P.

INDICATORS TO EVALUATE THE EFFECTIVENESS OF INFORMATION SECURITY SYSTEM OF INFORMATION INTERACTION AT COMPLEX DISTRIBUTED ORGANIZATIONAL MANAGEMENT OBJECTS.

Annotation:

The article deals the indicators to evaluate the effectiveness of information security system of information interaction in complex distributed organizational management objects and the methods of their determination. The methodology laid stochastic representation of a stream of destructive effects on the process of information interaction between the control elements distributed organizational object.

Keywords:

Complex distributed organizational object, information interaction, information security, efficiency, performance
Pages 140-145
EDUCATION PROBLEMS

Kucheryavyi M., Storozhik V., Vovenda J.

ON SECURITY STAFFING IN THE INFORMATION FIELD

Annotation:

The article considers the security staffing issues in the information field. It focuses on activities FSTEC of Russia in the framework of training in the specialty “Information security”. The article deals with a set of measures for the implementation FSTEC of Russia powers of the center of responsibility for determining the annual admission quotas.

Keywords:

information field; security staffing; information security; professional training; responsibility center
Pages 146-150