Quarterly journal published in SPbPU
and edited by prof. Peter Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2019 year
  • 2018 year
  • 2017 year
  • 2016 year
  • 2015 year
  • 2014 year
  • 2013 year
    • № 1 2013
      • SECURE OPERATING SYSTEMS AND TRUSTED ENVIRONMENT

        Zegzhda D. P., Nikolskiy A. V.

        Formal security model for virtual machine hypervisors in cloud systems

        Annotation:

        This article contains a definition of formal security model for virtual machine hypervisors in cloud systems based on graph theory. This formal model defines security properties and data access operations hierarchy executing inside virtual machines and hypervisors in the cloud. Purposed model allows formalizing major security issues of cloud systems, to define tasks for hypervisor security with solution methods and to define security condition for the virtual machine hypervisor.

        Keywords:

        Cloud computing, hypervisor security, virtualization, graph theory, virtual machine.
        Pages 7-19

        Kornienko A. A., Glukharev M. L.

        Method of formal verification and relational database safety analysis based on integrity demands metamodel

        Annotation:

        Constraints and triggers verification in databases is an actual area of scientific researches and practical activities. This article considers a method of formal verification which is based on integrity demands metamodel and allows to check a functional correctness of constraints and triggers in relational databases.

        Keywords:

        Functional correctness, formal verification, integrity demand, constraint, trigger, bunch of triggers, formal specificator.
        Pages 20-27
      • INFORMATION SECURITY APPLICATION

        Boran-Keshishyan A. L.

        New generalized model of software reliability assessment of modern training simulator systems based on probability-possibility submission

        Annotation:

        This paper proposes new generalized model of software reliability assessment of modern training simulator systems based on probability-possibility submission.

        Keywords:

        Software reliability of training simulator systems, fuzzy-probability model, software failure.
        Pages 28-32

        Kalinin M. O., Pavlenko E. Y.

        Providing fault-tolerance and high availability in software-defined networks by multiobjective optimization based equipment control of quality of service parameters

        Annotation:

        The paper discusses method of control and functional efficiency measuring proposed for software-defined networks (SDN). Methods are based on multiobjective optimization done on the set of quality of service (QoS) parameters of network traffic streams. Methods provide traffic balancing, performance, availability and fault-tolerance increasing for OpenFlow-switches and routers being used in SDN.

        Keywords:

        Software-defined network, availability, fault-tolerance, network, control, OpenFlow, SDN, TOS, QoS.
        Pages 33-39

        Kalinin M. O., Pavlenko E. Y.

        Providing higher availability for OpenFlow-compatible devices in software-defined networks

        Annotation:

        The paper proposes method of providing high availability in software-defined networks (SDN). Method is based on calculation of routing rules priority and allows reducing the routing time lag up to 35%.

        Keywords:

        Software-defined network, availability, network, control, OpenFlow, TOS.
        Pages 40-43
      • NETWORK AND TELECOMMUNICATION SECURITY

        Desnitsky V. A., Kotenko I. V.

        Configuration based design of secure embedded devices

        Annotation:

        The paper proposes a model for designing secure embedded devices on the basis of combinations of particular security components. A notion of configuration is introduced. It represents a set of security components, which provide the device with some security functional. Through an analysis of components’ properties a set of admissible configurations is formed and used to deduce the most effective ones on the base of set optimality criteria. Architecture of a software tool of the configuration mechanism is presented on the basis of UML diagrams. A demonstration example of embedded devices is given to highlight applicability of the model in practice.

        Keywords:

        Configuration, UML diagrams, security functional.
        Pages 44-54

        Pechenkin A. I., Lavrova D. S.

        Parallel network traffic processing on multiprocessor clusters for security analysis of transferred objects

        Annotation:

        Nowadays systems of network traffic security analysis have to evaluate characteristics of large volumes of traffic for security analysis. Proposed architecture of a system of network traffic parallel processing on multiprocessor clusters which allows to eliminate existing deficiencies of platforms for traffic processing for security analysis and to reduce redundancies for traffic processing by switching equipment and network secure systems.

        Keywords:

        Network traffic, multiprocessor cluster, load-balancing, network traffic analysis.
        Pages 55-62

        Pechenkin A. I., Nikolskiy A. V.

        Architecture of scalable system, based on multiprocessor cluster and designed for network protocol fuzzing

        Annotation:

        An important task in the field of information security is to find bugs and vulnerabilities in operating systems, implementations of network protocols and software products. One of the most popular approaches to vulnerability scanning nowadays is fuzzing. It is popular due to high level of automatization abilities, but at the same time fuzzing usually requires a lot of time resources. Proposed network protocol fuzzing system architecture is based on implementation of multiprocessor x86-server architecture and virtualization technology. This feature allows to organize parallel fuzzing and therefore significantly reduce time amount, required for vulnerability scan. Moreover, applied methods provide high scalability of fuzzing system.

        Keywords:

        Vulnerability scan, fuzzing, network traffic, multiprocessor cluster, load balancing.
        Pages 63-72

        Khorkov D., Gaydamakin N.

        Extending Petri net apparatus for modeling of computer attacks

        Annotation:

        This paper presents a simulation model of computer attack for synthesizing of network traffic. The generated traffic is then used for testing and evaluation of network intrusion detection systems. The model is based on the mathematical apparatus of generalized stochastic Petri Nets with special delays, inhibitor arcs and weighted transitions.

        Keywords:

        Computer attacks, computer attack model, testing methodology, network traffic, Petri nets.
        Pages 73-80
      • APPLIED CRYPTOGRAPHY

        Belim S. V., Shereshik A. Yu.

        Implementation and testing of hash functions based on two-dimensional Ising model

        Annotation:

        This paper proposes an algorithm to hash the data, based on the increase of entropy in the simulation of physical processes. As a system of two-dimensional Ising model is selected. A computer experiment to detect collisions and determine the avalanche effect.

        Keywords:

        Hash function, algorithm to hash the data, Ising model.
        Pages 81-86

        Kulakov А., Makhovenko E.

        Analysis of identity-based broadcasting schemes

        Annotation:

        Under unsecured channel Id-based cryptography allows secured transmitting the same data to multiple users more efficiently (for large number of receivers) than classical public key cryptography. In order to form recommendations of choosing some scheme based on the requirements of the system (public or private system, how often a set of receivers is change, the level of security, etc.) different Id-based Broadcasting schemes are analyzed.

        Keywords:

        ID-based cryptography, bilinear-maps, broadcast encryption, access control.
        Pages 87-97

        Rostovtsev A. G.

        Virtual isomorphisms of ciphers: is AES secure against differential / linear attacks?

        Annotation:

        In [11] author proposed the method of virtual isomorphisms for cryptanalysis. Ciphers y = C(x, k) and Y= D(X, K) are isomorphic if there exists invertible computable in both directions map y <-> Y, x <-> X, k <-> K. Cipher is vulnerable to an attack iff isomorphic cipher is vulnerable to it. If S is a substitution and T is encryption operator, its conjugate STS-1 is cipher isomorphism. For cryptanalysis it is useful to choose S in such a way, that it has many fixed points. It is shown that j has at most 130 fixed points. Isomorphic AES (IAES) is proposed that has one non-linear operation - isomorphic image of XOR. Maximal probabilities of differentials are increased by 8.5 times; maximal bias is increased by 3 times. IAES has differentials with zero output difference of probability 1. Briefly the strength of AES against differential/linear attacks is decreased to a square root of initial strength.

        Keywords:

        Virtual isomorphism, cryptanalysis, isomorphic cipher.
        Pages 98-115

        Sizonenko A. B.

        Increase computing performance function of crypto-graphic complexity blocks

        Annotation:

        The functions of filter and combining generators are presented as systems of logical functions. Polynomials over the integers, describing the operation of several steps of filtering and combining generators are constructed. The possibility of parallelizing the computation of the cryptographic functions of the blocks of filter and combining generators by using the resources of calculators, oriented on the arithmetic operations of addition and multiplication is considered.

        Keywords:

        Stream cipher, filter generator, combining generator, polynomial over the integers.
        Pages 116-121
      • TECHNICAL SOLUTION

        Eskov V. S.

        Method of recovery between the active compounds with the use of programmable resources adapted backtracking algorithm

        Annotation:

        The use of algorithms and methods for inverse design allows us to understand the principle of a series of FPGAs Virtex, evaluate the work of the target device, according to the stated specifications.

        Keywords:

        FPGA, reverse engineer, backtracking.
        Pages 122-126
      • FUNDAMENTAL THEORY OF INFORMATION CONFRONTATION

        Volkova T. A., Rudy’kh S. V., Sikarev I. A.

        Electromagnetic immunity of functionally steady automated identification systems with simple signals at influence narrow-band hindrances

        Annotation:

        The article is devoted to the questions of electromagnetic immunity of automated identification systems (AIS) with simple signals at influence narrow-band hindrances.

        Keywords:

        Automated identification systems, mutual interference, radio signals, coefficient of mutual difference.
        Pages 127-131
      • ASPECTS OF INFORMATION SECURITY

        Azhmuhamedov I. M.

        System analysis and management social engineering systems of integrated security

        Annotation:

        On the basis of systematic approach formulates the principles and methods of building fuzzy cognitive models poorly structured and bad formalizable social engineering integrated information security systems. It was developed a method of synthesis of fuzzy control solutions together with a minimum of «cost».

        Keywords:

        System approach, fuzzy cognitive modelling, weight fishburnes, similarity index, synthesis of control solutions.
        Pages 132-150

        Polubelova O. V., Kotenko I. V.

        The technique of filtering rules verification by model checking

        Annotation:

        The paper outlines a model checking based technique for verification of filtering rules of firewalls which is aimed to detect filtering anomalies. The paper proposes the main components of the technique – the models of the computer network, the firewall and filtering anomalies, as well as the algorithm of detection of such anomalies. The paper discusses the implementation aspects of the verification system – the architecture and the class diagram, and the results of experiments fulfilled.

        Keywords:

        Model checking, verification of filtering rules, anomaly detection, firewall, temporal logics.
        Pages 151-168
    • № 2 2013
      • INFORMATION SECURITY APPLICATION

        Belim S. V., Prokhorov R. S.

        Behavioristic proccess identification

        Annotation:

        In this paper, the approach for the identification of the process by its behavior is considered. The approach is based on the transformation of the events flow to the container flow of events and the use of this flow for inputting to intelligent analyzer built with neural network. Options of needed conversions are described in detail.

        Keywords:

        Process identification, information security, neural network.
        Pages 7-12

        Biryukov D. N., Lomako A. G.

        Approach to creation of system of cyber-threats preventing

        Annotation:

        The article suggests approach to building a multi-level hierarchical cybernetic anticipation-capable system. Constructed and justified tree of problems whose solution should allow cyber-system implement prevention of computer attacks.

        Keywords:

        Anticipation, computer attacks, multi-level hierarchical cybernetic system.
        Pages 13-19

        Yeremeyev M. A., Gorbachev I. E.

        To the question of use of the stochastic superindicator in tasks of estimation of security of information in automated systems

        Annotation:

        Approach to the analysis of security of automated system is considered. Accidental character of number of the new vulnerabilities which are showing in use of automated system is researched. Necessary formalization for the quantitative estimation of the security, based on methods of the theory of stochastic indication is provided.

        Keywords:

        Automated system, vulnerability, security estimation, probability of violation of security.
        Pages 20-25

        Suprun A. F.

        The approach to the estimation of sufficiency of measures of a software to complex protection of the confidential information

        Annotation:

        The algorithm of creation of end-to-end system of monitoring of security level of potential channels of information leakage with reference to the structures, engaged in handling of the confidential information is offered. The technology of estimation of sufficiency of protection measures, including technique of determination of a level of threat of the confidential information is offered. The technique on carrying out of ranging of technical channels of information leakage is presented.

        Keywords:

        Information security, system of monitoring.
        Pages 26-31
      • NETWORK AND TELECOMMUNICATION SECURITY

        Belim S. V., Pozdnyakov S. A.

        Intrusion detection system based on three coordinated neural networks

        Annotation:

        In this paper, proposed a scheme of intrusion detection system, the analyzer is implemented using three different neural networks. Two approaches to the construction of the module output matching neural networks - just a coincidence scheme and analytic hierarchy process.. The computer experiment using a test KDD99. It is shown that the proposed schemes can produce more high performance intrusion detection system compared to an approach that uses only one neural network.

        Keywords:

        (Russian) Системы обнаружения вторжений, нейронные сети, метод анализа иерархий.
        Pages 32-36

        Kalinin M. O., Vert N. S.

        Quality service providing in software-defined networks

        Annotation:

        The paper discusses method of software-defined networks control based on monitoring of quality parameters. The method allows to balance the network traffic providing high-availability and fault-tolerance of OpenFlow-switches.

        Keywords:

        Software-defined network, availability, fault-tolerance, control, OpenFlow, SDN, TOS.
        Pages 37-42

        Kalinin M. O., Pavlenko E. Y.

        Substantiation and selection of control effectiveness evaluation criteria for software defined networks

        Annotation:

        The paper discusses criteria for effectiveness estimation of software-defined networks control methods and solutions.

        Keywords:

        Software-defined network, control, OpenFlow, SDN.
        Pages 43-45
      • SPECIAL IT

        Volkova T. A., Rudy’kh S. V., Sikarev I. A.

        Assessment of electromagnetic immunity in variation of structure of difficult signals for adaptation in functionally steady automated identification systems at influence narrow-band (mutual) hindrances

        Annotation:

        The article shows assessment of efficiency and electromagnetic immunity in variation of difficult signals in the automated identification systems at influence narrow-band hindrances.

        Keywords:

        Automated identification systems (AIS), mutual interference, difficult signals, coefficient of mutual difference (CMD).
        Pages 46-53

        Nyrkov A. P., Katorin U. F., Sokolov S. S., Ezgurov V. N.

        Basic principles to safe construction system of automated management transport–logistical complex

        Annotation:

        The basic conceptual approaches of construction of the automated information control system are considered by a transport-logistical complex. Theoretical preconditions to maintenance of communication channels and objects of management with allocation of necessary technologies of maintenance of their safe functioning are presented.

        Keywords:

        Automation on transport, information security, safety of information systems, safety of the automated systems, architecture of safe system.
        Pages 54-58
      • SOFTWARE SECURITY

        Pechenkin A. I., Lavrova D. S.

        Formalization of the process of network protocols fuzzing and classification of vulnerabilities

        Annotation:

        Nowadays fuzzing is one of the most effective methods to identify security issues of programs and information systems, network protocols and web-resources. Proposed a formal description of network protocols as a set of processes of transition from state to state, which allows to detect vulnerabilities of network protocols based on the generation of the input data and analysis states of network protocols processes.

        Keywords:

        Fuzzing, formal description, model, vulnerability classification, buffer overflow.
        Pages 59-67
    • № 3 2013
      • INFORMATION SECURITY ASPECT

        Bogachenko N. F., Belim S. V., Belim S. Yu.

        Using analytic hierarchy process for building of role based access control

        Annotation:

        In this article the questions of the distribution of powers between users in computer systems with role-based access control are investigated. The main attention is focused on adding a new member to the hierarchy of roles. For selecting one of several alternatives the method of analytic hierarchy process is used. We give a rationale for the selection criteria for the formation of a hierarchy first level.

        Keywords:

        Role based access control, authorization, leakage powers, analytic hierarchy process, algorithmic complexity.
        Pages 7-17

        Usov S. V.

        On relations between object-oriented and subject-object discretionary models of computer system

        Annotation:

        It is shown that object-oriented HRU model of computer system is more general case of subject-object HRU model as well as of Typed Access Matrix (TAM) model. Some subject-object safety cases transferred to object-oriented HRU model.

        Keywords:

        Discretionary safety models, object-oriented computer systems, HRU.
        Pages 18-26
      • INFORMATION SECURITY APPLICATION

        Mizyukin A. V., Moskvin D. A.

        On estimation of complexity of face recognition problem with the use of principles of fractal image compression

        Annotation:

        This article describes an approach to solve the problem of identifying individuals with static or dynamic images, which uses the idea of a fractal image compression. The algorithms for processing etalon and current images are submitted. For the proposed algorithms computational complexity is approximated. In comparison to many other recognition algorithms the complexity of processing of the current image is linear in the size of the image. The disadvantages are the high complexity of the algorithm processing the etalon image and the linear dependence of the recognition speed of individual base’s size, but this algorithm can be effectively parallelized, e.g. with computing on GPU.

        Keywords:

        (Russian) Фрактальное сжатие, выделение лиц, распознавание лиц.
        Pages 27-39
      • SECURE OPERATING SYSTEMS AND TRUSTED ENVIRONMENT

        Nikolskiy A. V.

        Virtualization software cyber-attack formal model and vulnerability metric of hypervisors

        Annotation:

        Paper contains a definition of formal model for cyber-attacks targeting virtualization software including hypervisors. This model allows defining a condition of hypervisor security based on low vulnerability properties. Model includes a definition of artifacts and vulnerability metric of hypervisor. Using this metric to differentiate multiple implementations of hypervisors and virtualization technics can guide to secure hypervisor architecture.

        Keywords:

        Secure hypervisor, virtualization, formal model, cyber-attack, vulnerability metric.
        Pages 40-48
      • APPLIED CRYPTOGRAPHY

        Babash A. V., Kudiyarov D. S.

        On the period of functioning random number generator IA

        Annotation:

        Sufficient conditions under which the periods of the sequences of maps generator IA divisible by 2n.

        Keywords:

        Automatic, random number generator, a sequence of maps.
        Pages 49-54

        Baranov A. P.

        About potential of using adaptive filtering of signals for estimation the Mahlanobis’s distance

        Annotation:

        In this article the estimation of Mahlanobis’s distance” is observed, in conditions of dual channel receiving of binary signal. The biggest value of the probability value – correct receiving of signal – is corresponded to the biggest Mahlanobis’s distance, what is equal to the setting filter of interference in optimal state. The importance of estimation value is postulated by the size of controlling zone that is necessary before being provided the secured state of processing information, which is existed in spurious emission and is regulated by recommendations of FSTEK of Russia. Unlike to works made and published before the algorithms of estimation of value , which aren’t using the information about training, binary, referent sequence, are proposed. For dual channel receiving mode two types of algorithms are considered: moving estimates and Widrow-Hoff stochastic gradient descent.

        Keywords:

        Spurious emission, interference filter, Mahlanobis’s distance.
        Pages 55-61

        Tikhonov S., Korzhik V.

        Method of hardware implemented gost cipher protection against DPA and HODPA attacks

        Annotation:

        We propose a method to protect a hardware implemented GOST cipher against side attacks on power consumption. It is based on a changing of conventional S-boxes to modified S-boxes with extension of substitution tables and with the use of random masks. We prove that such scheme is resistant against all known attacks based on the concept of DPA and HODPA.

        Keywords:

        Secret key, algorithm GOST, DPA and HODPA attacks, S-boxes, random masks.
        Pages 62-72
      • SPECIAL IT

        Vert N. S., Volkova A. S., Zegzhda D. P., Kalinin M. O.

        Providing stable functioning for conveyor-parallel computing systems on cloud platform

        Annotation:

        The paper discusses model and algorithm of process scheduling for conveyor-parallel programs. Solution is based on monitoring of resource consumption and implemented in cloud framework what provides secure and highly available high-speed data processing due to hardware isolation, resource use control and optimization, and adaptive distribution of computational load.

        Keywords:

        Virtual machine, conveyor-parallel program, computational load, cloud platform, resource.
        Pages 73-81
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year