Quarterly journal published in SPbPU
and edited by prof. Peter Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2019 year
  • 2018 year
  • 2017 year
  • 2016 year
  • 2015 year
  • 2014 year
  • 2013 year
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
    • № 1 2009
      • SOFTWARE SECURITY

        Molyakov A. S.

        KPROCESSOR_CID_TABLE–factoring. New systematic research field of eliminating undeclared vulnerabilities on operation systems

        Annotation:

        In this article author describes new systematic research method of eliminating undeclared vulnerabilities on operation systems by using active kernel context control and scanning of internal process tables. New systematic research field of eliminating undeclared vulnerabilities on Operation Systems is based on using MicroKernel Object specification. KPROCESSOR _CID-table factoring is a new cross platform detail fundamental analysis of internal context_tables of processor executive region.

        Keywords:

        The program, program code, kernel, the identifier.
        Pages 7-18

        Baranov V. A.

        The analysis of second-order code injection vulnerabilities in web-applications

        Annotation:

        This article is devoted to the research of web-application protection against attacks based on second-order code injection. The description of security model, which is used for detection of web-application improper input validation vulnerabilities, and the software tool, based on this model, which helps to find such vulnerabilities, are considered in this article.

        Keywords:

        The web appendix, vulnerability, the data flow, script, shielding, coding.
        Pages 19-24
      • INFORMATION SECURITY ASPECT

        Kalinin M. O.

        The paradigm of parametric security management in information systems

        Annotation:

        The paper reviews the paradigm of information security management, which involves the system configuration fixing, security evaluation of the system state, and system adaptation to the discovered security faults through feed-back control over security settings. The sample using the discussed technique is presented for UNIX-like systems. This technique and the control system based on it allow a procedure of security adaptation to be automated and thus considerably simplified. It forms a fundament for a new class of self- adapting security systems.

        Keywords:

        The protected information systems, safety administration, safety conditions, infringement function.
        Pages 25-33
      • TECHNICAL SOLUTION

        Karetnikov V. V., Sikarev I. A.

        To question of computer simulation of of service arias of high accuracy position systems

        Annotation:

        This article is devoted to very rather up to date issue of the computer simulation of service arias of high accuracy position systems.

        Keywords:

        Signal distribution, radio navigating field, conductivity, distribution of radio-waves.
        Pages 34-37

        Petrenko S. A., Beliaev A. V.

        Threats of safety of digital and IP-office automatic telephone exchanges

        Annotation:

        New kinds of threats of safety of digital and ip-office automatic telephone exchanges are considered.

        Keywords:

        The vocal traffic, digital systems of a telephony, user's line, vocal stream, mix.
        Pages 38-42
      • SPECIAL IT

        Baranov Y. A.

        Developing the thematic access policy in information retrieval systems, on the basis of automatic rubricating

        Annotation:

        In this article it is described the using of automatic rubrication engine for providing the thematic differentiation access to text documents in system. Also in this work algorithm of processing of automatic rubricator is represented and theoretically proved.

        Keywords:

        Thematic differentiation of access to the information, an autorubrication, the information file, training sample.
        Pages 43-48

        Rastorguev S. P., Tokarev R. S.

        About direction of development self-learning techniques in the Internet

        Annotation:

        In the past ten years theory and technology of information security become more durable and always ready to resist to new threats. Today total damage of all system, due to gap on a security system, mostly depends on a user and his knowledge. Thereby than environment is more various then defense is stronger and then threats are more complex. But what will happen if environment has been changed? Environment mandatory will be cardinally changed. To make sure about it enough to look at continuously speed up growth of functional possibilities of the Internet: e-mail, sites, big portals, social networks and so on. And growth isn't going to stop. It is known that new possibilities on the some stage of their development result in qualitative change of environment. To solve security problems in new environment we may be needed in a new theoretical base. In this article we try to research the forming process of self-learning procedures in the World Wide Web. Of course today these procedures are forming by people. But in our opinion we should think about future security problems exactly today.

        Keywords:

        The mechanism of self-training of a global network, the feedback, the structured texts.
        Pages 49-57

        Fedorchenko L. N., Zabolotsky V. P.

        A linguistic tool for security system tasks

        Annotation:

        In the paper we consider new approach of software safety based on syntax-driven control for security. The notion "regularization of a grammar" is presented. CF grammar in a regular form (CFR-grammar) supplied with extended set of operations in regular expressions in the right hand side of rules is discussed. The scheme of CFR grammar regularization has been shown. — Bibl. 7 items.

        Keywords:

        The linguistic toolkit, information protection, security policy formalisation, set corrected grammar, the analysis of the data.
        Pages 58-64
      • APPLIED CRYPTOGRAPHY

        Vorobiev E. G.

        The masking of transferred data on the basis of quantum cryptography

        Annotation:

        The realization of masking of the transferred information on the basis of quantum technologies is considered.

        Keywords:

        Masking of the transferred information, interception of network messages, the protection report, knot of switching of a network.
        Pages 65-70

        Rostovtsev Alexander

        Linear isomorphism between Weierstrassian and Hessian elliptic curves

        Annotation:

        Elliptic curves in Hesse form admit more suitable arithmetic than ones in Weierstrass form. But elliptic curve cryptosystems usually use Weierstrass form. It is known that both those forms are birationally equivalent. Birational equivalence is partially determined and it is relatively hard to compute. We prove that elliptic curves in Hesse form and in Weierstrass form are linearly isomorhic over initial field or its small extension and this equivalence is easy to compute. If cardinality of finite field q є 5 (mod 6) and Frobenius trace T є 0 (mod 3), then equivalence is defined over initial field with high probability. This linear equivalence allows multiplying of an elliptic curve point in Weierstrass form by passing to Hessian curve, computing in this curve and passing back. This speeds up the rate about 1,35 times.

        Keywords:

        Elliptic curve, projective algebraic curve, linear isomorphism of algebraic curves, polynom degree.
        Pages 71-77

        Yakovlev V., Shutyy R.

        Oblivious transfer for bit strings based on noisy channel using interactive hashing

        Annotation:

        We consider oblivious transfer protocol based on noisy channel. We carry out detailed analysis of protocol and it's rate dependence on requirements for given parameters. The modified protocol using interactive hashing for test the receiver's adherence to the protocol is presented which results in increasing protocol rate.

        Keywords:

        The report «Oblivious transfer», probability of an error in the channel.
        Pages 78-91
    • № 2 2009
      • INFORMATION SECURITY ASPECT

        Zabolotsky V. P., Ivanov V. P.

        Rational choozing methods for information security

        Annotation:

        In the paper we consider the methods for choosing rational variant of the information security systems in the items of the driven criterion.

        Keywords:

        Index method, method of a conditional indicator.
        Pages 7-13
      • INFORMATION SECURITY APPLICATION

        Andreev S. V., Dragalchuk V. K., Levin M. P., Sang-min Lee, Sang-bum Suh, Trofimov A. S., Junghyun Yoo

        On the security subsystem of the paravirtualizing environment Secure Xen on ARM

        Annotation:

        This paper describes issues of the security subsystem of the paravirtualized environment Secure Xen on ARM. An application area of this environment is considered. Reasons of using the security subsystem are adduced. The architecture of the security subsystem and it particularly modules are described.

        Keywords:

        Security subsystem of the paravirtualized environment Secure Xen, security policies, the virtual car.
        Pages 14-20
      • APPLIED CRYPTOGRAPHY

        Eremeyen M., Anikevich E., Sergienko P.

        Improvement of the protected electronic document turnover based on new electronic digital signature schemes

        Annotation:

        The authors present the results of the analysis of specific features of up-date systems oа document turnover and shw their advantages and disadvantages. The basic notions of the elliptical curve theory as well as the description of procedures of creating and verifying the electronic digital signature have been considered. The programmed complex for implementing the schemes of creating and verifying the digital signature has been developed. The authors offer new schemes of electronic digital signature.

        Keywords:

        Systems of electronic document circulation, formation and check of the electronic digital signature.
        Pages 21-31

        Sotov L. S., Harin V. N.

        Use of generators of dynamic chaos in systems of information security

        Annotation:

        (Russian)

        В работе обсуждается возможность использования генераторов динамического хаоса в качестве встроенных источников случайных сигналов, работающих в составе систем генерации случайных чисел. Анализируются возможные атаки и безопасность данных генераторов. Сформулированы условия безопасности генераторов динамического хаоса.

        Keywords:

        Dynamic chaos, system of generation of random numbers, cryptographic generators of pseudo-casual sequences.
        Pages 32-37
      • TECHNICAL SOLUTION

        Gnatchenko I. I., Diasamidze S. V., Adadurov A. S.

        System GSM-R – component of train control and guaranteeing safety system: vulnerabilities and neutralization’s methods

        Annotation:

        The general principles of work of the standard of engineering digital-speech communication GSM-R, which is included in the European Train Control System (ETCS), as a subsystem of European Rail Transport Management System (ERTMS) were considered in this article. The common structure of the network GSM-R was considered, and also its main vulnerabilities were marked out. The general approach of this problems solving was offered.

        Keywords:

        General principles of work of the standard of engineering digital-speech communication GSM-R, satellite navigating system - project GALILEO.
        Pages 38-43

        Sikarev I. A.

        Variational-parameter stability zones of automated identification systems under the influence of cross-governmental interference

        Annotation:

        We analyze variation and functional stability of the radius of coverage base station classes AIS1 and AIS2 coefficient of mutual differences and signal interference.

        Keywords:

        Variatsionno-functional stability of radius of an operative range of base station of classes АИС1 and АИС2, a noise stability, time-and-frequency structure of signals.
        Pages 44-47

        Sikarev I. A.

        Variational stability and functional areas of automated identification systems under the influence of interference

        Annotation:

        We analyze variation and functional stability of the radius of coverage base station classes AIS1 and AIS2 coefficient of mutual differences and signal interference.

        Keywords:

        Variatsionno-functional stability of radius of an operative range of base station of classes АИС1 and АИС2, a noise stability, time-and-frequency structure of signals.
        Pages 48-51

        Shishkin I. F., Sergushev A. G.

        Contrasting reception of signals with the trassologicheskikh observations

        Annotation:

        Scientific school in the region of the radar of sea surface with the North Western state external technical university.

        Keywords:

        A radar-location, the peak characteristic of the receiver, additive correlated hindrances.
        Pages 52-59

        Zigulin G. P., Pechenevskiy Y. A.

        Methodical approach to aforecasting of informational attacks of automated control systems

        Annotation:

        Methodical approach to aforecasting of informational attacks of automated control systems is stated.

        Keywords:

        Forecasting of information attacks, selection of empirical formulas, approximation, interpolation.
        Pages 60-63
    • № 3 2009
      • INFORMATION SECURITY ASPECT

        Belim S. V., Bogachenko N. F.

        Building the role-based security policy on the directed graph

        Annotation:

        One of the possible approaches in the building the role-based security policy on the directed graph is presented. Various transformations of hierarchy of roles, depending on what sign is more significant: the absence of cycles or the optimality are considered in this article.

        Keywords:

        Security policy, access differentiation, hierarchy of roles.
        Pages 7-17

        Rakitskiy Yu. S., Belim S. V.

        A role-based access control model for standard of security policy ABISS-1.0-2008

        Annotation:

        In the paper we consider the methods for choosing rational variant of the information security systems in the items of the driven criterion.

        Keywords:

        Role security policies, security policy formalising.
        Pages 18-22
      • INFORMATION SECURITY APPLICATION

        Lysenko A. G.

        Information security system building based on the risks assessment

        Annotation:

        The model of information security system choice was described. The technique of information security system building based on the risks assessments was reviewed.

        Keywords:

        Estimation of risks, the safety analysis, protection system.
        Pages 23-28

        Yastrebov I. S.

        Role-based user authorization in equipment control system

        Annotation:

        Given the significant dangers of Large Hadron Collider (LHC) operations, access control to the accelerator controls system is required. Role-Based Access Control (RBAC) was designed in order to protect the equipment from accidental and unauthorized access. This paper describes a new mathematical model of protection the distributed control system, based on role-based access control concept. It also contains the overview of authorization, the main component of the system.

        Keywords:

        Unauthorized access, system of locking of power supplies, access on the basis of roles.
        Pages 29-40
      • APPLIED CRYPTOGRAPHY

        (Russian)

        Жуков И. Ю.,

        г. Москва, ОАО «ВНИИНС»

         

        Михайлов Д. М., Шустова Л. И.

        г. Москва, НИЯУ «МИФИ»

        Authentication protocol for RFID systems

        Annotation:

        This article concerns security aspects of buildings control and automation systems development. Nowadays RFID technology is often used in automation systems. In most cases RFID solutions are installed in airports, stadiums, distributor centers and factories. This makes human life highly dependant on security aspects on the innovative technology. Unfortunately the RFID technology is not as safe to computer viruses attacks as most believe it is. In this article new protocol is presented that proves to be safe and effective to prevent most common attacks on RFID technology.

        Keywords:

        System of automation of handle of a building, a method of automatic identification of objects, cloning of labels, information interception, unapproved reading of labels, distortion of the transferred information.
        Pages 41-45

        Lomako A. G., Eremeev M. A., Novikov V. A., Gnidko K. O., Goremykin D. V.

        The method of flaws location in binary memory dumps

        Annotation:

        The multimodel approach to revelation of harmful effects in binary memory dumps is being researched. The basic stages of the method of revelation of undocumented features under conditions of source code absence is considered.

        Keywords:

        The multimodelling approach, harmful constructions, creation of structure of calculations.
        Pages 46-49

        Rostovtsev A. G.

        Changing probabilities of differentials and linear sums using virtual isomorphisms

        Annotation:

        Ciphers y = C(x, k) and ² = ‚(±, ¤) are isomorphic if there exists invertible computable in both directions map y « ², x « ±, k « ¤. Cipher is vulnerable if and only if isomorphic cipher is vulnerable. Instead of computing the key of a cipher it is sufficient to find suitable isomorphic cipher and compute its key. If j is arbitrary substitution and T is round substitution, its conjugate “ = jTj-1 is cipher isomorphism. Conjugate substitutions have the same cycle type. Conjugation can be composed with affine maps.

        Application this method to AES gives affine conjugate substitution. Images of XOR with round key and diffusion map become non-linear. But they possess differentials and linear sums of high probability (8-12 times more then corresponding values of original S-box).

        Keywords:

        Finite binary mappings, ciphers, substitution differential.
        Pages 50-60
      • TECHNICAL SOLUTION

        Antonov V. A., Pshenitsyn K. V.

        The analysis of spectra of nonlinear diffusion of signals of satellite system «Globalstar»

        Annotation:

        Classical circuits of Markov for the description of spectra processes of diffusion are considered at the organization of the passing of the ships on sluice of internal waterways. A necessary part of such structures is satellite channels of transfer as signals of communication, and radionavigation.

        The purpose of work is development of the general algorithm for calculation of spectra of nonlinear diffusion without use of factor of correlation on the basis of classical circuits of Markov when conditions and time are continuous.

        Keywords:

        Chains of Markova, a spectral density, a population mean.
        Pages 61-65

        Karetnikov V. V., Sikarev I. A.

        Influence of the hindrances concentrated on a spectrum on the size of a working zone of the automated information systems

        Annotation:

        The question of influence of hindrances of a various origin on range of action of base stations of automatic information system is considered.

        Keywords:

        Automatic intelligence system, noise, signals, interferences of radio resources.
        Pages 66-69
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year