Zegzhda D. P., Nikolskiy A. V.
This article contains a definition of formal security model for virtual machine hypervisors in cloud systems based on graph theory. This formal model defines security properties and data access operations hierarchy executing inside virtual machines and hypervisors in the cloud. Purposed model allows formalizing major security issues of cloud systems, to define tasks for hypervisor security with solution methods and to define security condition for the virtual machine hypervisor.
Keywords:Cloud computing, hypervisor security, virtualization, graph theory, virtual machine.
Kornienko A. A., Glukharev M. L.
Constraints and triggers verification in databases is an actual area of scientific researches and practical activities. This article considers a method of formal verification which is based on integrity demands metamodel and allows to check a functional correctness of constraints and triggers in relational databases.
Keywords:Functional correctness, formal verification, integrity demand, constraint, trigger, bunch of triggers, formal specificator.
Boran-Keshishyan A. L.
This paper proposes new generalized model of software reliability assessment of modern training simulator systems based on probability-possibility submission.
Keywords:Software reliability of training simulator systems, fuzzy-probability model, software failure.
Kalinin M. O., Pavlenko E. Y.
The paper discusses method of control and functional efficiency measuring proposed for software-defined networks (SDN). Methods are based on multiobjective optimization done on the set of quality of service (QoS) parameters of network traffic streams. Methods provide traffic balancing, performance, availability and fault-tolerance increasing for OpenFlow-switches and routers being used in SDN.
Keywords:Software-defined network, availability, fault-tolerance, network, control, OpenFlow, SDN, TOS, QoS.
Kalinin M. O., Pavlenko E. Y.
The paper proposes method of providing high availability in software-defined networks (SDN). Method is based on calculation of routing rules priority and allows reducing the routing time lag up to 35%.
Keywords:Software-defined network, availability, network, control, OpenFlow, TOS.
Desnitsky V. A., Kotenko I. V.
The paper proposes a model for designing secure embedded devices on the basis of combinations of particular security components. A notion of configuration is introduced. It represents a set of security components, which provide the device with some security functional. Through an analysis of components’ properties a set of admissible configurations is formed and used to deduce the most effective ones on the base of set optimality criteria. Architecture of a software tool of the configuration mechanism is presented on the basis of UML diagrams. A demonstration example of embedded devices is given to highlight applicability of the model in practice.
Keywords:Configuration, UML diagrams, security functional.
Pechenkin A. I., Lavrova D. S.
Nowadays systems of network traffic security analysis have to evaluate characteristics of large volumes of traffic for security analysis. Proposed architecture of a system of network traffic parallel processing on multiprocessor clusters which allows to eliminate existing deficiencies of platforms for traffic processing for security analysis and to reduce redundancies for traffic processing by switching equipment and network secure systems.
Keywords:Network traffic, multiprocessor cluster, load-balancing, network traffic analysis.
Pechenkin A. I., Nikolskiy A. V.
An important task in the field of information security is to find bugs and vulnerabilities in operating systems, implementations of network protocols and software products. One of the most popular approaches to vulnerability scanning nowadays is fuzzing. It is popular due to high level of automatization abilities, but at the same time fuzzing usually requires a lot of time resources. Proposed network protocol fuzzing system architecture is based on implementation of multiprocessor x86-server architecture and virtualization technology. This feature allows to organize parallel fuzzing and therefore significantly reduce time amount, required for vulnerability scan. Moreover, applied methods provide high scalability of fuzzing system.
Keywords:Vulnerability scan, fuzzing, network traffic, multiprocessor cluster, load balancing.
Khorkov D., Gaydamakin N.
This paper presents a simulation model of computer attack for synthesizing of network traffic. The generated traffic is then used for testing and evaluation of network intrusion detection systems. The model is based on the mathematical apparatus of generalized stochastic Petri Nets with special delays, inhibitor arcs and weighted transitions.
Keywords:Computer attacks, computer attack model, testing methodology, network traffic, Petri nets.
Belim S. V., Shereshik A. Yu.
This paper proposes an algorithm to hash the data, based on the increase of entropy in the simulation of physical processes. As a system of two-dimensional Ising model is selected. A computer experiment to detect collisions and determine the avalanche effect.
Keywords:Hash function, algorithm to hash the data, Ising model.
Kulakov А., Makhovenko E.
Under unsecured channel Id-based cryptography allows secured transmitting the same data to multiple users more efficiently (for large number of receivers) than classical public key cryptography. In order to form recommendations of choosing some scheme based on the requirements of the system (public or private system, how often a set of receivers is change, the level of security, etc.) different Id-based Broadcasting schemes are analyzed.
Keywords:ID-based cryptography, bilinear-maps, broadcast encryption, access control.
Rostovtsev A. G.
In  author proposed the method of virtual isomorphisms for cryptanalysis. Ciphers y = C(x, k) and Y= D(X, K) are isomorphic if there exists invertible computable in both directions map y <-> Y, x <-> X, k <-> K. Cipher is vulnerable to an attack iff isomorphic cipher is vulnerable to it. If S is a substitution and T is encryption operator, its conjugate STS-1 is cipher isomorphism. For cryptanalysis it is useful to choose S in such a way, that it has many fixed points. It is shown that j has at most 130 fixed points. Isomorphic AES (IAES) is proposed that has one non-linear operation - isomorphic image of XOR. Maximal probabilities of differentials are increased by 8.5 times; maximal bias is increased by 3 times. IAES has differentials with zero output difference of probability 1. Briefly the strength of AES against differential/linear attacks is decreased to a square root of initial strength.
Keywords:Virtual isomorphism, cryptanalysis, isomorphic cipher.
Sizonenko A. B.
The functions of filter and combining generators are presented as systems of logical functions. Polynomials over the integers, describing the operation of several steps of filtering and combining generators are constructed. The possibility of parallelizing the computation of the cryptographic functions of the blocks of filter and combining generators by using the resources of calculators, oriented on the arithmetic operations of addition and multiplication is considered.
Keywords:Stream cipher, filter generator, combining generator, polynomial over the integers.
Eskov V. S.
The use of algorithms and methods for inverse design allows us to understand the principle of a series of FPGAs Virtex, evaluate the work of the target device, according to the stated specifications.
Keywords:FPGA, reverse engineer, backtracking.
Volkova T. A., Rudy’kh S. V., Sikarev I. A.
The article is devoted to the questions of electromagnetic immunity of automated identification systems (AIS) with simple signals at influence narrow-band hindrances.
Keywords:Automated identification systems, mutual interference, radio signals, coefficient of mutual difference.
Azhmuhamedov I. M.
On the basis of systematic approach formulates the principles and methods of building fuzzy cognitive models poorly structured and bad formalizable social engineering integrated information security systems. It was developed a method of synthesis of fuzzy control solutions together with a minimum of «cost».
Keywords:System approach, fuzzy cognitive modelling, weight fishburnes, similarity index, synthesis of control solutions.
Polubelova O. V., Kotenko I. V.
The paper outlines a model checking based technique for verification of filtering rules of firewalls which is aimed to detect filtering anomalies. The paper proposes the main components of the technique – the models of the computer network, the firewall and filtering anomalies, as well as the algorithm of detection of such anomalies. The paper discusses the implementation aspects of the verification system – the architecture and the class diagram, and the results of experiments fulfilled.
Keywords:Model checking, verification of filtering rules, anomaly detection, firewall, temporal logics.
Belim S. V., Prokhorov R. S.
In this paper, the approach for the identification of the process by its behavior is considered. The approach is based on the transformation of the events flow to the container flow of events and the use of this flow for inputting to intelligent analyzer built with neural network. Options of needed conversions are described in detail.
Keywords:Process identification, information security, neural network.
Biryukov D. N., Lomako A. G.
The article suggests approach to building a multi-level hierarchical cybernetic anticipation-capable system. Constructed and justified tree of problems whose solution should allow cyber-system implement prevention of computer attacks.
Keywords:Anticipation, computer attacks, multi-level hierarchical cybernetic system.
Yeremeyev M. A., Gorbachev I. E.
Approach to the analysis of security of automated system is considered. Accidental character of number of the new vulnerabilities which are showing in use of automated system is researched. Necessary formalization for the quantitative estimation of the security, based on methods of the theory of stochastic indication is provided.
Keywords:Automated system, vulnerability, security estimation, probability of violation of security.
Suprun A. F.
The algorithm of creation of end-to-end system of monitoring of security level of potential channels of information leakage with reference to the structures, engaged in handling of the confidential information is offered. The technology of estimation of sufficiency of protection measures, including technique of determination of a level of threat of the confidential information is offered. The technique on carrying out of ranging of technical channels of information leakage is presented.
Keywords:Information security, system of monitoring.
Belim S. V., Pozdnyakov S. A.
In this paper, proposed a scheme of intrusion detection system, the analyzer is implemented using three different neural networks. Two approaches to the construction of the module output matching neural networks - just a coincidence scheme and analytic hierarchy process.. The computer experiment using a test KDD99. It is shown that the proposed schemes can produce more high performance intrusion detection system compared to an approach that uses only one neural network.
Keywords:(Russian) Системы обнаружения вторжений, нейронные сети, метод анализа иерархий.
Kalinin M. O., Vert N. S.
The paper discusses method of software-defined networks control based on monitoring of quality parameters. The method allows to balance the network traffic providing high-availability and fault-tolerance of OpenFlow-switches.
Keywords:Software-defined network, availability, fault-tolerance, control, OpenFlow, SDN, TOS.
Kalinin M. O., Pavlenko E. Y.
The paper discusses criteria for effectiveness estimation of software-defined networks control methods and solutions.
Keywords:Software-defined network, control, OpenFlow, SDN.
Volkova T. A., Rudy’kh S. V., Sikarev I. A.
The article shows assessment of efficiency and electromagnetic immunity in variation of difficult signals in the automated identification systems at influence narrow-band hindrances.
Keywords:Automated identification systems (AIS), mutual interference, difficult signals, coefficient of mutual difference (CMD).
Nyrkov A. P., Katorin U. F., Sokolov S. S., Ezgurov V. N.
The basic conceptual approaches of construction of the automated information control system are considered by a transport-logistical complex. Theoretical preconditions to maintenance of communication channels and objects of management with allocation of necessary technologies of maintenance of their safe functioning are presented.
Keywords:Automation on transport, information security, safety of information systems, safety of the automated systems, architecture of safe system.
Pechenkin A. I., Lavrova D. S.
Nowadays fuzzing is one of the most effective methods to identify security issues of programs and information systems, network protocols and web-resources. Proposed a formal description of network protocols as a set of processes of transition from state to state, which allows to detect vulnerabilities of network protocols based on the generation of the input data and analysis states of network protocols processes.
Keywords:Fuzzing, formal description, model, vulnerability classification, buffer overflow.
Bogachenko N. F., Belim S. V., Belim S. Yu.
In this article the questions of the distribution of powers between users in computer systems with role-based access control are investigated. The main attention is focused on adding a new member to the hierarchy of roles. For selecting one of several alternatives the method of analytic hierarchy process is used. We give a rationale for the selection criteria for the formation of a hierarchy first level.
Keywords:Role based access control, authorization, leakage powers, analytic hierarchy process, algorithmic complexity.
Usov S. V.
It is shown that object-oriented HRU model of computer system is more general case of subject-object HRU model as well as of Typed Access Matrix (TAM) model. Some subject-object safety cases transferred to object-oriented HRU model.
Keywords:Discretionary safety models, object-oriented computer systems, HRU.
Mizyukin A. V., Moskvin D. A.
This article describes an approach to solve the problem of identifying individuals with static or dynamic images, which uses the idea of a fractal image compression. The algorithms for processing etalon and current images are submitted. For the proposed algorithms computational complexity is approximated. In comparison to many other recognition algorithms the complexity of processing of the current image is linear in the size of the image. The disadvantages are the high complexity of the algorithm processing the etalon image and the linear dependence of the recognition speed of individual base’s size, but this algorithm can be effectively parallelized, e.g. with computing on GPU.
Keywords:(Russian) Фрактальное сжатие, выделение лиц, распознавание лиц.
Nikolskiy A. V.
Paper contains a definition of formal model for cyber-attacks targeting virtualization software including hypervisors. This model allows defining a condition of hypervisor security based on low vulnerability properties. Model includes a definition of artifacts and vulnerability metric of hypervisor. Using this metric to differentiate multiple implementations of hypervisors and virtualization technics can guide to secure hypervisor architecture.
Keywords:Secure hypervisor, virtualization, formal model, cyber-attack, vulnerability metric.
Babash A. V., Kudiyarov D. S.
Sufficient conditions under which the periods of the sequences of maps generator IA divisible by 2n.
Keywords:Automatic, random number generator, a sequence of maps.
Baranov A. P.
In this article the estimation of Mahlanobis’s distance” is observed, in conditions of dual channel receiving of binary signal. The biggest value of the probability value – correct receiving of signal – is corresponded to the biggest Mahlanobis’s distance, what is equal to the setting filter of interference in optimal state. The importance of estimation value is postulated by the size of controlling zone that is necessary before being provided the secured state of processing information, which is existed in spurious emission and is regulated by recommendations of FSTEK of Russia. Unlike to works made and published before the algorithms of estimation of value , which aren’t using the information about training, binary, referent sequence, are proposed. For dual channel receiving mode two types of algorithms are considered: moving estimates and Widrow-Hoff stochastic gradient descent.
Keywords:Spurious emission, interference filter, Mahlanobis’s distance.
Tikhonov S., Korzhik V.
We propose a method to protect a hardware implemented GOST cipher against side attacks on power consumption. It is based on a changing of conventional S-boxes to modified S-boxes with extension of substitution tables and with the use of random masks. We prove that such scheme is resistant against all known attacks based on the concept of DPA and HODPA.
Keywords:Secret key, algorithm GOST, DPA and HODPA attacks, S-boxes, random masks.
Vert N. S., Volkova A. S., Zegzhda D. P., Kalinin M. O.
The paper discusses model and algorithm of process scheduling for conveyor-parallel programs. Solution is based on monitoring of resource consumption and implemented in cloud framework what provides secure and highly available high-speed data processing due to hardware isolation, resource use control and optimization, and adaptive distribution of computational load.
Keywords:Virtual machine, conveyor-parallel program, computational load, cloud platform, resource.