Quarterly journal published in SPbPU
and edited by prof. Dmitry Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2025 year
  • 2024 year
  • 2023 year
  • 2022 year
  • 2021 year
  • 2020 year
  • 2019 year
  • 2018 year
  • 2017 year
  • 2016 year
  • 2015 year
    • № 1 2015
      • INFORMATION SECURITY ASPECTS

        Azhmukhamedov I. M., Knyazeva O. M.

        Assessments of the level of security of information asset methodology based on fuzzy production rules

        Annotation:

        Assessments of the level of security of information asset (confidentiality, integrity, availability,) methodology is offered by applying the knowledge base consisting of fuzzy production rules.

        To quote:

        Azhmukhamedov I. M., Knyazeva O. M.

        Assessments of the level of security of information asset methodology based on fuzzy production rules // Information Security Problems. Computer Systems. 2015. № 1. Pp. 7-16. DOI:

        Keywords:

        Information assets, security service, vulnerability, degree of injury, linguistic variable, fuzzy number

        Pages:

        7-16
      • INFORMATION SECURITY APPLICATION

        Poltavtseva M. A.

        Ensure the integrity of the administrative information under vigorous communicate with client RDBMS

        Annotation:

        The article deals with presenting the administrative information, having the form of a hierarchy of related events in a relational server and manipulation of this data. It includes the models of data mapping, operations on them, and compares the possible solutions in terms of performance and safety.

        To quote:

        Poltavtseva M. A.

        Ensure the integrity of the administrative information under vigorous communicate with client RDBMS // Information Security Problems. Computer Systems. 2015. № 1. Pp. 17-23. DOI:

        Keywords:

        Relational databases, data models, hierarchies, data integrity

        Pages:

        17-23

        Khomonenko A. D., Voytsekhovsky S. V., Logashеv S. V., Dashonok V. L.

        Eliminating semantic contradictions in Elibrary.ru based fuzzy inference

        Annotation:

        An approach to solving the problem of eliminating semantic contradictions in mission-critical information systems based on the formation of fuzzy rule base and then applying the algorithm of Mamdani fuzzy inference. Approach is seen by the example of the electronic library elibrary.ru. Substantiates the composition of the compared fields and type of membership functions for the input linguistic variables. Are examples of resolving contradictions to make a decision about the fitness of a particular publication or references to it in a certain category (new or existing publication).

        To quote:

        Khomonenko A. D., Voytsekhovsky S. V., Logashеv S. V., Dashonok V. L.

        Eliminating semantic contradictions in Elibrary.ru based fuzzy inference // Information Security Problems. Computer Systems. 2015. № 1. Pp. 24-33. DOI:

        Keywords:

        Information system, the resolution of contradictions, fuzzy inference

        Pages:

        24-33
      • SECURE OPERATING SYSTEMS AND TRUSTED ENVIRONMENT

        Efanov D. V., Roschin P. G.

        The method of interaction of graphic applications with D-Bus session services in operating system with multilevel security

        Annotation:

        This article discusses the problems that arise at interaction of graphical applications with D-Bus session services in SELinux aware operating system with multilevel security policy. We propose a method of interaction of graphical applications with D-Bus session services, which uses the polyinstantiation approach. The proposed method allows to achieve high isolation of applications that run with different security levels, while retaining the ability to interact with D-Bus services.

        To quote:

        Efanov D. V., Roschin P. G.

        The method of interaction of graphic applications with D-Bus session services in operating system with multilevel security // Information Security Problems. Computer Systems. 2015. № 1. Pp. 34-45. DOI:

        Keywords:

        Mandatory access control, trusted operating system

        Pages:

        34-45
      • APPLIED CRYPTOGRAPHY

        Yakovlev V. A., Skachkova V. V.

        Automatic selection of graphical materials for authentication system based on a graphical password

        Annotation:

        An approach for assessing of the suitability of graphic material for use in the graphical password protection (GP) is proposal. It is based on an assessment of the number and lengths of the contours of image objects. We have introduced: coefficient of image fitness and a four-level scale of image fitness. We offer a methodology for automated evaluation of the image coefficient suitability for graphical password protection, that includes a specially designed of "Contour Analysis" program. The experimental results of evaluation of the suitability for the seven types of images and recommendations on the choice of images for graphical password protection are given.

        To quote:

        Yakovlev V. A., Skachkova V. V.

        Automatic selection of graphical materials for authentication system based on a graphical password // Information Security Problems. Computer Systems. 2015. № 1. Pp. 64-73. DOI:

        Keywords:

        Authentication, password, graphical password

        Pages:

        64-73
      • ASPECTS OF INFORMATION SECURITY

        Elin V. M.

        The importance civil-legal mechanisms of protection computer information in the information society

        Annotation:

        The peculiarities of civil regulation and construction of the system of civil protection of computer information in the Russian Federation. The concept of computer information is subject to a comprehensive analysis by application of the legislation on electronic documents and computer programs (databases).

        To quote:

        Elin V. M.

        The importance civil-legal mechanisms of protection computer information in the information society // Information Security Problems. Computer Systems. 2015. № 1. Pp. 74-82. DOI:

        Keywords:

        International exchange of information, data protection, civil law regulation, information and communication networks, computer software, european patent convention

        Pages:

        74-82
      • SPECIAL IT

        Sikarev I. A., Shakhnov S. F., Kiselevich G. V.

        Special features of the account of the influence of the underlying surface in the radio channels of river local differential subsystem GLONASS/GPS

        Annotation:

        The article analyzes the influence of the electrical properties of soils most common on the inland waterways (IWW) of Russia on the behavior of the field attenuation function of medium-wave range from a vertical point dipole in the zone of action of the control and correction stations (CCS) of the river local differential subsystem (RLDSS) of GLONASS/GPS. The conditions are given, with which the replacement of real soils by the ideal underlying surface is valid.

        To quote:

        Sikarev I. A., Shakhnov S. F., Kiselevich G. V.

        Special features of the account of the influence of the underlying surface in the radio channels of river local differential subsystem GLONASS/GPS // Information Security Problems. Computer Systems. 2015. № 1. Pp. 83-87. DOI:

        Keywords:

        Attenuation function, complex dielectric permittivity, specific conductivity, numerical distance, underlying surface, piecewise-uniform route

        Pages:

        83-87

        Sikarev I. A., Shakhnov S. F., Kiselevich G. V.

        Methodology of the calculation of the noise protection of the radio channels of river local differential subsystem GLONASS/GPS

        Annotation:

        The article examines the methodology of the calculation of the noise protection of the radio channels of the control and correction stations (CCS) of the river local differential subsystem (RLDSS) of GLONASS/GPS on the inland waterways (IWW) of Russia, based on a study of the coefficient of a mutual difference between the signal and mutual disturbance with the use of the frequency modulated binary Baudot code.

        To quote:

        Sikarev I. A., Shakhnov S. F., Kiselevich G. V.

        Methodology of the calculation of the noise protection of the radio channels of river local differential subsystem GLONASS/GPS // Information Security Problems. Computer Systems. 2015. № 1. Pp. 88-93. DOI:

        Keywords:

        Potential disturbance stability, mutual disturbances, coefficient of mutual difference, field of defeat, coefficient of electromagnetic protection, probability of the error of piece-by-piece method, power engineering of interference

        Pages:

        88-93
    • № 2 2015
      • INFORMATION SECURITY APPLICATION

        Baranov A

        PERSPECTIVE INFORMATION SECURITY RESEARCH DIRECTIONS

        Annotation:

        The article examines directions of research considering the paradigm of perspective development and mass usage of computer technology. Attention is drawn to trends that exist because of wide usage of information systems having over 10 million users. The effect of transition from quantity to quality takes place virtually for all kinds of information security systems and often leads to rejection of traditional a priori principles of confidentiality, integrity and availability. This is true both for all the principles simultaneously and for each of them in particular or in combinations. Partial completion of a priori information security measure complex combined with a posteriori methods of data protection with respect to risk assessment forms an urgent necessity for mass application of information technology.

        To quote:

        Baranov A

        PERSPECTIVE INFORMATION SECURITY RESEARCH DIRECTIONS // Information Security Problems. Computer Systems. 2015. № 2. Pp. 7-20. DOI:

        Keywords:

        INFORMATION SECURITY, DATA PROTECTION, DEVELOPMENT PERSPECTIVES, DEVELOPMENT TRENDS, DEVELOPMENT TENDENCIES, TRADITIONAL PRINCIPLES OF INFORMATION SECURITY, CONFIDENTIALITY, INTEGRITY, AVAILABILITY, A PRIORI INFORMATION PROTECTION, A POSTERIORI INFORMATION PROTECTION, INFORMATION SECURITY SYSTEM.

        Pages:

        7-20

        Zaytsev A.S. Malyuk A.A.

        analysis of approaches for insider threat countermeasure

        Annotation:

        The paper considers modern researches in the field of insider threat countermeasures; the result of analysis is strengths and weaknesses of existing approaches and recommendations for their improvement.

        Insider threat, system dynamics, Bayesian networks

        To quote:

        Zaytsev A.S. Malyuk A.A.

        analysis of approaches for insider threat countermeasure // Information Security Problems. Computer Systems. 2015. № 2. Pp. 21-36. DOI:

        Keywords:

        Insider threat, system dynamics, Bayesian networks

        Pages:

        21-36

        Malthcev G.N., Pankpatov A.V.

        Probabilistic description of the ways to gain access to protected resources using reverse engineering

        Annotation:

        This article provides a probabilistic description of accessing secure technical systems using reverse engineering. The time variation of opportunities to address the protection and conservation in the protected status of the analyzed system is described by a probabilistic model of conflict interaction. Presented by probabilistic and temporal characteristics of opportunities for access to protected resources for different model parameters and to formulate practical recommendations for determining the conditions for reverse engineering.

        To quote:

        Malthcev G.N., Pankpatov A.V.

        Probabilistic description of the ways to gain access to protected resources using reverse engineering // Information Security Problems. Computer Systems. 2015. № 2. Pp. 37-46. DOI:

        Keywords:

        INFORMATION SECURITY, REVERSE ENGINEERING, CONFLICT INTERACTION.

        Pages:

        37-46
      • NETWORK AND TELECOMMUNICATION SECURITY

        Petr Baranov

        1. On CRC value distribution in binary noise model

        Annotation:

        The article considers cyclic redundant code CRC-value for a fixed-length packet of data. Due to various reasons the data transferred via digital connection channels could be modified. The author proposes to simulate these modifications in form of random additive noises. In the article it is shown that random noise processes cause changes in CRC-value described as special vector sums of noise values. Particularly, with white noise, CRC-value's change is a sum of random independent differently-distributed vectors over binary field GF(2). The writing formulates the research task of multi-dimension, differently-distributed random values over finite fields of special form with various dependencies of their components. It appears to be that not only limit theorems with large amount of components simulated by big length of data packet are interesting, but exact distributions with small packet lengths are also of certain interest.

        To quote:

        Petr Baranov

        1. On CRC value distribution in binary noise model // Information Security Problems. Computer Systems. 2015. № 2. Pp. 47-51. DOI:

        Keywords:

        ELECTRONIC SIGNATURE, CRC, MESSAGE DISTORTION, PROBABILITY MODEL, TELECOMMUNICATION SYSTEM, DISTORTION-FREE TRANSMISSION, ERROR-FREE TRANSFER

        Pages:

        47-51

        Konoplev A., Kalinin M.

        ACCESS CONTROL METHOD IN DISTRIBUTED COMPUTING NETWORKS SUCH AS GRID

        Annotation:

        The paper reviews the problem of unauthorized access to the data in distributed computing networks. It discusses available implementations of access control mechanisms in Grid systems, considers their disadvantages. There is proposed an access control method that allow to perform security verification of such systems. Also specified security properties which form an initial state of the system.

        To quote:

        Konoplev A., Kalinin M.

        ACCESS CONTROL METHOD IN DISTRIBUTED COMPUTING NETWORKS SUCH AS GRID // Information Security Problems. Computer Systems. 2015. № 2. Pp. 62-68. DOI:

        Keywords:

        DISTRIBUTED COMPUTING NETWORKS, GRID SYSTEM, UNAUTHORIZED ACCESS, ACCESS CONTROL, SECURITY POLICY

        Pages:

        62-68

        Kotenko I.V., Chechulin A.A., Komashinsky D.V.

        Automated categorization of web-sites for Inappropriate Content Blocking

        Annotation:

        The paper is devoted to the problem of protection against unwanted and harmful content in the Internet using data mining techniques. The object of the investigation presented in this paper is the process of classification (categorization) of web pages.

        To quote:

        Kotenko I.V., Chechulin A.A., Komashinsky D.V.

        Automated categorization of web-sites for Inappropriate Content Blocking // Information Security Problems. Computer Systems. 2015. № 2. Pp. 69-79. DOI:

        Keywords:

        INAPPROPRIATE INFORMATION, DATA MINING TECHNIQUES, WEB-SITES CLASSIFICATION.

        Pages:

        69-79

        Lavrova D.S., Pechenkin A.I.

        SECURITY INCIDENTS DETECTION IN THE INTERNET OF THINGS

        Annotation:

        This article describes the main features of the Internet of Things, and a research of security threats. The authors conducted a study of data from the devices of the Internet of Things, the data are classified by type. The authors also propose an approach to the detection of security incidents in the Internet of Things, based on data analysis from devices of the Internet of Things.

        To quote:

        Lavrova D.S., Pechenkin A.I.

        SECURITY INCIDENTS DETECTION IN THE INTERNET OF THINGS // Information Security Problems. Computer Systems. 2015. № 2. Pp. 80-85. DOI:

        Keywords:

        Internet of Things, security incident, correlation analysis, control flow

        Pages:

        80-85

        ZhukovI.Yu.,

        MikhaylovD.M.,

        FesenkoS.D.,

        NasenkovI.G.

        INFLUENCE OF IMPLEMENTED SOFTWARE BUGS ON THE SECURITY OF MOBILE PHONES

        Annotation:

        This paper presents an overview of the major attacks that can be committed by an intruder to exploit the vulnerabilities of mobile devices, which are the result of the implementation of the program bugs. With the help of these bugs, the fraudster can force the phone to send messages to paid telephone numbers, record telephone conversations, access personal data as well as the operating system. The authors also give the main recommendations, compliance with which will protect the mobile device from illegal actions of third parties. This overview can be used to improve existing protection of mobile devices.

        To quote:

        ZhukovI.Yu.,

        MikhaylovD.M.,

        FesenkoS.D.,

        NasenkovI.G.

        INFLUENCE OF IMPLEMENTED SOFTWARE BUGS ON THE SECURITY OF MOBILE PHONES // Information Security Problems. Computer Systems. 2015. № 2. Pp. 86-90. DOI:

        Keywords:

        SOFTWARE BUGS, MALICIOUS LOGIC, THEFT OF PERSONAL DATA.

        Pages:

        86-90

        Moskvin D.A., Ivanov D.V.

        PREVENTION METHODS OF TRAFFIC ROUTING ATTACKS ON AD-HOC NETWORKS

        Annotation:

        The article considers rapidly developing technology of self-organizing wireless networks. Investigated and analyzed "Wormhole" and "Blackhole" attacks. Also described and estimated prevention methods.

        To quote:

        Moskvin D.A., Ivanov D.V.

        PREVENTION METHODS OF TRAFFIC ROUTING ATTACKS ON AD-HOC NETWORKS // Information Security Problems. Computer Systems. 2015. № 2. Pp. 91-97. DOI:

        Keywords:

        SELF-ORGANIZATION, NETWORK, SECURITY, ATTACK.

        Pages:

        91-97

        Kalinin M.O., Shenets N.N., Rybin D.I.

        SIMULATION MODEL OF HIGH PERFORMANCE NETWORK SECURITY SYSTEM BUILT AT VIRTUALIZED COMPUTING FRAMEWORK

        Annotation:

        The paper reviews the model of network security system which is built on the computing cluster of virtual machines. The experimental results are presented for estimation of optimal parameters of virtualized framework and balancing algorithms.

        To quote:

        Kalinin M.O., Shenets N.N., Rybin D.I.

        SIMULATION MODEL OF HIGH PERFORMANCE NETWORK SECURITY SYSTEM BUILT AT VIRTUALIZED COMPUTING FRAMEWORK // Information Security Problems. Computer Systems. 2015. № 2. Pp. 52-61. DOI:

        Keywords:

        SIMULATION MODEL, VIRTUAL MACHINE, NETWORK TRAFFIC.

        Pages:

        52-61
      • APPLIED CRYPTOGRAPHY

        Golchevskiy Yu.V., Severin P.A., Nikulov K.V.

        CODE CARD CONSTRUCTING AND CODE DYNAMICS METRICS CALCULATION TO ASSESS THE SAFETY OF DEVELOPING SOFTWARE

        Annotation:

        The problem of analysis and security of software development is investigated using code dynamics metrics, based on the proposed construction of a code card.

        To quote:

        Golchevskiy Yu.V., Severin P.A., Nikulov K.V.

        CODE CARD CONSTRUCTING AND CODE DYNAMICS METRICS CALCULATION TO ASSESS THE SAFETY OF DEVELOPING SOFTWARE // Information Security Problems. Computer Systems. 2015. № 2. Pp. 98-105. DOI:

        Keywords:

        CODE CARD, CODE DYNAMICS METRICS, ANALYSIS OF SOFTWARE DEVELOPMENT, INFORMATION SAFETY.

        Pages:

        98-105

        ChilikovA.A., KhoruzhenkoG.I.

        ADVANCED TECHNIQUES IN LIVE-MEMORY ANALYSIS: RECOVERING ENCRYPTED CRYPTOGRAPHIC KEY MATERIAL

        Annotation:

        В работе исследуются механизмы защиты данных в оперативной памяти, применяемые в прикладном программном обеспечении. Авторами представлены алгоритмы восстановления зашифрованной ключевой информации (ключей шифрования и паролей) из образа памяти для ряда распространенных программных средств.

        To quote:

        ChilikovA.A., KhoruzhenkoG.I.

        ADVANCED TECHNIQUES IN LIVE-MEMORY ANALYSIS: RECOVERING ENCRYPTED CRYPTOGRAPHIC KEY MATERIAL // Information Security Problems. Computer Systems. 2015. № 2. Pp. 157-164. DOI:

        Keywords:

        DIGITAL FORENSICS, LIVE-MEMORY ANALYSIS

        Pages:

        157-164
      • FUNDAMENTAL THEORY OF INFORMATION CONFRONTATION

        Gorbachev I.E., Anikanov G.A.

        APPROACH TO REDUCE THE RISK OF FUNCTIONING DISORGANIZATION OF CRITICAL INFRASTRUCTURE IN THE INFORMATION CONFLICT

        Annotation:

        Discusses the approach to reduce the risk of destructive impact on critical infrastructure. Approach is to create the malefactor false image of the object of attack as a result of their conduct remote identification. Reveals the stages of the technology masking information resources to the prediction of the behavior of the malefactor.

        To quote:

        Gorbachev I.E., Anikanov G.A.

        APPROACH TO REDUCE THE RISK OF FUNCTIONING DISORGANIZATION OF CRITICAL INFRASTRUCTURE IN THE INFORMATION CONFLICT // Information Security Problems. Computer Systems. 2015. № 2. Pp. 106-119. DOI:

        Keywords:

        CRITICAL INFRASTRUCTURE, CYBER ATTACKS, MASKING INFORMATION RESOURCES, RESEARCH MALEFACTOR.

        Pages:

        106-119
      • SPECIAL IT

        KostarevS.V., LipatnikovV.A., SaharovD.V.

        MODEL PROCESS THE TRANSFER OF AUDIT RESULTS AND CONTROL IN THE AUTOMATED SYSTEM OF ENTERPRISE MANAGEMENT INTEGRATED STRUCTURE

        Annotation:

        Becoming a scientific field related to research and assess the performance of the automated system in the management of the enterprise integrated structure is constrained by the lack of a unified conceptual apparatus in the field of quality management. Model process of evaluation allows to take into account the probability and timing. Decomposed automated management system on line and centers that adequately describes a model of a queuing system with waiting and unreliable devices.

        To quote:

        KostarevS.V., LipatnikovV.A., SaharovD.V.

        MODEL PROCESS THE TRANSFER OF AUDIT RESULTS AND CONTROL IN THE AUTOMATED SYSTEM OF ENTERPRISE MANAGEMENT INTEGRATED STRUCTURE // Information Security Problems. Computer Systems. 2015. № 2. Pp. 120-125. DOI:

        Keywords:

        automated management system. queuing system

        Pages:

        120-125

        LokhvitskiiV.A. MatveevS.V., KhomonenkoA.D., LogashevS.V.

        NETWORK MODEL OF INFORMATION SYSTEM OF CRITICAL PURPOSE TAKING INTO ACCOUNT COSTS ON THE IDENTIFICATION AND ELIMINATION OF CONTRADICTIONS

        Annotation:

        A model is proposed, which allows to evaluate the efficiency of information systems (IS) critical destination, including the costs of identification and elimination of contradictions in the data. Describes the approach to the calculation of open queuing networks, the nodes that use multi-channel system with a "warm-up" service time requests and Erlang distribution approximating 2nd order. Describes how the initial data, which allows to take into account the costs of identification and elimination of contradictions in the calculation of residence time distribution requests in a network model for IS.

        To quote:

        LokhvitskiiV.A. MatveevS.V., KhomonenkoA.D., LogashevS.V.

        NETWORK MODEL OF INFORMATION SYSTEM OF CRITICAL PURPOSE TAKING INTO ACCOUNT COSTS ON THE IDENTIFICATION AND ELIMINATION OF CONTRADICTIONS // Information Security Problems. Computer Systems. 2015. № 2. Pp. 126-129. DOI:

        Keywords:

        INFORMATION SYSTEM, IDENTIFICATION AND RESOLUTION OF CONTRADICTIONS, FUZZY INFERENCE, ELIBRARY.RU, QUEUING NETWORK, "WARM-UP" CHANNELS.

        Pages:

        126-129

        Pavlenko E.Y., Moskvin D.A.

        St. Petersburg State Polytechnical University

        security Analysis of unmanned aerial vehicles control

        Annotation:

        Considered structure of UAVs and described in details the communication subsystem. The analysis of existing attacks directed at capturing the control UAVs and according the analysis proposed methods to protect against such attacks.

        To quote:

        Pavlenko E.Y., Moskvin D.A.

        St. Petersburg State Polytechnical University

        security Analysis of unmanned aerial vehicles control // Information Security Problems. Computer Systems. 2015. № 2. Pp. 130-133. DOI:

        Keywords:

        UNMANNED AERIAL VEHICLE, GPS, SUBSTITUTION OF SIGNAL, INTERCEPTION CONTROL.

        Pages:

        130-133
    • № 3 2015
      • INFORMATION SECURITY ASPECTS

        Biryukov D.N., Lomako A.G., Eremeev M.A., Magnikov P.V.

        Saint-Petersburg, Mozhaisky Military Aerospace Academy

        APPROACH TO IDENTIFY POTENTIALLY DANGEROUS DEFECTS IN THE SPECIFICATION DOCUMENTS GOVERNING THE DEVELOPMENT AND CERTIFICATION OF INFORMATION SECURITY TOOLS

        Annotation:

        The main aspects of the technology, allowing to formalize the specification document with the requirements for data security on the basis of ontological models to produce a semantic ontology replenishment role-relationships of concepts to generate specifications of potential projects sought information security and to carry out verification of potentially dangerous defects in the specifications.

        To quote:

        Biryukov D.N., Lomako A.G., Eremeev M.A., Magnikov P.V.

        Saint-Petersburg, Mozhaisky Military Aerospace Academy

        APPROACH TO IDENTIFY POTENTIALLY DANGEROUS DEFECTS IN THE SPECIFICATION DOCUMENTS GOVERNING THE DEVELOPMENT AND CERTIFICATION OF INFORMATION SECURITY TOOLS // Information Security Problems. Computer Systems. 2015. № 3. Pp. 7-16. DOI:

        Keywords:

        ONTOLOGY, VERIFICATION, RISK PREVENTION, GYROMAT.

        Pages:

        7-16

        Zegzhda P.D., Zegzhda D.P., Stepanova T.V.

        AN APPROACH TO GENERALIZED SEMANTIC-FUNCTIONAL CYBERSECURITY MODEL DEVELOPMENT

        Annotation:

        Modern IT trends involve not only and not so much the increase of technical characteristics (performance, network bandwidth, volumes of stored and processed data), but also the ability to create novel information processing circuits, implementing global projects such as e-government, mass public e-services and complex industrial control systems. The development of such projects requires new algorithmic support, new theoretical models and high intellectual level of decision-making systems. In this paper authors propose, as an initial step towards new unified methodological cybersecurity basis, the functional-semantic cybersecurity model, allowing to formalize the requirements of confidentiality, integrity and availability (in terms of cybersecurity), as well as to conclude an ontological knowledge of the system security state.

        To quote:

        Zegzhda P.D., Zegzhda D.P., Stepanova T.V.

        AN APPROACH TO GENERALIZED SEMANTIC-FUNCTIONAL CYBERSECURITY MODEL DEVELOPMENT // Information Security Problems. Computer Systems. 2015. № 3. Pp. 17-25. DOI:

        Keywords:

        CYBERSECURITY, FUNCTIONAL MODELING, SEMANTIC ANALYSIS, ONTOLOGY.

        Pages:

        17-25
      • NETWORK AND TELECOMMUNICATION SECURITY

        Ageev S.A.

        INTELLIGENT DISTRIBUTED INFORMATION SECURITY RISK MANADGEMENT SYSTEM FOR PROTECTED MULTISERVICE NETWORKS OF A SPECIAL PURPOSE

        Annotation:

        The paper presents basic approaches to developing intellectual methods and information security risk estimation and management algorithms for protected multiservice networks of a special purpose. The mathematical model of information security risk assessment for protected multiservice networks of a special purpose on the basis of fuzzy inferences is developed and investigated.

        To quote:

        Ageev S.A.

        INTELLIGENT DISTRIBUTED INFORMATION SECURITY RISK MANADGEMENT SYSTEM FOR PROTECTED MULTISERVICE NETWORKS OF A SPECIAL PURPOSE // Information Security Problems. Computer Systems. 2015. № 3. Pp. 26-37. DOI:

        Keywords:

        PROTECTED MULTISERVICE NETWORK, TELEMATIC COMMUNICATIONS SERVICES, INFORMATION SECURITY RISK MANAGEMENT, INTELLIGENT MANAGEMENT, FUZZY INFERENCE, LINGUISTIC VARIABLE.

        Pages:

        26-37

        Konoplev A.

        UNIVERSAL SECURITY PLATFORM FOR DISTRIBUTED INFORMATION AND TELECOMMUNICATION SYSTEMS

        Annotation:

        The paper reviews the problem of information security in distributed information and telecommunication systems. It describes threat model and security mechanisms that are used to protect such systems against unauthorized access. Security threats related to potential backdoors in hardware are highlighted. Architecture of universal security platform in distributed information and telecommunication systems is proposed.

        To quote:

        Konoplev A.

        UNIVERSAL SECURITY PLATFORM FOR DISTRIBUTED INFORMATION AND TELECOMMUNICATION SYSTEMS // Information Security Problems. Computer Systems. 2015. № 3. Pp. 38-44. DOI:

        Keywords:

        DISTRIBUTED INFORMATION SYSTEMS, THREAT MODEL, INFORMATION SECURITY, UNAUTHORIZED ACCESS, FLOW CONTROL, ACCESS CONTROL GATEWAY.

        Pages:

        38-44

        Kotenko I.V., Shorov A.V.

        Evaluation of network protection mechanisms against infrastructure attacks based on the approach “Nervous Network System”

        Annotation:

        The approach for modeling of the protection mechanisms against infrastructure attacks based on biological metaphor is developed. Attacks and protection mechanisms are specified as structural models using a set-theoretic approach. An environment for simulation of protection mechanisms based on the biological metaphor is considered, the experiments demonstrating the effectiveness of the protection mechanisms are described. The article shows an assessment of key performance indicators of the developed modeling environment.

        To quote:

        Kotenko I.V., Shorov A.V.

        Evaluation of network protection mechanisms against infrastructure attacks based on the approach “Nervous Network System” // Information Security Problems. Computer Systems. 2015. № 3. Pp. 45-55. DOI:

        Keywords:

        BIOINSPIRED APPROACHES, NETWORK MODELING AND SIMULATION, SECURITY EVALUATION AND MEASUREMENT, DDOS, NETWORK ATTACKS AND DEFENSE.

        Pages:

        45-55

        Savchenko I.I., Gatsenko O.Y.

        Analytical review of the methods of anonymity on the Internet

        Annotation:

        Every day the online community become more and more interested in the topic of information security and anonymity online, especially after the revelations of Edward Snowden, when it became known about the mass surveillance by certain structures, such as, for example, the US National Security Agency, of Internet users, companies, political organizations, etc. Therefore, a variety of anonymous networks, VPN-services and different proxy servers has been actively developed. The purpose of this article – to consider the popular methods of ensuring anonymity online, compare them, identify their strengths and weaknesses.

        To quote:

        Savchenko I.I., Gatsenko O.Y.

        Analytical review of the methods of anonymity on the Internet // Information Security Problems. Computer Systems. 2015. № 3. Pp. 56-64. DOI:

        Keywords:

        ONLINE ANONYMITY, PROXY, VPN, SSH, NETWORK PROTOCOLS, TOR, I2P.

        Pages:

        56-64
      • APPLIED CRYPTOGRAPHY

        Aleksandrova E.B., Kuznetsova E.A.

        Revocation mechanism for lattice-based group signature

        Annotation:

        An approach to the solution of signature revocation problem in lattice-based group signatures is suggested. The security of VLR- revocation schemes is based on additional delegated powers of the issuing manager, who checks if user’s certificate is included into the revocation list.

        To quote:

        Aleksandrova E.B., Kuznetsova E.A.

        Revocation mechanism for lattice-based group signature // Information Security Problems. Computer Systems. 2015. № 3. Pp. 65-71. DOI:

        Keywords:

        group signature, Lattice, VLR-revocation.

        Pages:

        65-71

        Belim S.V.Belim S. Yu, Polyakov S.Yu.

        THE IMPLEMENTATION OF DISCRETIONARY ACCESS SEPARATION USING A MODIFIED BLOM’S SCHEME OF KEY DISTRIBUTION

        Annotation:

        In the article the modification of the Blom’s scheme encryption key distribution is investigated. This modification implements security policy, which based on access matrix. The general view of the polynomial to generate key material is developed.

        The stability of the proposed scheme to compromise the key materials is studied.

        To quote:

        Belim S.V.Belim S. Yu, Polyakov S.Yu.

        THE IMPLEMENTATION OF DISCRETIONARY ACCESS SEPARATION USING A MODIFIED BLOM’S SCHEME OF KEY DISTRIBUTION // Information Security Problems. Computer Systems. 2015. № 3. Pp. 72-76. DOI:

        Keywords:

        KEY DISTRIBUTION, BLOM'S SCHEME, DISCRETIONARY SECURITY POLICY.

        Pages:

        72-76

        Shenets N.N.

        THE SYSTEM OF CRYPTOGRAPHIC STANDARDS OF THE REPUBLIC OF BELARUS

        Annotation:

        The cryptographic standards of the Republic of Belarus are considered and analyzed. It’s shown that these standards cover almost all the needs for security in information systems. Importance of these documents is pointed out within the scope of the interstate cooperation of the Republic of Belarus and Russian Federation.

        To quote:

        Shenets N.N.

        THE SYSTEM OF CRYPTOGRAPHIC STANDARDS OF THE REPUBLIC OF BELARUS // Information Security Problems. Computer Systems. 2015. № 3. Pp. 77-80. DOI:

        Keywords:

        CRYPTOGRAPHIC ALGORITHM, STANDARD, INFORMATION SYSTEM.

        Pages:

        77-80
      • SPECIAL IT

        Boruchinkin А.Yu., ZhukovI.Yu., NasenkovI.G., KhakimovR.R.

        SECURE VOICE COMMUNICATION SYSTEM BASED ON HANDS-FREE HEADSET WITH HARDWARE ENCRYPTION OF AUDIO DATA

        Annotation:

        The article deals with the development of the prototype system providing secure voice communication with device authentication through digital signatures. Its main elements are the headset hands-free, which microcontroller supports hardware-line symmetric block encryption algorithm, switching server application on a mobile device and signing center.

        To quote:

        Boruchinkin А.Yu., ZhukovI.Yu., NasenkovI.G., KhakimovR.R.

        SECURE VOICE COMMUNICATION SYSTEM BASED ON HANDS-FREE HEADSET WITH HARDWARE ENCRYPTION OF AUDIO DATA // Information Security Problems. Computer Systems. 2015. № 3. Pp. 81-84. DOI:

        Keywords:

        INFORMATION SECURITY, HANDS-FREE DEVICE, SIGNALING PROTOCOL, STREAM ENCRYPTION ALGORITHMS.

        Pages:

        81-84

        Dvoryankin S.V., Mikhaylov D.M., Panfilov L.A.,

        Bonch-Bruevich A.M., Kozlachkov S.B.,

        Nasenkov I.G.

        INTERPRETATION AND CONTOUR ANALYSIS OF SPECTROGRAMS OF SOUND SIGNALS IN THE NOISE REDUCTION

        Annotation:

        This article focuses on the development of tools for noise reduction of audio signals. The article presents a series of algorithms for noise reduction of speech signals. The description of spectrograms as the most successful audio visualization of signals is provided. The algorithms of single-channel and multi-channel noise reduction are considered. Examples of the various corrections are given and the parameters set for the maximum effectiveness are described.

         

        To quote:

        Dvoryankin S.V., Mikhaylov D.M., Panfilov L.A.,

        Bonch-Bruevich A.M., Kozlachkov S.B.,

        Nasenkov I.G.

        INTERPRETATION AND CONTOUR ANALYSIS OF SPECTROGRAMS OF SOUND SIGNALS IN THE NOISE REDUCTION // Information Security Problems. Computer Systems. 2015. № 3. Pp. 88-99. DOI:

        Keywords:

        SPECTROGRAM, SIGNAL NOISE CANCELLATION, INTERFERENCE, CONTOUR ANALYSIS.

        Pages:

        88-99

        Pilkevich S.V.,

        Eremeev M.A.,

        Magnikov P.V.

        Saint-Petersburg, Mozhaisky Military Space Academy

        APPROACH TO DEVELOPMENT OF BEHAVIOR MODEL USER GROUPS MODERN MASS MEDIA

        Annotation:

        Abstract. An approach to storage and processing of declarative and procedural knowledge of behavior of single and group of social actors. Combining the results obtained in social psychology, knowledge engineering, and higher algebra allowed to develop the basic elements of the model behavior of user groups modern mass media, especially taking into account both the simulated social communities and their surrounding socio-cultural environment.

        To quote:

        Pilkevich S.V.,

        Eremeev M.A.,

        Magnikov P.V.

        Saint-Petersburg, Mozhaisky Military Space Academy

        APPROACH TO DEVELOPMENT OF BEHAVIOR MODEL USER GROUPS MODERN MASS MEDIA // Information Security Problems. Computer Systems. 2015. № 3. Pp. 100-110. DOI:

        Keywords:

        SOCIALLY IMPORTANT INTERNET RESOURCE, TYPES OF BEHAVIOR, MODEL OF REPRESENTATION AND PROCESSING OF KNOWLEDGE, FORMAL CONCEPT ANALYSIS, FAKTORRESHETKA, CONTEXT, SOCIAL PSYCHOLOGY.

        Pages:

        100-110
      • SOFTWARE SECURITY

        Anikin I.V.

        VULNERABILITY ASSESSMENT METHOD BASED ON FUZZY LOGIC AND CVSS V.2.0 METRICS

        Annotation:

        We suggested vulnerability assessment method in computer networks based on fuzzy logic. This method is based on CVSS v.2.0 metrics, fuzzy rules, new fuzzy inference scheme. This method is able to produce vulnerability fuzzy scores under the uncertainty and different vulnerability metrics weights.

        To quote:

        Anikin I.V.

        VULNERABILITY ASSESSMENT METHOD BASED ON FUZZY LOGIC AND CVSS V.2.0 METRICS // Information Security Problems. Computer Systems. 2015. № 3. Pp. 111-117. DOI:

        Keywords:

        VULNERABILITY ASSESSMENT, FUZZY LOGIC.

        Pages:

        111-117
        1 class="western" style="margin-top: 0cm; margin-bottom: 0cm;" align="right">Chernov A., Konoplev A.1>
        APPLYING VIRTUALIZATION technology FOR DYNAMIC Program ANALYSIS

        Annotation:

        The paper reviews the problem of software security analysis. It shows topicality of dynamic program analysis methods in conditions of source code absence. Modern techniques of the problem solution are described. There is a class of dynamic program analysis methods based on virtualization technology highlighted. The methodology of emulators applying is proposed to perform dynamic program analysis.

        To quote:

        Chernov A., Konoplev A. APPLYING VIRTUALIZATION technology FOR DYNAMIC Program ANALYSIS // Information Security Problems. Computer Systems. 2015. № 3. Pp. 118-122. DOI:

        Keywords:

        UNDECLARED CAPABILITIES, DYNAMIC PROGRAM ANALYSIS, VIRTUALIZATION, EMULATORS.

        Pages:

        118-122

        Severin P.A., Golchevskiy Yu.V.

        ANALYSIS OF THE SOFTWARE CODE SAFETY BASED ON PREDICTIVE MODEL OF VULNERABILITIES DETECTION

        Annotation:

        Analysis of the software code safety using the predictive model of vulnerabilities detection, proposed on the basis of the code dynamics metrics is observed.

        To quote:

        Severin P.A., Golchevskiy Yu.V.

        ANALYSIS OF THE SOFTWARE CODE SAFETY BASED ON PREDICTIVE MODEL OF VULNERABILITIES DETECTION // Information Security Problems. Computer Systems. 2015. № 3. Pp. 123-127. DOI:

        Keywords:

        VULNERABILITIES DETECTION, SOFTWARE CODE, METRICS FOR SOFTWARE CODE ANALYSIS, INFORMATION SECURITY.

        Pages:

        123-127
    • № 4 2015
      • NETWORK AND TELECOMMUNICATION SECURITY

        Maksimov E.A, Kornev V.A., Vitenburg E.A.

        MARKOV CHAIN FOR PREDICTING INSIDER INTRUSION

        Annotation:

        Implementation of the various threats may be partially or completely paralyze the work of the organization. Correctly, set up the forecast will allow security experts to choose the right tool for the elimination of threats to information security and reduce the probability of insider attacks. For this article solved the problem of forecasting the probability of success of the intrusion on the subject of insider information. The research tasks: predicting the number of insider intrusion attempts and calculating the probability of each insider invasion using Markov chains.

        To quote:

        Maksimov E.A, Kornev V.A., Vitenburg E.A.

        MARKOV CHAIN FOR PREDICTING INSIDER INTRUSION // Information Security Problems. Computer Systems. 2015. № 4. Pp. 9-12. DOI:

        Keywords:

        TAGS OF THE ARTICLE: FORECASTING, INTRUSION DETECTION SYSTEM, AN INTERNAL ATTACKER INSIDER INTRUSION, DATA PROTECTION, INFORMATION SECURITY, MODELING, MARKOV CHAINS.

        Pages:

        9-12

        PavlenkoE.U., MoskvinD.A., ReshetovD.V.

        DISCLOSURE OF TOR USERS ANONIMITY USING DATA FLOW ANALYSIS

        Annotation:

        In this paper we consider the TOR anonymous network and known attacks to it. We present an attack to TOR network using data flow analysis.

        To quote:

        PavlenkoE.U., MoskvinD.A., ReshetovD.V.

        DISCLOSURE OF TOR USERS ANONIMITY USING DATA FLOW ANALYSIS // Information Security Problems. Computer Systems. 2015. № 4. Pp. 13-16. DOI:

        Keywords:

        ANONYMITY, TOR, DEANONIMIZATION, DISCLOSURE OF ANONYMITY, TRAFFIC ANALYSIS, TRAFFIC PATTERNS.

        Pages:

        13-16

        Bezzateev S.V., Zharinov R.F., Petrov V.I., Zybin V.A.

        AUDIT AND ACCESS CONTROL TO THE WORK STATION IN THE INTERNET OF THINGS CONTEXT

        Annotation:

        The system of user authentication and control of its presence in the workplace to prevent unauthorized access to information on the workstation is considered. RFID technology and cryptographic protocol OPACITY are proposed.

        To quote:

        Bezzateev S.V., Zharinov R.F., Petrov V.I., Zybin V.A.

        AUDIT AND ACCESS CONTROL TO THE WORK STATION IN THE INTERNET OF THINGS CONTEXT // Information Security Problems. Computer Systems. 2015. № 4. Pp. 17-22. DOI:

        Keywords:

        ACCESS CONTROL, RADIO FREQUENCY IDENTIFICATION, OPACITY

        Pages:

        17-22

        Branitskiy A.A., Kotenko I.V.

        DESIGNING THE nEURAL NETWORK AND IMMUNE CELL SYSTEM OF INTRUSION DETECTION

        Annotation:

        The methods of detection and classification of anomalous instances of network connections using the technique of artificial neural networks and evolutional model of the immune system are considered.

         

        To quote:

        Branitskiy A.A., Kotenko I.V.

        DESIGNING THE nEURAL NETWORK AND IMMUNE CELL SYSTEM OF INTRUSION DETECTION // Information Security Problems. Computer Systems. 2015. № 4. Pp. 23-27. DOI:

        Keywords:

        INTRUSION DETECTION, NEURAL NETWORKS, IMMUNE DETECTORS, PRINCIPAL COMPONENT ANALYSIS

        Pages:

        23-27

        Goncharov N.O., Gorchakov D.S.

        INVESTIGATION INTO ACCIDENTS RELATED TO MOBILE BOTNETS AND MALWARE

        Annotation:

        The problem of mobile viruses have become a real problem for large banks and payment systems. The easiest way to disclose the technical component of the financial botnets for mobile devices is by efforts of the communication provider. In order to automate the process of investigation of these kinds of incidents the hardware-software system was developed. It allows to monitor the activity of malware, fixes attempts to send data to fraudsters, identifies control centers of infected devices as well as account numbers and e-wallets wherethrough stolen funds are withdrawn.

        To quote:

        Goncharov N.O., Gorchakov D.S.

        INVESTIGATION INTO ACCIDENTS RELATED TO MOBILE BOTNETS AND MALWARE // Information Security Problems. Computer Systems. 2015. № 4. Pp. 28-34. DOI:

        Keywords:

        BOTNETS, MOBILE BOTNETS, BOTNETS HAZARD, MALWARE, MOBILE MALWARE, INFORMATION SECURITY, INVESTIGATION OF INCIDENTS

        Pages:

        28-34

        DesnitskyV.A., KotenkoI.V.

        FORMING EXPERT KNOWLEDGE FOR DEVELOPMENT OF SECURE SYSTEMS WITH EMBEDDED DEVICES

        Annotation:

        An approach for forming expert knowledge to develop secure systems with embedded devices is outlined. Security component combination, detection of anomalous data in the system and structural incompatibilities of security components is based on knowledge on the target system, requirements and security components.

        To quote:

        DesnitskyV.A., KotenkoI.V.

        FORMING EXPERT KNOWLEDGE FOR DEVELOPMENT OF SECURE SYSTEMS WITH EMBEDDED DEVICES // Information Security Problems. Computer Systems. 2015. № 4. Pp. 35-41. DOI:

        Keywords:

        EMBEDDED SECURITY, SECURITY COMPONENTS, EXPERT KNOWLEDGE, ANOMALIES AND INCOMPATIBILITIES

        Pages:

        35-41

        Kotenko I.V., Novikova E.S., Chechulin A.A.

        Visualization of Security Metrics for security monitoring and event management

        Annotation:

        An analysis of techniques for security information visualization is considered. A model for visualization security metrics is proposed. This model helps to perform the comparative analysis of these metrics. The implementation of this model is outlined.

        To quote:

        Kotenko I.V., Novikova E.S., Chechulin A.A.

        Visualization of Security Metrics for security monitoring and event management // Information Security Problems. Computer Systems. 2015. № 4. Pp. 42-47. DOI:

        Keywords:

        VISUALIZATION, SECURITY METRICS, TREEMAPS, NETWORK SECURITY EVALUATION

        Pages:

        42-47

        Kuralenko A.I.

        METHODS OF AUDIT INFORMATION SECURITY INFORMATION SYSTEMS

        Annotation:

        The technique of information security audit of information systems that allow quantitative evaluation of the effectiveness of information security systems, taking into account the impact of information security threats and destructive action on the implementation of such threats. An example of the application of techniques in auditing information security information system of the certification center. A brief comparison of the results with those obtained using the assessment tool of security "GRIF 2006" software package from Digital Security.

        To quote:

        Kuralenko A.I.

        METHODS OF AUDIT INFORMATION SECURITY INFORMATION SYSTEMS // Information Security Problems. Computer Systems. 2015. № 4. Pp. 48-51. DOI:

        Keywords:

        Information security audit, information security threats, information security management system

        Pages:

        48-51

        Porkhun A.O., Gamayunov D.Yu.

        INPUT DATA PROCESSING FILTERS AS A SOURCE OF WEB-APPLICATION VULNERABILITIES

        Annotation:

        The article unveils the problem of detection of a special class of web-applications vulnerabilities, which are caused by errors in the implementation or usage of such filters when an intruder may generate specially crafted input data (e.g., images, video) which will be converted by the chain of filters into another data type, for example, in executable code, which may lead to remote code execution.

        To quote:

        Porkhun A.O., Gamayunov D.Yu.

        INPUT DATA PROCESSING FILTERS AS A SOURCE OF WEB-APPLICATION VULNERABILITIES // Information Security Problems. Computer Systems. 2015. № 4. Pp. 59-63. DOI:

        Keywords:

        WEB APPLICATION VULNERABILITIES, VULNERABILITY DETECTION, REMOTE CODE EXECUTION.

        Pages:

        59-63

        Razdobarov A. V., Petukhov A. A., Gamayunov D.Yu.

        PROBLEMS OVERVIEW FOR MODERN WEB APPLICATIONS VULNERABILITIES DISCOVERY

        Annotation:

        This paper provides and overview of typical problems, which arise in the black-box vulnerability scanning of dynamic web-applications, and provides analysis of theoretical and technical difficulties on the path to complete problem solution. As the result we provide the list of requirements, which must be met by vulnerability scanners for effective analysis of dynamic web interfaces.

        To quote:

        Razdobarov A. V., Petukhov A. A., Gamayunov D.Yu.

        PROBLEMS OVERVIEW FOR MODERN WEB APPLICATIONS VULNERABILITIES DISCOVERY // Information Security Problems. Computer Systems. 2015. № 4. Pp. 64-69. DOI:

        Keywords:

        web applications vulnerabilities, vulnerability detection, static analysis, dynamic analysis

        Pages:

        64-69
      • SECURE OPERATING SYSTEMS AND TRUSTED ENVIRONMENT

        Bezzateev S.V., Zharinov R.F., Petrov V.I., Zybin V.A.

        AUDIT AND ACCESS CONTROL TO THE WORK STATION IN THE INTERNET OF THINGS CONTEXT

        Annotation:

        The system of user authentication and control of its presence in the workplace to prevent unauthorized access to information on the workstation is considered. RFID technology and cryptographic protocol OPACITY are proposed.

        To quote:

        Bezzateev S.V., Zharinov R.F., Petrov V.I., Zybin V.A.

        AUDIT AND ACCESS CONTROL TO THE WORK STATION IN THE INTERNET OF THINGS CONTEXT // Information Security Problems. Computer Systems. 2015. № 4. Pp. 17-22. DOI:

        Keywords:

        ACCESS CONTROL, RADIO FREQUENCY IDENTIFICATION, OPACITY

        Pages:

        17-22

        OleynikP.P.

        THE MODEL OF PERMISSIONS FOR OBJECT-ORIENTED APPLICATIONS

        Annotation:

        The article provides an overview of current approaches to setting security and differentiation of user access rights in various architectural applications. The paper presents the author's approach to the delimitation of the rights to the classes, attributes, and objects that meet certain criteria. This is done with the help of the class hierarchy, the composition and structure of which is described in detail in the work. At the end of the work described in the application, which is already implemented and in which the authors used the security model.

        To quote:

        OleynikP.P.

        THE MODEL OF PERMISSIONS FOR OBJECT-ORIENTED APPLICATIONS // Information Security Problems. Computer Systems. 2015. № 4. Pp. 70-78. DOI:

        Keywords:

        SECURITY OF INFORMATION SYSTEMS, OBJECT-ORIENTED APPLICATIONS, OBJECT SYSTEM METAMODEL, MODEL OF PERMISSIONS.

        Pages:

        70-78
      • APPLIED CRYPTOGRAPHY

        KorzhikV.I., YakovlevV.A., TikhonovS.V.

        KEYLESS CRYPTOSYSTEM SECURE ON PHYSICAL LEVEL: MYTH OR REALITY

        Annotation:

        Cryptosystem recently proposed by two scientists from Stanford University is considered. In the current paper we investigate both theoretical and practical possibilities to design such cryptosystem.

        To quote:

        KorzhikV.I., YakovlevV.A., TikhonovS.V.

        KEYLESS CRYPTOSYSTEM SECURE ON PHYSICAL LEVEL: MYTH OR REALITY // Information Security Problems. Computer Systems. 2015. № 4. Pp. 79-89. DOI:

        Keywords:

        CRYPTOSYSTEMS, WIRELESS CHANNEL WITH FADING, MIMO TECHNOLOGY, HARD PROBLEMS ON LATTICES, WIRE-TAP CHANNEL CONCEPT.

        Pages:

        79-89

        Agafin S.S.

        RANDOM NUMBER GENERATOR BASED ON MEMORY ACCESS TIME MEASUREMENT

        Annotation:

        Random number generators (RNG) are a cornerstone of any means of providing information cryptographic protection. This paper proposes an improved method for generating random numbers from the CPU frequency instability and, as a result, a continuous change of memory access time.

        To quote:

        Agafin S.S.

        RANDOM NUMBER GENERATOR BASED ON MEMORY ACCESS TIME MEASUREMENT // Information Security Problems. Computer Systems. 2015. № 4. Pp. 90-95. DOI:

        Keywords:

        RANDOM NUMBERS, RANDOM NUMBER GENERATORS, X86 ARCHITECTURE, MEMORY ACCESS TIME.

        Pages:

        90-95

        Babash A.V.

        DEGREE DISTINGUISHABLE A CONNECTED PERMUTATION AUTOMATA

        Annotation:

        We givean upper bound forthe degree ofdistinctivenessof a connectedpermutationautomatonwith a givendiameter.

        To quote:

        Babash A.V.

        DEGREE DISTINGUISHABLE A CONNECTED PERMUTATION AUTOMATA // Information Security Problems. Computer Systems. 2015. № 4. Pp. 96-105. DOI:

        Keywords:

        STATE MACHINE, THE DEGREE OF DISTINCTIVENESS, THE DIAMETER OF THE MACHINE.

        Pages:

        96-105

        Guselev A.M., Kosolapov D.O.

        COMPARATIVE SURVEY OF IDENTITY-BASED ENCRYPTION SCHEMES BASED ON BILINEAR MAPPINGS IN FINITE GROUPS

        Annotation:

        This article presents a set of characteristics for comparison of identity-based encryption schemes, based on bilinear mappings in finite groups. One provides a comparative survey of most popular schemes, among them schemes included into international standard ISO/IEC 18033-5.

        To quote:

        Guselev A.M., Kosolapov D.O.

        COMPARATIVE SURVEY OF IDENTITY-BASED ENCRYPTION SCHEMES BASED ON BILINEAR MAPPINGS IN FINITE GROUPS // Information Security Problems. Computer Systems. 2015. № 4. Pp. 106-114. DOI:

        Keywords:

        DENTITY-BASED ENCRYPTION SCHEME, PRIVATE KEY GENERATOR, BILINEAR MAP, BILINEAR DIFFIE-HELLMAN PROBLEM.

        Pages:

        106-114

        Egorova V.V., Chechulina D.K., Krendelev S.F.

        APPLICATION OF THE HOMOMORPHIC ENCRYPTION FOR CONSTRUCTING THE PUBLIC-KEY CRYPTOSYSTEM

        Annotation:

        In this paper we discuss the practical usage of proprietary developed fully homomorphic encryption. We show the application of this encryption for construction the public-key cryptosystems. These cryptosystems are based on the Hill cipher and the RSA algorithm. Their implementations demonstrate the correctness of arithmetical calculations over the encrypted data and prove that the multiplication of ciphertext does not lead to increasing the dimension of the multiplication result.

        To quote:

        Egorova V.V., Chechulina D.K., Krendelev S.F.

        APPLICATION OF THE HOMOMORPHIC ENCRYPTION FOR CONSTRUCTING THE PUBLIC-KEY CRYPTOSYSTEM // Information Security Problems. Computer Systems. 2015. № 4. Pp. 115-120. DOI:

        Keywords:

        HOMOMORPHIC ENCRYPTION, PUBLIC-KEY CRYPTOSYSTEM, HILL CIPHER, RSA ALGORITHM.

        Pages:

        115-120

        Krendelev S. F.

        SOVIET SUPERCOMPUTER K-340A AND THE SECRET COMPUTATIONS

        Annotation:

        The variant of fully homomorphic encryption for modular computation without increasing the size of data after multiplication is suggested.

        To quote:

        Krendelev S. F.

        SOVIET SUPERCOMPUTER K-340A AND THE SECRET COMPUTATIONS // Information Security Problems. Computer Systems. 2015. № 4. Pp. 121-123. DOI:

        Keywords:

        HOMOMORPHIC ENCRYPTION, MODULAR ARITHMETIC, MULTIPLICATION TABLE.

        Pages:

        121-123

        Lubushkina I.E., Panasenko S.P.

        STRIBOG COMPRESSION FUNCTION OUTPUT SEQUENCES STATISTIC PROPERTIES

        Annotation:

        In this paper we focus on statistic analysis of the Stribog compression function output sequences. The aim of the analysis is to search groups of input values that bring to non-random behavior of compression function output. As an exhaustive search over all possible input values is computationally infeasible, we perform local search over predefined subsets of input values with strong input bits correlation. Based on the performed experiments we can make the conclusion about an application correctness and adequacy of confusion and diffusion transformations used in Stribog compression function.

        To quote:

        Lubushkina I.E., Panasenko S.P.

        STRIBOG COMPRESSION FUNCTION OUTPUT SEQUENCES STATISTIC PROPERTIES // Information Security Problems. Computer Systems. 2015. № 4. Pp. 124-130. DOI:

        Keywords:

        HASH FUNCTION, STRIBOG, GOST R 34.11-2012, COMPRESSION FUNCTION, STATISTICAL TEST, LOCAL SEARCH.

        Pages:

        124-130

        Matveeva V.S.

        A NEW APPROACH TO DIFFERENTIATE COMPRESSED FILE FORMATS FROM ENCRYPTED FILES

        Annotation:

        Specialists in digital forensics have conducted researches in the field of file format identification by its statistical properties for data carving purposes. As a result a challenge in differentiating compressed file formats from encrypted files was revealed because of their statistical properties similarity. In the article author suggests a new approach for data analyses, which testing has shown good results in detection of encrypted files.

        To quote:

        Matveeva V.S.

        A NEW APPROACH TO DIFFERENTIATE COMPRESSED FILE FORMATS FROM ENCRYPTED FILES // Information Security Problems. Computer Systems. 2015. № 4. Pp. 131-139. DOI:

        Keywords:

        COMPRESSION, ENCRYPTED FILES, WAVELET TRANSFORM, NORMAL DISTRIBUTION.

        Pages:

        131-139

        Mironkin V.O

        ON SOME PROBABILISTIC CHARACTERISTICS OF KEY DERIVATION FUNCTION «CRYPTOPRO KEY MESHING»

        Annotation:

        A comparative analysis of the probability characteristics of the test algorithm and the development of key reference model. A statistical method for determining nonequiprobability generated key sequence. Exact formula for the probability of collision through a fixed number of steps in a random mapping is obtained.

        To quote:

        Mironkin V.O

        ON SOME PROBABILISTIC CHARACTERISTICS OF KEY DERIVATION FUNCTION «CRYPTOPRO KEY MESHING» // Information Security Problems. Computer Systems. 2015. № 4. DOI:

        Keywords:

        RANDOM MAPPING, CARDINALITY OF AN IMAGE OF RANDOM MAPPING, CYCLE NODES, SEGMENT NONPERIODICITY, COLLISION.

        SmyshlyaevS.V., ShishkinV.A., MarshalkoG.B., RudskoyV.I., LavrikovI.V.

        OVERVIEW OF HASH-FUNCTIONS GOST R 34.11-2012 CRYPTANALYSIS

        Annotation:

        Overview of published results on hash functions GOST R 34.11-2012 (also known as «Streebog») cryptanalysis and implementations is given.

        To quote:

        SmyshlyaevS.V., ShishkinV.A., MarshalkoG.B., RudskoyV.I., LavrikovI.V.

        OVERVIEW OF HASH-FUNCTIONS GOST R 34.11-2012 CRYPTANALYSIS // Information Security Problems. Computer Systems. 2015. № 4. Pp. GOST R 34.11-2012, «STREEBOG», HASH FUNCTION, CRYPTANALYSIS, IMPLEMENTATION.. DOI:

        Keywords:

        147-153

        Pages:

        GOST R 34.11-2012, «STREEBOG», HASH FUNCTION, CRYPTANALYSIS, IMPLEMENTATION.

        Fomichev V.M.

        IMPROVEMENT OF MIXING PROPERTIES ESTIMATION FOR CRYPTOGRAPHIC FUNCTION COMPOSITIONS BY MATRIX-GRAPH APPROACH

        Annotation:

        The review of main results connected with research of primitivity and exponent estimation of matrix and graphs is given. New research directions are presented.

        To quote:

        Fomichev V.M.

        IMPROVEMENT OF MIXING PROPERTIES ESTIMATION FOR CRYPTOGRAPHIC FUNCTION COMPOSITIONS BY MATRIX-GRAPH APPROACH // Information Security Problems. Computer Systems. 2015. № 4. DOI:

        Keywords:

        MIXING GRAPH, PRIMITIVE GRAPH, EXPONENT OF GRAPH.

        ShishkinV.A., MarshalkoG.B., Lavrikov I.V.

        ON THE CONSTRUCTION OF TREE HASHING MODES OF OPERATIONS

        Annotation:

        A short survey of papers about tree hash modes of operations is given.

        To quote:

        ShishkinV.A., MarshalkoG.B., Lavrikov I.V.

        ON THE CONSTRUCTION OF TREE HASHING MODES OF OPERATIONS // Information Security Problems. Computer Systems. 2015. № 4. Pp. 165-168. DOI:

        Keywords:

        HASH-FUNCTION, MODES OF OPERATIONS, TREE HASHING.

        Pages:

        165-168
      • SOFTWARE SECURITY

        Grigoriev V R.

        ABOUT ONE APPROACH TO THE MODELING OF CONFLICT IN THE INFORMATION SOCIETY

        Annotation:

        In the article an attempt is made of research of mechanism of subversive western political technologies, which are aimed at the creation of managed conflicts in the information era. In the basis of the proposed approach relevant to acceptances of information era there are 2 methodological bases which accumulate achievements of the last years in research of complex organizational systems- the theory of nonlinear dynamical systems (controlled chaos) and the theory of «reflexive games» in relation to the subject area of information warfare.

        To quote:

        Grigoriev V R.

        ABOUT ONE APPROACH TO THE MODELING OF CONFLICT IN THE INFORMATION SOCIETY // Information Security Problems. Computer Systems. 2015. № 4. Pp. 169-181. DOI:

        Keywords:

        NETCENTRIC WAR, THE STRATEGY OF INDIRECT ACTIONS, MANAGED CONFLICTS, SYNERGETIC APPROACH, REFLEXIVE GAMES, DYNAMIC CHAOS, «SOFT» AND «HARD» WARFARE MODELS.

        Pages:

        169-181

        Sukhoparov Mikhail Yevgenievich

        EVALUATION OF INFORMATIVE OF LINGUISTIC USER PROFILE

        Annotation:

        The aim of the work is to evaluate the informativeness of linguistic features of text messages, allowing you to capture the author's profile for face detection, when posting under multiple accounts. Are the features of text messages, we propose a model of the message. An experiment showing the possibilities of using the analyzer adapted to compute syntactic patterns and structures. The structure of the user profile for the identification and authentication portal on the Internet. Estimated informative features using an approach based on the Shannon entropy.

        To quote:

        Sukhoparov Mikhail Yevgenievich

        EVALUATION OF INFORMATIVE OF LINGUISTIC USER PROFILE // Information Security Problems. Computer Systems. 2015. № 4. Pp. 182-186. DOI:

        Keywords:

        EVALUATION OF INFORMATION CONTENT, LINGUISTIC PROFILE, SHANNON ENTROPY.

        Pages:

        182-186

        AvetisyanA.I., BatuzovK.A., EfimovV.Y., PadaryanV.A., TikhonovA.Y.

        WHOLE SYSTEM EMULATORS FOR MOBILE PLATFORM BINARY CODE ANALYSIS

        Annotation:

        The article describes the problem of adaptation desktop and server software analysis techniques to software of mobile platforms. A combined binary code analysis method is suggested. Taking into account whole system software allows detecting leaks of sensitive data. The method requires execution trace, but trace gathering for a firmware is the problem. Difficulties of tracing mobile platform software with the emulator are described and possible approaches to solve such difficulties are shown.

        To quote:

        AvetisyanA.I., BatuzovK.A., EfimovV.Y., PadaryanV.A., TikhonovA.Y.

        WHOLE SYSTEM EMULATORS FOR MOBILE PLATFORM BINARY CODE ANALYSIS // Information Security Problems. Computer Systems. 2015. № 4. Pp. 187-194. DOI:

        Keywords:

        BINARY CODE, DYNAMIC ANALYSIS, SOFTWARE EMULATOR, MOBILE PLATFORMS.

        Pages:

        187-194

        Vasiliev I.A., Fursova N.I., Dovgaluk P.M.,

        Klimushenkova M.A., Makarov V.A.

        MODULES FOR INSTRUMENTING THE EXECUTABLE CODE IN QEMU SIMULATOR

        Annotation:

        This article discusses the mechanism of the instrumentation system that running in the QEMU. The paper formulates requirements for instrumentation mechanism and describes the implementation. Some of important features are: the implementation mechanism instrumentation based on TCG, a description of the process instrumentation in separate modules, the interaction between plugins for analysis of high-level data.

        To quote:

        Vasiliev I.A., Fursova N.I., Dovgaluk P.M.,

        Klimushenkova M.A., Makarov V.A.

        MODULES FOR INSTRUMENTING THE EXECUTABLE CODE IN QEMU SIMULATOR // Information Security Problems. Computer Systems. 2015. № 4. Pp. 195-203. DOI:

        Keywords:

        DYNAMIC BINARY INSTRUMENTATION, VIRTUAL MACHINE, EMULATOR.

        Pages:

        195-203
  • 2014 year
  • 2013 year
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year