Quarterly journal published in SPbPU
and edited by prof. Dmitry Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217

№ 4

2024 year

SOFTWARE SECURITY
N. V. Gololobov, E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University
ANALYSIS OF METHODS FOR ATTACHING MALWARE AT THE LEVEL OF SECURITY RINGS OF X86_64 PROCESSORS

Annotation:

This paper examines methods for attaching malicious software (malware) to various levels of security rings of modern processors based on the x86_64 architecture. The article discusses all levels of rings from 3 (user) to –3 (level of the control engine). In addition, for each level, the capabilities of malware are defined, which is attached to the corresponding ring. Correlating the capabilities and levels of rings makes it possible in the future to develop criteria according to which it will be possible to identify malicious software operating on a personal computer. As a result of the analysis, it was established that the methods of attachment for different rings differ, and malicious activity can only be detected from levels lower than the malware located, which imposes a number of requirements on a unified method for its detection.

Keywords:

cybersecurity, malware analysis, security rings, methods of attaching malware
A. S. Cherevan, A. P. Lapsar Rostov State University of Economics
A METHOD FOR DETECTING FLOATING EXPLOITS IN SOFTWARE AT THE FINAL STAGE OF DEVELOPMENT

Annotation:

This article presents a method for detecting and eliminating floating vulnerabilities in mobile applications at the final stage of development. The nature of such vulnerabilities is analyzed and existing methods of their detection and neutralization are considered. The developed method is based on analyzing the state of the application at different points in time and comparing it with the reference state. It includes fixing the initial state, discrete analysis of its changes, detection and identification of vulnerabilities, their elimination. The main area of application of the method is to ensure the security of mobile applications at late stages of development and in the process of final testing. The conclusions of the article emphasize the importance of early detection of floating vulnerabilities to ensure a high level of information security of the final (final) software product

Keywords:

floating vulnerabilities, mobile applications, program testing, state estimation, information security
NETWORK AND TELECOMMUNICATION SECURITY
R. M. Gilmullin, A. M. Kuzinkov, I. R. Mukaev Military Space Academy named after A. F. Mozhaysky
IDENTIFICATION OF SUBSCRIBER TERMINALS WITH MULTITHREADED PIPELINE ORGANIZATION OF CALCULATIONS FOR DATABASE FORMATION

Annotation:

Identification of graphical subsystems with parallel-conveyor organization of calculations as a means of detection of subscriber terminals in information-telecommunication networks

Keywords:

identification, graphical subsystem, JavaScript, web browser
V. O. Erastov, E. A. Zubkov, D. P. Zegzhda Peter the Great St. Petersburg Polytechnic University
RESEARCH OF INFORMATION SECURITY AUDIT PROBLEMS OF GEOGRAPHICALLY DISTRIBUTED DEVICES OF THE INTERNET OF THINGS

Annotation:

Existing approaches to building systems for active auditing of IoT devices are investigated. A sustainable approach to auditing IoT devices using fault-tolerant distribution is proposed. A comparative analysis of algorithms for achieving consensus in distributed systems and means of implementing active auditing is carried out

Keywords:

audit, Censys, distributed computing, information security, information technology, Internet of Things, Nmap, port scanner, Raft, Shodan
M. A. Finoshin, I. D. Ivanova, I. Yu. Zhukov, A. V. Zuikov National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) Russian University of Transport (MIIT) LLC Group Companies Infotaktika LLC Hexagon
COVERT STORAGE CHANNELS IN THE TLS PROTOCOL

Annotation:

Protection methods against TLS covert storage channels using the Random and SessionID fields of the ClientHello message are proposed. Protection means have been developed using the proposed protection methods: a module for IDS/IPS Suricata that filters TLS packets depending on the SessionID contents, and a proxy server that reformats packets transmitted to the communication environment. A comparative analysis of the implemented protection means was carried out from the point of view of their impact on the communication channel bandwidth and their effectiveness in the secret information transfer countering. The developed protection means are applicable for integration into existing protection systems against network covert channels. Recommendations on the use of proposed protection means depending on the desired level of security are given

Keywords:

secret information, ClientHello message, Random, SessionID field, proxy server, filtering mean
A. A. Kornienko, S. V. Kornienko, M. N. Barabanshchikova, S. V. Sobakin St. Petersburg State University of Railways of Emperor Alexander I Digital Technologies 1520 LLC
SOFTWARE TOOL FOR MANAGING THE ACCESS CONTROL MODEL FOR THE CORPORATE PORTAL

Annotation:

The article considers the corporate portal on the Incomand platform as a single access point to the information system of Digital Technologies 1520 LLC to ensure automation and systematization of implemented business processes in order to improve work efficiency and organize convenient access for employees to all information assets, including confidential information. To increase the level of security of information processed and stored in the organization, a software tool for managing the role model of access control for employees of the organization has been developed and implemented, which significantly complements the standard security model of the corporate portal

Keywords:

corporate information system, corporate portal, role model of access control, information protection
APPLIED CRYPTOGRAPHY
N. N. Shenets, E. B. Aleksandrova, A. S. Konoplev, N. V. Gololobov Peter the Great St. Petersburg Polytechnic University
KEY PRE-DISTRIBUTION TECHNIQUE USING SHAMIR’S SECRET SHARING SCHEME

Annotation:

Two new approaches to key pre-distribution based on an ideal additive homomorphic secret sharing scheme were proposed in [1]. However, it was not possible to prove their security against insider attacks in the general case. In this paper, a simple method for distributing shares based on Shamir’s secret sharing scheme corresponding to the first approach in [1] is proposed and analyzed. Namely, the following problem is solved: it is necessary to distribute 2n shares among n participants in such a way that each participant keeps two shares, and any pair of participants corresponds to a (3,4)-threshold scheme, where the common threshold can be arbitrary. Note that such a problem is solved for the first time in the theory of secret sharing. Unfortunately, the analysis showed that the key agreement protocol based on the proposed technique of shares pre-distribution is not resistant to insider attacks. A general necessary condition for the security of the key agreement protocol in the inside adversary model is obtained

Keywords:

key pre-distribution, Shamir’s secret sharing scheme, key agreement protocol, adversary model, lightweight cryptography
RESEARCH, MONITORING AND OPTIMIZATION OF AUTOMATED TECHNOLOGICAL PROCESSES AND PRODUCTIONS CONTROL SYSTEMS
S. О. Baryshnikov, V. V. Saharov, I. A. Sikarev, А. А. Chertkov, V. M. Abramov Admiral Makarov State University of Maritime and Inland Shipping Russian State Hydrometeorological University
AUTOMATION OF ACTIVE POWER FLOWS EVALUATION

Annotation:

Automation of the approximate method for estimating active power flows in an electric network with three buses according to specified parameters in nodes using an incomplete conductivity matrix and the implementation of calculations in the CVX format. is considered. The method is based on the fact that the active resistances of the power transmission lines in the electrical circuit are significantly less than the reactive ones, which makes it possible to obtain a simple relationship between the power in the nodes and the angles, which establishes the connection of the parameters of the nodes using a non-invertible conductivity matrix. CVX is a calculation format that allows you to introduce various constraints, including current density in lines, parametric changes, external perturbations, etc. The results of estimates of active power flows for possible variants of the node “zeroing” scheme by minimizing the Euclidean norm are presented. The practical application of the proposed method is determined by the need to quickly assess the volume of purchases in the electricity markets

Keywords:

power grid, power flows, approximate estimation method, conductivity matrix, incomplete matrix rank, CVX technologies, Euclidean norm, computational structure
MACHINE LEARNING AND KNOWLEDGE CONTROL SYSTEMS
V. M. Krundyshev, V. K. Cheskidov, M. O. Kalinin Peter the Great St. Petersburg Polytechnic University
A PROTECTION METHOD FOR THE GLOBAL MODEL OF THE FEDERATED LEARNING SYSTEMS BASED ON A TRUST MODEL

Annotation:

The paper reviews the problem of ensuring the security of a global model in the federated learning systems. The proposed protection method, based on data verification using a trusted group of nodes, ensures that only correct updates are considered during the aggregation of the global model. As a result of experimental study, it is demonstrated that the developed method ensures high speed of identification and isolation of adversarial clients implementing label substitution and noise imposition

Keywords:

artificial intelligence security, model security, noise imposition, trust model, label substitution, federated learning
QUALITY ASSESSMENT AND SOFTWARE SYSTEMS SUPPORT
F. H. Pashayev, S. E. Pashayeva, N. A. Maqgsudova The Ministry of Science and Education of the Republic of Azerbaijan, Institute of Control Systems Nakhchivan State Universty
OPTIMIZATION OF THE PERFORMANCE OF THE SEARCH INFORMATION SYSTEM IN THE LEGISLATIVE DOCUMENTS DATABASE

Annotation:

To formulate optimization tasks in the Electronic Policy Document Management System, an enterprise can be presented as a set of departments performing certain functions. At large enterprises there is a constant exchange between the individual departments of the enterprise, between the document databases of departments. The paper examines solutions to several document database- related problems. Here, first of all, we consider the problem of choosing a model capable of setting the relationship between the query execution time and the amounts of documents, grouping of policy documents according to their sources of creation and evaluation of the advantages that this grouping can offer. An experimental table showing the relationship between data size and query execution time is given to solve the problems set. The least squares method is used to select linear or hyperbolic models used in this table. The closeness of the model of this relationship to a linear dependence is used in evaluating the advantages of partitioning the database into natural groups. It is known that policy document databases store documents of local or international importance that are created and recommended for implementation by local or international organizations. To improve the work, the documents in the database can be grouped by the degree of their importance, by the date of entry into the system, by the organizations that created the document. The paper presents a method of grouping policy documents by the source of their creation. Some numerical characteristics indicating the advantages of this grouping are given

Keywords:

policy document database, data source, query time, amount of information, additional delays, mean-square difference, linear model, hyperbolic model, natural division

№ 3

2024 year

SOFTWARE SECURITY
S. V. Bezzateev, G. A. Zhemelev, S. G. Fomicheva Saint Petersburg State University of Aerospace Instrumentation Peter the Great St. Petersburg Polytechnic University
RESEARCH ON THE PERFORMANCE OF AUTOML PLATFORMS IN CONFIDENTIAL COMPUTING

Annotation:

The paper examines the performance indicators of automatic machine learning platforms when they function in standard and confidential modes using the example of a nonlinear multidimensional regression. A general protocol of distributed machine learning trusted in the sense of security is proposed. It is shown that within the framework of confidential virtualization, when optimizing the architecture of machine learning pipelines and hyperparameters, the best quality indicators of generated pipelines for multidimensional regressors and speed characteristics are demonstrated by solutions based on Auto Sklearn compared with Azure AutoML, which is explained by different learning strategies. The results of the experiments are presented

Keywords:

automatic machine learning, confidential computing, confidential virtual machines, optimization of the architecture of the machine-learning model, hyperparameters
Pages 109–126
N. V. Gololobov Peter the Great St. Petersburg Polytechnic University
ANALYSIS AND FORECASTING THE STATES OF INDUSTRIAL NETWORKS WITH ADAPTIVE TOPOLOGY BASED ON NETWORK MOTIVES

Annotation:

The most vulnerable nodes of any information system are those that depend on the human factor. Such nodes, for example, include user electronic computers (PCs), which are susceptible to attacks using malicious software (malware). Modern malware detection tools can effectively identify known instances, but their effectiveness for zero-day threats is at a suboptimal level. One of the potential ways to identify malware is a method based on behavioral analysis and analysis of their activity on a personal computer, but its creation requires systematization of known information about the activity of various types of malwares. This scientific work systematizes malicious software to determine the types of activity they exhibit to use the resulting system to create a method for identifying malware based on behavioral analysis

Keywords:

information security, malicious software, systematization, malware activity
Pages 142–154
V. M. Bogina, K. А. Velichko, A. А. Makeeva, A. D. Dahnovich, D. P. Zegzhda Peter the Great St. Petersburg Polytechnic University
APPROACH TO CREATING PERSONALISED LLM AGENTS BASED ON MBTI PERSONALITY TRAITS

Annotation:

This article describes an approach to creating target characters based on LLM agents. Agents use personal memory to access biographical and personal data assigned to them. In order to increase the integrity of the characters being created, a short life biography is generated based on the initial target data, corresponding to the original set and enriching the reactions of the agents. The personal traits inherited by agents are formulated on the basis of descriptive information of MBTI types, and the paper presents a study of the correspondence of characters to their target personality type

Keywords:

LLM, social simulation, personalization, social modeling, cyberpsychology
Pages 127–141
INFORMATION SECURITY ASPECTS
D. S. Bogdanov, A. S. Logachev, V. O. Mironkin National Research University Higher School of Economics TVP Laboratory MIREA – Russian Technological University
THE PROBABILITIC-THEORETIC MODELS OF PHYSICAL RANDOM NUMBER GENERATORS

Annotation:

This paper presents the main probability-theoretic models describing a wide class of physical random number generators and allowing us to propose general approaches to their synthesis and analysis

Keywords:

physical random number generator, stochastic process, scheme of instantaneous value, scheme of intervals, scheme of excursion, optimal interpolation problem
Pages 9–19
A. Yu. Garkushev, A. V. Vyvolokina, S. I. Fokina, A. F. Suprun St. Petersburg State Marine Technical University St. Petersburg State Polytechnic University of Peter the Great
APPLICATION OF INDICATOR FUNCTIONS IN MODELS OF DETECTION AND NEUTRALIZATION OF MALICIOUS INFORMATION OBJECTS

Annotation:

The article proposes a new approach to the application of the well-known method of indicator functions, which used to simulate the detection and neutralization of suspicious information objects in the information environment of an industrial enterprise, as well as to simulate a security system during operation. Formula dependencies are given for calculation of stochastic indicators, allowing some objective estimates of values of time parameters and their impact on safe functioning of information systems

Keywords:

indicator function, information security, information system, neutralization, identification of the object
Pages 20–29
O. V. Rybkina Far Eastern State Transport University
CONSTRUCTION OF DETERMINISTIC AND STOCHASTIC MATHEMATICAL MODELS OF INFORMATION SYSTEM PROTECTION

Annotation:

Mathematical models of information system defense against information security threats are proposed based on the classical model of the struggle between two adversaries – the Lanchester model. Using the method of constructing systems of differential equations with a given set of invariants – first integrals, a deterministic model with invariant control and a stochastic model with Viner perturbations and a model with software control with probability 1 have been constructed. The behavior of the systems has been evaluated by means of mathematical modeling in MathCad. Behavior of the constructed models depending on initial conditions is considered. The existence of the stochastic model of information system protection against information security threats protected with probability 1 is established

Keywords:

mathematical model, Lanchester model, information security, deterministic model of information protection, stochastic model of information protection, invariant control, program control with probability 1
Pages 30–39
INFORMATION SECURITY APPLICATION
V. V. Zaitzeva, M. A. Poltavtseva Peter the Great St. Petersburg Polytechnic University
SECURITY ASSESSMENT OF BIG DATA SYSTEMS

Annotation:

The article deals with the task of the security assessing of big data systems. The authors define the main features of big data systems as an object of security assessment and analyze the known methods of assessment, including methodologies for assessing the security of information systems. Based on the results obtained, a new method of assessment is proposed, taking into account such factors as the state of the access control system in the considered heterogeneous systems and the number of privileged users. A mathematical formalization of the assessment is proposed, the main stages of its implementation are described, and a test case is presented

Keywords:

information security, Big Data, heterogeneous data processing systems, security assessment
Pages 40–57
T. M. Tatarnikova, I. A. Sikarev, D. A. Rychikhin St. Petersburg State University of Aerospace Instrumentation Russian State Hydrometeorological University
СПОСОБЫ ПОЛУЧЕНИЯ ДОКАЗАТЕЛЬНОЙ ИНФОРМАЦИИ С КОМПЬЮТЕРА СРЕДСТВАМИ OPEN SOURСE

Annotation:

The current task of obtaining evidentiary information as a direction for the development of digital forensics is considered. The procedure for collecting evidentiary information from computer storage devices is given, including the basic requirements for collecting evidence, its safety and ensuring integrity. An overview of methods for obtaining evidentiary information from a computer is given, among which an accessible and effective method is highlighted using Open Source software to form a snapshot of RAM. The results of an experiment to study the possibility of obtaining and analyzing a snapshot of a computer’s RAM using Open Source tools are presented and approximate information is determined that can be obtained when using them in the interests of computer technical expertise

Keywords:

digital forensics, evidentiary information obtained from a computer, the procedure for collecting evidentiary information, methods for obtaining evidentiary information, an experiment on obtaining evidentiary information from a computer
Pages 58–68
CRITICAL INFORMATION INFRASTRUCTURE SECURITY
A. G. Busygin, M. O. Kalinin Peter the Great St. Petersburg Polytechnic University
APPLICATION OF DISTRIBUTED LEDGER TECHNOLOGY TO PROTECT SMART CITY INFORMATION SYSTEMS

Annotation:

The article discusses the application of the distributed ledger technology to secure information systems of the smart city. The authors identified the limitations of existing solutions in this area and considered the main directions for the development of distributed ledger technology, ensuring successful integration into the smart city ecosystem

Keywords:

smart city, internet of things, distributed ledger technology, information security
Pages 69–79
D. P. Zegzhda, A. F. Suprun, E. G. Anisimov, V. G. Anisimov Peter the Great St. Petersburg Polytechnic University Peoples’ Friendship University of Russia named after Patrice Lumumba
ASSESSMENT OF THE POSSIBILITY OF UPGRADING INFORMATION SECURITY SYSTEMS IN THE PLANNED TIME FRAME

Annotation:

In the interests of sound planning for the modernization of information security systems, approaches to constructing methods for assessing the possibility of developing and introducing within the planned time frame innovations necessary for the timely detection, prevention and elimination of the consequences of information security threats are considered. As an indicator for assessing this possibility, it is proposed to use the probability of modernizing the information security system over a certain specified period of time. To quantify this indicator, approaches based on a generalization of Chebyshev’s inequality and the principle of stochastic dominance are proposed

Keywords:

information security system, modernization planning, assessing the likelihood of meeting the deadlines for introducing innovations
Pages 80–87
CYBER-PHYSIC SYSTEMS SECURITY
A. S. Kurakin LLС “STC”
AN INTEGRAL INDICATOR OF THE EFFECTIVENESS OF THE USE OF A GROUP OF UNMANNED AERIAL VEHICLES IN SOLVING AERIAL PHOTOGRAPHY TASKS

Annotation:

The paper evaluates the effectiveness of a group of unmanned aerial vehicles in performing aerial photography tasks in solving heterogeneous tasks and various payload variants. The modeling of options for equipping the elements of the group when performing various tasks is carried out. The integral indicator is defined as a combination of particular performance indicators, efficiency and resource intensity. The relationship between task options and payload options has been established. Numerical modeling of combinations of group equipment options and task options is carried out

Keywords:

efficiency, resource intensity, integral indicator, group of unmanned aerial vehicles, flight task, efficiency, comparative assessment, aerial photography
Pages 88–93
E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University
ANALYSIS AND PREDICTION OF STATES OF INDUSTRIAL NETWORKS WITH ADAPTIVE TOPOLOGY BASED ON NETWORK MOTIFS

Annotation:

An approach to investigating the states of complex industrial networks with adaptive topology using network motifs – statistically significant subgraphs of a larger graph – is proposed. The analysis presented addresses the ability of network motifs to characterize system performance and the possibility of their application to short-, medium-, and long-term prediction of system states. Using the Smart Grid network structure as an example, a directed graph is modeled, in which the most common motifs are searched, several attack scenarios on network nodes are simulated and a network state prediction is built. The results of experimental studies confirmed the correctness and validity of the application of this mathematical apparatus for the set tasks

Keywords:

dynamic graph, network motive, target function, network with adaptive topology, forecasting
Pages 94–108

Articles are being accepted in № 3 (60) 2024.

Detailed information on the rules of registration and the process of submitting an article.