Quarterly journal published in SPbPU
and edited by prof. Dmitry Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2025 year
  • 2024 year
  • 2023 year
  • 2022 year
  • 2021 year
  • 2020 year
  • 2019 year
  • 2018 year
  • 2017 year
  • 2016 year
  • 2015 year
  • 2014 year
  • 2013 year
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
    • № 1 2009
      • SOFTWARE SECURITY

        Molyakov A. S.

        KPROCESSOR_CID_TABLE–factoring. New systematic research field of eliminating undeclared vulnerabilities on operation systems

        Annotation:

        In this article author describes new systematic research method of eliminating undeclared vulnerabilities on operation systems by using active kernel context control and scanning of internal process tables. New systematic research field of eliminating undeclared vulnerabilities on Operation Systems is based on using MicroKernel Object specification. KPROCESSOR _CID-table factoring is a new cross platform detail fundamental analysis of internal context_tables of processor executive region.

        To quote:

        Molyakov A. S.

        KPROCESSOR_CID_TABLE–factoring. New systematic research field of eliminating undeclared vulnerabilities on operation systems // Information Security Problems. Computer Systems. 2009. № 1. Pp. 7-18. DOI:

        Keywords:

        The program, program code, kernel, the identifier.

        Pages:

        7-18

        Baranov V. A.

        The analysis of second-order code injection vulnerabilities in web-applications

        Annotation:

        This article is devoted to the research of web-application protection against attacks based on second-order code injection. The description of security model, which is used for detection of web-application improper input validation vulnerabilities, and the software tool, based on this model, which helps to find such vulnerabilities, are considered in this article.

        To quote:

        Baranov V. A.

        The analysis of second-order code injection vulnerabilities in web-applications // Information Security Problems. Computer Systems. 2009. № 1. Pp. 19-24. DOI:

        Keywords:

        The web appendix, vulnerability, the data flow, script, shielding, coding.

        Pages:

        19-24
      • INFORMATION SECURITY ASPECTS

        Kalinin M. O.

        The paradigm of parametric security management in information systems

        Annotation:

        The paper reviews the paradigm of information security management, which involves the system configuration fixing, security evaluation of the system state, and system adaptation to the discovered security faults through feed-back control over security settings. The sample using the discussed technique is presented for UNIX-like systems. This technique and the control system based on it allow a procedure of security adaptation to be automated and thus considerably simplified. It forms a fundament for a new class of self- adapting security systems.

        To quote:

        Kalinin M. O.

        The paradigm of parametric security management in information systems // Information Security Problems. Computer Systems. 2009. № 1. Pp. 25-33. DOI:

        Keywords:

        The protected information systems, safety administration, safety conditions, infringement function.

        Pages:

        25-33
      • TECHNICAL SOLUTION

        Karetnikov V. V., Sikarev I. A.

        To question of computer simulation of of service arias of high accuracy position systems

        Annotation:

        This article is devoted to very rather up to date issue of the computer simulation of service arias of high accuracy position systems.

        To quote:

        Karetnikov V. V., Sikarev I. A.

        To question of computer simulation of of service arias of high accuracy position systems // Information Security Problems. Computer Systems. 2009. № 1. Pp. 34-37. DOI:

        Keywords:

        Signal distribution, radio navigating field, conductivity, distribution of radio-waves.

        Pages:

        34-37

        Petrenko S. A., Beliaev A. V.

        Threats of safety of digital and IP-office automatic telephone exchanges

        Annotation:

        New kinds of threats of safety of digital and ip-office automatic telephone exchanges are considered.

        To quote:

        Petrenko S. A., Beliaev A. V.

        Threats of safety of digital and IP-office automatic telephone exchanges // Information Security Problems. Computer Systems. 2009. № 1. Pp. 38-42. DOI:

        Keywords:

        The vocal traffic, digital systems of a telephony, user's line, vocal stream, mix.

        Pages:

        38-42
      • SPECIAL IT

        Baranov Y. A.

        Developing the thematic access policy in information retrieval systems, on the basis of automatic rubricating

        Annotation:

        In this article it is described the using of automatic rubrication engine for providing the thematic differentiation access to text documents in system. Also in this work algorithm of processing of automatic rubricator is represented and theoretically proved.

        To quote:

        Baranov Y. A.

        Developing the thematic access policy in information retrieval systems, on the basis of automatic rubricating // Information Security Problems. Computer Systems. 2009. № 1. Pp. 43-48. DOI:

        Keywords:

        Thematic differentiation of access to the information, an autorubrication, the information file, training sample.

        Pages:

        43-48

        Rastorguev S. P., Tokarev R. S.

        About direction of development self-learning techniques in the Internet

        Annotation:

        In the past ten years theory and technology of information security become more durable and always ready to resist to new threats. Today total damage of all system, due to gap on a security system, mostly depends on a user and his knowledge. Thereby than environment is more various then defense is stronger and then threats are more complex. But what will happen if environment has been changed? Environment mandatory will be cardinally changed. To make sure about it enough to look at continuously speed up growth of functional possibilities of the Internet: e-mail, sites, big portals, social networks and so on. And growth isn't going to stop. It is known that new possibilities on the some stage of their development result in qualitative change of environment. To solve security problems in new environment we may be needed in a new theoretical base. In this article we try to research the forming process of self-learning procedures in the World Wide Web. Of course today these procedures are forming by people. But in our opinion we should think about future security problems exactly today.

        To quote:

        Rastorguev S. P., Tokarev R. S.

        About direction of development self-learning techniques in the Internet // Information Security Problems. Computer Systems. 2009. № 1. Pp. 49-57. DOI:

        Keywords:

        The mechanism of self-training of a global network, the feedback, the structured texts.

        Pages:

        49-57

        Fedorchenko L. N., Zabolotsky V. P.

        A linguistic tool for security system tasks

        Annotation:

        In the paper we consider new approach of software safety based on syntax-driven control for security. The notion "regularization of a grammar" is presented. CF grammar in a regular form (CFR-grammar) supplied with extended set of operations in regular expressions in the right hand side of rules is discussed. The scheme of CFR grammar regularization has been shown. — Bibl. 7 items.

        To quote:

        Fedorchenko L. N., Zabolotsky V. P.

        A linguistic tool for security system tasks // Information Security Problems. Computer Systems. 2009. № 1. Pp. 58-64. DOI:

        Keywords:

        The linguistic toolkit, information protection, security policy formalisation, set corrected grammar, the analysis of the data.

        Pages:

        58-64
      • APPLIED CRYPTOGRAPHY

        Vorobiev E. G.

        The masking of transferred data on the basis of quantum cryptography

        Annotation:

        The realization of masking of the transferred information on the basis of quantum technologies is considered.

        To quote:

        Vorobiev E. G.

        The masking of transferred data on the basis of quantum cryptography // Information Security Problems. Computer Systems. 2009. № 1. Pp. 65-70. DOI:

        Keywords:

        Masking of the transferred information, interception of network messages, the protection report, knot of switching of a network.

        Pages:

        65-70

        Rostovtsev Alexander

        Linear isomorphism between Weierstrassian and Hessian elliptic curves

        Annotation:

        Elliptic curves in Hesse form admit more suitable arithmetic than ones in Weierstrass form. But elliptic curve cryptosystems usually use Weierstrass form. It is known that both those forms are birationally equivalent. Birational equivalence is partially determined and it is relatively hard to compute. We prove that elliptic curves in Hesse form and in Weierstrass form are linearly isomorhic over initial field or its small extension and this equivalence is easy to compute. If cardinality of finite field q є 5 (mod 6) and Frobenius trace T є 0 (mod 3), then equivalence is defined over initial field with high probability. This linear equivalence allows multiplying of an elliptic curve point in Weierstrass form by passing to Hessian curve, computing in this curve and passing back. This speeds up the rate about 1,35 times.

        To quote:

        Rostovtsev Alexander

        Linear isomorphism between Weierstrassian and Hessian elliptic curves // Information Security Problems. Computer Systems. 2009. № 1. Pp. 71-77. DOI:

        Keywords:

        Elliptic curve, projective algebraic curve, linear isomorphism of algebraic curves, polynom degree.

        Pages:

        71-77

        Yakovlev V., Shutyy R.

        Oblivious transfer for bit strings based on noisy channel using interactive hashing

        Annotation:

        We consider oblivious transfer protocol based on noisy channel. We carry out detailed analysis of protocol and it's rate dependence on requirements for given parameters. The modified protocol using interactive hashing for test the receiver's adherence to the protocol is presented which results in increasing protocol rate.

        To quote:

        Yakovlev V., Shutyy R.

        Oblivious transfer for bit strings based on noisy channel using interactive hashing // Information Security Problems. Computer Systems. 2009. № 1. Pp. 78-91. DOI:

        Keywords:

        The report «Oblivious transfer», probability of an error in the channel.

        Pages:

        78-91
    • № 2 2009
      • INFORMATION SECURITY ASPECTS

        Zabolotsky V. P., Ivanov V. P.

        Rational choozing methods for information security

        Annotation:

        In the paper we consider the methods for choosing rational variant of the information security systems in the items of the driven criterion.

        To quote:

        Zabolotsky V. P., Ivanov V. P.

        Rational choozing methods for information security // Information Security Problems. Computer Systems. 2009. № 2. Pp. 7-13. DOI:

        Keywords:

        Index method, method of a conditional indicator.

        Pages:

        7-13
      • INFORMATION SECURITY APPLICATION

        Andreev S. V., Dragalchuk V. K., Levin M. P., Sang-min Lee, Sang-bum Suh, Trofimov A. S., Junghyun Yoo

        On the security subsystem of the paravirtualizing environment Secure Xen on ARM

        Annotation:

        This paper describes issues of the security subsystem of the paravirtualized environment Secure Xen on ARM. An application area of this environment is considered. Reasons of using the security subsystem are adduced. The architecture of the security subsystem and it particularly modules are described.

        To quote:

        Andreev S. V., Dragalchuk V. K., Levin M. P., Sang-min Lee, Sang-bum Suh, Trofimov A. S., Junghyun Yoo

        On the security subsystem of the paravirtualizing environment Secure Xen on ARM // Information Security Problems. Computer Systems. 2009. № 2. Pp. 14-20. DOI:

        Keywords:

        Security subsystem of the paravirtualized environment Secure Xen, security policies, the virtual car.

        Pages:

        14-20
      • APPLIED CRYPTOGRAPHY

        Eremeyen M., Anikevich E., Sergienko P.

        Improvement of the protected electronic document turnover based on new electronic digital signature schemes

        Annotation:

        The authors present the results of the analysis of specific features of up-date systems oа document turnover and shw their advantages and disadvantages. The basic notions of the elliptical curve theory as well as the description of procedures of creating and verifying the electronic digital signature have been considered. The programmed complex for implementing the schemes of creating and verifying the digital signature has been developed. The authors offer new schemes of electronic digital signature.

        To quote:

        Eremeyen M., Anikevich E., Sergienko P.

        Improvement of the protected electronic document turnover based on new electronic digital signature schemes // Information Security Problems. Computer Systems. 2009. № 2. Pp. 21-31. DOI:

        Keywords:

        Systems of electronic document circulation, formation and check of the electronic digital signature.

        Pages:

        21-31

        Sotov L. S., Harin V. N.

        Use of generators of dynamic chaos in systems of information security

        Annotation:

        (Russian)

        В работе обсуждается возможность использования генераторов динамического хаоса в качестве встроенных источников случайных сигналов, работающих в составе систем генерации случайных чисел. Анализируются возможные атаки и безопасность данных генераторов. Сформулированы условия безопасности генераторов динамического хаоса.

        To quote:

        Sotov L. S., Harin V. N.

        Use of generators of dynamic chaos in systems of information security // Information Security Problems. Computer Systems. 2009. № 2. Pp. 32-37. DOI:

        Keywords:

        Dynamic chaos, system of generation of random numbers, cryptographic generators of pseudo-casual sequences.

        Pages:

        32-37
      • TECHNICAL SOLUTION

        Gnatchenko I. I., Diasamidze S. V., Adadurov A. S.

        System GSM-R – component of train control and guaranteeing safety system: vulnerabilities and neutralization’s methods

        Annotation:

        The general principles of work of the standard of engineering digital-speech communication GSM-R, which is included in the European Train Control System (ETCS), as a subsystem of European Rail Transport Management System (ERTMS) were considered in this article. The common structure of the network GSM-R was considered, and also its main vulnerabilities were marked out. The general approach of this problems solving was offered.

        To quote:

        Gnatchenko I. I., Diasamidze S. V., Adadurov A. S.

        System GSM-R – component of train control and guaranteeing safety system: vulnerabilities and neutralization’s methods // Information Security Problems. Computer Systems. 2009. № 2. Pp. 38-43. DOI:

        Keywords:

        General principles of work of the standard of engineering digital-speech communication GSM-R, satellite navigating system - project GALILEO.

        Pages:

        38-43

        Sikarev I. A.

        Variational-parameter stability zones of automated identification systems under the influence of cross-governmental interference

        Annotation:

        We analyze variation and functional stability of the radius of coverage base station classes AIS1 and AIS2 coefficient of mutual differences and signal interference.

        To quote:

        Sikarev I. A.

        Variational-parameter stability zones of automated identification systems under the influence of cross-governmental interference // Information Security Problems. Computer Systems. 2009. № 2. Pp. 44-47. DOI:

        Keywords:

        Variatsionno-functional stability of radius of an operative range of base station of classes АИС1 and АИС2, a noise stability, time-and-frequency structure of signals.

        Pages:

        44-47

        Sikarev I. A.

        Variational stability and functional areas of automated identification systems under the influence of interference

        Annotation:

        We analyze variation and functional stability of the radius of coverage base station classes AIS1 and AIS2 coefficient of mutual differences and signal interference.

        To quote:

        Sikarev I. A.

        Variational stability and functional areas of automated identification systems under the influence of interference // Information Security Problems. Computer Systems. 2009. № 2. Pp. 48-51. DOI:

        Keywords:

        Variatsionno-functional stability of radius of an operative range of base station of classes АИС1 and АИС2, a noise stability, time-and-frequency structure of signals.

        Pages:

        48-51

        Shishkin I. F., Sergushev A. G.

        Contrasting reception of signals with the trassologicheskikh observations

        Annotation:

        Scientific school in the region of the radar of sea surface with the North Western state external technical university.

        To quote:

        Shishkin I. F., Sergushev A. G.

        Contrasting reception of signals with the trassologicheskikh observations // Information Security Problems. Computer Systems. 2009. № 2. Pp. 52-59. DOI:

        Keywords:

        A radar-location, the peak characteristic of the receiver, additive correlated hindrances.

        Pages:

        52-59

        Zigulin G. P., Pechenevskiy Y. A.

        Methodical approach to aforecasting of informational attacks of automated control systems

        Annotation:

        Methodical approach to aforecasting of informational attacks of automated control systems is stated.

        To quote:

        Zigulin G. P., Pechenevskiy Y. A.

        Methodical approach to aforecasting of informational attacks of automated control systems // Information Security Problems. Computer Systems. 2009. № 2. Pp. 60-63. DOI:

        Keywords:

        Forecasting of information attacks, selection of empirical formulas, approximation, interpolation.

        Pages:

        60-63
    • № 3 2009
      • INFORMATION SECURITY ASPECTS

        Belim S. V., Bogachenko N. F.

        Building the role-based security policy on the directed graph

        Annotation:

        One of the possible approaches in the building the role-based security policy on the directed graph is presented. Various transformations of hierarchy of roles, depending on what sign is more significant: the absence of cycles or the optimality are considered in this article.

        To quote:

        Belim S. V., Bogachenko N. F.

        Building the role-based security policy on the directed graph // Information Security Problems. Computer Systems. 2009. № 3. Pp. 7-17. DOI:

        Keywords:

        Security policy, access differentiation, hierarchy of roles.

        Pages:

        7-17

        Rakitskiy Yu. S., Belim S. V.

        A role-based access control model for standard of security policy ABISS-1.0-2008

        Annotation:

        In the paper we consider the methods for choosing rational variant of the information security systems in the items of the driven criterion.

        To quote:

        Rakitskiy Yu. S., Belim S. V.

        A role-based access control model for standard of security policy ABISS-1.0-2008 // Information Security Problems. Computer Systems. 2009. № 3. Pp. 18-22. DOI:

        Keywords:

        Role security policies, security policy formalising.

        Pages:

        18-22
      • INFORMATION SECURITY APPLICATION

        Lysenko A. G.

        Information security system building based on the risks assessment

        Annotation:

        The model of information security system choice was described. The technique of information security system building based on the risks assessments was reviewed.

        To quote:

        Lysenko A. G.

        Information security system building based on the risks assessment // Information Security Problems. Computer Systems. 2009. № 3. Pp. 23-28. DOI:

        Keywords:

        Estimation of risks, the safety analysis, protection system.

        Pages:

        23-28

        Yastrebov I. S.

        Role-based user authorization in equipment control system

        Annotation:

        Given the significant dangers of Large Hadron Collider (LHC) operations, access control to the accelerator controls system is required. Role-Based Access Control (RBAC) was designed in order to protect the equipment from accidental and unauthorized access. This paper describes a new mathematical model of protection the distributed control system, based on role-based access control concept. It also contains the overview of authorization, the main component of the system.

        To quote:

        Yastrebov I. S.

        Role-based user authorization in equipment control system // Information Security Problems. Computer Systems. 2009. № 3. Pp. 29-40. DOI:

        Keywords:

        Unauthorized access, system of locking of power supplies, access on the basis of roles.

        Pages:

        29-40
      • APPLIED CRYPTOGRAPHY
        (Russian)

        Жуков И. Ю.,

        г. Москва, ОАО «ВНИИНС»

         

        Михайлов Д. М., Шустова Л. И.

        г. Москва, НИЯУ «МИФИ»

        Authentication protocol for RFID systems

        Annotation:

        This article concerns security aspects of buildings control and automation systems development. Nowadays RFID technology is often used in automation systems. In most cases RFID solutions are installed in airports, stadiums, distributor centers and factories. This makes human life highly dependant on security aspects on the innovative technology. Unfortunately the RFID technology is not as safe to computer viruses attacks as most believe it is. In this article new protocol is presented that proves to be safe and effective to prevent most common attacks on RFID technology.

        To quote:

        (Russian)

        Жуков И. Ю.,

        г. Москва, ОАО «ВНИИНС»

         

        Михайлов Д. М., Шустова Л. И.

        г. Москва, НИЯУ «МИФИ»

        Authentication protocol for RFID systems // Information Security Problems. Computer Systems. 2009. № 3. Pp. 41-45. DOI:

        Keywords:

        System of automation of handle of a building, a method of automatic identification of objects, cloning of labels, information interception, unapproved reading of labels, distortion of the transferred information.

        Pages:

        41-45

        Lomako A. G., Eremeev M. A., Novikov V. A., Gnidko K. O., Goremykin D. V.

        The method of flaws location in binary memory dumps

        Annotation:

        The multimodel approach to revelation of harmful effects in binary memory dumps is being researched. The basic stages of the method of revelation of undocumented features under conditions of source code absence is considered.

        To quote:

        Lomako A. G., Eremeev M. A., Novikov V. A., Gnidko K. O., Goremykin D. V.

        The method of flaws location in binary memory dumps // Information Security Problems. Computer Systems. 2009. № 3. Pp. 46-49. DOI:

        Keywords:

        The multimodelling approach, harmful constructions, creation of structure of calculations.

        Pages:

        46-49

        Rostovtsev A. G.

        Changing probabilities of differentials and linear sums using virtual isomorphisms

        Annotation:

        Ciphers y = C(x, k) and ² = ‚(±, ¤) are isomorphic if there exists invertible computable in both directions map y « ², x « ±, k « ¤. Cipher is vulnerable if and only if isomorphic cipher is vulnerable. Instead of computing the key of a cipher it is sufficient to find suitable isomorphic cipher and compute its key. If j is arbitrary substitution and T is round substitution, its conjugate “ = jTj-1 is cipher isomorphism. Conjugate substitutions have the same cycle type. Conjugation can be composed with affine maps.

        Application this method to AES gives affine conjugate substitution. Images of XOR with round key and diffusion map become non-linear. But they possess differentials and linear sums of high probability (8-12 times more then corresponding values of original S-box).

        To quote:

        Rostovtsev A. G.

        Changing probabilities of differentials and linear sums using virtual isomorphisms // Information Security Problems. Computer Systems. 2009. № 3. Pp. 50-60. DOI:

        Keywords:

        Finite binary mappings, ciphers, substitution differential.

        Pages:

        50-60
      • TECHNICAL SOLUTION

        Antonov V. A., Pshenitsyn K. V.

        The analysis of spectra of nonlinear diffusion of signals of satellite system «Globalstar»

        Annotation:

        Classical circuits of Markov for the description of spectra processes of diffusion are considered at the organization of the passing of the ships on sluice of internal waterways. A necessary part of such structures is satellite channels of transfer as signals of communication, and radionavigation.

        The purpose of work is development of the general algorithm for calculation of spectra of nonlinear diffusion without use of factor of correlation on the basis of classical circuits of Markov when conditions and time are continuous.

        To quote:

        Antonov V. A., Pshenitsyn K. V.

        The analysis of spectra of nonlinear diffusion of signals of satellite system «Globalstar» // Information Security Problems. Computer Systems. 2009. № 3. Pp. 61-65. DOI:

        Keywords:

        Chains of Markova, a spectral density, a population mean.

        Pages:

        61-65

        Karetnikov V. V., Sikarev I. A.

        Influence of the hindrances concentrated on a spectrum on the size of a working zone of the automated information systems

        Annotation:

        The question of influence of hindrances of a various origin on range of action of base stations of automatic information system is considered.

        To quote:

        Karetnikov V. V., Sikarev I. A.

        Influence of the hindrances concentrated on a spectrum on the size of a working zone of the automated information systems // Information Security Problems. Computer Systems. 2009. № 3. Pp. 66-69. DOI:

        Keywords:

        Automatic intelligence system, noise, signals, interferences of radio resources.

        Pages:

        66-69
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year