Belim S. V., Belim S. Yu., Usov S. V.
The object-oriented modification of model HRU is developed.
Keywords:Model of security policy, discretionary access, object-oriented system.
Kalinin M. O.
The paper discusses a problem of selecting the control measures targeted at security of frameworks that include web-servers, operating systems, and data base management systems. The solution of that problem is presented: it is based on integral estimation of system security configuration.
Keywords:Information security, security control, network, web-server, database management system, security state.
Kalinin M. O., Moskvin D. A.
The paper presents the characteristic of IT-system security maintenance and depicts the formula of its estimation for the case of discretionary access control. On the base of that calculus, the method targeted at the configuration optimization is discussed.
Keywords:Information security, operating environment, administrative effectiveness, security optimization, security settings.
Baranov P. A., Kalinin M. O., Stepanova T. V.
Detection of unknown attack types for mobile devices stays up-to-date, but existing mobile security software aims at detecting known attacks. Offered method of anomaly detection in mobile devices' behavior is based on power consumption homogeneity analysis. Method allows to detect deviations in normal behavior for anomalies of any type (anomalous network activity, anomalous computing resources' usage etc.), because power consumption is the universal characteristic, which depends on any system activity.
Keywords:Anomaly detection, power consumption, homogeneity analysis, mobile devices.
Kort S. S.
This article is devoted to the program activity anomaly detection based on Markov chains. Also advantages and challenges of applying this mathematical method for anomaly detection discussed.
Keywords:Markov chain, attack, intrusion detection, host system, software, vulnerability, unknown attack.
Yakovlev V., Levin I.
This article describes a new combined method of tracking and blocking the sources of distributed network attacks, combining the methods used by both routers and end-hosts. The essence of the method is that each router marks the network packet that passes through it using a random hash function from the set. At the receiving side this information is stored and used to filter unwanted traffic and traceback the source of distributed attack.
Keywords:The distributed network attacks, the undesirable traffic, label.
Rostovtsev A. G.
Isogenies of elliptic curves over finite fields are considered. It is shown that isogeny class group is isomorphic to ideal class group for Frobenius discriminant. Two methods for direction specification on isogeny cycle are proposed. The first one specifies direction according to minimal degree of field extension obtained adjoining isogeny kernel. The second one specifies direction according to precomputed eigenvalue of Frobenius endomorphism by Schoof-Elkies-Atkin algorithm.
Keywords:Elliptic curves, class group, isogenies, SEA algorithm.
Gasin A. I., Maligin A. Y., Malysh V. N.
A new generation of adaptive fragmentators of speech taking into account individual peculiarities of speech of concrete person and fragmentation of speech into sound segments with homogenous biometrics parameters is considered.
Keywords:Continuous identification, continuous autentification, fragmentation, biometrical sign, fragmentator-classificator, defragmentator-classificator, biometrical characteristic, main tone, sound-wave vibration..
Funtikov V. A.
It is shown that the “biometry-code” converters outputs research changing to the Hamming interval code assignment research allows to increase greatly the entropy viewer dimension. The natural codes field changing to the Hamming codes field allows to simplify calculations and to provide the view using the small dimension grosses.
Keywords:Testing, neural nets, distribution of hamming metric, entropy, converters of biometry-code.
Belim S. V., Bogachenko N. F., Rakitsky J. S.
The mathematical structures, necessary for modeling the role-based and mandatory access control to information, are analyzed in this article. The possibility of combining these security policies in a computer system is proved.
Keywords:Security policy, role-based and mandatory access control, lattice, directed graph.
Belim S. V., Brechka D. M.
The space of access matrix is investigated. The model of security HRU is extended.
Keywords:Model of security policy, discretionary access.
Maluk A. A.
Based on a retrospective analysis of publications on information protection problems separation of several historical stages in the development of protection approaches is proposed. Each approach is characterized by some fundamental features that cause the transformation of the very formulation of a protection goal - from the counteraction to known threats to the development of original secured information technologies.
Keywords:Information protection, secured information technologies, information security, information protection approaches.
Semenova N. A.
This paper describes a formal concept analysis approach to role-based access control models building and optimization. Several algorithm modifications are presented for different sets of input data types. A method for evaluation of generated model is described.
Keywords:RBAC model, role mining, role hierarchy engineering.
Avramenko V. S.
In article ways and private methods of the decision of a problem of adaptation of the monitoring system of information protection from unauthorized access on the basis of information patterns are considered.
Keywords:Monitoring of information protection, unauthorized access, adaptation, information pattern, level of false alarms.
Babash A. V.
We estimate the complexity of determining the keys serial communications encryption machines.
Keywords:Method of the coordination, condition, key sequence, the consecutive connection, the ciphering automatic machine, labour input.
Baranov V. A.
This paper is devoted to formal and informal definition of the insider conception. Consideration includes threats from insider for computer system resources. Also original model, which describe insider behavior, is proposed. With this model we can obtain description of insider behavior scenarios.
Keywords:Threats, scenarios of infringement of safety, unapproved access to the information, leak of the confidential information.
Kort S. S., Rudina E. A., Pavlichenko M. V.
Distributed attack is an attack, that corresponds to the interrelation «many intruders – one goal». Distributed attacks present a serious threat for servers, functioning in the Internet. In this paper we introduce the extension of the existing algorithm of intrusion expansion dynamics analysis for distributed attacks’ detection. Two main distributed attacks’ groups were singled out, the methods of their detection were selected, the proposed methods were integrated into IDS. The integration of these methods into IDS is described below.
Keywords:Distributed attack, intrusion detection system, intrusion automata model, event correlation.
Romanov K. O., Ryzhov Y. N., Skiba V. Y.
In this particular article we cover the subjects of protected data classification and the main security threats identification in informational systems of federal executive bodies of Russian Federation; creating computer-assisted system of protected information leakage channel diagnostics which allows to neutralize almost all threats and provides clear user operating mode with the protected information.
Keywords:Informational systems, computer-assisted system of protected information leakage channel diagnostics, security threats, insider.
Yavno D. M.
An object-oriented model of rootkit functioning within a computing system is proposed. Relationships between a rootkit and other objects of a computing system are picked out. These relationships are used to determine factors of rootkit presence, that can be later used for rootkit detection.
Keywords:Rootkit, detection, model.
Kalinin M. O.
The paper reviews an approach to formal task of analysis of secure IT systems with application of reliability theory. Formal based method of reliability estimation is suggested for highly secured IT systems.
Keywords:Estimation, reliability, security, synthesis, system.
Semenova N. A.
This paper describes an algorithm of building formal RBAC model based on representation of user access rights as an algebraic lattice. Some theoretical and practical proofs are given to show the effectiveness of proposed approach.
Keywords:RBAC model, lattice theory, role hierarchy engineering.
Kruglov S. N., Kopchak Y. M., Saenko I. B.
Mechanisms of discretionary access control to the files of the operating system MSMF are discussed. The problem of optimization of discretionary access schemes to files and algorithm of its solution are given.
Keywords:Automated system, information security, unauthorized access, file system.
Nyrkov A. P., Bashmakov A. V., Sokolov S. S.
The article is devoted to the question of information security maintenance in wireless net-works with the use of non cryptographic methods. The current study considers the ways of limiting the network field coverage in view of the influence of Fresnel zone on the radio signals propagration.
Keywords:Wireless networks, radiation field, covering area, vulnerability.
Azhmukhamedov I. M.
Proposed scheme manufacture autonomous electronic identity based on stego and cryptographic algorithms, which allows you to create a qualitatively new bandwidth system with enhanced security. Described approach to manufacturing electronic documents can be applied not only to the Organization of a crossing regime, but also for other identity documents (for example, permit, social cards, passports, etc.).
Keywords:The scheme of manufacturing of the independent electronic identification card, stego and cryptographic algorithms.
Babash A. V.
The formulas for the parameters of methods for determining the state and the input word automaton, based on the preliminary construction of his entourage of models.
Keywords:The automatic machine, entrance sequence, condition, the total method, the approached model, labor input.
Bezzateev S. V.
Multilevel access control system based on embedded Goppa codes is consider.
Keywords:Multilevel access control system, Goppa codes.
Gatsenko O. Y., Аristarkhov I. V., Maksimov S. V.
In this article we present the model of Certification Authority on End Entities Public Key Certificate Request in Electronic Documents Verification System. Closed Queueing Systems are used in the capacity of mathematical apparatus. The model let to estimate probabilistic-time characteristics with a glance different time of request processing while end entity initial registration (or after key compromising) and while key update request.
Keywords:Electronic documents verification system, certification authority, registration authority, request processing, public key certificate, time study, queueing systems.
Kanunnikov D. S., Dobritsa V. P.
In article attempt of an involvement of an artificial neural network for distribution of keys of symmetric cryptography is undertaken. The description of algorithm of distribution is resulted. Rules of formation neural network are specified.
Keywords:Neural network algorithm of distribution of keys.
Karetnikov V. V., Rudih S. V., Sikarev I. A.
The question of influence mutual on range of action of base stations of the automated identification systems is considered.
Keywords:Topology of an operative range of automatic information systems, optimum radius of a cellular zone, mutual hindrances.
Nyrkov A. P., Sokolov S. S., Bashmakov A. V.
The model of construction safe uniform information exchange space and management for a transport-logistical complex is considered.
Keywords:The transportno-logistical centre, the centre of system of the dispatching management, the automated control system, modular principle.
Starodubcev Y. I., Risman O. V., Grechihnicov E. V., Misyrko S. V.
In article the analysis of a current situation in the field of preparation of experts in maintenance of information safety of telecommunication systems in the Russian Federation is carried out. The basic directions on perfection of system of preparation of experts in maintenance of information safety of telecommunication systems in Russia are offered.
Keywords:Information safety, preparation of experts.
Semenova N. A.
This paper describes a RBAC verification method which considers RBAC as a set of LTL sentences. It also contains LTL sentences representing basic RBAC policies, which can be used for construction a RBAC of arbitrary complexity.
Keywords:RBAC model, linear time logic, security policy verification.
Rudina E. A.
In this paper is proposed the approach to the selection of virtualization method. It depends on the target system application and goals of it’s virtualization. This approach is based on the analysis of the goals and methods of modern computing systems virtualization.
Keywords:Virtualization, computing resources, virtualization methods.
Sobakin I. B.
The article provides an overview and analysis of basic international standards concerned information security risk management. Comprehensively reviewed ISO / IEC 27005:2008 as one of the major standards. The article also contains the scheme of information security risk management process.
Keywords:Risk management, information security, information risk.
Atmashkin M. I., Belim S. V.
The article describes the various ways of organizing subliminal channels in the GOST R 34.10-2001 digital signature algorithm. This paper proposes examples of using subliminal channels for messaging, for the covert transfer of the private key, as well as for the creation of cryptographic protocols. The article also presents a method for elimination of subliminal channels.
Keywords:Subliminal channels, digital signature scheme, cryptographic protocols, elimination of subliminal channelsability.
Kanunnikov D. S., Dobritsa V. P.
In article attempt of an involvement of an artificial neural network to enciphering the information is undertaken. The detailed description of algorithm of enciphering is resulted. Rules of formation of an artificial neural network, and as restrictions on use of algorithm are specified. Besides possible advantage of the described algorithm in comparison with already existing analogues speaks.
Keywords:Neural network, cryptography, enciphering, algorithm, a key.
Kolesova N. A.
The technique is offered and proved. It allows to define presence stegamessage in the image with help of the analysis quality of the sequences, consisting of lower bits of each color channel of pixels in this image.
Keywords:A sequence of random numbers, information security, steganography, stegamessage, cognitive model, lower bits of pixel.
Rostovtsev A. G., Bogdanov A. G.
Method for side channel attack protection of smart card, generating digital signature, is proposed. Method is based on binary representation of secret exponent using digits 1 and -1 only.
Keywords:Digital signature, smart card, side channel attacks.
Yakovlev V., Korzhik V., Kovajkin Yu.
We describe a method based on the use of randomly excited smart antenna that results under the condition of multipath wave propagation in an opportunity to share a cryptographic key in secret manner. In the first part of this paper the statistical characteristics of the variable antenna diagram given a random antenna exciting are investigated. Multipath channel model is presented and a correlation between the values producing the keys of legal and illegal users depending on their location is estimated. This creates a basis for further investigation of both security and reliability of the shared keys in the second part of this paper.
Keywords:Model of the channel of signaling, wireless local networks, orientation diagrams.
Azhmukhamedov I. M.
Proposed technique evaluation competencies based on fuzzy cognitive models that can be useful not only in determining the level of competence of experts on directions and specialties of the condensed directions 090000 "information security", but also other specialties of higher vocational education.
Keywords:Fuzzy cognitive model, competence, manage educational process, poor ranking, weight of Fishburnhms.
Zaitzev A. I.
Influence of a condition of the information channel, blocking relief and mutual moving ship transponders concerning base stations on range and topological structure of AIS action in Gulf of Finland is analyzed.
Keywords:Information channel, blocking relief, ship transponders.
Nyrkov A. P., Vikulin P. V.
The article discusses the implementation of information security in the structure of the AIS in order to prevent unauthorized access to the data being transferred. The author proposes to use the PAC in the process of protecting data about shipping situation when the data being transferred over public networks.
Keywords:AIS, information flow, VPN, authentication, encryption, software and hardware protection.