Baranov V. A.
The model of demonstration of invasion of a computer system as a change of the parameters, which are being registered during the system monitoring, is considered in this article. It is supposed that these changes have statistical nature and they can be described using probability-theoretical model of sequence of observations imbalance. In the necessity to differ complicated hypothesizes, several ways of imbalance detection are suggested. In addition, their efficiency in the suggested probability-theoretical models is considered.
Keywords:Invasion, observation process imbalance, probability-theoretic models.
Belim S. V., Bardichev V. U.
This article describes a study of the possibility of the numerical characteristics of access to information based on access control lists using the model of Take-Grant. These characteristics allow to estimate correctly the probability of access. Since it is possible that it may be a channel of information leakage, but the likelihood of it is so small that the installation of some additional mechanisms of protection simply makes no sense.
Keywords:Computer security, model of Take-Grant, access graph.
Devyanin P. N.
This article represents role DP-model access control and information flows in operating systems of Linux sets which take into account some their essential features. The article focuses basic attention on formal description mechanism of mandatory integrity control, and also on conditions and results of application rules of transformation conditions. The article represents analysis of properties restrictions on role access control which invariantly concerning nonmonotonic rules of transformation conditions.
Keywords:Computer security, operating system, DP-model.
Moskvin D. A.
The article presents a comprehensive approach to automation of security configuring at operating systems. This technique allows to implement a set of corporative security policy requirements in accordance with a usage profile of the configured system. As the result, assurance in sustainability of the performance, elimination of "human factor" influence, as well as speed up of the process of security setting up are reached using the suggested approach.
Keywords:Security settings, security of operating systems, stability of security.
Semenova N. A.
This paper describes a methodology of evaluation the level of compliance between company information streams and a RBAC system. Several criteria for redundant permissions detection and role assignment rules quality assessment are proposed.
Keywords:RBAC system, role assignment rules, RBAC efficency evaluation.
Zavodtsev I. V., Gaynov A. E.
The feature of modern automated systems is a high concentration of information of limited distribution in these systems. This feature leads to conflict between users and information security systems. The application of biometrics-cryptographic technologies in the automated systems will solve the problem of access control to protected resources and meets user requirements and requirements for information protection.
Keywords:Automated data processing system, the artificial neural network, Kohonen’s map, a means of highly reliable biometric authentication, access control tools.
Scheglov A. U., Ogolyuk A. A., Ilyin E. V.
This work describes the problem of providing sufficiency of the information protection facility gears suite, depending on its usage conditions. The revealed base principle allows to speak about sufficiency of information security gears suite, when developing high and multipurpose system facilities. Some problems of practical implementation of these gears are also discussed.
Keywords:The mechanism of protection of the information, protection of independent computers, access control, device identification.
Andrushechkin U. N., Karetnikov V. V.
In the present study examined the transfer of correction information and the impact of underlying surfaces in the transmission range of differential corrections.
Keywords:Control and correction station, underlying surface, attenuation function, field intensity.
In article features of the approach to safety of the ship automated systems are considered. In article communication between safety of functioning of the automated systems with questions of optimization of the processes proceeding in difficult automated systems is underlined. Optimization is based on criteria of orthogonality and minimization.
Keywords:Minimization bias, quasi-optimal plans, experimental design, polynomial model, security of automated systems.
Golubcov D. A., Sidorov K. G., Sikarev I. A.
In this article algorithms of calculation and interference immunity of AIS under influence of mutual interference were examined, and also investigation of influence of concentrated on spectrum disturbances on the working zone dimentions of AIS was performed.
Keywords:Interference immunity, automatic identification systems, spectrum of hindrances.
Yakovlev V., Korzhik V., Kovajkin Yu.
We describe a key sharing protocol based on a concept of smart randomly excited antenna and multipath wave propagation considered in the first part of this paper. Reliability, randomness and security of the key string shared by legal users depending on the correlation between legal and illegal signals are estimated. Both erasing of unreliable bits and error correction codes are used. Parameters of key sharing protocols are optimized in order to maximize the key rate. We conclude that appropriated choice of parameters allows provide all requirements even in the case of noiseless eavesdropping channel in contrast of all known previous protocols of the key distribution over noisy channels.
Keywords:System of distribution of keys, optimization, wireless local networks, factor of correlation of signals.
Аristarkhov I. V.
We introduce key update planning models depending from character of adversary activities. The proposed formalization provides the possibility of finding the optimal timing for key update process aimed at minimization of the system idle time.
Keywords:Electronic document verification system, key management, private key compromise, time cost, key update planning.
Kalinin M., Konoplev A.
The paper reviews the main problems encountered in the organizing of preparing the trusted executable environment for multiprotocol network devices. Also the approach to solve this problem is presented.
Keywords:Information security, trusted environment, network, multiprotocol devices.
Kalinin M., Markov Y.
The paper raises the problem of IT-security control in Grid-systems. Comparison of security-relevant mechanisms implemented in BOINC, Gridbus, Globus Toolkit, UNICORE, and gLite is presented. That allows us to figure out common approaches applied to realize security in well-known Grid-systems. As the result, formal model of Grid access control and universal method of automated security verification in Grid-systems have been suggested.
Keywords:Access control, grid, model, security, security policy, state, verification.
Kort S. S., Shumov A. V.
This article is devoted to the task of network traffic classification and application of this task to solution of network security problems. Payload is presented in this work as n-gram and on this basis we can talk about network protocol and content recognition and anomaly detection.
Keywords:Network protocol application level, intrusion detection system, pattern recognition, anomaly detection.
Platonov V. V., Semenov P. O.
The possibility of usage dimension reduction techniques to generate a list of most significant parameters for detecting network attacks is analyzed. In this paper is proposed the model of intrusion detection system with modular architecture, which allows classifying packets by different support vector machines.
Keywords:Intrusion detection system, support vector machine, dimension reduction, principal component analysis.
Platonov V. V., Yushkevitch I. A.
The article describes hybrid intrusion detection model. For traffic classification on network and transport layers it is offered to use support vector machine (SVM). Lexicographic methods of application level protocols analysis possibility reseached.
Keywords:Intrusion detection systems, support vector machines, lexicographic methods.
Yakovlev V., Levin I.
In , the authors proposed a method of protection against DDOS-attacks which combines attack detection techniques on the hosts and tracing the sources of attacks using the network routers. Tracing of the attack sources is implemented by reconstructing the packets’ route from the source of the attack to the victim. This paper presents the simulation results of this method. To construct the network topology graph models were used: a tree graph with the victim at the root and the random Euclidean graph. We tested the effectiveness of the method for tracing DDoS-attack sources using these models when the number of attackers did not exceed 500. To test the effectiveness of the method in a large-scale network with hundreds of autonomous systems, thousands of users and tens of thousands of attackers we performed the simulation using OMNet. The results of the simulation allowed to obtain more detailed information about the functioning of the method including the process of normalization of legitimate traffic by detecting and blocking attackers using this method.
Keywords:DDoS-attacks, traceback, simulation, Euclidian graph.
Artamonov A. V., Vasilev P. N., Makhovenko E. B.
The article suggests a new way for providing the capability of the signatory authority revocation from some group member from a specific time point in the BBS group signature scheme. Security of this mechanism is based on the adding new trusted party into the group signature scheme. This new subject is in charge of the time reference of keys and signatures, as well as of the other subjects synchronization in revocation procedure.
Keywords:Group signature, BBS group signature scheme, extended dynamic ED-BBS scheme, membership revocation, time manager.
Alexander Rostovtsev, Alexey Bogdanov and Mikhail Mikhaylov
Method of secure evaluation of polynomial y = F(x1, …, xk) over some rings on untrusted computer is proposed. Two models of untrusted computer are considered: passive and active.
Keywords:Secure computation, ring homomorphism, public key encryption.
Golubcov D. A., Sikarev I. A., Sidorov K. G.
In article the method of construction and algorithms of functionally steady adaptive automated identification systems are considered at influence of mutual hindrances.
Keywords:Mutual hindrances, identification systems.
Pshenitsyn K. V., Sikarev I. A., Mulganov S. V., Sidorov R. G.
The article proposes two ways to automate the signal reception for better management of information and algorithmic support of the CDMA Globalstar satellite system in the presence of multiplicative noise to improve the efficiency of AIS in the TMS on inland waterways.
Babash A. V.
The formulas for the parameters of methods for determining the state and the input word automaton, based on the preliminary construction of his entourage of models.
Keywords:The automatic machine, entrance sequence, condition, the total method, the approached model, labor input.
Zgurskiy A. S., Korbainova E. V.
This article represents the algorithm for appraisal information assets requirements in the security properties. Influence of safety property on data center activity is estimated.
Keywords:Security, credit institution, security property, information security, data center.
Maluk A. A.
Questions of the of information security theory’s methodological basis formation are considered. Necessity of using for this purpose of a wide range of non-formal heuristic methods based on productive human thinking additionally to the classic system theory is stressed. A classification of the informal methods forming the basis of the informal system theory is given.
Keywords:Information security, information security theory, system theory, informal system theory, system approach, system analysis.
Kornev А. А.
The paper describes the problem of building an operating system for specialized trusted information processing system development. Trusted treatment implies the absence of the possibility of unauthorized information output to the external environment, the so-called "leakage" of information, through any input-output channels. The concept and practical implementation of the system with a minimal kernel as a basic component of the information processing system is described.
Keywords:Operating system, information security, trusted information processing.
Ageev S. A., Sherstjuk Y. M., Saenko I. B., Polubelova O. V.
Conceptual basics of automation control of protected multi-service networks (PMN) are discussed. The conceptual management model of PMN and basic functional tasks are considered. The framework of mathematical modeling functional control tasks for PMN is given.
Keywords:Protected multi-service network, telematic network services, automation control, TMN model.
Kotenko I. V., Stepashkin M. V., Doynikova E. V.
The paper suggests an attack trees based approach to protection analysis of information systems which extends approach suggested by the authors earlier. The main difference is in introducing of different conceptions, models and frameworks related to social engineering attacks. The approach is intended for use in perspective protection analysis systems.
Keywords:Analysis, protection, social engineering attacks.
Аristarkhov I. V.
Protection electronic document in specialized information system of the general use is realized by means of integrated electronic documents verification subsystems, using electronic signature and public key infrastructure. In article is considered some of the threats of the operating the facilities electronic signature, directed on compromising of the key electronic signature. As one of the organizing measures of the reluctance specified threat is offered building efficient strategy determinations duration of the keys.
Keywords:Electronic documents verification subsystem, certification authority, registration authority, request processing, public key certificate.
Zhuravlev V. M.
InThe task of optimization of range and size of the shore or base radio station zones is considered using stochastic models of information channels taking into account radio wave propagation, changing of obstructing relief between shore station and receiver of the ship, movement of ship station relating to shore one.
Keywords:Inner water ways, automatic vessel traffic service, trunked radio stations, obstructing relief, probability of error, coverage, receiver sensivity, corporative river information system, river information services (RIS), obstructing relief, Rayleigh distribution.
Rudyih S. V., Sikarev I. A., Sidorov K. G.
This article describes the algorithms and structural schemes of adaptive coherent AIS, including the structure of "base station transponder, correspondent for the opposite and orthogonal binary signals.
Keywords:Inner water ways, automatic vessel traffic service, interburst interference, coverage, transmitter power, probability of error.
Azhmuhamedov I. M., Kolesova N. A.
The technique of development and storage of key sequences with use of graphic files, and also a technique of selection of images approaching for this purpose are offered and pro.
Keywords:Key sequence, the image, sequence of random numbers, RGB-channels of image.
Voycekhovsky S. V., Khomonenko A. D.
The approach of revealing of harmful program influences on the automated systems on the basis of an fuzzy conclusion of decisions by means of algorithm of Mamdani is offered. Rules of the fuzzy conclusion are proved. Algorithm realization in system of support of decision-making is described.
Keywords:Harmful program influences, indistinct conclusion, system of support of decision-making.
Zegzhda D. P., Karetnikov A. V.
This article observes different aspects of cloud computing security. It also does basic treats analysis for clouds. Approaches and specificity of providing security for cloud computing considered.
Keywords:Cloud computing, distributed computing security, hypervisor security, virtualization.
Khomonenko A. D., Bubnov V. P., Krasnov S. A., Eremin A. S.
Application of model of single-channel non-stationary system of service for an estimation of efficiency of work of client-server system of an automatic rubrication of documents in system of electronic document circulation of HIGH SCHOOL is considered. In model the assumption about exponential distributions of intervals of time between the moments of receipt of inquiries and durations their service is used. The model allows to consider non-stationary character of process of receipt and service of demands for the decision of problems in client-server system of an automatic rubrication.
Keywords:Automatic categorization, electronic document management system (dms)-dependent system, the exponential distribution.
Baranov V. A.
Several types of statistics, which are used for a posteriori estimation of the moment of imbalance of an observation process, are considered in this article as the models of influence of intrusion into a computer system on the parameters of the events, which are observed. Also the possibility of construction of an effective statistical procedure of estimation of the intrusion moment, while the difference in observation parameters of the system before the imbalance and after it is little, is estimated. The results of a posteriori statistical estimation of the moment of intrusion for the array of data, which has been gathered from the working system while it was being infected by a virus, are described.
Keywords:Posteriori estimation, the intrusion moment, infected by a virus.
Kort S. S., Rudina E. A.
The paper considers the approach to the identification of network protocols on the basis of variably-signature analysis.
Keywords:Variably-signature analysis, network protocols, client-server interaction.
Khomonenko A. D., Voycekhovsky S. V.
The approach to increase of accuracy of an fuzzy conclusion of decisions by means of algorithm of Mamdani in systems of detection of intrusions is offered. At the heart of the approach estimation of degree of uncertainty (размытости) terms of linguistic variables and their updating by means of linguistic modifiers lies.
Keywords:Fuzzy conclusion of decisions, the linguistic modifier, linguistic variables.
Vetrov U. V., Zavyalov S. V.
Influence of JPEG-conversion on a noise stability of symbols (messages) reception which embedded in digital video images is considered. Dependence of error probability on compression ratio at information embedding at level of factors DCT has threshold character.
Keywords:Steganography, JPEG, error probability, digital images, pseudorandom sequence, DCT.
Zgurskiy A. S., Korbainova E. V.
This article represents definition of requirements degree of information assets for data centre in credit institution. Criteria of an estimation are considered, the basic directions of responsibility come to light.
Keywords:Security, credit institution, security property, information security, data centre.
Rudyih S. V., Sikarev I. A. Sidorov K. G.
The purpose of this article is to synthesize a device with an external (on the line "base station-transponder") and internal (only in the structure of the transponder) "rings" adjustment with complex effects of noise and focusing on spectrum interference.
Keywords:Inner water ways, automatic vessel traffic service, interburst interference, coverage, transmitter power, probability of error.
Rudih S. D., Volkova T. A., Tihonenko A. M.
The focus of the study is to analyze the main temporal, spectral, correlation, and other features and opportunities to apply complex discrete-manipulated signals (DMS) with linear frequency modulation in river automated identification systems (AIS).
Keywords:Discrete-manipulated signals (DMS), signals with linear modulation, mutual interference, automated identification systems (AIS), coefficient of mutual difference (CMD).