A TECHNIQUE FOR EVALUATION OF INFORMATION PROTECTION LEVEL (Continue7) 


Автор Administrator

15.07.2014 г. 
3.5 Integrated evaluation of system protection efficiency with take into consideration of threats In the previous material we developed mathematical model of the system functioning in a given mode. The given mode defines a certain access of the object to object, at which the information in system is transferred from one of entrances of system to one exits. In the given model for definition of optimum distribution of means of realization of threats on elements of system and for the information protection efficiency evaluation in system the exact mathematical methods were used which at the restrictions, accepted by us, give the decisions to within the initial data. Such accuracy, up to the initial data, is undoubtedly necessary for the account of all aspects of the security necessary for an estimation for an opportunity of processing in a given mode in system of the information with its given importance and with a risk level, given by us, of such information processing in system. In work the rather complete recommendations by such estimation are given. Simulating changing aspects concerning system security and environment of its use, it is possible with the large accuracy to determine parameters of these aspects, at which use of the information in the given mode and with the given importance in such system will be quite admitted (quite allowed,quite allowable). In it subchapter we shall consider an integrated estimation of the information protection efficiency in system with a little bit other purposes. The given estimation will concern to all most probable modes of operations of system and will be necessary to us for quickcomparison of various variants of system construction in various conditions of its use. It is clear, that if we would put before ourselves a task of an exact estimation, in such statement it is necessary to consider so many complex factors influencing safety of system, that at such bulky and complexity, the sense of the exact decision of a task would be lost in itself. Yes, you see the sense of an integrated estimation in our work consists only in, that it was possible in not trivial cases to decide, what variant of construction of system for us most we accept also what ways of protection in system are most effective, and also in what environment of use the given system is more expedient for applying. Thus, the integrated estimation is necessary to us for comparison of variants of construction and application of system and in such context it is necessary to ensure accuracy of an estimation not up to accuracy of the initial data, and up to some average value from total exact value of system operations modes estimations. In such case we can tell, that the on the average given variant of construction of system functions more effectively, than certain other variant of system construction. Use of an integrated estimation also will allow us to define expediency of application in system of this or that means or method of the information protection, simulating use in system this or that guard or application of this or that method of the information protection and estimating system by criterion efficiency  cost it is necessary to consider to what script of system use and to what variant of system construction the given models concern. The same threats model can be rational critical model of threats, base model of threats and model of threats with a low level of potential of an attack for various variants of construction of the same system. For example, some model of threats is critical for our local computer network, however if we apply on units of our networksome guard, the same model can become for a network base or even by model of threats with a low level of threats. At modernization of researched system and modeling it with the help of the model, submitted in work, we can with the help of integrated estimated criterion (3.5.1) estimate efficiency of the information protection in system and on conditions submitted in subchapter 3.3 “Threats Models” to define various kinds of threats models, appropriate to the given system and processed information. Thus, the threats models for the modernized system can coincide with threats models of the modernized system. Let's consider the problem formations of threats models for the various scripts of system use and various variants of system construction. Let's define under the script of system use simultaneous work of the several given modes of system functioning. In many systems practically it is not possible to analyse all possible scripts of system use, as for this purpose, by definition of a functioning mode in the present work, it is necessary to analyse all possible pairs (entrance, exit) in system. Such pairs in system can be very much and consequently expediently choose some most probable scripts of system use for their analysis. For example, as one of the scripts of use of system it is possible to consider one of modes of functioning. Other example of the script of system use can be served by simultaneous work of all modes of functioning of system. As was told earlier, most expedient for comparison of various variants of system construction is the consideration of the most probable script of use of system in various variants of system construction. In such case, estimating on the criterion, submitted in work, (3.5.1) scripts of use of system for different variants of its construction, are possible are to chosen by variant with the most effective protection of the information. Thus, it is possible to name rational distribution of threats implementation means on system elements with to take into consideration of means distribution time, for the given mode of system operations as model of threats for the given mode. The model of threats for the script of system use at the given variant of system construction is under construction as follows. It is supposed, that all modes of system functioning begin the work simultaneously at the given script, i.e. the information from all appropriate entrances of system simultaneously is transferred to all exits. The beginning of simultaneous transfer is the beginning of time starting for threats model of the given script of system use. For each mode we can, as was spoken earlier, to determine a matrix of rational distribution of means on elements and times of influence of means on elements. Matrixes for all modes we consider according to, whether we determine rational critical model of threats, base model of threats or model of threats with a low level of potential of an attack. In model of threats of the script of use of system all threats implementation means from matrixes for the appropriate modes of functioning of system except for identical under the characteristics of means nominated to the same element and influencing an element in the same time are taken into account. In this case identical means are taken into account in model as one means assessed on the given element in the certain time. In this case there is a fair question, that in this case, according to the assumptions, accepted by us, we do not take into account accumulation of probability of security infringement in the given element of system at each influence on an element of the following means of realization of threats for definition of means influence sufficiency on elements. On the put question there are, at least, two answers. In this case account of accumulation of influence certainly matters, but to generalize threats for the exact account of their influence there is no sense, as for each mode of operations in the scripts of use of system the time of influence of a means for an element is important. If the times of influence of identical means for the same element coincide, it is quite enough to take into account influence only of one of these means for an element. The second answer consists that forming thus model of threats and not generalizing threats we thus take into account in model a lot value for system of threats. Using model described in the given work, and also submitted in given subchapter integrated estimated criterion we can estimate, for example, efficiency of the information protection in various variants of system construction at most typical the scripts of its use. By results of such estimation it is possible to form the proved requirements, showed to system, of safety. Thus, we develop mathematical model which is taking into account the basic aspects of protected IT systems at an estimation of efficiency of protection of the information in system with to take into consideration of influence on elements of system of threats implementation means and in dynamic of functioning of system. Such model is proved and will allow to demand to safe use and processing of the information in IT systems. 4 ConclusionIn the present work the mathematical model of an estimation of the information protection efficiency in IT systems is submitted and the ways of its application for an estimation of the information security in the given systems are described. Though for of such model the rather strict restrictions are determined, but they are not an insuperable barrier to an estimation of real IT systems at functioning them in real conditions. However given work provides the further development for the decision of such important questions, as decomposition of system on elements. The model is expedient for applying to development of threats models, estimation of an admissibility of processing in system of the information with its given importance and for quickcomparison of various variants of IT systems construction. Now the major parts of described model is ready as a soft and author the paper is developing the user interface for the soft. Literature 1. B. Dudnik and other. “Reliability and survivance of communication systems”. Moscow. “Radio and Communication». 1984. (Б. Дудник и другие. "Надёжность и живучесть коммуникационных систем". Москва. "Радио и коммуникации" 1984) 2. Don T. Phillips, Alberto GarciaDiaz. «Fundamentals of Network Analysis». PrenticeHall. 1981 (Дон Т. Филлипс, Альберто ГарсиаДиаз "Фундоментальный анализ сетей". PrenticeHall. 1981). 3. E. Berezin “Optimal resource distribution systems synthesizing”. Мoscow. “Soviet Radio” 1974 (Е. Березин "Оптимальный синтез систем распределения ресурсов" 1974) 
Последнее обновление ( 15.07.2014 г. )


A TECHNIQUE FOR EVALUATION OF INFORMATION PROTECTION LEVEL (Continue6) 


Автор Administrator

14.07.2014 г. 

Последнее обновление ( 15.07.2014 г. )


A TECHNIQUE FOR EVALUATION OF INFORMATION PROTECTION LEVEL (Continue5) 


Автор Administrator

14.07.2014 г. 

Последнее обновление ( 15.07.2014 г. )


A TECHNIQUE FOR EVALUATION OF INFORMATION PROTECTION LEVEL (Continue4) 


Автор Administrator

14.07.2014 г. 
If to assume, that the threats agent has unlimited at cost of means to potentials, also it is possible to assume, that with such potential it is possible to achieve that the information security of in any IT system can be broken with probability close to unit or, speaking in other words, to result value of criterion function (3.3.1.1) in zero. Let for some IT system we have generated such model of threats with the help of rational threats distribution algorithm on elements of system (3.3.2.1.1) and choosing any threats implementation means reallife, at which the value of function (3.3.1.1) is reduced to zero. Then, the level of threats by represented such model of threats for the given system will be critical for the given system, and potential of an attack for implementation of such threats model as the threats agent we shall name in critical potential of an attack for the given system with cost C^{c}_{ap}, calculated by the formula (3.3.2.2.1). It is necessary to note, that in real situations not always for some given system it is possible to choose threats implementation means from accessible means, which could ensure critical potential of an attack for this system, though for an estimation of system the information on a set of such means and their cost is important. Also it is necessary to note, that we are interested not in itself with critical potential of the threats agent, as such potentials can be indefinite much, and rational critical potential of an attack. Rational critical potentials of an attack also there can be a set, but all of them are characterized by that require of the threats agent of the minimal expenses on threats implementation means. In other words, at formation of rational threats model, which gives a critical level of threats for the given system, it is necessary to determine rational critical potential of an attack ensuring set of threats implementation means with minimal integrated cost C_{ap}. Further, speaking about models of threats, which gives a critical level of threats for the given system, by maintenance of a set of threats implementation means with minimal integrated cost, we shall mean it rational critical model of threats. Having determined rational critical model of threats, it is possible to determine some intermediate levels of threats necessary for an assessment of works of system at the various assumptions of its use, various security policies (organization, security functions, target of evaluation) and accordingly at various system functioning modes. At definition of rational critical model of threats we should consider all possible modes of system operations and all possible variants of its construction in view of possible policies and assumptions of safe use of system. The implementation of such threats model at all set forth above cases of system use should result in the item of information of criterion function value (3.3.1.1) to zero for all modes of functioning of system in the given script of system use. Thus, having generated rational critical threats model, we should receive a complete rational set of threats implementation means necessary for infringement of the information security in system with probability close to 1, possible times of influences of threats implementation means for system elements, and also concrete orders of threats implementation means distribution for each variant of construction of system from time to time influence of means on elements of system. The generated rational critical model of threats for the given system is a basis for formation of base threats model for this system. The base threats model is formed of a complete rational set of threats implementation means to rational critical model of threats, or with the help of a choice of those means, which are most probable for environment of system use (environment, where the statistics of these means use) is known, or with the help of a choice of those means, which use will result in the value given by us beforehand, or interval of value of criterion function (3.3.1.1). The base model of threats corresponds to an average level of threats or average potential of an attack. Proceeding from above, it is possible to note, that the sets of means of realization of threats from a complete rational set of means criterion functions, resulting in value (3.3.1.1) large, than those which concern to base model of threats, there correspond models of threats with a low level of threats or low potential of an attack. Then, sets of threats implementation means from a complete rational set of means criterion functions, resulting in value (3.3.1.1) smaller, than those which concern to base model of threats, there correspond models of threats with a high level of threats or high potential of an attack. 
Последнее обновление ( 15.07.2014 г. )


A TECHNIQUE FOR EVALUATION OF INFORMATION PROTECTION LEVEL (Continue3) 


Автор Administrator

29.06.2014 г. 
It is necessary to note, that the given algorithm is applicable in those conditions of system functioning, when the threats are realized on elements of system in time, i.e. at the moment, when the information is processed in the given elements by consideration of threats implementation to confidentiality and integrity of the information and before as the information will be processed in elements or at the moment of processing at threats implementation of denial in access service of the information. 3.3.2 Formation of threats models with to take into consideration of rational distribution of threats implementation means on system elements For an estimation of the information security in IT system it is necessary to consider various modes of operations, script of use and various variants of system construction. At various use of various variants of system construction, the models of threats also will be various. It is clear, that in such cases of the characteristic of elements of system can change, the purposes of system, its topology, connections between elements and even architecture of system also can change. Thus the rational assignment of threats implementation means available at the threats agent on elements of system will vary. In the previous item 3.3.1 we considered rational distribution of means at the given mode of system operations. It is possible to tell, that for this case, such rational distribution and will be model of threats. However threats model can be formed for various combinations of the given modes of operations, scripts of use and variants of system construction. As we form models of threats on rational algorithm, we can speak about a degree of the importance for the given application of system of that or other threat. Thus, in a structure of protection for the given system we have an opportunity to take into account valuable for system of threat and to prove them. Thus also we have opportunity to prove sufficiency of expenses of the threats agent for drawing the maximal damage to system. In turn it gives us an opportunity in structures of protection for systems to speak about a maximum level of threats and in general about levels of threats for some classes of systems. According to submitted in subsection 5.3 “The risk assessment” by estimated levels and having calculated value of function (3.3.1.1), after rational distribution of means, it is possible to determine an opportunity of processing in system of the information with the given level of its importance A(t_{d}). If at the given level of threats we have defined, that the information with the given level of importance cannot be processed, showing to system additional restrictions, assumption, requirement and including requirement for realization in system of various formal models of protection of the information, we can achieve an opportunity of processing in system of the information with the given level of its importance A(t_{d}). To trace that level, when the given information can be processed in system, we should every time at entering a set of the additional requirements to expect achievement of the given level on algorithm submitted in a general view in the given item of work. In more detail this algorithm will be submitted in the following subsection 3.4. For correct process of formation of threats models it is necessary to us to take into account also time dynamic of distribution of threats implementation means on system elements. In other words, we should consider the problem of rational distribution of means in time for system. Let's construct algorithm (3.3.1.1.1) so that in it the temporary factor both for importance of the information in system, and for the account of time of passage of the information through the given element of system, and also for the account of an opportunity of realization of the given threat in the given time could be taken into account. Thus, we can construct model of functioning of IT system in conditions as much as possible approached to real. 3.3.2.1 Algoritm of rational distribution of threats implementation means on system elements in dynamics of its functioning Algorithm (3.3.2.1.1): 
Последнее обновление ( 15.07.2014 г. )


A TECHNIQUE FOR EVALUATION OF INFORMATION PROTECTION LEVEL (Continue2) 


Автор Administrator

28.06.2014 г. 

Последнее обновление ( 15.07.2014 г. )


