3.5 Integrated evaluation of system protection efficiency with take into consideration of threats
In the previous material we developed mathematical model of the system functioning in a given mode. The given mode defines a certain access of the object to object, at which the information in system is transferred from one of entrances of system to one exits. In the given model for definition of optimum distribution of means of realization of threats on elements of system and for the information protection efficiency evaluation in system the exact mathematical methods were used which at the restrictions, accepted by us, give the decisions to within the initial data. Such accuracy, up to the initial data, is undoubtedly necessary for the account of all aspects of the security necessary for an estimation for an opportunity of processing in a given mode in system of the information with its given importance and with a risk level, given by us, of such information processing in system. In work the rather complete recommendations by such estimation are given. Simulating changing aspects concerning system security and environment of its use, it is possible with the large accuracy to determine parameters of these aspects, at which use of the information in the given mode and with the given importance in such system will be quite admitted (quite allowed,quite allowable).
In it subchapter we shall consider an integrated estimation of the information protection efficiency in system with a little bit other purposes. The given estimation will concern to all most probable modes of operations of system and will be necessary to us for quick-comparison of various variants of system construction in various conditions of its use. It is clear, that if we would put before ourselves a task of an exact estimation, in such statement it is necessary to consider so many complex factors influencing safety of system, that at such bulky and complexity, the sense of the exact decision of a task would be lost in itself. Yes, you see the sense of an integrated estimation in our work consists only in, that it was possible in not trivial cases to decide, what variant of construction of system for us most we accept also what ways of protection in system are most effective, and also in what environment of use the given system is more expedient for applying. Thus, the integrated estimation is necessary to us for comparison of variants of construction and application of system and in such context it is necessary to ensure accuracy of an estimation not up to accuracy of the initial data, and up to some average value from total exact value of system operations modes estimations. In such case we can tell, that the on the average given variant of construction of system functions more effectively, than certain other variant of system construction.
Use of an integrated estimation also will allow us to define expediency of application in system of this or that means or method of the information protection, simulating use in system this or that guard or application of this or that method of the information protection and estimating system by criterion efficiency - cost
it is necessary to consider to what script of system use and to what variant of system construction the given models concern.
The same threats model can be rational critical model of threats, base model of threats and model of threats with a low level of potential of an attack for various variants of construction of the same system. For example, some model of threats is critical for our local computer network, however if we apply on units of our networksome guard, the same model can become for a network base or even by model of threats with a low level of threats. At modernization of researched system and modeling it with the help of the model, submitted in work, we can with the help of integrated estimated criterion (3.5.1) estimate efficiency of the information protection in system and on conditions submitted in subchapter 3.3 “Threats Models” to define various kinds of threats models, appropriate to the given system and processed information. Thus, the threats models for the modernized system can coincide with threats models of the modernized system.
Let's consider the problem formations of threats models for the various scripts of system use and various variants of system construction. Let's define under the script of system use simultaneous work of the several given modes of system functioning. In many systems practically it is not possible to analyse all possible scripts of system use, as for this purpose, by definition of a functioning mode in the present work, it is necessary to analyse all possible pairs (entrance, exit) in system. Such pairs in system can be very much and consequently expediently choose some most probable scripts of system use for their analysis. For example, as one of the scripts of use of system it is possible to consider one of modes of functioning. Other example of the script of system use can be served by simultaneous work of all modes of functioning of system. As was told earlier, most expedient for comparison of various variants of system construction is the consideration of the most probable script of use of system in various variants of system construction. In such case, estimating on the criterion, submitted in work, (3.5.1) scripts of use of system for different variants of its construction, are possible are to chosen by variant with the most effective protection of the information.
Thus, it is possible to name rational distribution of threats implementation means on system elements with to take into consideration of means distribution time, for the given mode of system operations as model of threats for the given mode. The model of threats for the script of system use at the given variant of system construction is under construction as follows. It is supposed, that all modes of system functioning begin the work simultaneously at the given script, i.e. the information from all appropriate entrances of system simultaneously is transferred to all exits. The beginning of simultaneous transfer is the beginning of time starting for threats model of the given script of system use. For each mode we can, as was spoken earlier, to determine a matrix of rational distribution of means on elements and times of influence of means on elements. Matrixes for all modes we consider according to, whether we determine rational critical model of threats, base model of threats or model of threats with a low level of potential of an attack. In model of threats of the script of use of system all threats implementation means from matrixes for the appropriate modes of functioning of system except for identical under the characteristics of means nominated to the same element and influencing an element in the same time are taken into account. In this case identical means are taken into account in model as one
means assessed on the given element in the certain time. In this case there is a fair question, that in this case, according to the assumptions, accepted by us, we do not take into account accumulation of probability of security infringement in the given element of system at each influence on an element of the following means of realization of threats for definition of means influence sufficiency on elements. On the put question there are, at least, two answers. In this case account of accumulation of influence certainly matters, but to generalize threats for the exact account of their influence there is no sense, as for each mode of operations in the scripts of use of system the time of influence of a means for an element is important. If the times of influence of identical means for the same element coincide, it is quite enough to take into account influence only of one of these means for an element. The second answer consists that forming thus model of threats and not generalizing threats we thus take into account in model a lot value for system of threats.
Using model described in the given work, and also submitted in given subchapter integrated estimated criterion we can estimate, for example, efficiency of the information protection in various variants of system construction at most typical the scripts of its use. By results of such estimation it is possible to form the proved requirements, showed to system, of safety.
Thus, we develop mathematical model which is taking into account the basic aspects of protected IT systems at an estimation of efficiency of protection of the information in system with to take into consideration of influence on elements of system of threats implementation means and in dynamic of functioning of system. Such model is proved and will allow to demand to safe use and processing of the information in IT systems.
In the present work the mathematical model of an estimation of the information protection efficiency in IT systems is submitted and the ways of its application for an estimation of the information security in the given systems are described. Though for of such model the rather strict restrictions are determined, but they are not an insuperable barrier to an estimation of real IT systems at functioning them in real conditions. However given work provides the further development for the decision of such important questions, as decomposition of system on elements.
The model is expedient for applying to development of threats models, estimation of an admissibility of processing in system of the information with its given importance and for quick-comparison of various variants of IT systems construction.
Now the major parts of described model is ready as a soft and author the paper is developing the user interface for the soft.
1. B. Dudnik and other. “Reliability and survivance of communication systems”. Moscow. “Radio and Communication». 1984. (Б. Дудник и другие. "Надёжность и живучесть коммуникационных систем". Москва. "Радио и коммуникации" 1984)
2. Don T. Phillips, Alberto Garcia-Diaz. «Fundamentals of Network Analysis». Prentice-Hall. 1981 (Дон Т. Филлипс, Альберто Гарсиа-Диаз "Фундоментальный анализ сетей". Prentice-Hall. 1981).
3. E. Berezin “Optimal resource distribution systems synthesizing”. Мoscow. “Soviet Radio” 1974 (Е. Березин "Оптимальный синтез систем распределения ресурсов" 1974)