Rationing requirements to the characteristics of software tools to protect information
| Autor: | A. V. Skrypnikov, V. A. Khvostov, E. V. Chernyshova, V. V. Samtsov, M. A. Abasov |
|---|---|
| Jazyk: | ruština |
| Rok vydání: | 2019 |
| Předmět: |
Computer science
information security 020209 energy Geography Planning and Development 02 engineering and technology Management Monitoring Policy and Law Food processing and manufacture Information protection policy Software 0202 electrical engineering electronic engineering information engineering Class (computer programming) information security system business.industry 020208 electrical & electronic engineering Information structure Probabilistic logic Functional requirement Information security TP368-456 Variety (cybernetics) Risk analysis (engineering) automated system business fstec system effectiveness unauthorized access |
| Zdroj: | Vestnik Voronežskogo Gosudarstvennogo Universiteta Inženernyh Tehnologij, Vol 80, Iss 4, Pp 96-110 (2019) |
| ISSN: | 2310-1202 |
| Popis: | The article is devoted to the solution of the scientific problem of the development of theoretical foundations and technology of substantiation of quantitative requirements (rules) for software information security (PSI). The basis of the modern theory of information security is a classification approach. When using the classification approach, the requirements for PSSS are defined as a set of functional requirements necessary for implementation for a certain class of security. At the same time, the concept of "effectiveness of information protection" is not considered. The contradiction between the qualitative classification approach in the formation of requirements for PSI and the need to use their quantitative characteristics in the development of automated systems (as) in protected execution required the development of a new normative approach to substantiate the requirements for information protection. Normative approach based on the systematic consideration of problems in which the analysis of interaction of elements as each other and the influence of PSSI on the AU in General and the analysis of the goals of security of information (BI). The information structure of the system is constructed on the basis of the analysis of the AU topology, internal and external relations and information flows. At the same time, the normative method considers the full set of BI threats. BI threats are stochastic, multi-stage and multi-variant. In turn, the NSCI in implementing protection functions neutralizes BI threats with some probability (there are residual risks) and length in time. The presence of a variety of BI threats, characterized by different time of implementation, probabilistic characteristics of overcoming PSI and destructive capabilities, require the finding of BI norms by optimization methods, based on the requirements of minimizing the impact on the efficiency of the automated system. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|