Estimation of Security of Objects of Informatization on the Basis of Mathematical Simulation as an Alternative to Certification Testing Artem M. Sychov, Nadezhda A. Sukhorukova, Denis A. Kholod Information Protection Department (IU10) Bauman Moscow State Technical University Moscow, Russian Federation zi@bmstu.ru; nadya.suh.24@yandex.ru; runc@inbox.ru Constant perfection of methods of unauthorized access to In accordance with the system approach investigation of information, as well as significant damage to this kind of action mechanisms in responding to threats to the security of resulted in a focused and systematic improvement of technologies information of the objects of informatization (IО) connected of information security and mechanisms for responding to security with the security assessment of the IO, i.e., the capacity of threat information. One of the main areas of improvement is to these mechanisms to adequately respond to information ensure the compliance of the characteristics of these mechanisms security threats the IO. demands adequate responses to threats and, consequently, adequate evaluation of the effectiveness of response measures. The basic II. THE EXISTING CONCEPT OF EVALUATION OF THE concept is implemented in practice evaluation of the security of SECURITY OF THE IO ON THE BASIS OF CERTIFICATION TESTS objects of informatization, is the concept of certification tests. Under this concept implies the assessment of the protection of The basic concept is implemented in practice evaluation of informatization objects certification path used means of the security of the IO is the concept of certification tests. information protection from unauthorized access. One of the most Under this concept implies the security assessment of the IO promising alternative solutions to the problem of adequate certification path used means of information protection from evaluation of the security of objects of informatization is a synthesis unauthorized access. In accordance with the Governing of characteristics of processes of information security on the object document "Protection from unauthorized access to of informatization within the corresponding target function. This information. Terms and definitions" under the certification of article shows the possibility of obtaining a numerical evaluation of information security means activities for confirmation of the security of information objects with the use of mathematical conformity of possibilities of means of information protection modeling of information security threats, caused by illegal actions, requirements of state standards, normative documents and processes for responding to such actions. This approach will approved by Federal certification bodies within the allow to evaluate the effectiveness of the various responses and on competence of those bodies [4]. It should be noted that, in the basis of these assessments to justify the most effective system for accordance with document certification study limited to ensuring security of objects of informatization. description of the functions performed by protection Keywords— information security; threats; informatization mechanisms from unauthorized access to information, and objects; protected information systems; mathematical modeling; qualitative characteristic of the contents of these functions conformity assessment; security compliance; certification tests; corresponding to a certain class of security of information attestation test; Orange book; e-banking systems and computer technology, as well as a list of normative documents on this issue. Implemented in the I. INTRODUCTION methods of certification are to verify the claimed capabilities Constant perfection of methods of unauthorized access to with the requirements (Tab.1). In accordance with the information, and significant damage to this kind of action Governing document "Automated system. Protection against resulted in a focused and systematic improvement of unauthorized access to information. Classification of technologies of information security and mechanisms to automated systems and requirements on information address threats to information security. One of the main areas protection" the conclusion about the ineffectiveness of the of improvement is to ensure the compliance of the mechanism of protection of information in General is done in characteristics of these mechanisms demands adequate the case that at least one of the claimed functionalities (the responses to threats and, consequently, adequate evaluation of document is similar to the Orange book). the effectiveness of response measures [1-3]. The obvious advantage of this concept for assessing the Obviously, such an assessment should be carried out security of the IO is the ease of estimation procedures. systematically [5], on the basis of a comprehensive study of Shortcomings that limit its use are: ways to protect the objects of informatization (information 1) the lack of a formal interpretation of characteristics of systems). threats to information security; 127 2) lack of formalized representation of the dynamics of the 3) lack of a formalized model of security information, impact of threats to information security and processes for taking into account the peculiarities of the offender's actions as responding to such threats; a source of threats [5]. These shortcomings lead to many errors in the justification TABLE 1. THE CLAIMED CAPABILITIES FOR INFORMATION of the ways and means of information security [4], which in PROTECTION CLASSES THE PROTECTION OBJECTS OF INFORMATIZATION turn necessitates the search for such approaches to the security assessment of the IО, which would provide the required Used means of information Classes of protection adequacy assessment. protection and requirements 1Е 1В 1С 1B 1А 1. Means of access control III. THE PROPOSED CONCEPT FOR ASSESSING THE SECURITY 1.1. Identification, authentication and access control entities: to IO + + + + + OF THE IO ON THE BASIS OF MATHEMATICAL MODELING to terminals, computer equipment - + + + + As the practice of conducting research in this direction, (computer technology), the nodes of one of the most promising solutions to the problem of computer network, communication channels, external devices of adequate evaluation of the security of the IO is a synthesis of computer technology characteristics of processes of information security for the IO to programs - + + + + within the corresponding target function (e.g. [6-11]). to data - + + + + 1.2. Managing information flows - - + + + As an example of such a system consider a system of the 2. The means of registration and accounting performance characteristics of responses to threats to the 2.1. Registration and accounting: security of e-banking [12, 13]. entry (exit) of access subjects to + + + + + (from) the system (network node) The basis of the synthesis of this system based on the the issuance of a printed (graphic) - + + + + principle of the identity of the system structure characteristics output documents of the effectiveness of such measures hierarchical run (completion) programs and - + + + + representation of the functional model of the processes of processes (tasks, tasks) responding to threats to the security of electronic banking. In program access of subjects to access - + + + + protected files, including their turn, the functional model of the processes of responding to creation and deletion, transmission such threats is based on the functional model of illegal actions lines and channels concerning the remote banking services (RBS), and that, in program access of access subjects to - + + + + turn, based on the conceptual model of the offender. the terminals, computer technology, nodes in a computer network, Under these conditions, the model of the intruder is communication channels, external interpreted as a model of illegal actions in respect of the devices, computer technology, services of RBS. The major restrictions on the interpretation programs and data of this model are: change of authority of access subjects - - + + + created by securable object access - - + + + 1) this kind of illegal action is a method of implementation 2.2. Records media + + + + + of security risks of e-banking; 2.3. Clearing (reset, + + + + + depersonalization) deallocate regions 2) the source of the threats is an attacker; of memory computer technology and external drives 3) for this kind of source is characterized by a single 2.4. Signaling attacks - + + + + (during the study period) the impact on the environment of 3. Cryptographic tools RBS; 3.1. Encryption of sensitive data - - + + + 3.2. Encryption of information - - - + + 4) once the impact on the environment of RBS is also done belonging to different entities (groups for reasons of stealth; of entities) in different keys 3.3. The use of certified (certified) - - - - + 5) breach of security of e-banking is associated with the encryption operation of illegal actions associated with the following 4. Means of ensuring the integrity of the working environment operations: 4.1. Ensuring the integrity of - - - + + software and processed information – receiving confidential information of the bank clients; 4.2. Physical security of computer + + + + + – modification, or destruction of the information; equipment and media 4.3. The presence of the administrator + + + + + – blocking of the information security environment of the (service) information protection in RBS in certain circumstances. the information system 4.4. Periodic testing of the working - - + + + Target motivation are illegal actions on the modification or environment destruction of information clients of the bank. 4.5. The availability of means of + + + + + information recovery The correspondence between the compositional 4.6. The use of certified means of - - + + + characteristics of the grouping of States of a functional model protection of the processes of responding to threats to the security of electronic banking, the compositional characteristics of the 128 grouping of States of a functional model of illegal actions in t(у) < t(о) (1) connection with the services, RBS and classification bases synthesized system characteristics are listed in Tab. 2, and the t(о) < t(у) + (у) (2) structure of the system in Fig. 1. TABLE 2 COMPLIANCE COMPOSITE FUNCTIONAL BASIS OF t(о) + (о) ≤ t(у) + (у) (3) MODELS OF STUDIED PROCESSES, BASES FOR CLASSIFICATION OF THE SYSTEM PERFORMANCE CHARACTERISTICS RESPONSES TO THREATS TO THE SECURITY OF OBJECTS OF INFORMATIZATION where: t(y) is a point in time the onset of the threat, (у) – time implementation of threat t(о) – time detection of threats, (о) – Composite base grouping time to respond to the threat. The adequacy of the assessment Composite States functional models Grounds for the of the values (у) and (о) is the systemic nature of evaluation level Processes for classification of the system Illegal actions in performance characteristics responding to respect of the security threats response mechanism. services RBS in e-banking With the random nature of the values that make up the the appearance of identify signs of ability to identify signs of conditions (1) to (3), the expression for E characteristics 1 signs of illegal actions illegal actions illegal actions Stages of carrying out timeliness in responding to threats to the security of electronic definition of the 2 fraudulent operations stages of illegal ability to identify stages of banking can be represented as a probability [14]: in respect of the illegal actions actions services RBS Illegal actions in establishment of opportunities for the E = P(t(у) < t(о), t(о) < t(у) + (у), t(о) + (о) ≤ t(у) + (у)) (4) services of establishment of ser-vices of 3 relation to specific services exposed services expo-sed to security services to security risks risks Thus, it is clear that the method of evaluation of security of the objective function the objective the effective response to IO by organizing and modeling the characteristics of the 4 illegal actions function response security threats in e-banking processes of information security on these objects and devoid Given the fact that the implementation of the functions of the shortcomings to the assessment of security of IO on the respond to the attacker is a reaction to unlawful acts in the basis of certification tests. formation of the characteristics of the timeliness of response to this kind of threat conditions timely response are [14, 15] An integral characteristic of Level 4 Timely response to security threats in e- effective response to security banking threats in e-banking timeliness of response to the actions timeliness of response to the actions Feature opportunities to respond of the attacker in relation to the of the attacker in relation to the to the attacker in relation to the Level 3 service payment systems service "Client-Bank" services of RBS Feature possibilities for establishing stages of Level 2 procedure characteristic 1 . . . procedure characteristic М implementation of security risks of e-banking in the services of RBS Feature opportunities to identify Level 1 function characteristic 1 . . . function characteristic К signs of illegal actions in the field of e-banking Fig. 1. The Structure of the System Performance Characteristics Response the Security Threats of E-Banking IV. CONCLUSION REFERENCES A method of evaluating the security of objects of [1] Benslimane Y., Yang Z., Bahli B. Information Security between Informatization on the basis of certification tests has a Standards, Certifications and Technologies: An Empirical Study. In Proc. of the 2016 International Conference on Information Science number of drawbacks that can be eliminated when using the and Security (ICISS), IEEE, 2016, pp. 1-5. DOI: proposed approach to this evaluation through mathematical 10.1109/ICISSEC.2016.7885859. modeling. This method allows to obtain an adequate [2] Sedinić I., Lovrić Z. Influence of established information security assessment of the effectiveness of information security at governance and infrastructure on future security certifications. In the Olympics in a wide range of parameters of the security proc. of the 2013 36th International Convention on Information and threat information and apply the protection mechanisms. Communication Technology, Electronics and Microelectronics (MIPRO). IEEE, Opatija, Croatia, 2013, pp. 1111–1115. 129 [3] Wargo C.A., Frye G.E., Robinson D.W. Security Certification and analyze, and optimize quality and risks for complex systems. In: The Accreditation analysis for UAS Control and Communications. In ICTIS 2011: Multimodal Approach to Sustained Transportation Proc. of the 2009 Integrated Communications, Navigation and System Development - Information, Technology, Implementation - Surveillance Conference, IEEE, 2009 Pages: 1 - 12 DOI: Proceedings of the 1st Int. Conf. on Transportation Information and 10.1109/ICNSURV.2009.5172850. Safety, ASCE, 2011, pp. 845 – 854. DOI: 10.1061/41177(415)107. [4] Barabanov A.V., Markov A.S., Tsirlov V.L. Methodological [11] Kostogryzov A.. editor. Probabilistic Modeling in System Framework for Analysis and Synthesis of a Set of Secure Software Engineering. InTech, 2018. Development Controls, Journal of Theoretical and Applied [12] Sychev A., Revenkov P., Dudka A. Bezopasnost ehlektronnogo Information Technology, 2016, vol. 88, No 1, pp. 77-88. bankinga [Security of e-banking]. M.: Alpina Pablisher, 2017. 320 p. [5] Hambolu Q., Yu L., Oakley J., Brooks R.R., Mukhopadhyay U., (In Russ). Skjellum A. Provenance threat modeling. In Proc. of the 2016 14th [13] Revenkov P., Berdyugin A. Expansion of the Operational Risk Profile Annual Conference on Privacy, Security and Trust (PST), IEEE, in Banks Under Increase of DDoS-threats. Voprosy kiberbezopasnosti 2016, pp. 384 – 387. DOI: 10.1109/PST.2016.7906960. [Cybersecurity issues]. 2017. N 3 (21). P. 16-23. DOI: [6] Ekanem B.A., Essien N. Identifying fault-prone modules in software 10.21681/2311-3456-2017-2-16-23. for diagnosis and treatment using eeporters classification tree. [14] Skryl S., Sychev A., Afonin I., Barkalov Y., Karpychev V. Ocenka Computer Sciences and Telecommunications. 2010. N 3. P. 88-98. ehffektivnosti mer reagirovaniya na ugrozy bezopasnosti [7] Fay J. Contemporary Security Management.3th ed. Butterworth- ehlektronnogo bankinga: koncepciya i vozmozhnosti realizacii. Heinemann, 2010. 480 p. Pribory i sistemy. Upravlenie, kontrol, diagnostika [Instruments and [8] Iskhakov S.Yu., Shelupanov A.A., Meshcheryakov R.V. Simulation Systems: Monitoring, Control, and Diagnostics]. 2017. N 12. P. 33- modelling as a tool to diagnose the complex networks of security 40. (In Russ). systems. Journal of Physics: Conference Series. 2017. V. 803. N 1. P. [15] Skryl S., Sychev A., Gromov Y., Meshcheryakova T., Arutyunova V. 012057. Matematicheskoe predstavlenie pokazatelya svoevremennosti [9] Kostogryzov A. Modeling software tools complex for evaluation of reagirovaniya na ugrozy bezopasnosti kompyuternoj informacii v information systems operation quality (CEISOQ). Lecture Notes in usloviyah prostejshej modeli narushitelya. Inzhenernaya fizika Computer Science. 2001; 2052; 90-101. DOI: 10.1007/3-540-45116- [Engineering Physics]. 2016. N 4. P. 29-35. (In Russ). 1_12. [10] Kostogryzov A., Krylov V., Nistratov A., Popov V., Stepanov P. Mathematical models and applicable technologies to forecast, 130