Systems and Means of Informatics
2015, Volume 25, Issue 3, pp 78-93
POSSIBILITIES OF SECURE ARCHITECTURE CREATION FOR DYNAMICALLY CHANGING INFORMATION SYSTEMS
- A. A. Grusho
- N. A. Grusho
- E. E. Timonina
- S. Ya. Shorgin
Abstract
The paper is devoted to research of existence of information system security architecture. The authors assume dynamical changes in the distributed information system in which along with valuable information resources, there can be high-risk components. Process of consecutive synthesis of secure architecture at which there is the compromise with initial requirements for security is constructed. Consistency of requirements of local security policies and a security policy in the integrated system is automatically reached. The methodology of creation of the protected information system with unsecure components is suggested in practice. In the paper, the elements of known security policies are applied: Multilevel Security (MLS), Role-Based Access Control (RBAC), etc. Known mechanisms and security protocols which define the trust to the whole system are used whenever it is possible. In the constructed secure architecture, it is necessary to use additional mechanisms of security - security servers. Functionalities of some types of security servers are constructed by standard methods. When the analysis of semantics is necessary, the requirements to the security server raise.
[+] References (9)
- Doktrina informatsionnoy bezopasnosti Rossiyskoy Federatsii (utv. Prezidentom RF ot 9 sentyabrya 2000 g. N Pr-1895) [The doctrine of information security of the Russian Federation (No. 1895 approved by the Russian President at September 9, 2000)]. Available at: http://www.scrf.gov.ru/documents/5.html (accessed October 19, 2015).
- Grusho, A., N. Grusho, E. Timonina, and S. Shorgin. 2014. Bezopasnye arkhitek- tury raspredelennykh sistem [Secure architecture of the distributed systems]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 24 (3): 18-31.
- ISO/IEC 7498-1-99. 1999. Vzaimosvyaz' otkrytykh sistem. Bazovaya etalonnaya model'. Ch. 1. Bazovaya model' [Interrelation of open systems. Basic reference model. Pt. 1. Basic model]. Moscow: Gosstandart of Russia. 62 p.
- Grusho, A., E. Primenko, and E. Timonina. 2009. Teoreticheskie osnovy komp'yuternoy bezopasnosti [Theoretical bases of computer security]. Moscow: Academy. 272 p.
- Prelude: A CS product. 2012. Available at: http://www.prelude-siem.com/index.php/ uk/ (accessed October 19, 2015).
- Grusho, A., and E. Timonina. 1996. Gibridnye politiki bezopasnosti [Hybrid security policies]. Tezisy dokladov konf. "Metody i tekhnicheskie sredstva obespecheniya bezopasnosti informatsii" [Abstracts of the Conference "Methods and Technical Means of Information Security"]. SPb.: Publishing House SPbSTU. 87.
- McLean, J., and C. Heitmeyer. 1995. High assurance computer systems: A research agenda. Washington, DC: Centerfor High Assurance Computer SystemsNaval Research Laboratory. 1-20.
- Sandhu, R., D. F. Ferraiolo, and D. R. Kuhn. 2000. The NIST model for role based access control: Toward a unified standard. 5th ACM Workshop Role-Based Access Control Proceedings. 47-63.
- Topolskiy, N. G., G. B. Trefilov, and A. P. Satin. Oct. 2009. Algoritmy mno- gourovnevoy ierarkhicheskoy dekompozitsii gipergrafovykh i grafovykh modeley prichinno-sledstvennykh svyazey v ASU bezopasnost'yu kriticheski vazhnykh ob"ektov [Algorithms of multilevel hierarchical decomposition hypergraph and graph models of relationships of cause and effect in the management information system safety of crucial objects]. Internet-zhurnal "Tekhnologii tekhnosfernoy bezopasnosti" [Technologies of a Technosphere Safety Internet J.] 5(27): 1-12. http://agps-2006.narod.ru/ttb/2009- 5/12-05-09.ttb.pdf (accessed October 15, 2015).
[+] About this article
Title
POSSIBILITIES OF SECURE ARCHITECTURE CREATION FOR DYNAMICALLY CHANGING INFORMATION SYSTEMS
Journal
Systems and Means of Informatics
Volume 25, Issue 3, pp 78-93
Cover Date
2015-09-30
DOI
10.14357/08696527150305
Print ISSN
0869-6527
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
information security of information system; valuable information resources; security policies; architecture of the distributed information system
Authors
A. A. Grusho  , N. A. Grusho , E. E. Timonina ,
and S. Ya. Shorgin 
Author Affiliations
Institute of Informatics Problems, Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
|