Systems and Means of Informatics

2021, Volume 31, Issue 2, pp 4-15

HIDDEN IMPACT WITHOUT MALICIOUS CODE

A. A. Grusho
N. A. Grusho
M. I. Zabezhailo
E. E. Timonina

Abstract

The paper reflects a number of problems related to threats to distributed information systems due to the presence of BackDoor. The usage of BackDoor to attack distributed computer systems has great advantages over the traditional usage of malicious code. In fact, the usage of BackDoor is difficult to identify as a special attack, i. e., distinguish from error in computing processes. However, building attacks with BackDoor is much more difficult than building attacks with malicious code. The example of BackDoor is built using the initial data of information technology. This approach to the construction of BackDoor was not found in any of the descriptions of BackDoor. The paper shows that the existing technologies for finding vulnerabilities in the hardware and software of the system do not solve the problems of searching for BackDoor.
Mathematical models and methods for solving BackDoor search problems, except in particular cases, have not yet been developed. It is important that BackDoor is not associated with the introduction of malicious code into the computer system and with the usage of malicious code to cause damage. Therefore, as a rule, the mechanism of causing damage through BackDoor differs from the action of malicious code.

[+] References (14)

Timonina, E.E. 2004. Analiz ugroz skrytykh kanalov i metody postroeniya garan- tirovanno zashchishchennykh raspredelennykh avtomatizirovannykh sistem [The analysis of threats of covert channels and methods of creation of guaranteed protected distributed automated systems]. Moscow: Russian State University for the Humanities. D. Sc. Diss. 204 p.
Grusho, A., N. Grusho, and E. Timonina. 2009. Metody zashchity informatsii ot atak s pomoshch'yu skrytykh kanalov i vrazhdebnykh programmno-apparatnykh agentov v raspredelennykh sistemakh [Methods of information protection against covert channels attacks and malicious software/hardware agents in distributed systems]. Vestnik RGGU. Ser. Dokumentovedenie i arkhivovedenie. Informatika. Zashchita informatsii i informatsionnaya bezopasnost' [RGGU Bulletin. Document science and archive science. Informatics. Information security and information security ser.] 10:33{45.
Grusho, A. A., M.I. Zabezhailo, A. A. Zatsarinny, A.V. Nikolaev, V. O. Piskovski, V.V. Senchilo, and E.E. Timonina. 2017. Klassifikatsiya oshibochnykh sostoyaniy v raspredelennykh vychislitel ' nykh sistemakh i istochniki ikh vozniknoveniya [Erroneous states classification in dictributed computing systems and sources of their occurence]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 27(2):29{40.
Grusho, A. A., M.I. Zabezhailo, A. A. Zatsarinny, A.V. Nikolaev, V. O. Piskovski, V. V. Senchilo, I. V. Sudarikov, and E. E. Timonina. 2018. Ob analize oshibochnykh sostoyaniy v raspredelennykh vychislitel'nykh sistemakh [About the analysis of erratic statuses in the distributed computing systems]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 28(1):99{109.
Skorobogatov, S., and C. Woods. 2012. Breakthrough silicon scanning discovers backdoor in military chip. Cryptographic hardware and embedded systems. Eds. E. Prouff and P. Schaumont. Lecture notes in computer science ser. Heidelberg: Springer. 7428:23-40. doi: 10.1007/978-3-642-33027-8^.
Grusho, N. A., A. A. Grusho, M.I. Zabezhailo, and E.E. Timonina. 2020. Metody nakhozhdeniya prichin sboev v informatsionnykh tekhnologiyakh s pomoshch'yu metadannykh [Methods of finding the causes of information technology failures by means of meta data]. Informatika i ee Primeneniya - Inform. Appl. 14(2):33-39. doi: 10.14357/19922264200205.
Rinaldi, S.M., J. P. Peerenboom, and T. Kelly. 2001. Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Contr. Syst. Mag. 21(6): 11-25.
Eusgeld, I., and W. Kroger. 2008. Towards a framework for vulnerability analysis of interconnected infrastructures. 9th Probabilistic Safety Assessment & Management Conference (International) Proceedings. 107-116.
Griot, C. 2010. Modelling and simulation for critical infrastructure interdependency assessment: A meta-review for model characterisation. Int. J. Critical Infrastructures 6(4):363-379.
Canzani, E., H. Kaufmann, and U. Lechner. 2017. An operator-driven approach for modeling interdependencies in critical infrastructures based on critical services and sectors. Critical information infrastructures security. Eds. G. Havarneanu, R. Setola, H. Nassopoulos, and S. Wolthusen. Lecture notes in computer science ser. Springer. 10242:308-320. doi: 10.1007/978-3-319-71368-7^7.
Di Pietro, A., L. L. Porta, L. Lavalle, M. Pollino, V. Rosato, and A. Tofani. 2017. Simulation of cascading outages in (inter)-dependent services and estimate of their societal consequences. Critical information infrastructures security. Eds. G. Havarneanu, R. Setola, H. Nassopoulos, and S. Wolthusen. Lecture notes in computer science ser. Springer. 10242:340-345. doi: 10.1007 978-3-319-71368-7-30.
Nan, C., I. Eusgeld, and W. Kroger. 2013. Hidden vulnerabilities due to interdependencies between two systems. Critical information infrastructures security. Eds. B. M. Hammerli,N. Kalstad Svendsen, andJ. Lopez. Lecture notes in computer science ser. Springer. 7722:252-263. doi: 10.1007/978-3-642-41485-5^2.
Esposito Amideo, A., and M. P. Scaparra. 2017. A synthesis of optimization approaches for tackling critical information infrastructure survivability. Critical information infrastructures security. Eds. G. Havarneanu, R. Setola, H. Nassopoulos, and S. Wolthusen. Lecture notes in computer science ser. Springer. 10242:75-87. doi: 10.1007/978-3319-71368-7-7.
Banerjee, J., A. Sen, and C. Zhou. 2017. On auxiliary entity allocation problem in multi-layered interdependent critical infrastructures. Critical information infrastructures security. Eds. G. Havarneanu, R. Setola, H. Nassopoulos, and S. Wolthusen. Lecture notes in computer science ser. Springer. 10242:25-37. 10.1007/978-3-31971368-7-3.

[+] About this article