Modeling the Dependence of the Confidentiality of Authentication and Availability in the Information System for Critical Use
DOI:
https://doi.org/10.31649/1997-9266-2018-141-6-77-89Keywords:
information system for critical use, authentication process, access control subsystem, system security policy, confidentiality, availabilityAbstract
Current trends in the organization of the authentication process in information systems for critical use are primarily aimed at improving its reliability, however, this approach contradicts the CIA triad that dominates information security, in particular, the first and third components of the triad come into conflict. Consequently, there is a need to formalize the mathematical apparatus that would allow describing the relationship between confidentiality of a complex stepwise authentication procedure and the availability of the information system’s for critical use resources, which would allow flexible adjustment of the access control subsystem in accordance with the operating conditions of the information system. The article first proposed the dependence of the loss of the confidentiality of the authentication process and the availability indicator of an information system for critical use. In this model, unlike the existing ones, the process of an optimal semi-Markov decision management strategy in a Markov authentication process of subjects wishing to gain access to the information system’s for critical use resources synthesis is formalized as a mathematical programming task, which allows minimizing the loss of availability of the authentication process, the confidentiality of which should not fall below the threshold set by the administrator. The article outlines the methodology for applying the model described above, taking into account that the “critical error” and “suspicion of error” situations are described in the system security policy, which can be identified by the access control subsystem during the authentication process. These situations are defined taking into account the fact that the access control subsystem has a stepped, complex, sequentially connected block structure, and each block-level subsystem includes the corresponding sub-blocks for the informative features selection and classifications combined into an ensemble. The experiments carried out using the created model showed that as the requirements for the authentication process are less stringent, the availability of the information system for critical use increases, but when the loss threshold reaches α ≈ 10∙10-2, the availability increase stops, which can be explained by the final completion of the subsystem adaptation delimiting access to the individual features of the subjects for which the system has been trained. It turned out that for small α values, the availability of the information system for critical use is relatively low, which is due to the registration of a large number of “critical error” and “suspicion of error” situations, which take time to process. Access restriction subsystems based on the simplest (perceptron) and complex (GMM-HMM) classifiers provide low availability indicators for small values of α, which is caused by the registration of a large number of “critical error” situations in the first and a large number of “suspicion of error” in the second situations. Finally, the best indicators of accessibility for any α values were shown by access control subsystems, based on deep and deep convolution neural networks, the effectiveness of which for the tasks of biometric identification of subjects based on the individual features of their voices was high.
References
M. M. Bykov, V. V. Kovtun, A. Smolarz, M. Junisbekov, A. Targeusizova, and M. Satymbekov, “Research of neural network classifier in speaker recognition module for automated system of critical use,” Proc. SPIE, 10445, 1044521 (August 7, 2017), 2017. https://doi.org/10.1117/12.2280930.
Rossouw von Solms, and Johan van Niekerk, “From information security to cyber security.” [Electronic resource], Access mode: http://profsandhu.com/cs5323_s18/Solms-Niekerk-2013.pdf .
“ISO/IEC 27005:2011. Information technology – Security techniques – Information security risk management (second edition) ,” Введ. 2011-05-19, Женева, 68 с., 2011.
“NIST Special Publication 800-30. Guide for Conducting Risk Assessments,” Gaithersburg, 95 с., 2012.
Richard A. Caralli, James F. Stevens, Lisa R. Young, and William R. Wilson, “Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process,” Hanscom AFB, 154 с., 2007.
“EBIOS Méthode de gestion des risques,” Париж, 95 с., 2010.
“IEC/ISO 31010:2009. Risk management – Risk assessment techniques,” Женева, 90 с., 2009.
“Conceptual Modeling of Information Systems”. [Electronic resource]. Access mode:
http://infocat.ucpel.tche.br/disc/mc/cmis.pdf .
Mykola M. Bykov, Viacheslav V. Kovtun, Igor D. Ivasyuk, Andrzej Kotyra, and Aisha Mussabekova, “The automated speaker recognition system of critical use,” Proc. SPIE, 10808, 2018, 108082V (1 October 2018). https://doi.org/10.1117/12.2501688.
М. М. Биков, А. Д. Гафурова, та В. В. Ковтун, «Дослідження комітету нейромереж у автоматизованій системі розпізнавання мовців критичного застосування,» Вісник Хмельницького національного університету, серія: Технічні науки, Хмельницький, № 2 (247), с. 144-150, 2017.
Я. В. Гончаренко, «Математичне програмування.» [Електронний ресурс], Режим доступу:
http://fmi.npu.edu.ua/files/StorinkaVikladacha/RNikiforov/met-matprog.pdf .
Б. А. Севастьянов, «Теория восстановления.» [Электронный ресурс], Режим доступа:
Downloads
-
PDF (Українська)
Downloads: 204
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).