A System Approach to Certification of Pseudorandom Numbers Generators Used in Information Protection Systems

Over the past few decades, there has been a tendency to minimize the participation of the human factor in various production and other processes. This process is implemented through the mass introduction of automated systems (as). Human-machine complexes are currently the most common and productive model of activity. At the current stage of technology development, the process of automating human activity is only an intermediate link on the way to eliminating human intervention. This area is most relevant for systems that pose a potential and real threat to human health and life (for example, manufacturing plants) or systems that are threatened by humans (for example, transport systems). The second group includes the sphere of information security. The paper considers the basics of the organization of adaptive information protection systems, their application areas for information protection and methods of building models of adaptive information protection systems in the context of their application for protection against leakage through technical channels. The authors propose a generalized model of the adaptive information protection system against leakage through technical channels.

Download Full-text

COMPUTER SCIENCE, COMPUTER ENGINEERING AND MANAGEMENT METHODICAL APPROACH TO EVALUATING THE PROBABILISTIC TIME PERFORMANCE INDICATOR OF AUTOMATED ADMINISTRATOR OPERATIONS IN INFORMATION PROTECTION SYSTEMS

Herald of Dagestan State Technical University Technical Sciences ◽

10.21822/2073-6185-2019-46-3-87-96 ◽

2019 ◽

Vol 46 (3) ◽

pp. 87-96

Author(s):

A. M. Kadnova

Keyword(s):

Information Security ◽

Performance Indicator ◽

Operation Time ◽

International Standards ◽

Protection System ◽

Information Protection ◽

Security Systems ◽

General Utility ◽

Protection Systems ◽

Truncated Normal

Objectives At present, in accordance with the requirements of the guiding documents of the Federal Service for Technical and Export Control (FSTEC) of Russia, as well as international standards in the development and operation of protected automated systems, it is necessary to evaluate the effectiveness (general utility) of information protection systems. The article is devoted to the development of a method for assessing the ergotechnical characteristics of software information security systems for use the assessment of the general utility of such systems. The aim of the work is to develop a methodology for assessing the probabilistic indicator of the timeliness of typical operations for the administration of information security systems.Method To achieve this goal, user groups were created in order to perform typical administrative operations within the information protection system. The operation time for each group, recorded using the IOGraphV1.0.1 tool, was utilised to calculate the probabilities of timely execution of typical operations by the administrator according to a truncated normal distribution formula.Results An assessment of a probabilistic indicator was carried out in order to evaluate the timeliness of operations performed by the administrator of the information protection system.Conclusion The results can be used in a comprehensive assessment of the effectiveness (reliability) of the automated functioning of information security software systems when modelling and analysing the security of special-purpose informatisation facilities.

Download Full-text