Том 50, № 8 (2016)

The architecture of access control system for user jobs access to computational resources of grid distributed computing networks, which provides protection of data being processed against threats of exceeding user privileges, is presented. The developed system is compared to the available analogues, and the results of efficiency assessment of performance of the developed system are discussed.

This article suggests an approach to building systems for analyzing security incidents in the Internet of Things as a self-similar system within the ambit of the normal operation of its constituent objects. The graph model of the Internet of Things as a cyberphysical system has been developed and used as basis to prove that the analysis of paired relations selected from a discrete message stream from devices will be enough to detect security incidents.

Token scanning, a new approach to the creation of protected information systems describing the state of the system with semantic content, namely, identification of uncontrollable context transitions, defined and possible on the whole set of variables using functional and nonprocedural programming languages, is described.

An approach to preliminary processing of data from the Internet of Things is suggested. The suggested procedure is based on data aggregation and normalization and makes it possible to reduce the data dimension for further analysis and increase the rate of aggregation and normalization. To that end it is proposed to carry out data processing on a multiprocessor cluster. The article provides a detailed description of the approach to dividing the given task into connected subtasks and indicates which of them can be fulfilled in parallel. Algorithms of task distribution among the multiprocessor cluster nodes and task planning on a multiprocessor cluster node are developed.

We have considered the methodological situation of the development of models and methods of decision-making support for control in the security protection subsystems of information systems to neutralize external and internal influences, which can lead to accidental or premeditated unauthorized access to stored and processed information in the system, and its distortion or destruction.

The preprocessing procedure for anomalous behavior of robot system elements is proposed in the paper. It uses a special kind of a neural network called an autoencoder to solve two problems. The first problem is to decrease the dimensionality of the training data using the autoencoder to calculate the Mahalanobis distance, which can be viewed as one of the best metrics to detect the anomalous behavior of robots or sensors in the robot systems. The second problem is to apply the autoencoder to transfer learning. The autoencoder is trained by means of the target data which corresponds to the extreme operational conditions of the robot system. The source data containing the normal and anomalous observations derived from the normal operation conditions is reconstructed to the target data using the trained autoencoder. The reconstructed source data is used to define a optimal threshold for making decision on the anomaly of the observation based on the Mahalanobis distance.

The paper describes the problem of unauthorized access to the data processed in distributed grid computing networks. Existing implementations of entity authentication mechanisms in grid systems are analyzed, and their disadvantages are considered. An approach to the use of group signature schemes, which prevents unauthorized access to a computing environment and provides the integrity of transferred data, is proposed.

In this work, we yield an attainable upper estimate of the degree of distinguishability of a connected permutation automaton with an assigned diameter.

The authors of [1, 2] suggested a model of information distortion by white noise. The present work discusses the asymptotic behavior of CRC error probabilities at low values of p, which is the probability of distortion of transferred information bits. On the basis of the theoretical results in two specific protocols—Е1 and ETSI EN 302307—as well as in the examples, the probability values for the error in recognizing the given packet as nondistorted in the presence of at least one distortion are assessed.

An algorithm for the distribution of cryptographic keys is presented, which is based on the hierarchical structure of objects in the system. The performance of the algorithm for some types of the graph of the object hierarchy is substantiated. A mechanism for setting mandatory and discretionary access differentiation is proposed using the algorithm.

A new method for implementation of symmetric encryption by the GOST (State Standard) 28147–89 algorithm using the technology of NVIDIA CUDA was suggested. The highest-performance option and system parameters providing maximal performance are defined. The effectiveness of the suggested solution as well as a comparative analysis of the given approach with existing solutions is assessed.

A new method of text steganography based on Markov chains of different orders that allows the introduction of hidden information in texts is presented together with test results of a software solution which generate texts with a good approximation to the natural language model.

A new point of view on security of cyber-physical systems as a single complex combining both physical and information components is presented. An approach is proposed to the assessment of the security of such systems based on homeostasis, i.e., a property to maintain the functioning stability under destabilizing factors. The dynamic model of the cyber-physical system security is given.