Том 51, № 8 (2017)

Characteristic features of security management for the cyber-physical system (CPS) have been distinguished. Existing approaches to the CPS security management have been systematized and their limited use in the CPS has been shown. An homeostatic approach to security management based on the CPS functional stability preservation has been proposed. A structure of homeostat for controlling the CPS has been described. A homeostatic model has been developed using logical predicates. The criteria for assessing the functional stability of the CPS have been proposed. The results of experimental studies showing the applicability of the proposed criteria have been presented.

In this paper, we present some indices for evaluating the effectiveness of information protection in an information interaction system when controlling complex distributed organizational objects and proposing a technique for determining these indices. The technique is based on a stochastic representation of the flow of destructive actions that affect the information interactions among controllers of the elements of a distributed organizational object.

In this paper, the features of cyber-physical systems (CPSs) from the point of view of information security have been considered and CPSs have been classified. The authors have analyzed approaches to security assessments and identified the requirements to indicators of CPS information security. A system of specific assessment indicators based on the system stability criterion and homeostatic approach is proposed.

In this article the problem of possible attacks on confidentiality of user data in cloud systems comes from cloud provider’s side has been investigated. A secure cloud computing system architecture based on Intel Software Guard Extensions technology has been proposed. The approach that provides confidentiality of data of users of cloud systems is given. A method for implementing this approach into existing cloud systems is presented.

Classification models based on statistical data have been developed that make it possible to identify a potential insider based on the indicators that manifest in the context of data incompleteness regarding the insider’s behavior.

The problem of detection of automatically managed accounts (bots) in social networks has been considered. The method of their detection based on machine learning methods is proposed. The paper describes an example of a method based on artificial neural network learning. The parameters of a page in a social network used to detect bots have been presented. An experimental evaluation of the proposed system performance is given that demonstrates a high level of detection of bots in social networks.

The architecture of convolutional neural networks has been considered, including the types of layers used and the principles of their operation, settings, and training features. The possibilities of applying this type of network to solve the problems of information leakage prevention in natural language have been described. The possibility of applying them to solve the problem of classifying Internet pages that serve as web resources to identify pages of interest has been studied.

This article reviews the approach to security evaluation of wireless ad-hoc networks (mesh networks, MANET/VANET networks, networks of smart houses, etc.), which is based on the method of principal component analysis.

The article studies the approach to building secured vehicle networks (VANET, FANET, MARINET, etc.) using the software-defined network technology. The experimental results on evaluating the effectiveness of architectures of secured traffic networks created using supercomputer modeling have been presented.

We consider data protection in radio channels of control–correction stations of the GLONASS/GPS local differential subsystem of the river on inland waterways of Russia under the influence of mutual and industrial noise. Based on the investigation of coefficients of the relative sensitivity to variations in the parameters and structure of signals and noise and on the required bit error rate of the element-by-element receiving of digital messages, we introduce estimate criteria for the noise-immunity and functional stability of radio channels. We provide methods to compute the noiseimmunity and functional stability of radio channels. We investigate the variational–parametrical sensitivity of the range size of a control–correction station to variations in parameters of the mutual and industrial noise, as well as its variational–functional sensitivity to variations in the frequency–time structure of the signal and the mutual noise. We find that the parameter variations in industrial noise provide the most sensitive influence on the size of the range of control–correction stations.

We have proposed a new method for authentication and secret key establishment in ad-hoc networks through public channels based only on verifiable homomorphic threshold secret sharing. The secrecy of the method has been analyzed in standard assumptions with regard to the model of an active adversary represented by a coalition consisting of a pre-threshold number of network nodes. The perfect security of the method is proved in the passive adversary model.

Some probability-theoretical models of packet-mode-transmitted information distortions have been considered. The main attention has been paid to distortions, including the possible interferences that affect several transmission cycles. Distortions are simulated by a sequence of impacts determined by dependent random variables. Correspondingly, k-dimensional CRC values also allow them to be represented as the sum of k-dimensional, differently distributed, dependent random terms. In some cases, they can be reduced to the sums of independent terms in a k-dimensional vector space over a field of two elements; then, the known limit theorems on the convergence to uniform distributions become applicable to them. For impacts that stretch to m cycles, the prospects of obtaining convergence conditions for CRC distributions in the case of sums of m-dependent terms or terms that form a nonhomogeneous Markov chain have been discussed.

In this work the Password Authenticated Connection Establidhment (PACE) protocol, which is used in Europenian smartcard enviroments, is considered. Protocol modifications have been proposed that can enhance its execution speed without decreasing its security. The new version is called X-PACE.

Intelligent data analysis is extensively applied in various fields of technology, including information security. The development of decision support systems (DSSs) for penetration tests is more complicated due to incomplete, undefined, and expandable unstructured data. This article suggests an approach to formalizing information from subject domains, quantitative relevance estimates of object characteristics, and estimates of object similarity.

In the recent scientific literature, many proposals have been made to increase the resistance of password systems to shoulder surfing attacks. These passwords are called shoulder-surfing resistant graphic passwords (SSRGPs). This paper presents a general methodological approach to analyzing and evaluating the resistance of SSRGPs, which can be described in terms of the input tables.