Теоретическое обоснование методики проектирования систем защиты информации в виртуальных средах и облачных платформах

Abstract

The purpose of the article is to improve the efficiency of information security systems in conditions of high uncertainty of source data. Method: modeling of information security systems using fuzzy set theory, possibility theory, and theoretical computer science. The result: it is shown that the existing models and methods of designing information security systems do not fully reflect the specifics of information security systems as complex organizational and technical systems. The behavior of such systems reflects the dynamics of weakly structured processes characterized by a high degree of uncertainty due to unsteadiness, inaccuracy and insufficiency of observations, indistinctness and instability of trends. While the statistical (probabilistic) approach has obvious advantages and is widely recognized, its application is limited in the process of creating information security systems for such systems. The relevance of the scientific task of developing a methodology for designing information security systems in virtual environments and cloud platforms under conditions of high uncertainty is justified. The proposed theoretical justification is abstracted from specific types of cloud services and their placement models. The model of the security system is studied, which is represented by a hierarchy of security levels compared to the architecture of an information system that implements cloud services: a composition of hierarchically interconnected levels of virtual devices for processing, storing and/or transmitting data, hardware and/or software necessary for their operation. Using the main provisions of theoretical computer science, it is shown that the parameters for evaluating the effectiveness of security mechanisms are also applicable as parameters for evaluating neutralizable threats to information security. Theoretical substantiation of methods of designing of systems of information protection in virtualized environments and cloud platforms made it possible to offer calculation procedure of the semantic threshold preferences when choosing protection mechanisms, defined in neutralizing “a threat Model and a potential intruder information security” threats, to develop and apply in the process of designing public information systems the method of choice preferred defense mechanisms, neutralizing security threats information on security levels in the overall architecture of such systems.