Methods of Estimating Reliability of Information Security Systems which Protect from Unauthorized Access in Automated Systems

Abstract

Modern methods of protecting information from unauthorized access in automated systems are based on the use of specialized information security systems from unauthorized access. Security systems are necessarily included in the form of additional software systems in the software as in a secure execution. Information security systems from unauthorized access can be developed not only in a process of automated systems design, but also complement the system-wide software of functioning systems. The use of the information security systems from unauthorized access can reduce a overall reliability of the automated systems, if they contain errors that are not detected during debugging. The reliability of the information security systems affects effectiveness of information security (confidentiality, integrity and availability). Guidelines of the Federal Service for Technical and Export Control (FSTEC) of Russia are a methodological basis for the formation of the information security systems’ image both in the process of development and in the process of modernization of the automated systems. The guidance documents of FSTEC of Russia do not contain methodological approaches to assessing the reliability of these program systems. In this regard, the actual design of techniques of estimating reliability of the information security systems from unauthorized access in automated systems in a secure execution. The structural complexity of the information security systems from unauthorized access and large number of functions performed necessitates the use of three reliability indicators that characterize the system in solving problems of confidentiality, integrity and availability of information. To develop the technique, the known methods of evaluating the reliability of complex systems are used, which do not allow their decomposition into serial and parallel connection. The developed methods were tested in assessing the reliability of the information security systems from unauthorized access with typical indicators of initial characteristics. The results of calculations and prospects of using the developed methods are presented in the paper.