Abstract

The object of research is the information and telecommunication system (ITS) and ensuring the protection of information stored, processed and circulating in it. One of the most problematic areas in the creation of secure ITS is the logical inconsistency and incompleteness of the information security policy. That is, a set of laws, rules, restrictions, recommendations, etc., which regulate the procedure for processing information and are aimed at protecting information from a certain set of threats. The reason for such problems is usually the absence of pre-design modeling of the information security system as a component of the information and telecommunications system, which in the end causes the latter to be vulnerable. An important prerequisite for the creation of a secure ITS is the construction of a subject-object model of the system, which makes it possible to determine the connections between objects, their features, to model information flows and types of access to information and infrastructure resources. According to the existing clear, complete and consistent subject-object model of the ITS, it becomes possible to apply mathematical methods to modeling the processes of its functioning, including for solving the problem of formal proof of security. The paper considers the main idea of the method of formal proof of security, which can be used when building information security systems or assessing the security of the created information and telecommunications system. It is shown that for its implementation it is possible to use the methodology of automatic theorem proving. One of the ways to solve this problem, which is proposed in the work, is the use of the PVS (Prototype Verification System) formal logic system, which is widely used for writing specifications and constructing proofs. The main components of this system are considered, as well as the possibilities of its use for automatic proof of statements about the impossibility of unauthorized access under the conditions of a certain security policy. An example of the use of the PVS system for the formal proof of the security of the system in the framework of the Bella-LaPadula security policy is given.

Highlights

  • The issues of protecting information and telecommunica­ tion systems from threats implemented by attacks and/or activation of destabilizing factors [1] has not lost its relevance over the past decades

  • A significant set of algorithms for the implementation of threats is as­ sociated with the exploitation of vulnerabilities that can arise both in the configuration of information protection mechanisms in the information and telecommunication system (ITS), and in the ITS security policy

  • The likelihood of the implementation of threats in the ITS in the opposite way depends on the completeness, correctness and reliability of the information protection system, which can be formally verified before the attack or the emergence of a destabilizing factor

Read more

Summary

Introduction

The issues of protecting information and telecommunica­ tion systems (hereinafter – ITS) from threats implemented by attacks and/or activation of destabilizing factors [1] has not lost its relevance over the past decades. Let’s understand the security policy as a set of laws, rules, restrictions, recommendations, etc., which regulate the pro­ cedure for processing information and aimed at protecting information from a certain set of threats. The likelihood of the implementation of threats in the ITS in the opposite way depends on the completeness, correctness and reliability of the information protection system, which can be formally verified before the attack or the emergence of a destabilizing factor. The main stages of the formal method of checking the information security system for completeness and correctness are: 1) definition of objects and objectives of protection; 2) development of a security policy; TECHNOLOGY AUDIT AND PRODUCTION RESERVES — No 2/2(58), 2021

Objectives
Methods
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call