Abstract

The object of research is the information and telecommunication system (ITS) and ensuring the protection of information stored, processed and circulating in it. One of the most problematic areas in the creation of secure ITS is the logical inconsistency and incompleteness of the information security policy. That is, a set of laws, rules, restrictions, recommendations, etc., which regulate the procedure for processing information and are aimed at protecting information from a certain set of threats. The reason for such problems is usually the absence of pre-design modeling of the information security system as a component of the information and telecommunications system, which in the end causes the latter to be vulnerable. An important prerequisite for the creation of a secure ITS is the construction of a subject-object model of the system, which makes it possible to determine the connections between objects, their features, to model information flows and types of access to information and infrastructure resources. According to the existing clear, complete and consistent subject-object model of the ITS, it becomes possible to apply mathematical methods to modeling the processes of its functioning, including for solving the problem of formal proof of security. The paper considers the main idea of the method of formal proof of security, which can be used when building information security systems or assessing the security of the created information and telecommunications system. It is shown that for its implementation it is possible to use the methodology of automatic theorem proving. One of the ways to solve this problem, which is proposed in the work, is the use of the PVS (Prototype Verification System) formal logic system, which is widely used for writing specifications and constructing proofs. The main components of this system are considered, as well as the possibilities of its use for automatic proof of statements about the impossibility of unauthorized access under the conditions of a certain security policy. An example of the use of the PVS system for the formal proof of the security of the system in the framework of the Bella-LaPadula security policy is given.

Highlights

  • The issues of protecting information and telecommunica­ tion systems from threats implemented by attacks and/or activation of destabilizing factors [1] has not lost its relevance over the past decades

  • A significant set of algorithms for the implementation of threats is as­ sociated with the exploitation of vulnerabilities that can arise both in the configuration of information protection mechanisms in the information and telecommunication system (ITS), and in the ITS security policy

  • The likelihood of the implementation of threats in the ITS in the opposite way depends on the completeness, correctness and reliability of the information protection system, which can be formally verified before the attack or the emergence of a destabilizing factor

Read more

Summary

Introduction

The issues of protecting information and telecommunica­ tion systems (hereinafter – ITS) from threats implemented by attacks and/or activation of destabilizing factors [1] has not lost its relevance over the past decades. Let’s understand the security policy as a set of laws, rules, restrictions, recommendations, etc., which regulate the pro­ cedure for processing information and aimed at protecting information from a certain set of threats. The likelihood of the implementation of threats in the ITS in the opposite way depends on the completeness, correctness and reliability of the information protection system, which can be formally verified before the attack or the emergence of a destabilizing factor. The main stages of the formal method of checking the information security system for completeness and correctness are: 1) definition of objects and objectives of protection; 2) development of a security policy; TECHNOLOGY AUDIT AND PRODUCTION RESERVES — No 2/2(58), 2021

Objectives
Methods
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Method and technique of formal design of complex information security system in information and telecommunication systems
R.V Oliynykov ... R.Y Gvozdov
Radiotekhnika | VOL. -
R.V Oliynykov, et. al.R.V Oliynykov ... R.Y Gvozdov
23 Dec 2020
Exploring IS security themes: a literature analysis
Karen Neville ... David Sammon
Journal of Decision Systems | VOL. 29
Karen Neville, et. al.Karen Neville ... David Sammon
18 Aug 2020
Enhancing Information Security Process in Organisations in Qatar
Aisha Khalid Al-Hamar
-
Aisha Khalid Al-HamarAisha Khalid Al-Hamar
01 Jan 2015
Analysis of conditions and factors affecting cyber security in the special purpose information and telecommunication system
Oleg Sova
Technology audit and production reserves | VOL. 4
Oleg SovaOleg Sova
25 Jul 2022
View more papers

More From: Technology audit and production reserves

Paper Title
Journal
Date
Author
Research into arsenic (III) effective catalytic oxidation in an aqueous solution on a new active manganese dioxide in a flow column
Denis Abower
Technology audit and production reserves | VOL. 1
Denis AbowerDenis Abower
29 Feb 2024
Estimation of global nanomedicine market: status, segment analysis, dynamics, competition and prospects
Angelina Gab ... Dmytro Shakhnin
Technology audit and production reserves | VOL. 1
Angelina Gab, et. al.Angelina Gab ... Dmytro Shakhnin
29 Feb 2024
Exploring the possibility of undesirable manufacturing heritage reduction in parts made of composites and their joints
Tetiana Kupriianova ... Igor Taranenko
Technology audit and production reserves | VOL. 1
Tetiana Kupriianova, et. al.Tetiana Kupriianova ... Igor Taranenko
29 Feb 2024
Exploring the importance of building strong customer relationships
Maia Seturi
Technology audit and production reserves | VOL. 1
Maia SeturiMaia Seturi
29 Feb 2024
View more papers