
Content of the 6th issue of magazine «Voprosy kiberbezopasnosti» at 2021:
Title | Pages |
Kolosok, I. N. ASSESSMENT OF CYBER RESILIENCE INDICES OF INFORMATION COLLECTION AND PROCESSING SYSTEMS IN ELECTRIC POWER SYSTEMS BASED ON SEMI-MARKOV MODELS / I. N. Kolosok, L. A. Gurina // Cybersecurity issues. – 2021. – № 6(46). – С. 2-11. – DOI: 10.21681/2311-3456-2021-6-2-11.
AbstractPurpose of the study: The study aims to design an algorithm for determining the cyber resilience indices of information collection, transmission, and processing systems (SCADA, WAMS) to control electric power systems. This algorithm makes it possible to factor in possible states and measures to restore such systems when cyber resilience is lost.Research methods include the probability theory, methods of power system reliability analysis, and Markov methods.Result of the research: The analysis of the reliability of WAMS, which is necessary for assessing the cyber resilience of the EPS, has been carried out. A cyber resilience model is proposed, on the basis of which an algorithm for determining the cyber resilience index of SCADA, WAMS systems with a low quality of measurement information used in EPS control has been developed. To take into account possible states of SCADA, WAMS systems and measures for their restoration (detection, mitigation and response) in case of violation of cyber resilience, the algorithm uses the tools of probability theory and Markov methods. The effectiveness of the application of the developed algorithm is con rmed by the example of calculating the WAMS cyber resilience index with a low quality of PMU data. The results obtained can be useful in making decisions on the formation of control actions on the EPS to ensure its cybersecurity in the context of cyber-attacks on information collection, transmission, and processing systems. Keywords: electric power system, reliability, resilience, SCADA, WAMS, cyber-attacks, measurement quality, state estimation. References1. R. V. Yohanandhan, R. M. Elavarasan, P. Manoharan and L. Mihet-Popa. Cyber-Physical Power System (CPPS): A Review on Modeling, Simulation, and Analysis With Cyber Security Applications. In IEEE Access. 2020, vol. 8, pp. 151019-151064. DOI: 10.1109/ACCESS.2020.3016826 2. X. Chu, M. Tang, H. Huang and L. Zhang. A security assessment scheme for interdependent cyber-physical power systems. 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS). 2017, pp. 816-819, DOI: 10.1109/ICSESS.2017.8343036 3. Воропай Н.И. Napravleniya i problemy transformacii elektroenergeticheskih sistem, Elektrichestvo [Elektrichestvo], 2020, № 7, pp. 12-21. DOI: 10.24160/0013-5380-2020-7-12-21 4. M. Ni and M. Li. Reliability Assessment of Cyber Physical Power System Considering Communication Failure in Monitoring Function. 2018 International Conference on Power System Technology (POWERCON). 2018, pp. 3010-3015. DOI: 10.1109/POWERCON.2018.8601964 5. Jia Guo, Yifei Wang, Chuangxin Guo, Shufeng Dong and Baijian Wen. Cyber-Physical Power System (CPPS) reliability assessment considering cyber attacks against monitoring functions. 2016 IEEE Power and Energy Society General Meeting (PESGM). 2016, pp. 1-5. DOI: 10.1109/PESGM.2016.7741899 6. Kolosok I.N., Gurina L.A. Ocenka riskov upravleniya kiberfizicheskoj EES na osnove teorii nechetkih mnozhestv // Metodicheskie voprosy issledovaniya nadezhnosti bol’shih sistem energetiki [Methodological problems reliability study of large energy systems], v 2-h knigah, 2019, pp. 238-247. 7. S. Sridhar, A. Ashok, M. Mylrea, S. Pal, M. Rice and S. N. G. Gourisetti. A testbed environment for buildings-to-grid cyber resilience research and development. 2017 Resilience Week (RWS). 2017, pp. 12-17. DOI: 10.1109/RWEEK.2017.8088641 8. Voropaj N.I., Kolosok I.N., Korkina E.S. Problemy povysheniya kiberustojchivosti cifrovoj podstancii // Relejnaya zashchita i avtomatizaciya [Relay protection and automation], 2019, № 1(34), pp. 78-83. 9. Voropai N Electric Power System Transformations: A Review of Main Prospects and Challenges. Energies. 2020, vol.13. No.21. DOI: 10.3390/en13215639 10. Kolosok I.N., Gurina, L. A. (2017). Determination of the vulnerability index to cyberattacks and state-estimation problems according to SCADA data and timed vector measurements. Russian Electrical Engineering. 2017, vol. 88(1), pp. 23–29. DOI:10.3103/s1068371217010096 11. X. Liu, X. Zeng, L. Yao, G. I. Rashed and C. Deng. Power System State Estimation Based on Fusion of WAMS/SCADA Measurements: A Survey. 2018 2nd IEEE Conference on Energy Internet and Energy System Integration (EI2). 2018, pp. 1-6, DOI: 10.1109/EI2.2018.8582102. 12. I. Kolosok and L. Gurina. Wavelet Analysis of PMU Measurements for Identification of Cyber Attacks on TCMS. 2018 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). 2018, pp. 1-4. DOI: 10.1109/ICIEAM.2018.8728768 13. R. Kateb, P. Akaber, M. H. K. Tushar, A. Albarakati, M. Debbabi and C. Assi. Enhancing WAMS Communication Network Against Delay Attacks. In IEEE Transactions on Smart Grid. May 2019, vol. 10, no. 3, pp. 2738-2751. DOI: 10.1109/TSG.2018.2809958 14. Seyedmohsen Hosseini, Kash Barker, Jose E. Ramirez-Marquez. A review of definitions and measures of system resilience. Reliability Engineering & System Safety. 2016, vol. 145, p. 47-61. DOI: 10.1016/j.ress.2015.08.006 15. Zhukov A.V., Sacuk E.I., Dubinin D.M., Opalev O.L., Utkin D.N. Voprosy primeneniya tekhnologii sinhronizirovannyh vektornyh izmerenij dlya zadach monitoringa ekspluatacionnogo sostoyaniya elektrooborudovaniya, Energetik [Energetick], 2017, № 9, pp. 3-8. 16. Golub I.I., Hohlov M.V. Algoritmy sinteza nablyudaemosti EES na osnove sinhronizirovannyh vektornyh izmerenij, Elektrichestvo [Elektrichestvo], 2015, № 1, pp. 26-33. 17. Ankur Singh Rana, Mini S. Thomas, Nilanjan Senroy. Reliability evaluation of WAMS using Markov-based graph theory approach. Generation Transmission & Distribution IET. 2017, vol. 11, no. 11, pp. 2930-2937. DOI: 10.1049/iet-gtd.2016.0848 18. C. Murthy, D. S. Roy and D. K. Mohanta. Re-estimation of hidden Markov model parameters of Phasor Measurement Unit. 2015 IEEE Power, Communication and Information Technology Conference (PCITC). 2015, pp. 379-384. DOI: 10.1109/PCITC.2015.7438195 19. Diptendu Sinha Roy, Cherukuri Murthy, Dusmanta Kumar Mohanta. Reliability analysis of phasor measurement unit incorporating hardware and software interaction failures. Generation Transmission & Distribution IET. 2015, vol. 9, no. 2, pp. 164-171. DOI: 10.1049/iet-gtd.2014.0115 20. Uspenskij M.I. Sostavlyayushchie nadezhnosti informacionnoj seti sistemy monitoringa perekhodnyh rezhimov // Metodicheskie voprosy issledovaniya nadezhnosti bol’shih sistem energetiki [Methodological problems reliability study of large energy systems], 2020, pp. 370-379. 21. A. Ashok, M. Govindarasu and J. Wang. Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid. In Proceedings of the IEEE. July 2017, vol. 105, no. 7, pp. 1389-1407. DOI: 10.1109/JPROC.2017.2686394 22. A. Ashok, M. Govindarasu and V. Ajjarapu. Attack-resilient measurement design methodology for State Estimation to increase robustness against cyber-attacks. 2016 IEEE Power and Energy Society General Meeting (PESGM). 2016, pp. 1-5. DOI: 10.1109/PESGM.2016.7741979 23. P. Pradhan, K. Nagananda, P. Venkitasubramaniam, S. Kishore and R. S. Blum. GPS spoofing attack characterization and detection in smart grids. 2016 IEEE Conference on Communications and Network Security (CNS). 2016, pp. 391-395. DOI: 10.1109/CNS.2016.7860525 24. A. Huseinović, S. Mrdović, K. Bicakci and S. Uludag. A Survey of Denial-of-Service Attacks and Solutions in the Smart Grid. In IEEE Access. 2020, vol. 8, pp. 177447-177470. DOI: 10.1109/ACCESS.2020.3026923 25. J. Yan, Y. Tang, Bo Tang, H. He and Y. Sun. Power grid resilience against false data injection attacks. 2016 IEEE Power and Energy Society General Meeting (PESGM). 2016, pp.1 5. DOI: 10.1109/PESGM.2016.7741850 26. G. Coletta, A. Pepiciello, A. Vaccaro, D. Villacci and G. M. Giannuzzi. Time Synchronization Attack in Synchrophasors-based Dynamic Thermal Rating Assessment: Impact and Analysis. 2018 AEIT International Annual Conference. 2018, pp. 1-6. DOI: 10.23919/AEIT.2018.8577398 27. Kolosok I.N., Gurina L.A. Ocenka kachestva dannyh SCADA i WAMS pri kiberatakah na informacionno-kommunikacionnuyu infrastrukturu EES // Informacionnye i matematicheskie tekhnologii v nauke i upravlenii [Information and mathematical tehnologies in science and management], 2020, № 1(17), pp. 68-78. DOI: 10.38028/ESI.2020.17.1.005 28. Kolosok I.N., Gurina L.A. Identifikaciya kiberatak na sistemy SCADA i SMPR v EES pri obrabotke izmerenij metodami ocenivaniya sostoyaniya // Elektrichestvo [Elektrichestvo], 2021, № 6, pp. 25-32. DOI: 10.24160/0013-5380-2021-6-25-32 29. Kolosok I.N., Gurina L.A. Povyshenie kiberbezopasnosti intellektual’nyh energeticheskih sistem metodami ocenivaniya sostoyaniya // Voprosy kiberbezopasnosti [Cybersecurity issues], 2018, № 3(27), pp. 63-69. DOI: 10.21681/2311-3456-2018-3-63-69 30. M. V. Khokhlov, O. A. Pozdnyakova and A. Obushevs. Optimal PMU Placement for Power System State Estimation using Population-based Algorithms Incorporating Observability Requirements. 2020 IEEE 61th International Scientific Conference on Power and Electrical Engineering of Riga Technical University (RTUCON). 2020, pp. 1-8. DOI: 10.1109/RTUCON51174.2020.9316476 31. Y. Yao, X. Liu and Z. Li. Robust Measurement Placement for Distribution System State Estimation. In IEEE Transactions on Sustainable Energy. Jan. 2019, vol. 10, no. 1, pp. 364-374. DOI: 10.1109/TSTE.2017.2775862 |
2-11 |
Makarenko, S. I. SELECTION METHODS OF TEST CYBER ATTACKS THAT ENSURE THE RATIONAL COMPLETENESS OF THE PENETRATION TESTING OF AA CRITICAL INFORMATION INFRASTRUCTURE OBJECT / S. I. Makarenko, G. E. Smirnov // Cybersecurity issues. – 2021. – № 6(46). – С. 12-25. – DOI: 10.21681/2311-3456-2021-6-12-25.
AbstractRelevance. Security issues of information systems in critical infrastructure objects become important now. However, current tasks of information security audit of critical infrastructure objects are mainly limited to checking them for compliance with requirements of standards and documents. With this approach to the audit, security of these objects from real attacks by hackers remains unclear. Therefore, objects are subjected to a testing procedure, namely, penetration testing, in order to objectively verify their security. An analysis of publications in this area shows that there is not mathematical approaches to selection of test cyber attacks for penetration testing set.The goals of the paper is to form the selection method of test cyber attacks that ensure the rational completeness of the security audit of a critical information infrastructure object.Research methods. Methods of probability theory and mathematical statistics, methods of graph theory and set theory are used in the paper to achieve the research goals.Results. The Select Method of test cyber attacks for security audit of a critical information infrastructure object with rational completeness is presented in the paper. This method formalizes the selection process in the form of a two-stage procedure. At the first stage, based on the topological model of the object testing, a set of testing paths is formed, and these paths are ordered by the degree of weight increase. The path weight is the efficiency/cost indicator that takes in account the test resource for realized of a test cyber attack, the vulnerability of an object element, and the level of damage caused to the element by this test cyber attack. At the second stage of the method, from an ordered set of test paths are selected of such, which would ensure the maximization of the whole absolute cost of the detected damage, within the limits on the resource making of test cyber attacks. It is using of this method in audit practice will allow us to justify the most effective test cyber attacks according to the “efficiency/cost” criterion, as well as to form test sets that will ensure the rational completeness of the audit of the critical infrastructure object. Keywords: critical information infrastructure, penetration testing, information security audit, information technology impact. References1. Makarenko S. I. Audit informatcionnoi` bezopasnosti: osnovny`e e`tapy`, kontceptual`ny`e osnovy`, classifikatciia meropriiatii` // Sistemy` upravleniia, sviazi i bezopasnosti. 2018. № 1. S. 1-29. DOI: 10.24411/2410-9916-2018-10101 2. Makarenko S. I. Audit bezopasnosti kriticheskoi` infrastruktury` spetcial`ny`mi informatcionny`mi vozdei`stviiami. Monografiia. – SPb.: Naukoemkie tekhnologii, 2018. – 122 s. 3. Kashaev T. R. Algoritmy` aktivnogo audita informatcionnoi` sistemy` na osnove tekhnologii` iskusstvenny`kh immunny`kh sistem. Avtoref. dis. … kand. tekhn. nauk. – Ufa: UGATU, 2008. – 19 s. 4. Markov A. S., Tcirlov V. L., Barabanov A. V. Metody` ocenki nesootvetstviia sredstv zashchity` informatcii. – M.: Radio i sviaz`, 2012. – 192 s. 5. Skabtcov N. Audit bezopasnosti informatcionny`kh sistem. – SPb.: Peter, 2018. – 272 s. 6. Penetration Testing. Procedures & Methodologies. – EC-Council Press, 2011. – 237 p. 7. Kennedy D., O’Gorman J., Kearns D., Aharoni M. Metasploit. The Penetration Tester’s Guide. – San Francisco: No Starch Press, 2011. – 299 p. 8. Makan K. Penetration Testing with the Bash shell. – Birmingham: Pact Publishing, 2014. – 133 p. 9. Cardwell K. Building Virtual Pentesting Labs for Advanced Penetration Testing. – Birmingham: Pact Publishing, 2016. – 518 p. 10. Makarenko S. I. Informatcionnoe oruzhie v tekhnicheskoi` sfere: terminologiia, classifikatciia, primery` // Sistemy` upravleniia, sviazi i bezopasnosti. 2016. № 3. S. 292-376. DOI: 10.24411/2410-9916-2016-10311 11. Makarenko S. I. Problemy` i perspektivy` primeneniia kiberneticheskogo oruzhiia v sovremennoi` setecentricheskoi` voi`ne // Spetctekhnika i sviaz`. 2011. № 3. S. 41-47. 12. Makarenko S. I., Smirnov G. E. Analiz standartov i metodik testirovaniia na proniknovenie // Sistemy` upravleniia, sviazi i bezopasnosti. 2020. № 4. S. 44–72. DOI: 10.24411/2410-9916-2020-10402 13. Climov S. M. Imitatcionny`e modeli ispy`tanii` kriticheski vazhny`kh informatcionny`kh ob``ektov v usloviiakh komp`iuterny`kh atak // Izvestiia IUFU. Tekhnicheskie nauki. 2016. № 8 (181). S. 27-36. 14. Climov S. M., Sy`chyov M. P. Stendovy`i` poligon uchebno-trenirovochny`kh i ispy`tatel`ny`kh sredstv v oblasti obespecheniia informatcionnoi` bezopasnosti // Informatcionnoe protivodei`stvie ugrozam terrorizma. 2015. № 24. S. 206–213. 15. Petrenko A. A., Petrenko S. A. Kiberucheniia: metodicheskie rekomendatcii ENISA // Voprosy` kiberbezopasnosti. 2015. № 3(11). S. 2-14. 16. Boi`ko A. A., D`iakova A. V. Sposob razrabotki testovy`kh udalenny`kh informatcionno-tekhnicheskikh vozdei`stvii` na prostranstvenno raspredelenny`e sistemy` informatcionno-tekhnicheskikh sredstv // Informatcionno-upravliaiushchie sistemy`. 2014. № 3 (70). S. 84–92. 17. Boi`ko A. A., D`iakova A. V., KHramov V. Iu. Metodicheskii` podhod k razrabotke testovy`kh sposobov udalennogo informatcionnotekhnicheskogo vozdei`stviia na prostranstvenno raspredelenny`e sistemy` informatcionno-tekhnicheskikh sredstv // Kibernetika i vy`sokie tekhnologii XXI veka XV Mezhdunarodnaia nauchno-tekhnicheskaia konferentciia. – Voronezh: NPF «SAKVOEE», 2014. – S. 386–395. 18. Boi`ko A. A., Obushchenko E. Iu., Shcheglov A. V. Osobennosti sinteza polnogo mnozhestva testovy`kh sposobov udalennogo informatcionno-tekhnicheskogo vozdei`stviia na prostranstvenno raspredelenny`e sistemy` informatcionno-tekhnicheskikh sredstv // Vestneyk Voronezhskogo gosudarstvennogo universiteta. Seriia: Sistemny`i` analiz i informatcionny`e tekhnologii. 2017. № 2. S. 33–45. 19. Baranova E. K., Hudy`shkin A. A. Osobennosti analiza bezopasnosti informatcionny`kh sistem metodom testirovaniia na proniknovenie // Modelirovanie i analiz bezopasnosti i riska v slozhny`kh sistemakh. Trudy` mezhdunarodnoi` nauchnoi` shkoly` MABR. 2015. S. 200–205. 20. Baranova E. K., Chernova M. V. Sravnitel`ny`i` analiz programmnogo instrumentariia dlia analiza i ocenki riskov informatcionnoi` bezopasnosti // Problemy` informatcionnoi` bezopasnosti. Komp`iuterny`e sistemy`. 2014. № 4. S. 160–168. 21. Begaev A. N., Begaev S. N., Fedotov V. A. Testirovanie na proniknovenie. – SPb: Universitet ITMO, 2018. – 45 s. 22. Bogoraz A. G., Peskova O. Iu. Metodika testirovaniia i ocenki mezhsetevy`kh e`kranov // Izvestiia IUFU. Tekhnicheskie nauki. 2013. № 12 (149). S. 148–156. 23. Dorofeev A. Testirovanie na proniknovenie: demonstratciia odnoi` uiazvimosti ili ob``ektivnaia ocenka zashchishchennosti? // Zashchita informatcii. Insai`d. 2010. № 6 (36). S. 72–73. 24. Umnitcy`n M. Iu. Podhod k polunaturnomu analizu zashchishchennosti informatcionnoi` sistemy` // Izvestiia Volgogradskogo gosudarstvennogo tekhnicheskogo universiteta. 2018. № 8(218). S. 112–116. 25. Borodin M. K., Borodina P. Iu. Testirovanie na proniknovenie sredstva zashchity` informatcii VGATE R2 // Regional`naia informatika i informatcionnaia bezopasnost`. – SPb., 2017. – S. 264–268. 26. Poltavtceva M. A., Pechenkin A. I. Intellektual`ny`i` analiz danny`kh v sistemakh podderzhki priniatiia reshenii` pri testirovanii na proniknovenie // Problemy` informatcionnoi` bezopasnosti. Komp`iuterny`e sistemy`. 2017. № 3. S. 62–69. 27. Kadan A. M., Doronin A. K. Infrastrukturny`e oblachny`e resheniia dlia zadach testirovaniia na proniknovenie // Ucheny`e zapiski ISGZ. 2016. T. 14. № 1. S. 296–302. 28. Eremenko N. N., Kokoulin A. N. Issledovanie metodov testirovaniia na proniknovenie v informatcionny`kh sistemakh // Master’s Journal. 2016. № 2. S. 181–186. 29. Tumanov S. A. Sredstva testirovaniia informatcionnoi` sistemy` na proniknovenie // Doclady` Tomskogo gosudarstvennogo universiteta sistem upravleniia i radioe`lektroniki. 2015. № 2 (36). S. 73–79. 30. Kravchuk A. V. Model` protcessa udalennogo analiza zashchishchennosti informatcionny`kh sistem i metody` povy`sheniia ego rezul`tativnosti // Trudy` SPIIRAN. 2015. № 1 (38). S. 75–93. 31. Gorbatov V.S., Meshcheriakov A.A. Sravnitel`ny`i` analiz sredstv kontrolia zashchishchennosti vy`chislitel`noi` seti // Bezopasnost` informatcionny`kh tekhnologii`. 2013. T. 20. № 1. S. 43–48. 32. Pfleeger C. P., Pfleeger S. L., Theofanos M. F. A methodology for penetration testing // Computers & Security. 1989. T. 8. № 7. S. 613–620. 33. McDermott J. P. Attack net penetration testing // NSPW. 2000. S. 15–21. 34. Alisherov F., Sattarova F. Methodology for penetration testing // International Journal of Grid and Distributed Computing. 2009. S. 43–50. 35. Ami P., Hasan A. Seven phrase penetration testing model // International Journal of Computer Applications. 2012. T. 59. № 5. S. 16–20. 36. Holik F., Horalek J., Marik O., Neradova S., Zitta S. Effective penetration testing with Metasploit framework and methodologies // Proceedings of the 15th International Symposium on Computational Intelligence and Informatics (CINTI). IEEE, 2014. PP. 237–242. DOI: 10.1109/CINTI.2014.7028682 37. Herzog P. Open-source security testing methodology manual // Institute for Security and Open Methodologies (ISECOM). 2003. URL: https://untrustednetwork.net/files/osstmm.en.2.1.pdf (data obrashcheniia 12.02.2021) 38. Makarenko S. I. Kriterii i pokazateli ocenki kachestva testirovaniia na proniknovenie // Voprosy` kiberbezopasnosti. 2021. № 3 (43). S. 43-57. DOI: 10.21681/2311-3456-2021-3-43-57 39. Makarenko S. I., Smirnov G. E. Model` audita zashchishchennosti ob``ekta kriticheskoi` informatcionnoi` infrastruktury` testovy`mi informatcionno-tekhnicheskimi vozdei`stviiami // Trudy` uchebny`kh zavedenii` sviazi. 2021. T. 7. № 1. S. 94–104. DOI: 10.31854/1813-324X-2021-7-1-94-104 40. Tatt U. Teoriia grafov. – M.: Mir, 1988. – 424 s. 41. Svami M., Thulasiraman K. Grafy`, seti i algoritmy`. – M.: Mir, 1984. – 454 s. 42. Kormen T., Lei`zerson Ch., Rivest R. Algoritmy`: postroenie i analiz. – M.: MTCNMO, 2000. – 960 s. 43. Makarenko S. I. Metod obespecheniia ustoi`chivosti telekommunikatcionnoi` seti za schet ispol`zovaniia ee topologicheskoi` izby`tochnosti // Sistemy` upravleniia, sviazi i bezopasnosti. 2018. № 3. S. 14–30. DOI: 10.24411/2410-9916-2018-10302 44. TCvetkov K. Iu., Makarenko S. I., Mihai`lov R. L. Formirovanie rezervny`kh putei` na osnove algoritma Dei`kstry` v tceliakh povy`sheniia ustoi`chivosti informatcionno-telekommunikatcionny`kh setei` // Informatcionno-upravliaiushchie sistemy`. 2014. № 2 (69). S. 71–78. 45. Makarenko S. I., Kvasov M. N. Modifitcirovanny`i` algoritm Bellmana-Forda s formirovaniem kratchai`shikh i rezervny`kh putei` i ego primenenie dlia povy`sheniia ustoi`chivosti telekommunikatcionny`kh sistem // Infokommunikatcionny`e tekhnologii. 2016. T. 14. № 3. S. 264–274. 46. Makarenko S.I. Usovershenstvovanny`i` protokol marshrutizatcii OSPF, obespechivaiushchii` povy`shennuiu ustoi`chivost` setei` sviazi // Trudy` uchebny`kh zavedenii` sviazi. 2018. T. 4. № 2. S. 82–90. 47. Makarenko S.I. Usovershenstvovanie funktcii` marshrutizatcii i signalizatcii protokola PNNI s tcel`iu povy`sheniia ustoi`chivosti seti sviazi // Trudy` uchebny`kh zavedenii` sviazi. 2020. T. 6. № 2. S. 45–59. DOI: 10.31854/1813-324X-2020-6-2-45-59 48. Smirnov G. E., Makarenko S. I. Ispol`zovanie testovy`kh informatcionno-tekhnicheskikh vozdei`stvii` dlia audita zashchishchennosti informatcionny`kh sistem zheleznodorozhnogo transporta // Intellektual`ny`e tekhnologii na transporte. 2020. № 3 (23). S. 20–29. 49. Smirnov G. E., Makarenko S. I. Ispol`zovanie testovy`kh informatcionno-tekhnicheskikh vozdei`stvii` dlia preventivnogo audita zashchishchennosti informatcionno-telekommunikatcionny`kh setei` // E`konomika i kachestvo sistem sviazi. 2020. № 3 (17). S. 43–59. |
12-25 |
Kalashnikov, A. O. A MODEL FOR QUANTIFYING THE AGENT OF A COMPLEX NETWORK IN CONDITIONS OF INCOMPLETE AWARENESS / A. O. Kalashnikov, K. A. Bugajskij // Cybersecurity issues. – 2021. – № 6(46). – С. 26-35. – DOI: 10.21681/2311-3456-2021-6-26-35.
AbstractPurpose of the article: development of a mechanism for quantitative evaluation of elements of complex information systems in conditions of insufficient information about the presence of vulnerabilities.Research method: mathematical modeling of uncertainty estimation based on binary convolution and Kolmogorov complexity. Data banks on vulnerabilities and weaknesses are used as initial data for modeling.The result: it is shown that the operation of an element of a complex network can be represented by data transformation procedures, which consist of a sequence of operations in time, described by weaknesses and related vulnerabilities. Each operation can be evaluated at a qualitative level in terms of the severity of the consequences in the event of the implementation of potential weaknesses. The use of binary convolution and universal coding makes it possible to translate qualitative estimates into a binary sequence - a word in the alphabet {0,1}. The sequence of such words - as the uncertainty function - describes the possible negative consequences of implementing data transformation procedures due to the presence of weaknesses in an element of a complex system. It is proposed to use the Kolmogorov complexity to quantify the uncertainty function. The use of a Turing machine for calculating the uncertainty function provides a universal mechanism for evaluating elements of complex information systems from the point of view of information security, regardless of their software and hardware implementation. Keywords: vulnerability, binary convolution, Kolmogorov complexity, Turing machine, universal coding, information security model, evaluating complex systems. References1. Kalashnikov, A. O. Infrastruktura kak kod: formiruetsya novaya real`nost` informacionnoj bezopasnosti / A. O. Kalashnikov, K. A. Bugajskij // Informaciya i bezopasnost`. – 2019. – Tom 22. – № 4. – pp. 495-506. 2. Gerasimov, A. Yu. Formal`naya model` obnaruzheniya programmny`x oshibok s pomoshh`yu simvol`nogo ispolneniya programm / A. Yu. Gerasimov, D. O. Kucz, A. A. Novikov // Trudy` Instituta sistemnogo programmirovaniya RAN. – 2019. – Tom 31. – № 6. – pp. 21- 32. – DOI 10.15514/ISPRAS-2019-31(6)-2. 3. Kolbina, A. O. Primenenie kiberneticheskix metodov Chyornogo i belogo yashhikov v razrabotke i testirovanii programm / A. O. Kolbina, V. A. Baranov, P. V. Peresun`ko // Novaya nauka: Ot idei k rezul`tatu. – 2016. – № 9-1. – pp. 25-27. 4. Lipaev, V. V. Testirovanie komponentov i kompleksov programm / V. V. Lipaev. – M.|Berlin : Direkt-Media, 2015. – P. 528 – ISBN 9785447538651. 5. Makarenko, S. I. Analiz standartov i metodik testirovaniya na proniknovenie / S. I. Makarenko, G. E. Smirnov // Sistemy` upravleniya, svyazi i bezopasnosti. – 2020. – № 4. – pp. 44-72. – DOI 10.24411/2410-9916-2020-10402. 6. Barabanov, A. V. Aktual`ny`e voprosy` vy`yavleniya uyazvimostej i nedeklarirovanny`x vozmozhnostej v programmnom obespechenii / A. V. Barabanov, A. S. Markov, V. L. Cirlov // Sistemy` vy`sokoj dostupnosti. – 2018. – Tom 14. – № 3. – pp. 12-17. – DOI 10.18127/j20729472-201803-03. 7. Issledovanie uyazvimostej programmnogo obespecheniya : Uchebnoe izdanie / A. V. Barabanov, A. S. Markov, V. L. Cirlov, Yu. V. Rautkin. – Moskva : Federal`noe byudzhetnoe uchrezhdenie Nauchny`j centr pravovoj informacii pri Ministerstve yusticii Rossijskoj Federacii, 2018. – P. 76 – ISBN 9785901167465. 8. Statistika vy`yavleniya uyazvimostej programmnogo obespecheniya pri provedenii sertifikacionny`x ispy`tanij / A. V. Barabanov, A. S. Markov, A. A. Fadin, V. L. Cirlov // Voprosy` kiberbezopasnosti. – 2017. – № 2(20). – pp. 2-8. – DOI 10.21581/2311-3456-2017-2-2-8. 9. Barabanov, A. V. O sistematike informacionnoj bezopasnosti cepej postavki programmnogo obespecheniya / A. V. Barabanov, A. S. Markov, V. L. Cirlov // Bezopasnost` informacionny`x texnologij. – 2019. – Tom 26. – № 3. – pp. 68-79. – DOI 10.26583/bit.2019.3.06. 10. Gorbatova, E. V. Tendencii i perspektivy` razvitiya naibolee opasny`x kiberugroz / E. V. Gorbatova // Modernizaciya i ustojchivoe social`no-e`konomicheskoe razvitie Rossii i ee regionov v XXI veke skvoz` prizmu rosta proizvoditel`nosti truda : Sbornik statej II Vserossijskoj nauchno-prakticheskoj konferencii, Stupino, 19–20 fevralya 2020 goda. – Stupino: Moskovskij finansovo-yuridicheskij universitet MFYuA, 2020. – pp. 379-387. 11. Bojchenko, A. V. Osnovy` otkry`ty`x informacionny`x sistem. Uchebnoe posobie / A. V. Bojchenko, V. K. Kondrat`ev, E. N. Filinov. – Moskva : Evrazijskij otkry`ty`j institut, Moskovskij gosudarstvenny`j universitet e`konomiki, statistiki i informatiki, 2004. – P. 160. – ISBN 5776402840. 12. Vyatkin, A. I. Operacionny`e sistemy`, sredy` i obolochki : Uchebnoe posobie / A. I. Vyatkin. – Tyumen` : Tyumenskij gosudarstvenny`j universitet, 2011. – P. 272. – ISBN 9785400004773. 13. Akinin, M. V. Sistemnoe programmirovanie v Linux. Chast` 1. Upravlenie processami : Uchebnoe posobie / M. V. Akinin, N. V. Akinina, S. V. Zasorin. – Moskva : Obshhestvo s ogranichennoj otvetstvennost`yu Izdatel`stvo «KURS», 2019. – P. 192. – (INFORMATIKA). – ISBN 9785907064805. 14. Tanenbaum, E`. N. Operacionny`e sistemy` : Razrabotka i realizaciya (+SD). Klassika CS / E`. N. Tanenbaum, A. L. Vudxall. – 3-e izd. – Sankt-Peterburg : Piter, 2007. – P. 704. – ISBN 9785469014034. 15. Kalashnikov, A. O. Model` upravleniya informacionnoj bezopasnost`yu kriticheskoj informacionnoj infrastruktury` na osnove vy`yavleniya anomal`ny`x sostoyanij (chast` 1) / A. O. Kalashnikov, E. V. Anikina // Informaciya i bezopasnost`. – 2018. – Tom 21. – № 2. – pp. 145-154. 16. Kolmogorov A. N. Tri podxoda k opredeleniyu ponyatiya «kolichestvo informacii» / A.N. Kolmogorov // Problemy` peredachi informacii. – 1965. – Tom 1. – № 1. – pp.3-11. 17. Vereshhagin, N. K. Kolmogorovskaya slozhnost` i algoritmicheskaya sluchajnost` / N. K. Vereshhagin, V. A. Uspenskij, A. Shen`. – Moskva : MCzNMO, 2013. – P. 575. – ISBN 9785443902128. 18. Pechnikov, A. A. Ob ispol`zovanii kolmogorovskoj slozhnosti dlya issledovaniya sxozhesti izobrazhenij / A. A. Pechnikov // Mezhdunarodny`j nauchno-issledovatel`skij zhurnal. – 2018. – № 5(71). – pp. 59-61. – DOI 10.23670/IRJ.2018.71.024. 19. Gubin, A. N. Informacionnaya e`ffektivnost` intellektual`ny`x sistem podderzhki prinyatiya reshenij / A. N. Gubin, V. L. Litvinov, F. V. Filippov // Informacionny`e sistemy` i texnologii v modelirovanii i upravlenii : Sbornik trudov V Mezhdunarodnoj nauchno-prakticheskoj konferencii, Yalta, 20–22 maya 2020 goda / Otv. redaktor K.A. Makovejchuk. – Yalta: Obshhestvo s ogranichennoj otvetstvennost`yu «Izdatel`stvo Tipografiya «Arial», 2020. – pp. 19-23. 20. Luk`yanova, O. A. E`goistichny`j iskusstvenny`j intellekt / O. A. Luk`yanova, O. Yu. Nikitin // Cloud of Science. – 2019. – T. 6. – № 3. – pp. 462-474. 21. Dojnikova, E. V. Analiz zashhishhennosti avtomatizirovanny`x sistem s uchetom socio-inzhenerny`x atak / E. V. Dojnikova, I. V. Kotenko, M. V. Stepashkin // Problemy` informacionnoj bezopasnosti. Komp`yuterny`e sistemy`. – 2011. – № 3. – pp. 40-57. 22. Chechulin, A. A. Metodika operativnogo postroeniya, modifikacii i analiza derev`ev atak / A. A. Chechulin // Trudy` SPIIRAN. – 2013. – № 3(26). – pp. 40-53. 23. Chechulin, A. A. Obrabotka soby`tij bezopasnosti v usloviyax real`nogo vremeni s ispol`zovaniem podxoda, osnovannogo na analize derev`ev atak / A. A. Chechulin, I. V. Kotenko // Problemy` informacionnoj bezopasnosti. Komp`yuterny`e sistemy`. – 2014. – № 3. – pp. 56-59. 24. Kalashnikov, A. O. Modeli kolichestvennogo ocenivaniya komp`yuterny`x atak / A. O. Kalashnikov, K. A. Bugajskij, E. V. Anikina // Informaciya i bezopasnost`. – 2019. – Tom 22. – № 4. – pp. 517-528. |
26-35 |
VISUAL ANALYTICS FOR INFORMATION SECURITY: EFFICIENCY ASSESSMENT AND ANALYSIS OF VISUALIZATION METHODS / I. V. Kotenko, M. V. Kolomeec, K. N. Zhernova, A. A. Chechulin // Cybersecurity issues. – 2021. – № 6(46). – С. 36-46. – DOI: 10.21681/2311-3456-2021-6-36-46.
AbstractThe purpose of the article: to identify and systematize information security problems that are solved using visual analytics methods, applied data visualization models and methods for assessing the effectiveness of visualization models.Research method: a systematic analysis of the application of visual analytics methods for solving information security problems. Analysis of relevant work in the eld of information security and data visualization, as well as methods for assessing visualization. The objects of research are: solving information security problems through visual analysis and methods for assessing the effectiveness of visualization models.The result obtained: an interactive map of visualization models and their areas of application is presented, which will allow researchers and developers to choose the visualization models that are most appropriate for speci c applied information security problems. A classi cation of methods for assessing visualization is presented.The scope of the proposed approach is the creation of visualization models that can be used to increase the ef ciency of operator interaction with information security applications. The proposed article will be useful both for students studying in the direction of training “Information Security”, and for specialists who develop information security systems. Keywords: visual means of interaction, visualization model, methods of evaluation, classification of evaluation methods, data structure, data analysis, support and decision-making. References1. Kotenko I.V., Kolomeetc M.V., Zhernova K.N., Chechulin A.A. Vizual`naia analitika dlia kiberbezopasnosti: oblasti primeneniia, zadachi i modeli vizualizatcii // Voprosy` kiberbezopasnosti, № 4 (44), 2021. C.2-15. DOI: 10.21681/2311-3456-2021-4-2-15 2. Intellektual`ny`e servisy` zashchity` informatcii v kriticheskikh infrastrukturakh / I.V.Kotenko, I.B.Saenko, A.A.Chechulin [i dr.]; pod obshchei` red. I.V.Kotenko, I.B.Saenko. SPb.: BKHV-Peterburg, 2019. 400 s. ISBN 978-5-9775-3968-5. 3. Kolomeetc M.V., Chechulin A.A., Kotenko I.V. Obzor metodologicheskikh primitivov dlia poe`tapnogo postroeniia modeli vizualizatcii danny`kh // Trudy` SPIIRAN. 2015. Vy`p. 5 (42). C. 232-257. 4. Travis D., Hodgson P. Think Like a UX Researcher: How to Observe Users, Influence Design, and Shape Business Strategy. CRC Press, 2019. 5. Hullman J. et al. In pursuit of error: A survey of uncertainty visualization evaluation // IEEE transactions on visualization and computer graphics. 2018. Vol. 25. №. 1. Pp. 903-913. 6. Song H., Szafir D. A. Where’s my data? evaluating visualizations with missing data // IEEE transactions on visualization and computer graphics. 2018. Т. 25. №. 1. С. 914-924. 7. Cappers B.C.M., Wijk J.J. Understanding the context of network trac alerts // 2016 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE, 2016. P. 1-8. 8. Angelini М., Aniello L., Lenti Ѕ., Santucci G., Ucci D. The goods, the bads and the uglies: Supporting decisions in malware detection through visual analytics // 2017 IEEE Symposium оп Visualization for Cyber Security (VizSec). IEEE, 2017. Рp. 1-8. 9. Chen Si., Chen Sh., Andrienko N., Andrienko G., Nguyen Р., Turkay С., Thonnard О., Yuan Х. User behavior map: Visual exploration for cyber security session data // 2018 IEEE Symposium оп Visualization for Cyber Security (VizSec). IEEE, 2018. Рp. 1-4. 10. Staheli D., Yu T., Crouser J., Damodaran S., Nam K., O’Gwynn D., McKenna S., Harrison L. Visualization evaluation for cyber security: Trends and future directions // Proceedings of the Eleventh Workshop on Visualization for Cyber Security. 2014. Pp. 49-56. 11. Dowding D., Merrill J. A. The development of heuristics for evaluation of dashboard visualizations // Applied clinical informatics. 2018. vol. 9. no. 03. Pp. 511-518. 12. Zuk T., Schlesier L., Neumann P., Hancock M., Carpendale S. Heuristics for information visualization evaluation // Proceedings of the 2006 AVI workshop on BEyond time and errors: novel evaluation methods for information visualization. 2006. Pp. 1-6. 13. Arendt D. L., Burtner R., Best D. M., Bos N. D., Gersh J. R., Piatko C. D., Paul C. L. Ocelot: user-centered design of a decision support visualization for network quarantine // 2015 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE, 2015. Pp. 1-8. 14. Arendt D. L., Lyndsey R. F., Yang F., Brisbois B., LaMothe R. Crush Your Data with ViC 2 ES Then CHISSL Away // 2018 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE, 2018. Pp. 1-8. 15. Yang Y., Collomosse J., Manohar A., Briggs J., Steane J. Tapestry: Visualizing interwoven identities for trust provenance // 2018 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE, 2018. Pp. 1-4. 16. Elmqvist N., Yi J. S. Patterns for visualization evaluation //Information Visualization. 2015. vol. 14. No. 3. Pp. 250-269. 17. Fu B., Noy N. F., Storey M. A. Eye tracking the user experience–An evaluation of ontology visualization techniques // Semantic Web. 2017. vol. 8. No. 1. Pp. 23-41. 18. Kim Н., Ко Ѕ., Kim D., Kim Н. Firewall ruleset visualization analysis tool based on segmentation // 2017 IEEE Symposium оп Visualization for Cyber Security (VizSec). IEEE, 2017. Рp. 1-8. 19. Arendt D., Best D., Burtner R., Lyn Paul C. CyberPetri at CDX 2016: Real-time network situation awareness // 2016 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE, 2016. Pp. 1-4. |
36-46 |
Budnikov, S. A. MODELING OF APT-ATTACKS EXPLOITING THE ZEROLOGON VULNERABILITY / S. A. Budnikov, E. E. Butrik, S. V. Soloviev // Cybersecurity issues. – 2021. – № 6(46). – С. 47-61. – DOI: 10.21681/2311-3456-2021-6-47-61.
AbstractPurpose: the need to assess the effectiveness of the security systems for signi cant objects of critical information infrastructure determines the need to develop simple and adequate mathematical models of computer attacks. The use of mathematical modeling methods in the design of security system of signi cant object allows without signi cant cost and impact on the functioning of the object to justify the requirements to the system as a whole or its individual parts. The purpose of the present paper is to develop a model of the process of multistage targeted computer attack that exploits the Zerologon vulnerability, based on the representation of the attack by a Markov random process with discrete states and continuous time. Methods: methods of Markov process theory, probability theory, computational mathematics and graph theory are used in the model to formalize the attack. Novelty: application of methods of computational mathematics for functional analysis of the results of Kolmogorov’s system of equations allows to solve the problem of maximizing the time of stable operation of critical information infrastructure during computer attacks against it, using the known methods of analysis of continuous functions. Result: formulated a general statement of the problem of modeling the process of a multistage targeted computer attack using a system of Kolmogorov equations, describing the probabilities of being in con ict states of the security system with the intruder. By the Adams method implemented in Mathcad environment, numerical solutions depending on time were obtained. We introduce a security system performance index as a ratio of probability of triggering the security system and blocking intruder’s actions during the attack to the probability of successful completion of the attack. We give an example of research of computer attack realization in a typical information infrastructure, including a corporate network with domain architecture and an automated control system of some technological process. 1 For the considered example de ned the optimal values of time parameters of security system. When implementing protective measures with reasonable probabilistic-time characteristics proved an increase in time of stable operation of critical information infrastructure from 11 to 189 hours Keywords: significant object, computer attack, critical information infrastructure, Markov processes, security system. References1. Maslova N.A. Metody` ocenki e`ffektivnosti sistem zashhity` informacionny`x sistem // Shtuchnij іntelekt. 2008. № 4. S. 253-264. 2. Sheluxin O.I. Modelirovanie informacionny`x sistem: uchebnoe posobie dlya vuzov. 2-e izd. M.: Goryachaya liniya–Telekom, 2012. 516 s. 3. Kotenko D.I., Kotenko I.V., Saenko I.B. Metody` i sredstva modelirovaniya atak v bol`shix komp`yuterny`x setyax: sostoyanie problemy’ // Trudy` SPIIRAN. 2012. № 3(22). S. 5-30. 4. Kocynyak M.A., Lauta O.S., Ivanov D.A., Lukina O.M. Model` vozdejstviya targetirovannoj kiberneticheskoj ataki na informacionnotelekommunikacionnuyu set` // Voprosy` oboronnoj texniki. Seriya 16: Texnicheskie sredstva protivodejstviya terrorizmu. 2019. № 3-4 (129-130). S. 58-65. 5. Andreeshhev I.A., Budnikov S.A., Gladkov A.V. Polumarkovskaya model` ocenki konfliktnoj ustojchivosti informacionnoj infrastruktury` // Vestnik Voronezhskogo gosudarstvennogo universiteta. Seriya: Sistemny`j analiz i informacionny`e texnologii. 2017. № 1. S. 10-17. 6. Kotenko D.I., Kotenko I.V., Saenko I.B. Modelirovanie atak v bol`shix komp`yuterny`x setyax // Texnicheskie nauki - ot teorii k praktike. 2013. № 17-1. S. 12-16. 7. Tumoyan E.P. Metod modelirovaniya komp`yuterny`x atak na osnove veroyatnostny`x avtomatov // Izvestiya YuFU. Texnicheskie nauki. 2008. № 8 (85). S. 120-126. 8. Yazov Yu.K., Solov`ev S.V. Zashhita informacii v informacionny`x sistemax ot nesankcionirovannogo dostupa. Voronezh: Kvarta, 2015. 440 s. 9. Dobry`shin M.M., Zakalkin P.V. Model` komp`yuternoj ataki tipa «Phishing» na lokal`nuyu komp`yuternuyu set` // Voprosy` kiberbezopasnosti. 2021. № 2(42). S. 17-25. DOI: 10.21681/2311-3456-2021-2-17-25. 10. Klimov S.M. Imitacionny`e modeli ispy`tanij kriticheski vazhny`x informacionny`x ob``ektov v usloviyax komp`yuterny`x atak // Izvestiya YuFU. Texnicheskie nauki. 2016. № 8 (181). S. 27-36. DOI: 10.18522/2311-3103-2016-8-2736. 11. Yazov Yu.K., Anishhenko A.V. Seti Petri-Markova i ix primenenie dlya modelirovaniya processov realizacii ugroz bezopasnosti informacii v informacionny`x sistemax. Monografiya. Voronezh: Kvarta, 2020. 173 s. 12. Ventcel` E.S., Ovcharov L.A. Teoriya sluchajny`x processov i ee inzhenerny`e prilozheniya. M.: Vy`sshaya shkola, 2000. 383 s. 13. Fomicheva S.G., Zhemelev G.A. Modelirovanie e`kspluatacii uyazvimosti Zerologon // Zavalishinskie chteniya’21: XVI Mezhdunarodnaya konferenciya po e`lektromexanike i robototexnike, Sankt-Peterburg, 15–18 aprelya 2021 goda. Sankt-Peterburg: Sankt-Peterburgskij gosudarstvenny`j universitet ae`rokosmicheskogo priborostroeniya, 2021. S. 334-341. 14. Ventcel` E.S. Issledovanie operacij. M.: Sovetskoe radio, 1972. 552 s. 15. Oxorzin V.A. Optimizaciya e`konomicheskix sistem. Primery` i algoritmy` v srede Mathcad. M.: Finansy` i statistika, 2005. 144 s. |
47-61 |
Mikhailov, D. M. APPROACHES TO MATHEMATICAL SIMULATION OF CYBER ATTACKS ON MOBILE DEVICEST / D. M. Mikhailov, S. V. Dvoryankin, V. V. Chumanskaya // Cybersecurity issues. – 2021. – № 6(46). – С. 62-67. – DOI: 10.21681/2311-3456-2021-6-62-67.
AbstractThe relevance of the topic of protecting mobile devices from cyber attacks is due to a signi cant increase in the number and share of mobile gadgets among modern devices for accessing the Internet. The purpose of the article is to mathematically substantiate and formalize the models of the most common attacks on mobile devices. On the basis of the constructed models, methods are proposed to prevent and neutralize intrusions into the system of smartphones and tablet computers.Method: applied system analysis of the results of generalization and classi cation of typical types of attacks on mobile devices, elements of the theory of probability.Results: the features of mechanisms for the formation of vulnerabilities of mobile devices were determined. The important aspects of determining the effectiveness of modern technologies for protecting against cyber attacks on mobile devices are identi ed. A brief overview of the main approaches to mathematical modeling of the most common attacks is given. Additional requirements are formulated for an adequate choice of protection methods depending on the type of attacks. Recommendations are formulated to ensure the security of a mobile device against threats. Methods for reducing the probability of system damage by the most common attacks are proposed. Keywords: smartphone, tablet, digital economy, digital infrastructure, brute-force attacks, exploit programs, hardware and software bookmarks, methods of protection against attacks, organizational protection measures, technical protection measures, identification of vulnerabilities. References1. Bazhenov S.V., Korovin S.D., Sukhov A.V., Makeev V.I. Poblemy zashchity sovremennykh sredstv svyazi / Omsk, Academy of Military Sciences, 2012. 104 p. 2. S. J. Alsunaidi and A. M. Almuhaideb, “Security Methods Against Potential Physical Attacks on Smartphones,” 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), 2019, pp. 1-6. DOI: 10.1109/CAIS.2019.8769458 3. Yegorova E.I., Borisenko P.S. Ataki po storonnim kanalam na smartfony na primere elektromagnitnykh atak I metody protivodeystviya im // In the collection: Collection of works of the VII Congress of young scientists. St. Petersburg, 2018. P. 45-47. 4. Butalova N.G., Sitnikov T.A. Analiz prichin uyazvimosti mobilnykh prilozheniy I sredstva zashchity // REDS: Telecommunication devices and systems.2016. Т. 6. № 4. P. 534-537. 5. Mikhaylov D.M., Fesenko S.D., Zhukov I.Y., Nasenkov I.G. Vozdeystvie vnedrennykh programmnykh zakladok na bezopasnost mobilnykh telefonov // Information security problems. Computer systems. 2015. № 2. P. 86-90. 6. Mostovoy R.A., Levina A.B., Sleptsova D.M., Borisenko P.S. Ataki po storonnim kanalam na mobilnye telefony // Bulletin of Computer and Information Technologies. 2019. № 12 (186). P. 46-53. 7. Beltov A.G., Zhukov I.Y., Mikhaylov D.M., Starikovskiy A.V., Tolstaya A.M. Ataki na mobilnye telefony, ispolzueshchie mekhanizm avtomaticheskoy nastroyki // Information technology security. 2012. Т. 19. № 2S. P. 22-25. 8. Rapetov A.M., Shishin O.I., Aristov M.S., Kholyavin V.B., Savchuk A.V., Zhorin F.V. Metody polucheniya dostupa k dannym, khranimym na mobilnom ustroystve i obrabatyvaemym im // Special equipment and communication. 2014. № 1. P. 7-13. 9. R. Spreitzer, V. Moonsamy, T. Korak and S. Mangard, “Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices,” in IEEE Communications Surveys & Tutorials, vol. 20, No.1, pp. 465-488, Firstquarter 2018. DOI: 10.1109/COMST.2017.2779824 10. J. Jose, T. T. Tomy, V. Karunakaran, Anjali Krishna V, A. Varkey and Nisha C.A., “Securing passwords from dictionary attack with charactertree,” 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), 2016, pp. 2301-2307. DOI: 10.1109/WiSPNET.2016.7566553 |
62-67 |
INCREASING HARDWARE-SOFTWARE PLATFORMS TRUST LEVELS TO PREVENT EXPLOITING BIOS VULNERABILITIES / A. Y. Borovikov, O. A. Maslov, S. A. Mordvinov, A. A. Esafiev // Cybersecurity issues. – 2021. – № 6(46). – С. 68-77. – DOI: 10.21681/2311-3456-2021-6-68-77.
AbstractIn this publicaton, a technique to increase trust levels of foreign and domestic-made hardware-software platforms, which are used to create specialised devices and computing facilities, which are meeting safety requirements and protected from BIOS vulnerabilities, to work with classi ed information, was made. Problems, which developer might encounter, were listed; methods of troubleshooting were proposed, and conclusions were made.The purpose of research is to investigate an ability of designing trusted foreign and domestic-made hardware-software platforms, protected from exploiting BIOS vulnerabilities.Research methods: in order to achieve the purpose of research, an analysis of Russian’s industrial-grade PC modules was made in order to choose PC module that will be used for designing trusted hardware-software platform, an analysis of known BIOS vulnerabilities was made; proprietary BIOS replacement in a form of domestic-made Horizon bootloader, which includes unauthorised access to information protection measures, was made and possibilty of practical use of trusted hardware-software platform with Horizon bootloader was overviewed.Obtained result: PC module for trusted hardware-software platform was selected, proprietary BIOS replacement in a form of domestic-made Horizon bootloader, which includes unauthorized access to information protection measures, was made; technique to increase trust levels of foreign and domestic-made hardware-software platforms, which are used to create specialized devices and computing facilities, which are meeting safety requirements and protected from BIOS vulnerabilities, to work with classi ed information, was made; an approach to create trusted hardware-software platform design requirements and conditions was made; needs to exclude potentially dangerous Intel Management Engine controller’s functionality were justi ed and proposal to use trusted hardware-software platform with Horizon bootloader was made Keywords: cybersecurity, import substitution, trusted boot, trusted hardware-software platform, BIOS, Horizon bootloader, Intel Management Engine, specialised devices, computing facilities, unauthorised access to information, computer attacks, vulnerabilities. References1. Avezova Ya.E., Fadin A.A., Voprosy obespecheniya doverennoi zagruzki v fizicheskih i virtualnyh sredah // Voprosy kiberbezopastnosti. 2016. №1. S. 24-30. DOI:10.21681/2311-3456-2016-1-24-30 2. Lydin S.S. O sredstvah doverennoi zagruzki dlya apparatnyh platform s UEFI BIOS // Voprosy zashity informacii. 2016. №3. S. 45-50. 3. Chekin R.N. Sovremennye ugrozy bezopastnosti obrabotki informacii so storony vstroennogo programnogo obespecheniya // Doklady Tomskogo gosudarstvennogo universiteta sistem upravleniya i radioelektroniki. 2016. №1. S. 54-55. 4. Markin D.O., Umbetov T.K., Arhipov M.A., Minachev V.M. Sovremennye tehnologii postroeniya doverennyh sred ispolneniya prilozhenii na urovne bazovoi sistemy vvoda-vyvoda // sbornik statei po itogam Mezhdunarodnoi nauchno-prakticheskoi konferencii «Bezopastnye informacionnye tehnologii», 2019. S. 282-284. 5. Ogoluk A.A., Shabalin A.V. Analiz bezopastnosti udalennogo dostupa sredstvami Intel Management Engine // Izvestiya vyshih uchebnyh zavedenii. Priborostroenie. 2018. T. 61. №1. 6. I. Pankova, A. Konopleva, and A.. Chernov. Analysis of the Security of UEFI BIOS Embedded Software in Modern Intel-Based Computers // Automatic Control and Computer Sciences, 2019, Vol. 53, No. 8, pp. 865–869. 7. Chernov A.Yu., Konoplev A.S. Zadacha postroeniya doverennoi vychislitelnoi sredy na apparatnoi platforme Intel // Problemy informacionnoi bezopastnosti. Kompyuternye sistemy. 2016. №4. S. 36-41. 8. M. Ermolov, M. Goryachy. How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME. // Positive Technologies - learn and secure. URL: http://blog.ptsecurity.com/2018/01/running-unsigned-code-in-intel-me.html. 9. (Accessed: 16.07.2021).10. Rauchberger J., Luh. R., Schrittwieser S. Longkit – A Universal Framework for BIOS/UEFI Rootkits in System Management Mode // Proceedings of the 3rd International Conference on Information Systems Security and Privacy. 2017. pp. 346-353. 11. Gefner I.S., Markov A.S. Mehanizmy realizacii atak na urovne bazovoi sistemy vvoda/vyvoda // Zashita informacii. Insaid. 2017. № 5. S. 80-83. 12. Kostromin K., Dokuchaev B., Kozlov D. Analysis of the Most Common Software and Hardware Vulnerabilities in Microprocessor Systems. // 2020 International Russian Automation Conference (RusAutoCon). 2020. pp 1031-1036. 13. A. Ogolyuk, A. Sheglov, K. Sheglov. UEFI BIOS and Intel Management Engine Attack Vectors and Vulnerabilities // Proceding of the 20th Conference of Fruct Association. 2017. pp 657-662. 14. Bezzubov A.F., Sinitsiyn I.V., Primenenie vichislitelnikh sistem otechestvennogo proizvodstva kak sredstvo povisheniya informacionnoy bezopasnosty VUZa // Vestnik rossiyskoy tamojennoy akademii. 2017. №2. S. 106-110 15. Alekseev D.M., Ivanenko K.N., Ubirailo V.N. Doverennaya zagruzka kak mehanizm informacionnoi bezopastnosti // Vliyanie nauki na innovacionnoe razvitie. 2017. S. 19-20. 16. Borovikov A.Yu., Novikov K.B., Maslov O.A. Opisanie podhoda programnoi realizacii modulya doverennoi zagruzki operacionnoi sistemy // Naukoemkie tehnologii v kosmicheskih issledovaniyah Zemli. 2019. Т. 11. No 1. S. 43–48. |
68-77 |
Buinevich, M. V. LANGUAGE OF THE PROGRAM CODE UNIFORM PRESENTATION FOR SEARCHING MEDIUM- AND HIGH-LEVEL VULNERABILITIES: THE BASIC PROVISIONS OF PARADIGM / M. V. Buinevich, K. E. Izrailov, V. V. Pokussov // Cybersecurity issues. – 2021. – № 6(46). – С. 78-89. – DOI: 10.21681/2311-3456-2021-6-78-89.
AbstractPurpose of the study: increasing the ef ciency of an expert in searching for medium-level (in algorithms) and high-level (in architecture) vulnerabilities in the program code due to the innovative paradigm of the language for its presentation. Method: consists in the analysis of relevant works on the subject of approaches, methods and notations for representing algorithms and software architecture with highlighting the strengths and weaknesses of solutions, synthesizing the paradigm for the presentation of the program code and qualitatively assessing the effectiveness of each of the provisions of the paradigm (by contradiction method); ef ciency is understood as a combination of its three indicators: the number of type I and II errors, the search time and the cognitive stress of the expert. The results obtained: description of the idea and 7 main provisions of the paradigm of the pseudocode language for a uni ed description of algorithms and architecture with the maximum necessary and minimum suf cient degree of formalization; the main practical signi cance of the representations of the program code obtained in this way is their intended use for analysis by an information security expert for the presence of medium and high-level vulnerabilities; also, for each position, their qualitative in uence on the performance indicators of vulnerability search by an expert was established. Keywords: information security, software, vulnerability, programming language, paradigm. References1. Shadrin D.V. Aktual`nost` ugroz informacionnoj bezopasnosti dlya informacionny`x sistem // NovaInfo.Ru. 2016. T. 3. № 53. S. 41-44. eLIBRARY ID: 27185592 2. Nesov V.S., Malikov O.R. Avtomaticheskij poisk uyazvimostej v bol`shix programmax // Informacionnoe protivodejstvie ugrozam terrorizma. 2006. № 7. S. 281-291. eLIBRARY ID: 9572348 3. Avetisyan A., Belevancev A., Borodin A., Nesov V. Ispol`zovanie staticheskogo analiza dlya poiska uyazvimostej i kriticheskix oshibok v isxodnom kode programm // Trudy` Instituta sistemnogo programmirovaniya RAN. 2011. T. 21. S. 23-38. eLIBRARY ID: 17103027 4. Blagodarenko A.V. Metodika avtomatizirovannogo poiska uyazvimostej v programmnom obespechenii bez isxodny`x kodov // Sistemy` vy`sokoj dostupnosti. 2011. T. 7. № 2. S. 65-69. eLIBRARY ID: 17098464 5. Bujnevich M.V., Izrailov K.E., Mostovich D.I. Sravnitel`ny`j analiz podxodov k poisku uyazvimostej v programmnom kode // Aktual`ny`e problemy` infotelekommunikacij v nauke i obrazovanii (APINO-2016): sbornik nauchny`x statej V mezhdunarodnoj nauchnotexnicheskoj i nauchno-metodicheskoj konferencii. SPbGUT. 2016. S. 256-260. eLIBRARY ID: 27296306 6. Zhurov D.P., Pyaty`x S.O., Sosinskaya S.S. Ispol`zovanie vneshnego DSL ANTLR dlya razrabotki programmnogo obespecheniya postroeniya blok-sxem po psevdokodu // Austrian Journal of Technical and Natural Sciences. 2015. № 5-6. S. 49-50. eLIBRARY ID: 25620176 7. Shevelyov I.A., Fedyaev O.I. Formalizaciya predstavleniya test-kejsov s pomoshh`yu test-orientirovannogo psevdokoda // Informatika, upravlyayushhie sistemy`, matematicheskoe i komp`yuternoe modelirovanie (IUSMKM-2020): sbornik materialov XI Mezhdunarodnoj nauchno-texnicheskoj konferencii v ramkax VI Mezhdunarodnogo Nauchnogo foruma Doneczkoj Narodnoj Respubliki. Doneczk. 2020. S. 82-86. eLIBRARY ID: 42907950 8. Knyazeva M.D. Algoritmika: ot algoritma k programme: uchebnoe posobie. Ser. Informatika. Moskva: KUDICz-OBRAZ, 2006. 192 s. eLIBRARY ID: 23878311 9. Stepanov A.M., Stepanov M.F. Osnovy` algoritmizacii i programmirovaniya na yazy`ke S: uchebnoe posobie. Saratov: Saratovskij gosudarstvenny`j texnicheskij universitet, 2016. 88 s. eLIBRARY ID: 27462813 10. Kashhej V.V. Metodicheskie osobennosti ispol`zovaniya sredstv avtomatizacii zapisi algoritmov i programm v kurse informatiki // Konferencium ASOU: sbornik nauchny`x trudov i materialov nauchno-prakticheskix konferencij. 2016. № 2. S. 720-733. eLIBRARY ID: 27683379 11. Buzovskij O.V., Aleshhenko A.V., Podrubajlo A.A. Sistema avtomaticheskoj generacii kodov po graficheskim sxemam algoritmov // Vіsnik Naczіonal`nogo texnіchnogo unіversitetu Ukraїni «Kiїvs`kij polіtexnіchnij іnstitut». Serіya: Іnformatika, upravlіnnya ta obchislyuval`na texnіka. 2009. № 51. S. 208-215. eLIBRARY ID: 22791201 12. Izrailov K.E. Rasshirenie yazy`ka «C» dlya opisaniya algoritmov koda telekommunikacionny`x ustrojstv // Informacionny`e texnologii i telekommunikacii. 2013. T. 1. № 2. S. 21-31. eLIBRARY ID: 21133498 13. Zobnin R.E. Graficheskij redaktor dlya otobrazheniya diagramm Nessi-Shnejdermana: svidetel`stvo o gosudarstvennoj registracii programmy` dlya E`VM RU № 2015619448 ot 04.09.2015. eLIBRARY ID: 39336508 14. Parondzhanov V.D. Druzhelyubny`e algoritmy`, ponyatny`e kazhdomu, kak uluchshit` rabotu uma bez lishnix xlopot. Moskva: DMK Press, 2010. 464 s. eLIBRARY ID: 20242517 15. Parondzhanov V.D. Graphic syntax of the DRACON language // Programmirovanie. 1995. T. 21. № 3. S. 45-62. eLIBRARY ID: 12754683 16. Bujnevich M.V., Izrailov K.E., Pokusov V.V., Yaroshenko A.Yu. Osnovny`e principy` proektirovaniya arxitektury` sovremenny`x sistem zashhity` // Nacional`naya bezopasnost` i strategicheskoe planirovanie. 2020. № 3 (31). S. 51-58. DOI: 10.37468/2307-1400-2020-3-51-58 17. Bujnevich M.V., Izrailov K.E. Utilita dlya poiska uyazvimostej v programmnom obespechenii telekommunikacionny`x ustrojstv metodom algoritmizacii mashinnogo koda. Chast` 1. Funkcional`naya arxitektura // Informacionny`e texnologii i telekommunikacii. 2016. T. 4. № 1. S. 115-130. eLIBRARY ID: 26191560 18. Izrailov K.E. Utilita dlya poiska uyazvimostej v programmnom obespechenii telekommunikacionny`x ustrojstv metodom algoritmizacii mashinnogo koda. Chast` 2. Informacionnaya arxitektura // Informacionny`e texnologii i telekommunikacii. 2016. T. 4. № 2. S. 86-104. eLIBRARY ID: 27468771 19. Izrailov K.E., Pokusov V.V. Utilita dlya poiska uyazvimostej v programmnom obespechenii telekommunikacionny`x ustrojstv metodom algoritmizacii mashinnogo koda. Chast` 3. Modul`no-algoritmicheskaya arxitektura // Informacionny`e texnologii i telekommunikacii. 2016. T. 4. № 4. S. 104-121. eLIBRARY ID: 29041144 20. Gordienko A.V., Zolotov O.I., Kogan V.E. Arxitektura programm modelirovaniya // Sovremennoe obrazovanie: soderzhanie, texnologii, kachestvo. 2010. T. 2. S. 167-168. eLIBRARY ID: 26598715 21. Yachny`j I.V., Klimenko A.Ya. Opisanie arxitektury` instrumental`ny`x sredstv dlya sozdaniya avtomatizirovanny`x kommercheskotexnologicheskix sistem // Texnicheskie nauki – ot teorii k praktike. 2013. № 23. S. 37-44. 22. Suxov A.O. Teoreticheskie osnovy` razrabotki DSL-instrumentariya s ispol`zovaniem grafovy`x grammatik // Informatizaciya i svyaz`. 2011. № 3. S. 35-37. eLIBRARY ID: 17086901 23. Zelenov S.V., Zelenova S.A. Modelirovanie programmno-apparatny`x sistem i analiz ix bezopasnosti // Trudy` Instituta sistemnogo programmirovaniya RAN. 2017. T. 29. № 5. S. 257-282. DOI: 10.15514/ISPRAS-2017-29(5)-13 24. Levin I.I., Dordopulo A.I., Gudkov V.A., Gulenok A.A. Rasshirenie yazy`ka programmirovaniya vy`sokogo urovnya COLAMO dlya bitovoj obrabotki // Nauchny`j servis v seti Internet: vse grani parallelizma: trudy` Mezhdunarodnoj superkomp`yuternoj konferencii. Novorossisjk. 2013. S. 371-374. eLIBRARY ID: 22446876 25. Mixeeva V.D. Metody` rasshireniya yazy`kov programmirovaniya (chast` 1) // Informacionno-upravlyayushhie sistemy`. 2010. № 4 (47). S. 46-52. eLIBRARY ID: 15002700 26. Mixeeva V.D. Metody` rasshireniya yazy`kov programmirovaniya (chast` 2) // Informacionno-upravlyayushhie sistemy`. 2010. № 5 (48). S. 37-42. eLIBRARY ID: 15235777 27. Yuan E. Towards Ontology-Based Software Architecture Representations // Processings of the 1st International Workshop on Establishing the Community-Wide Infrastructure for Architecture-Based Software Engineering (ECASE). Buenos Aires, Argentina. 2017. PP. 21-27. DOI: 10.1109/ECASE.2017.5 28. W. Chen, T. Li and J. Li. Algebraic Model and Formal Description Language of Software Architecture // Processings of the 1st International Workshop on Education Technology and Computer Science. United States. 2009. PP. 659-665. DOI: 10.1109/ETCS.2009.407. 29. Pham V., Radermacher A., Gerard S., Li S. Bidirectional Mapping between Architecture Model and Code for Synchronization // Processings of International Conference on Software Architecture (ICSA). 2017. PP. 239-242. DOI: 10.1109/ICSA.2017.41 30. Shilov N.V. Zametki o tryox paradigmax programmirovaniya // Komp`yuterny`e instrumenty` v obrazovanii. 2010. № 2. S. 24-37. eLIBRARY ID: 15002994 31. Bujnevich M.V., Pokusov V.V., Yaroshenko A.Yu., Xoroshenko S.V. Kategorial`ny`j podxod v prilozhenii k sintezu arxitektury` integrirovannoj sistemy` obespecheniya bezopasnosti informacii // Problemy` upravleniya riskami v texnosfere. 2017. № 4 (44). S. 95-102. eLIBRARY ID: 32601997 32. Pokusov V.V. Formalizaciya i opredelenie korrektnosti protokola informacionno-texnicheskogo vzaimodejstviya(na primere integrirovannoj sistemy` zashhity` informacii) // Informatizaciya i svyaz`. 2021. № 2. S. 55-68. DOI: 10.34219/2078-8320-2021-12-2-55-68 33. Bujnevich M.V., Izrailov K.E. Antropomorficheskij podxod k opisaniyu vzaimodejstviya uyazvimostej v programmnom kode. Chast` 1. Tipy` vzaimodejstvij // Zashhita informacii. Insajd. 2019. № 5 (89). S. 78-85. eLIBRARY ID: 41221386 34. Bujnevich M.V., Izrailov K.E. Antropomorficheskij podxod k opisaniyu vzaimodejstviya uyazvimostej v programmnom kode. Chast` 2. Metrika uyazvimostej // Zashhita informacii. Insajd. 2019. № 6 (90). S. 61-65. eLIBRARY ID: 41494732 35. Izrailov K.E., Obrezkov A.I., Kurta P.A. Podxod k vy`yavleniyu posledovatel`nosti odnocelevy`x setevy`x atak s vizualizaciej ix progressa e`kspertu // Metody` i texnicheskie sredstva obespecheniya bezopasnosti informacii. 2020. № 29. S. 68-69. eLIBRARY ID: 44017276 36. Bujnevich M.V., Vlady`ko A.G., Izrailov K.E., Shherbakov O.V. Arxitekturny`e uyazvimosti modelej telekommunikacionny`x setej // Nauchno-analiticheskij zhurnal «Vestnik Sankt-Peterburgskogo universiteta Gosudarstvennoj protivopozharnoj sluzhby` MChS Rossii». 2015. № 4. S. 86-93. eLIBRARY ID: 25294888 37. Izrailov K.E. Model` prognozirovaniya ugroz telekommunikacionnoj sistemy` na baze iskusstvennoj nejronnoj seti // Vestnik INZhE`KONa. Seriya: Texnicheskie nauki. 2012. № 8 (59). S. 150-153. eLIBRARY ID: 18244835 38. Izrailov K.E., Vasil`eva A.Yu. Yazy`k opisaniya modeli bezopasnosti telekommunikacionnoj seti // Novy`e informacionny`e texnologii i sistemy` (NITiS-2012): trudy` X Mezhdunarodnoj nauchno-texnicheskoj konferencii. Penza. 2012. S. 272-275. eLIBRARY ID: 28771694 39. Bujnevich M.V., Izrailov K.E., Shherbakov O.V. Strukturnaya model` mashinnogo koda, specializirovannaya dlya poiska uyazvimostej v programmnom obespechenii avtomatizirovanny`x sistem upravleniya // Problemy` upravleniya riskami v texnosfere. 2014. № 3(31). S. 68-74. eLIBRARY ID: 22553713 40. Bujnevich M.V., Izrailov K.E., Shherbakov O.V. Model` mashinnogo koda, specializirovannaya dlya poiska uyazvimostej // Vestnik Voronezhskogo instituta GPS MChS Rossii. 2014. № 2 (11). S. 46-51. eLIBRARY ID: 21574302 41. Bujnevich M.V., Izrailov K.E. Analiticheskoe modelirovanie raboty` programmnogo koda s uyazvimostyami // Voprosy` kiberbezopasnosti. 2020. № 3 (37). S. 2-12. DOI: 10.21681/2311-3456-2020-03-02-12 42. Izrailov K.E. Sistema kriteriev ocenki sposobov poiska uyazvimostej i metrika ponyatnosti predstavleniya programmnogo koda // Informatizaciya i svyaz`. 2017. № 3. S. 111-118. eLIBRARY ID: 29108491 |
78-89 |
Klyucharev, P. G. CELLULAR AUTOMATA AND THEIR GENERALIZATIONS IN CRYPTOGRAPHY. PART 1. / P. G. Klyucharev // Cybersecurity issues. – 2021. – № 6(46). – С. 90-101. – DOI: 10.21681/2311-3456-2021-6-90-101.
AbstractThe purpose of the article is an analytical review of the application of cellular automata and their generalizations in cryptography. Research method: an analysis of scientific publications on the topic of the article. Results: The review article analyzes the literature devoted to the use of classical cellular automata and their generalizations for the construction of cryptographic algorithms. The article consists of two parts. The first part is devoted to classical cellular automata and symmetric cryptographic algorithms based on them. It briefly discusses the history of the theory of cellular automata and its applications in various scientific disciplines. The review of the works of a number of authors who proposed symmetric cryptographic algorithms and pseudorandom sequence generators based on one-dimensional cellular automata is presented. The security of such cryptographic algorithms turned out to be insufficient. The following is a review of articles devoted to the use of two-dimensional cellular automata for constructing ciphers (this approach gave the best results). Multidimensional cellular automata are also mentioned. The second part of the article will be devoted to a review of works devoted to the use of generalized cellular automata in cryptography - on the basis of such automata, it is possible to create symmetric encryption algorithms and cryptographic hash functions that provide a high level of security and high performance in hardware implementation (for example, on FPGA), as well as having fairly low requirements for hardware resources. In addition, an attention will be paid to interesting connections of generalized cellular automata, in the context of their use in cryptography, with the theory of expander graphs. Attention will also be paid to the security of cryptographic algorithms based on generalized cellular automata. The works devoted to the implementation of various cryptographic algorithms based on generalized cellular automata on FPGA and GPU will be mentioned. In addition, an overview of asymmetric cryptographic algorithms based on cellular automata will be given. The questions about the belonging of some problems on cellular automata and their generalizations to the class of NP-complete problems, as well as to some other complexity classes, will also be considered. Keywords: cellular automation, stream cipher, block cipher, hash function. References1. Von Neumann J. The general and logical theory of automata // Proc. Hixon Symposium on Cerebral Mechanisms in Behavior / Ed. by L. A. Jeffress. — New York, 1951. — P. 1–31. 2. Toffoli T., Margolus N. Mashiny kletochnykh avtomatov. — M. : Mir, 1991. — 280 p. 3. Adamatzky A. Game of Life Cellular Automata. — Springer London, 2010. — 579 p. 4. Ceccherini-Silberstein T., Coornaert M. Cellular Automata and Groups. — Springer Berlin Heidelberg, 2010. — 440 p. 5. Codd E., Ashenhurst R. Cellular Automata. — Academic Press, 1968. — 132 p. 6. Gutowitz H. Cellular Automata: Theory and Experiment. — MIT Press, 1991. — 483 p. 7. Ilachinski A. Cellular Automata: A Discrete Universe. — World Scientific, 2001. — 808 p. 8. Margenstern M. Small Universal Cellular Automata in Hyperbolic Spaces: A Collection of Jewels. — Springer Berlin Heidelberg, 2013. — 320 p. 9. McIntosh H. One Dimensional Cellular Automata. — Luniver Press, 2009. — 280 p. 10. Rosin P., Adamatzky A., Sun X. Cellular Automata in Image Processing and Geometry. — Springer International Publishing, 2014. — 304 p. 11. Wolfram S. A New Kind of Science. — Wolfram Media, 2002. — 1192 p. 12. Wolfram S. Cellular automata // Los Alamos Science. — 1983. — Vol. 9. — P. 2–21. 13. Packard N., Wolfram S. Two-dimensional cellular automata // Journal of Statistical Physics. — 1985. — Vol. 38. — P. 901–946. 14. Wolfram S. Cryptography with cellular automata // Lecture Notes in Computer Science. — 1986. — Vol. 218. — P. 429–432. 15. Wolfram S. Cellular automation supercomputing // High-speed computing: scientific applications and algorithm design / Ed. by Robert B. Wilhelmson. — University of Illinois Press, 1988. — P. 40–48. 16. Wolfram S. Random sequence generation by cellular automata // Advances in Applied Mathematics. — 1986. — Vol. 7. — P. 123–169. 17. Wolfram S. Cellular automata and complexity: collected papers. — Addison-Wesley Reading, MA, 1994. — Vol. 1. — 608 p. 18. Sarkar P. A brief history of cellular automata // Acm computing surveys (csur). — 2000. — Vol. 32, no. 1. — P. 80–107. 19. Schiff J. L. Cellular automata: a discrete view of the world. — John Wiley & Sons, 2011. — Vol. 45. — 272 p. 20. Zhukov A. E. Kletochnye avtomaty v kriptografii. Chast’ 1 // Voprosy kiberbezopasnosti. — 2017. — № 3(21). — P. 70–76. 21. Kudryavtsev V. B., Podkolzin A. S. Ob osnovnykh napravleniyakh v teorii odnorodnykh struktur // Diskretnaya matematika. — 1989. — T. 1, № 3. — P. 229–250. 22. Kudryavtsev V. B., Podkolzin A. S. Kletochnye avtomaty. // Intellektual’nye sistemy. — 2006. — T. 10, № 1-4. — P. 657–692. 23. Kudryavtsev V. B., Podkolzin A. S., Bolotov A. A. Osnovy teorii odnorodnykh struktur. — M.: Nauka, 1992. — 298 p. 24. Wolfram S. Cellular Automata And Complexity: Collected Papers. — CRC Press, 2018. — 608 p. 25. Termodinamika neobratimykh protsessov i nelineinaya dinamika / E.M. Kol’tsova, L.S. Gordeev, Tret’yakov Yu.D., Vertegel A.A. — M.: Yurlait, 2019. — 430 p. 26. Deutsch A., Dormann S. et al. Cellular automaton modeling of biological pattern formation. — Springer, 2005. — 464 p. 27. White S. H., Del Rey A. M., Sanchez G. R. Modeling epidemics using cellular automata // Applied mathematics and computation. — 2007. — Vol. 186, no. 1. — P. 193–202. 28. Menshutina N. V., Kolnoochenko A. V., Lebedev E. A. Cellular automata in chemistry and chemical engineering // Annual Review of Chemical and Biomolecular Engineering. — 2020. — Vol. 11. — P. 87–108. 29. Kier L., Seybold P., Cheng C. Modeling Chemical Systems Using Cellular Automata. — Springer, 2005. — ISBN: 9781402036576. 30. Andreeva O. V. Model’ i algoritmy dlya otsenki povrezhdennosti mikrostruktury poverkhnosti metallov i splavov po izobrazheniyam : Dis… kand. tekhn. nauk: 05.13.01 / Ol’ga Vyacheslavovna Andreeva ; Nizhegor. gos. tekhn. un-t im R.E. Alekseeva. — Nizhnii Novgorod, 2017. — 162 p. 31. Wagner D. F. Cellular automata and geographic information systems // Environment and planning B: Planning and design. — 1997. — Vol. 24, no. 2. — P. 219–234. 32. Batty M., Xie Y., Sun Z. Modeling urban dynamics through gis-based cellular automata // Computers, environment and urban systems. — 1999. — Vol. 23, no. 3. — P. 205–233. 33. Torrens P. M., O’Sullivan D. Cellular automata and urban simulation: where do we go from here? — 2001. 34. Hoekstra A. G., Kroc J., Sloot P. M. Simulating complex systems by cellular automata. — Springer, 2010. — 384 p. 35. Zuse K. Calculating Space. MIT technical translation. — Massachusetts Institute of Technology, Project MAC, 1970. — 188 p. 36. Wolfram S. A Project to Find the Fundamental Theory of Physics. — Wolfram Media, Incorporated, 2020. — 770 p. — ISBN: 9781579550356. 37. Matyushkin I. V., Zapletina M. A. Obzor po tematike kletochnykh avtomatov na baze sovremennykh otechestvennykh publikatsii // Komp’yuternye issledovaniya i modelirovanie. — 2019. — № 1. — P. 9–57. 38. Gardner M. The fantastic combinations of John Conway’s new solitaire game ЋLifeL // Scientific American. — 1970. — Vol. 223. — P. 120–123. 39. Meier W., Staffelbach O. Analysis of pseudo random sequences generated by cellular automata // Workshop on the Theory and Application of of Cryptographic Techniques / Springer. — 1991. — P. 186–199. 40. Sarkar P. Hiji-bij-bij: A new stream cipher with a self-synchronizing mode of operation // International Conference on Cryptology in India / Springer. — 2003. — P. 36–51. 41. Joux A., Muller F. Two attacks against the hbb stream cipher // International Workshop on Fast Software Encryption / Springer. — 2005. — P. 330–341. 42. Karmakar S., Mukhopadhyay D., Chowdhury D. R. Cavium-strengthening trivium stream cipher using cellular automata. // J. Cell. Autom. — 2012. — Vol. 7, no. 2. — P. 179–197. 43. De Canniere C. Trivium: A stream cipher construction inspired by block cipher design principles // Information Security. — Springer, 2006. — P. 171–186. 44. Das S., Chowdhury D. R. Castream: A new stream cipher suitable for both hardware and software // International Conference on Cellular Automata / Springer. — 2012. — P. 601–610. 45. Bardell P. H. Analysis of cellular automata used as pseudorandom pattern generators // Proceedings. International Test Conference 1990 / IEEE. — 1990. — P. 762–768. 46. Fuster-Sabater A., Caballero-Gil P. On the use of cellular automata in symmetric cryptography // Acta Applicandae Mathematica. — 2006. — Vol. 93, no. 1. — P. 215–236. 47. Bouvry P., Seredynski F., Zomaya A. Y. Application of cellular automata for cryptography // International conference on parallel processing and applied mathematics / Springer. — 2003. — P. 447–454. 48. Tomassini M., Perrenoud M. Cryptography with cellular automata // Applied Soft Computing. — 2001. — Vol. 1, no. 2. — P. 151–160. 49. Henricksen M. A critique of some chaotic-map and cellular automata-based stream ciphers // Annual Asian Computing Science Conference / Springer. — 2009. — P. 69–78. 50. Bao F. Cryptanalysis of a partially known cellular automata cryptosystem // IEEE Transactions on Computers. — 2004. — Vol. 53, no. 11. — P. 1493–1497. 51. Random number generation — Wolfram Mathematica 7 documentation. — Access mode: http://reference.wolfram.com/mathematica/tutorial/RandomNumberGeneration.html. 52. Mukhopadhyay D., RoyChowdhury D. Cellular automata: an ideal candidate for a block cipher // International Conference on Distributed Computing and Internet Technology / Springer. — 2004. — P. 452–457. 53. Achkoun K., Hanin C., Omary F. SPF-CA: A new cellular automata based block cipher using key-dependent S-boxes // Journal of Discrete Mathematical Sciences and Cryptography. — 2020. — Vol. 23, no. 8. — P. 1529–1544. 54. Seredynski M., Bouvry P. Block encryption using reversible cellular automata // International Conference on Cellular Automata / Springer. — 2004. — P. 785–792. 55. Seredynski M., Bouvry P. Block cipher based on reversible cellular automata // New Generation Computing. — 2005. — Vol. 23, no. 3. — P. 245–258. 56. Cellular automata based cryptosystem (CAC) / Subhayan Sen, Chandrama Shaw, Dipanwita Roy Chowdhuri et al. // International Conference on Information and Communications Security / Springer. — 2002. — P. 303–314. 57. Bao F. Cryptanalysis of a new cellular automata cryptosystem // Australasian Conference on Information Security and Privacy / Springer. — 2003. — P. 416–427. 58. DamgAard I. B. A design principle for hash functions // Conference on the Theory and Application of Cryptology / Springer. — 1989. — P. 416–427. 59. Daemen J., Govaerts R., Vandewalle J. A framework for the design of one-way hash functions including cryptanalysis of damgAard’s one-way function based on a cellular automaton // International Conference on the Theory and Application of Cryptology / Springer. — 1991. — P. 82–96. 60. HCAHF: A New Family of CA-based Hash Functions / Anas Sadak, Fatima Ezzahra Ziani, Bouchra Echandouri et al. // International Journal of Advanced Computer Science and Applications. — 2019. — Vol. 10. — P. 12. 61. ElRakaiby M. M. Cryptographic hash function using cellular automata // International Journal of Computer Applications Technology and Research. — 2016. — Vol. 5, no. 5. — P. 238–240. 62. Jeon J.-C. Cellular automata based cryptographic hash function // Proceedings of the International Conference on Scientific Computing (CSC) / The Steering Committee of The World Congress in Computer Science, Computer …. — 2011. — P. 1. 63. Jeon J.-C. One-way hash function based on cellular automata // IT Convergence and Security 2012. — Springer, 2013. — P. 21–28. 64. Cash: cellular automata based parameterized hash / Sukhendu Kuila, Dhiman Saha, Madhumangal Pal, Dipanwita Roy Chowdhury // International Conference on Security, Privacy, and Applied Cryptography Engineering / Springer. — 2014. — P. 59–75. 65. Rajeshwaran K., Kumar K. A. Cellular automata based hashing algorithm (cabha) for strong cryptographic hash function // 2019 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT) / IEEE. — 2019. — P. 1–6. 66. A lightweight hash function based on cellular automata for mobile network / Xing Zhang, Qinbao Xu, Xiaowei Li, Changda Wang // 2019 15th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN) / IEEE. — 2019. — P. 247–252. 67. Tanasyuk Y., Perepelitsyn A., Ostapov S. Parameterized fpga-based implementation of cryptographic hash functions using cellular automata // 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT) / IEEE. — 2018. — P. 225–228. 68. Sponge functions / Guido Bertoni, Joan Daemen, MichaЈel Peeters, Gilles Van Assche // ECRYPT hash workshop / Citeseer. — Vol. 2007. — 2007. 69. Sukhinin B. M. Primenenie klassicheskikh i neodnorodnykh kletochnykh avtomatov pri postroenii vysokoskorostnykh generatorov psevdosluchainykh posledovatel’nostei // Proektirovanie i tekhnologiya elektronnykh sredstv. — 2009. — № 3. — P. 47–51. 70. Sukhinin B. M. Vysokoskorostnye generatory psevdosluchainykh posledovatel’nostei na osnove kletochnykh avtomatov // Prikladnaya diskretnaya matematika. — 2010. — № 2. — P. 34–41. 71. Sukhinin B. M. O vliyanii parametrov lokal’noi funktsii svyazi na raspredelenie znachenii yacheek dvoichnykh kletochnykh avtomatov // Ob”edinennyi nauchnyi zhurnal. — 2010. — № 8. — P. 39–41. 72. Sukhinin B. M. O lavinnom effekte v kletochnykh avtomatakh // Ob”edinennyi nauchnyi zhurnal. — 2010. — № 8. — P. 41–46. 73. Sukhinin B. M. O novom klasse generatorov psevdosluchainykh posledovatel’nostei na osnove kletochnykh avtomatov // Ob”edinennyi nauchnyi zhurnal. — 2010. — № 8. — P. 46–49. 74. Sukhinin B. M. Prakticheskie aspekty otsenki kachestva generatorov sluchainykh posledovatel’nostei s ravnomernym raspredeleniem // Ob”edinennyi nauchnyi zhurnal. — 2010. — № 8. — P. 49–55. 75. Sukhinin B. M. Issledovanie kharakteristik lavinnogo effekta v dvoichnykh kletochnykh avtomatakh s ravnovesnymi funktsiyami perekhodov // Nauka i obrazovanie. MGTU im. N.E. Baumana. Elektron. zhurn. — 2010. — № 8. 76. Sukhinin B. M. Razrabotka generatorov psevdosluchainykh dvoichnykh posledovatel’nostei na osnove kletochnykh avtomatov // Nauka i obrazovanie. MGTU im. N.E. Baumana. Elektron. zhurn. — 2010. — № 9. 77. Sukhinin B. M. O nekotorykh svoistvakh kletochnykh avtomatov i ikh primenenii v strukture generatorov psevdosluchainykh posledovatel’nostei // Vestnik Moskovskogo gosudarstvennogo tekhnicheskogo universiteta im. N.E. Baumana. Seriya: Priborostroenie. — 2011. — № 2. — P. 68–76. 78. Sukhinin B. M. Odnorodnye dvumernye bulevy kletochnye avtomaty i ikh svoistva primenitel’no k generatsii psevdosluchainykh posledovatel’nostei // Sistemy vysokoi dostupnosti. — 2011. — T. 7, № 2. — P. 39–41. 79. Sukhinin B. M. Razrabotka i issledovanie vysokoskorostnykh generatorov psevdosluchainykh ravnomerno raspredelennykh dvoichnykh posledovatel’nostei na osnove kletochnykh avtomatov : Dis… kand. tekhn. nauk: 05.13.17 / Boris Mikhailovich Sukhinin ; MGTU im. N.E. Baumana. — M., 2011. — 224 p. 80. Haldar T., Chowdhury D. R. Design of hash function using two dimensional cellular automata // Proceedings of the Fifth International Conference on Mathematics and Computing / Springer. — 2021. — P. 33–45. 81. Tanasyuk Y., Ostapov S. Development and research of cryptographic hash functions based on two-dimensional cellular automata // Informatyka, Automatyka, Pomiary w Gospodarce i Ochronie Srodowiska. — 2018. — Vol. 8. |
90-101 |
Leave a Reply