articles

< Back to articles list

The author: Styugin M. Published in № 3(69) 30 june 2017 year
Rubric: Data protection

Buy an article

Download the first page

Implementation of the protection against research technology to raise the security level of computer information systems

Complexity of computer information systems at present does not allow an overall verification to ensure absence errors and vulnerabilities at the development stage. Consequently, the more complex is the system, the more it is subjected to the information security risks. Recently there have been several approaches to solving the security problem for complex information systems. The paper presents a generalized algorithm for development of systems secure from research. The algorithm includes methods for blurring system parameters and methods based on the moving target technology. Both above methods are versatile and can be implemented for typical solutions as well as for unique algorithms applicable to hardware-software solutions. The algorithm includes detection of critical components which when compromised may be a security threat. The search for sources of randomness and parameters, which can be used for building a blurring process or a self-complication process for a computer information system. A system’s protection from research prevents attackers from gathering information sufficient for exploiting vulnerabilities, while the system’s vulnerabilities are not eliminated. A method for quantitative evaluation of changes in the security level of information systems is presented. The method is based on changing the set of potential attacks after implementation of the methods for protection against research. Analysis of the results achieved by implementation of the DKAuth password authentication technology and the BSRouter network security software and hardware complex showed the decreased potential for successful attacks by 25% and 12.26% accordingly.