Modeling of the Information System for Critical Use Accessibility
DOI:
https://doi.org/10.31649/1997-9266-2019-142-1-41-57Keywords:
: information system of critical use, accessibility, managed semi-markov process, optimization, mathematical programmingAbstract
Specification of the security of the information system for critical use (ISCU) within the CIA triad can’t be considered complete without an application model of such a system’s accessibility taking into account its topology, since it is expected that the ISCU will be deployed on a multi-server platform that includes a server-registration center and a set of connected with it data servers. In general, the ISCU’s accessibility involves the allocation of an authorized user in response to its input information resource environment, the finite amount of which is limited to the concept of a virtual machine. The topology of the ISCU assumes that virtual machines can be created either in the information environment of the server-registration center or in the information environment of the data servers or in both of these information environments at the same time in accordance with the location of the information resources to which the authorized user addresses, the rules of support for its actions, formulated in the system security policy, and the degree of the functioning capacity of the relevant information environments. Accessibility restriction will be linked to the lack of free resources in the ISCU to create new virtual machines at the request of authorized user, which will temporarily discard new incoming requests for service operations to release system resources. The article presents new mathematical models for managing the ISCU’s accessibility, which, unlike the existing ones, take into account the topological features of the ISCU, passing of its service operations in the management of the access of authorized users to the system’s information environment and formalize the connection of the set of service operations with a set of system responses on incoming requests of authorized users in the form of a managed semi-markov process with reserve of resources for self-security measures, which allows using the mathematical programming apparatus for optimal management of ISCU’s accessibility strategy for minimizing the cost of its operation and allows stochastically assess the system’s accessibility at any stage of its life cycle. On the basis of the created models, a simulation of the ISCU’s accessibility in the Matlab was conducted. The results of the research showed that the rules of response to incoming requests of authorized users received on the basis of the proposed models, depending on the system’s functioning capacity and the service operations with are performed in the system’s information environment, allow to maintain the probability of incoming requests rejection of authorized users within the specified threshold, minimizing the costs for the ISCU’s functioning. However, the analysis of the empirical results of the ISCU’s operation, the rules of the system security policy which were synthesized on the basis of the accessibility model with the resources reservation to the system’s self security, showed that with the rapid increase in the intensity of incoming requests from authorized users with high rates of insecure the number of access rejection begins to increase quadratically. Studies have shown that in order to avoid the above described drop in the ISCU’s accessibility it is necessary to foresee a system resource reserve of 20 % at the design stage. In general, the experimental results obtained confirmed the adequacy of the proposed ISCU’s accessibility models.
References
В. В. Ковтун «Концепція впровадження автоматизованої системи розпізнавання мовця у процес автентифікації для доступу до критичної системи,» Вісник Вінницького політехнічного інституту, № 5, с. 41-52, 2018. https://doi.org/10.31649/1997-9266-2018-140-5-41-52 .
S. K. Dong, F. Machida, and K. S. Trivedi, “Availability Modeling and Analysis of a Virtualized System,” in 15th IEEE Pacific Rim International Symposium on Dependable Computing PRDC ‘09, pp. 365-371, 2009.
R. Ghosh, F. Longo, V. K. Naik, K. S. Trivedi, “Modeling and performance analysis of large scale IaaS Clouds [Теxt]” Future Generation Computer Systems, vol. 29 (2), pp. 1216-1234, 2013.
Marcello Trovati, Win Thomas, Quanbin Sun, and Georgios Kontonatsios, “Assessment of Security Threats via Network Topology Analysis: An Initial Investigation,” in 12th International Conference, GPC, Italy, vol. 10232, pp. 416-425, 2017. https://doi.org/10.1007/978-3-319-57186-7_31 .
Shibo Luo, Mianxiong Dong, Kaoru Ota, Jun Wu, and Jianhua Li, “A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks,” Sensors (Basel, Switzerland), vol. 15 (8), pp. 31843–31858, 2015. https://doi.org/10.3390/s151229887 .
B. Wei, C. Lin, and X. Kong, “Dependability Modeling and Analysis for the Virtual Data Center of Cloud Computing,” IEEE International Conference on High Performance Computing and Communications, pp. 784-789, 2011.
T. Thein, and J. S. Park, “Availability Analysis of Application Servers Using Software Rejuvenation and Virtualization,” Journal of Computer Science and Technology, Institute of Computing Technology Beijing, vol. 24 (2), pp. 339-346, 2009.
R. R. Scadden, R. J. Bogdany, J. W. Clifford, and H. D. Pearthree, “Resilient hosting in a continuous available virtualized environment,” IBM Systems Journal, Atlanta, vol. 47 (1), pp. 535-548, 2008.
Y. S. Dai, M. Xie, and K. L. Poh, “Reliability of grid service systems,” Computers & Industrial Engineering, vol. 50 (1–2), pp. 130-147, 2006.
Y. S. Dai, B. Yang, J. Dongarra, and G. Zhang, “Cloud Service Reliability: Modeling and Analysis” [Electronic resource]. Access mode: http://www.netlib.org/utk/ people/JackDongarra/PAPERS/ .
Quanjun Yin, Shiguang Yue, Yabing Zha, and Peng Jiao, “A Semi-Markov Decision Model for Recognizing the Destination of a Maneuvering Agent in Real Time Strategy Games,” Mathematical Problems in Engineering, vol. 2016, Article ID 1907971, 15 p, 2016. https://doi.org/10.1155/2016/1907971 .
Dongyan Chen, and Kishor S.Trivedi, “Optimization for condition-based maintenance with semi-Markov decision process,” Reliability Engineering & System Safety, vol. 90, iss. 1, pp. 25-29, 2005. https://doi.org/10.1016/j.ress.2004.11.001 .
Arash Khodadadi, Pegah Fakhari, Jerome R. “Busemeyer Learning to maximize reward rate: a model based on semi-Markov decision processes,” Frontiers in neuroscience, USA, vol. 8, Article ID 101, 15 p, 2014. https://doi.org/10.3389/fnins.2014.00101.
M. U. Khan, “Representing Security Specifications in UML State Machine Diagrams,” Procedia Computer Science, vol. 56, pp. 453-458, 2015. https://doi.org/10.1016/j.procs.2015.07.235 .
N. V. Vaidya, and N. W. Khobragade, “Solution of Game Problems Using New Approach,” Journal of Computer Science and Technology. International Journal of Engineering and Innovative Technology (IJEIT). vol. 3, iss. 5, pp. 181-186, 2009.
I. Dogan, “Engineering simulation with MATLAB: improving teaching and learning effectiveness,” Procedia Computer Science, vol. 3, pp. 853-858, 2011. https://doi.org/10.1016/j.procs.2010.12.140 .
O. V. Bisikalo, V. V. Kovtun, M. S. Yukhimchuk, and I. F. Voytyuk, “Analysis of the automated speaker recognition system of critical use operation results,” Radio Electronics, Computer Science, Control, № 4, pp. 71-84, 2018. https://doi.org/10.15588/1607-3274-2018-4-7.
Downloads
-
PDF (Українська)
Downloads: 198
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
