ABSTRACT
The purpose of this work is to improve quality of developed threat models for automated process control system (APCs) information security. In accordance with the purpose of the work the authors set the task to develop a method for identifying potential vulnerable elements typical for multi-level APCs and their assessing in order to calculate probability of vulnerability implementation. The peculiarities of APCs that determine occurrence of threats to information security and vulnerable elements are considered. Possible types of threats to information security that can be implemented by an intruder in APCs are given. While carrying out the task the authors propose a method for identifying actual vulnerable system elements. The estimation of APCs security on the basis of the applied security measure analysis is carried out. A way to determine the probability of favorable conditions when using vulnerabilities and formation of the final list of vulnerable elements of APCs is proposed. While confirming efficiency of the developed method, the authors calculate assessment of implementation probability of APCs vulnerabilities through actual vulnerable elements. Implementation of the results into APCs will increase fault tolerance, find potential weaknesses of developed APCs and decrease their operation and protection costs. The results of the research are recommended to use when designing information security systems in APCs.
- D. V. Chernov, A. A. Sychugov, "Analysis of modern requirements and problems of information security of automated process control systems," Neurocomputers, no. 8, pp. 38--46, 2018. Google ScholarCross Ref
- A. Zhilenkov, D. Gilyazov, Power line communication in IoT-systems, 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), 2017. Google ScholarCross Ref
- Metodika opredelenia aktualnih ugroz personalnih dannih pri ih obrabotke v informatsionnih cictemah personalnih dannih» [Methods for determining actual threats to personal data when processing them in personal data information systems] Russia FSTEC. http://fstec.ru.Google Scholar
- D. V. Chernov, A. A. Sychugov, "The formalization of an intruder model of information security of APCs," Proc. of the Tula states university. Technical science, no. 10, pp. 22--27, 2018.Google Scholar
- D. V. Chernov, A. A. Sychugov, Formalizirovannoe predstavlenie potentsiala narushitetya informatsionnoj bezopasnosti ASUTP [Formalized representation of a potential intruder of information security of automated process control systems], Nauchnij zhurnal. Voprosi kiberbezopasnosti, modelirovania i obrabotki informatsii v sovremennih sociotechnicheskih cictemah, no. 6, pp. 49--55, 2018.Google Scholar
- E. Bolelov, A. Sbitnev, Informatsionnaya bezopasnost telecommunicatsionnih system: posobie po vipolnenniyu prakticheskih zanyatij [Information security of telecommunication systems: practical exercise guide], Moscow, MSTU GA, 2014.Google Scholar
- V. Kolomoitcev, K. Bodrov, Calculating the probability of detection and removal of threats to information security in data channels, 2016 XIX IEEE International Conference on Soft Computing and Measurements (SCM), 2016. Google ScholarCross Ref
- V. Semin, A. Kabanov, A statistical approach to the assessment of security threats information system, 2017 International Conference "Quality Management, Transport and Information Security, Information Technologies" (IT&QM&IS), 2017. Google ScholarCross Ref
Index Terms
- Method of identifying and assessing of automated process control systems vulnerable elements
Recommendations
A Philosophy of Security Architecture Design
AbstractDigital systems are almost always vulnerable, yet we increasingly depend on these systems. There will be many threats towards these system. In a fully networked system, the vulnerabilities will literally be exposed to the whole world. The exposed ...
Integrating the Escaping Technique in Preventing Cross Site Scripting in an Online Inventory System
ICISS '19: Proceedings of the 2nd International Conference on Information Science and SystemsThis paper discusses the implementation of the Escaping Technique in an Online Inventory System to prevent the Cross Site Scripting (XSS) attack. It also covers discussion about XSS described as a kind of injection attack that injects malicious scripts ...
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and NetworksMost malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these attacks by protecting program control data. We have constructed a new class of attacks that can compromise network ...
Comments