The Concept of Compromising Information in General Scheme of Vulnerability Analysis of Automated Data Processing Systems
Technical cybernetics. Information technology. Computer facilities
For the analysis of security incidents of university automated system (AS), it is necessary to proceed from not only the research methods used by intruders, but the identification of system properties allowing them to carry out their actions. Thus, the task of identification and evaluation of compromising information is araised. The concept of the information compromising AS, i.e. identifiable information that allow to find vulnerability and to use them afterwards, is a problem studied in this paper. It was shown that it is possible to separate several classes of threats realization in accordance with the considered types of vulnerabilities.
The first class is a class of expected threats, that can be attributed many relevant ways of threats realization, the second one is a class of possible, but unexpected threats – a lot of irrelevant ways of threats realization, and the third one is a class of unforeseen and, as a consequence, unexpected threats – there can be many extraordinary ways of threats realization.
The obtained results are the basis for the identification of vulnerabilities of different type AS, and as a consequence, compromising its security features. The results were used to develop proposals for reducing the vulnerability of information security AS of Moscow Aviation Institute, as a new type of problems never considered before for university-class AS.
Keywords:automated data processing system, vulnerability of the system, compromising information, information field, entropy
- Stin E. Kvantovye vychisleniya (Quantum calculations), Izhevsk, NITs «Regulyarnaya i khaoticheskaya dinamika», 2000, 112 p.
- Tarasenko F.P. Vvedenie v kurs teorii informatsii (Introduction in a course of the theory of information), Tomsk, Tomskii universitet, 1968, 240 p.