基于安全风险最小化的分布式计算机系统的集成安全机制研究(IJCNIS-V5-N2-3)

I.J.ComputerNetworkandInformationSecurity,2013,2,21-28PublishedOnlineFebruary2013inMECS()DOI:10.5815/ijcnis.2013.02.03Copyright©2013MECSI.J.ComputerNetworkandInformationSecurity,2013,2,21-28IntegratedSafetyMechanismsBasedonSecurityRisksMinimizationfortheDistributedComputerSystemsVadymMukhinDepartmentofComputerSystemsofNationalTechnicalUniversityofUkraine“KPI”,Kiev,Ukrainev_mukhin@mail.ruArtemVolokytaDepartmentofComputerSystemsofNationalTechnicalUniversityofUkraine“KPI”,Kiev,Ukraineartem_volokyta@kpi.uaAbstract—Today,thereareknownthebasicprinciplesofdecision-makingonthesafetycontrolofdistributedcomputersystemsinthefaceofuncertaintyandrisk.However,inthisareatherearenopracticalmethodsforthequantitativeriskanalysisandassessment,takingintoaccountthedynamicchangesofsecuritythreats,whichistypicalfordistributedcomputersystems.Inthispaperissuggestedanapproachtoassesmentandminimizationofthesecurityrisks,whichallowstoreducethepotentiallossesduetotherealizationofthreats,toanalyzethedynamicsofintrusionsintocomputersystemsandtoselecttheeffectivesecuritytools.Asaresult,thereisdesignedthestructureofthetoolsforriskminimizationinthedistributedcomputersystemsandareformalizedthemainfunctionsofthisstructure.Also,inthepaperissuggestedtheassessmentofriskfactorsofthesecuritythreatsandtheprobabilityofthethreatsrealization,whicharebasedontheirdivisionintoappropriategroups.Theproposedtoolsforsecurityriskminimizationalloweffectivelyidentify,classifyandanalyzethreatstothesecurityofthedistributedcomputingsystems.IndexTerms—distributedcomputersystems;safetymodel;securityrisksminimizationI.INTRODUCTION.THESAFETYPROBLEMSINDISTRIBUTEDCOMPUTERSYSTEMSInthemodernsociety,theinformationtechnologieshavewideimplementationandnowbecametheessentialdevelopmentfactor.Thedistributedcomputersystems(DCS)considerablyraisetheefficiencyofaninformationcomponentintheorganizationsactivities,but,atthesametimetheyareoneofthemostvulnerablecomponents,whichattracttheintruders[1].Theimportanceofsafetyprovidinginthecomputersystemsisincreasingduetoanumberoftheobjectivefactors.Inparticular,theDCSshouldprovidethehighleveloftrusttothemsincetherethevaluableandconfidentialinformationwiththerealvalueforitsownerisstoredandprocessed[2,3].Theunauthorizedaccesstothisinformation,suchas,thedestroyingormodification,canleadtoaseriousdamage.ThesafetyproblemsinDCSaresubdividedintothreecategories[1,4]:1.Integrationproblems;2.Interactionproblems;3.ProblemsoftrustedrelationsDecisionsinoneofcategoriesofproblemswillbeoftenbasedondecisionsinothercategories.Thedependencebetweenthese3categoriesisshownonFig.1.A.IntegrationproblemThearchitectureofDCSsafetyshouldsolvetheproblemofintegrationwithexistingarchitectureandsafetymodels,irrespectiveofaplatformandanenvironmenthosting.Itimpliesthatthearchitectureimplementationshouldbeindependentandallowstomakechangestoexistingsafetymechanisms(forexample,Kerberos,PKI);itshouldbeenabletoaddthenewservicesofsafetywhentheyneed;alsoitshouldbeintegratedwithexistingsafetyservices[4].22IntegratedSafetyMechanismsBasedonSecurityRisksMinimizationfortheDistributedComputerSystemsCopyright©2013MECSI.J.ComputerNetworkandInformationSecurity,2013,2,21-28Fig.1.ThecategoriesofsafetyproblemsinDCSB.InteractionproblemServiceswhichareusedinsetofdomainsandintheenvironmentshosting,shouldinteractwitheachother;thusthereshouldbeprovidedtheinteraction:Attheprotocollevel,Atpolicieslevel,Atuserslevel.C.ProblemoftrustedrelationsTherequestsinDCSmaybetransittedviaseveralsafetydomains.Thetrustedrelationsbetweenthesedomainsareimportantwhenpoint-to-pointinteractionsareperformed[5].Thereshouldbetheoptionforuserstorequestcorrespondingservicesforthesecuredaccess.TheproblemoftrustedrelationsinDCSenvironmentismorecomplicatedbecausethereisnecessarytosupportthedynamicalscalingofDCSresourcesandcontroloftemporaryservices.[6]Thenode-userscreatesuchtemporaryservicestoperformthespecificrequests,whichcalltheotherservices.TheproblemoftemporaryservicescreationincludesIdentificationandauthorization,Introductionofpolicies,Providingtheassurancelevel,theCompositionofpolicies,Delegation.Thepapercontainsthenextmainsections:Modelofsafetyinthedistributedcomputersystems;Approachtosecurityrisksminimizationinthedistributedcomputersystems;Assessmentofriskfactorsofthesecuritythreatsandtheprobabilityofthethreatsrealization.II.REQUIREMENTSTOSAFETYINDCSThemainrequirementtothesafetymechanismsinDCSistheoptiontofindoutandtoaddthenewsafetymechanisms.Thisfactorallowstoselectcertainservicesfromasetofthedistributedarchitectureofsafety,andtoaddtheminanexistingsafetyinfrastructure.SafetyofDCSshouldbecomplexfromthenetworkleveltoapplicationanddataserverslevel,andshouldallowtointegratethesafetymechanisms.ThebasicmodelofDCSsafetyincludesfollowingaspects[7,8,9]:Authentication;Delegation;theUnifiedlogin;Durationofrightaccessactualityandtheirupdate.Authorization;Confidentiality;Privacy;Integrityofmessages;thepolicyexchange;theProtectedrecording;Warranties;Controllability.Theserequirementsandfunctionsformabasisfor