Conference PaperPDF Available

Enterprise Portal Information Security Violations’ Counteraction Model

Authors:
Natalia G. Miloslavskaya at National Research Nuclear University MEPhI
Natalia G. Miloslavskaya
Veligodsky S.
Veligodsky S.
Veligodsky S.
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Alexander Tolstoy at National Research Nuclear University MEPhI
Alexander Tolstoy
Download full-text PDF
Read full-text
Download citation

Figures

No caption available
… 
Figures - uploaded by Natalia G. Miloslavskaya
Author content
All figure content in this area was uploaded by Natalia G. Miloslavskaya
Content may be subject to copyright.
Content uploaded by Natalia G. Miloslavskaya
Author content
All content in this area was uploaded by Natalia G. Miloslavskaya on Dec 15, 2013
Content may be subject to copyright.
0
Enterprise Portal Information Security Violations’ Counteraction Model
Sergey Veligodsky, Natalia Miloslavskaya, Alexander Tolstoy
National Research Nuclear University MEPhI,
31 Kashirskoe Shosse, 115409, Moscow, Russia, milmur@mephi.edu
Counteracting parties”:
S1 attacker or attacking system with the information security (IS) violation tools, provided with all the
necessary technical tools to perform attacks on Enterprise Portal (EP);
S2 attack object EP with the respective security tools.
Systems’ elements:
working elements SW1,2 (system core), meant for performing target tasks of systems S1, S2;
security elements SS1,2, providing the portals with the possibility of counteracting external actions of the
opposing party;
external active elements SA1,2, meant for acting upon working elements with the purpose of excluding
possibility of their functioning;
administrative centers (a human or an expert system) SM1,2.
Tools being used by the conflicting systems:
1
Tools
Attacker (system S1)
EP (system S2)
Searching
Technical tools of IS analyzing and
vulnerability identification
IDS, IS audit and monitoring tools, tools
for checking EP IS settings
Counter-
measures
Tools for IS threat (breach of information
integrity, confidentiality and availability)
implementation:
unauthorized copying and distributing,
modification, destroying of information etc.;
- interception of data in enterprise and
public networks;
- unauthorized access to EP resource;
- masquerading operation to legal EP users;
- blocking access to EP for legal users;
- malfunction EP resource etc.
Methods and measures for EP IS ensuring:
- identification and authentication;
- implementation and control of EP
resources integrity;
- firewalls and network segment isolation;
- cryptographic tools;
- antivirus and malware protection system;
- implementing IPS;
- providing availability of EP resources;
- managing of IS support systems etc.
Reaction
(=influencing
tools)
Deleting intrusion tracks:
- destroying hardware and software;
- logical bomb;
- supplying incorrect data;
- data deleting or changing;
- implementing methods of inserting,
fragmentation, delaying, encryption or
masquerading data;
- anonymizers, data resellers etc.
Measures for attack response and building
so call “false targets” – Honeynets and
Honeypots etc.
Conflict interaction can be described as the process of systems’ mutual administration with the help of the
system of multiple-step equations, defining interrelation of (Zk1 , Zk2) - process paths of states’ changes of S1,
S2 respectively, before the moment tk+1 and (uk, vk) the whole set of administrative actions of systems S1 and
S2 before the moment tk+1 under the perturbing actions
1,0(1)Kk
,ZZ
,ZZ
,Λ,v,u,ZZ
,Λ,v,u,ZZ
2
src
2
0
1
src
1
0
kkk
22
21k
kkk
11
11k
where Z1src , Z2src are the initial systems’ states;
k is a number of interacting steps of the systems in the conflict.
The result achieved by parties S1 and S2 to the moment t k+1 in the course of the conflict can be depicted as
follows:
11k
Y
=
),,,,( 11 kkk vuZh
21k
Y
=
Effectiveness of administrative actions is evaluated by the current indices:
,,
,
22 1
21
21
11 1
11
11
reqkkk
reqkkk
YYfMW
YYfMW
and by integrated indices:
,,
,,
222
111
req
req
YYfMW
YYfMW
,
where М is an expectation sign;
2
Y1,2 is a real result of usage by the systems their administrative actions;
Yreq is a required result.
Structure of model of conflict interaction of EP IS and attack tools:
Z1k
Y1k
W1k
W1
S*1
uk ε U
R1 < R10
Z1k
Y1k
123
4
5
System S1
R2 < R20
vk ε V
Z2k
Y2kW2k
W2
S*2
Z2k
Y2k
1
2
3
4
5System S2
Λ
6
Blocks 1 depict the process of system’s state changes and the achieved result of administrative actions
(strategies) usage, which goes to blocks 2 for the measurement of their success rate. By the result of success
(effectiveness) measurement of administrative actions (strategies) in block 3 (administrative centre),
possessing the assessment of function of distribution of possible action variants of conflicting parties, the inner
management on choice of the rational variant of actions is formed. Administrative actions are produced in
block 4 on the basis of management of block 3 and presence of active tools, reflected by block 5.
Block 6 reflects conditions of interacting in the form of perturbing factors of different nature.
Restrictions are applied to each type of the resources (for example, the total volume of channel capacity).
1
d
R
<
10d
R
, d=1(1)D,
2
m
R
<
20m
R
, m=1(1)M,
where d, m are numbers of resource types of parties S1, S2 respectively; R1d0, R1m0 are stocks of resources of d
and m types respectively (for example, channel capacity or computation power of control instrumentation
hardware platform).
Such a structure of conflict interaction model makes it possible to synthesize behavior of S2 (EP) in the form
of succession of administrative actions
v * = {v0, v1, ..., vk},
meeting condition
W2 (v *) > W2 req,
where W2req is a required level of success of system S2 functioning (it shall correspond to the required security
level).
ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.