Model of cybersecurity means financing with the procedure of additional data obtaining by the protection side

The article describes the model of cybersecurity means financing strategies of the information object with incomplete information about the financial resources of the attacking side. The proposed model is the core of the module of the developed decision support system in the problems of choosing rational investing variants for information protection and cybersecurity of various information objects. The model allows to find financial solutions using the tools of the theory of multistep games with several terminal surfaces. The authors proposed an approach that allows information security management to make a preliminary assessment of strategies for financing the effective cybersecurity systems. The model is distinguished by the assumption that the protection side does not have complete information, both about the financing strategies of the attacking side, and about its financial resources state aimed at overcoming cybersecurity lines of the information object. At the same time, the protection side has the opportunity to obtain additional information by the part of its financial resources. This makes it possible for the protection side to obtain a positive result for itself in the case when it can not be received without this procedure. The solution was found using a mathematical apparatus of a nonlinear multistep quality game with several terminal surfaces with alternate moves. In order to verify the adequacy of the model there was implemented a multivariate computational experiment. The results of this experiment are described in the article. © 2005 - ongoing JATIT & LL

Development of a conceptual model of adaptive access rights management with using the apparatus of Petri nets

The paper describes the conceptual model of adaptive control of cyber protection of the informatization object (IO). Petri's Networks were used as a mathematical device to solve the problem of adaptive control of user access rights. The simulation model is proposed and the simulation in PIPE v4.3.0 package is performed. The possibility of automating the procedures for adjusting the user profile to minimize or neutralize cyber threats in the objects of informatization is shown. The model of distribution of user tasks in computer networks of IO is proposed. The model, unlike the existing, is based on the mathematical apparatus of Petri's Networks and contains variables that allow reducing the power of the state space. Access control method (ACM) is added. The addenda touched upon aspects of reconciliation of access rights that are requested by the task and requirements of the security policy and the degree of consistency of tasks and access to the IO nodes. Adjustment of rules and security metrics for new tasks or redistributable tasks is described in the notation of Petri nets

Development of a conceptual model of adaptive access rights management with using the apparatus of Petri Nets

The paper describes the conceptual model of adaptive control of cyber protection of the informatization object (IO). Petri's Networks were used as a mathematical device to solve the problem of adaptive control of user access rights. The simulation model is proposed and the simulation in PIPE v4.3.0 package is performed. The possibility of automating the procedures for adjusting the user profile to minimize or neutralize cyber threats in the objects of informatization is shown. The model of distribution of user tasks in computer networks of IO is proposed. The model, unlike the existing, is based on the mathematical apparatus of Petri's Networks and contains variables that allow reducing the power of the state space. Access control method (ACM) is added. The addenda touched upon aspects of reconciliation of access rights that are requested by the task and requirements of the security policy and the degree of consistency of tasks and access to the IO nodes. Adjustment of rules and security metrics for new tasks or redistributable tasks is described in the notation of Petri nets