Mathematical modeling of user perception in information security systems

Mikhail A. Styugin; Alexey A. Kytmanov

Geodesic

Parcourir par

Mathematical modeling of user perception in information security systems

Mikhail A. Styugin ; Alexey A. Kytmanov

Žurnal Sibirskogo federalʹnogo universiteta. Matematika i fizika, Tome 8 (2015) no. 4, pp. 454-466.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

The problem of the functional structures research is considered in this example of information systems. A feature of such research is that it is not always possible to ensure that the research results will match reality. This is a topic of current interest in the field of design and analysis of information security systems and software analysis for undeclared capabilities of systems in general. By undeclared capabilities, we refer to a functionality available in software that is invisible to users and can be used / exploited by an intruder. This paper presents a model of a researcher and of a functional object investigated by him. Based on this model, informational limitations of the researcher are shown. The mathematical model of the subjective structure of an investigated system is constructed. It is shown in which cases this structure is stable. This article answers the question of if the researcher can claim that his subjective functional structure corresponds to the actual structure of the investigated system. We provide examples of such approach on certain mathematical models of information security.

Keywords: mathematical models of information security, model of the researcher, information structure of the conflict, information flows, misinformation, black box model, graph theory.

@article{JSFU_2015_8_4_a8,
     author = {Mikhail A. Styugin and Alexey A. Kytmanov},
     title = {Mathematical modeling of user perception in information security systems},
     journal = {\v{Z}urnal Sibirskogo federalʹnogo universiteta. Matematika i fizika},
     pages = {454--466},
     publisher = {mathdoc},
     volume = {8},
     number = {4},
     year = {2015},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/JSFU_2015_8_4_a8/}
}

TY  - JOUR
AU  - Mikhail A. Styugin
AU  - Alexey A. Kytmanov
TI  - Mathematical modeling of user perception in information security systems
JO  - Žurnal Sibirskogo federalʹnogo universiteta. Matematika i fizika
PY  - 2015
SP  - 454
EP  - 466
VL  - 8
IS  - 4
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/JSFU_2015_8_4_a8/
LA  - en
ID  - JSFU_2015_8_4_a8
ER  -

%0 Journal Article
%A Mikhail A. Styugin
%A Alexey A. Kytmanov
%T Mathematical modeling of user perception in information security systems
%J Žurnal Sibirskogo federalʹnogo universiteta. Matematika i fizika
%D 2015
%P 454-466
%V 8
%N 4
%I mathdoc
%U http://geodesic.mathdoc.fr/item/JSFU_2015_8_4_a8/
%G en
%F JSFU_2015_8_4_a8

Mikhail A. Styugin; Alexey A. Kytmanov. Mathematical modeling of user perception in information security systems. Žurnal Sibirskogo federalʹnogo universiteta. Matematika i fizika, Tome 8 (2015) no. 4, pp. 454-466. http://geodesic.mathdoc.fr/item/JSFU_2015_8_4_a8/

Bibliographie
Cité par

[1] S. Goldwasser, G. Rothblum, “On best-possible obfuscation”, Journal of Cryptology, 27:3 (2014), 480–505 | DOI | MR | Zbl

[2] Y. Tang, P. Lin, Z. Luo, “Obfuscating encrypted web traffic with combined objects”, 10th International Conference on Information Security Practice and Experience, ISPEC 2014 (Fuzhou, China), LNCS, 8434, 2014, 90–104

[3] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. S. Ucla, S. Vadhan, K. Yang, “On the (Im)possibility of obfuscating programs”, Journal of the ACM, 59:2 (2012), Article 6 | DOI | MR

[4] M. Harrison, W. Ruzzo, J. Ullman, “Protection in operating system”, Communication of ACM, 19:8 (1976), 461–471 | DOI | MR | Zbl

[5] D. E. Bell, L. J. La Padula, Secure Computer Systems: Unified Exposition and Multics Interpretation, MITRE Corp., Bedford, Mass., 1976

[6] D. E. Denning, “Lattice model of secure information flow”, Communications of the ACM, 19:5 (1976), 236–243 | DOI | MR | Zbl

[7] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, C. E. Youman, “Computer role-based access control models”, Computer, 29:2 (1996), 38–47 | DOI

[8] R. S. Sandhu, “The typed access matrix model”, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, CA, USA), 1992, 122–136

[9] M. Soshi, M. Maekawa, E. Okamoto, “The Dynamic-Typed Access Matrix Model and Decidability of the Safety Problem”, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E87-A:1 (2004), 190–203 | MR

[10] G. Lowe, “Quantifying Information Flow”, CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations (2002)

[11] G. Smith, “On the Foundations of Quantitative Information Flow”, FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures (2009), 288–302 | MR

[12] R. Clarkson, A. C. Myers, F. B. Schneider, “Quantifying information flow with beliefs”, Journal of Computer Security, 17:5 (2009), 655–701

[13] M. Styugin, “Protection Against System Research”, Cybernetics and Systems: An International Journal, 45:4 (2014), 362–372 | DOI

[14] Styugin, Protection against system research. Methods and models of secured system construction and information management in a conflict, Lambert Academic Publishing, 2011