Geodesic
Usage formal models for vulnerability analysis
Prikladnaâ diskretnaâ matematika, no. 1 (2009), pp. 113-116 
D. N. Kolegov. Usage formal models for vulnerability analysis. Prikladnaâ diskretnaâ matematika, no. 1 (2009), pp. 113-116. http://geodesic.mathdoc.fr/item/PDM_2009_1_a6/
@article{PDM_2009_1_a6,
     author = {D. N. Kolegov},
     title = {Usage formal models for vulnerability analysis},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {113--116},
     year = {2009},
     number = {1},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2009_1_a6/}
}
TY  - JOUR
AU  - D. N. Kolegov
TI  - Usage formal models for vulnerability analysis
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2009
SP  - 113
EP  - 116
IS  - 1
UR  - http://geodesic.mathdoc.fr/item/PDM_2009_1_a6/
LA  - ru
ID  - PDM_2009_1_a6
ER  - 
%0 Journal Article
%A D. N. Kolegov
%T Usage formal models for vulnerability analysis
%J Prikladnaâ diskretnaâ matematika
%D 2009
%P 113-116
%N 1
%U http://geodesic.mathdoc.fr/item/PDM_2009_1_a6/
%G ru
%F PDM_2009_1_a6

Voir la notice de l'article provenant de la source Math-Net.Ru

In the paper the formal approach to vulnerability analysis based on mathematical security models of the computer systems is considered. The attacker model proposed in “Security assessment information technology criteria” is constructed and mathematical definition of the penetration stability is proposed in the terms of the DP-model.

[1] Information technology. Security techniques. Evaluation criteria for IT security. Part 1: Introduction and general model, ISO/IEC 15408–1, 1999

[2] Information technology. Security techniques. Evaluation criteria for IT security. Part 2: Security functional requirements, ISO/IEC 15408–2, 1999

[3] Information technology. Security techniques. Evaluation criteria for IT security. Part 3: Security assurance components, ISO/IEC 15408–3, 1999

[4] Bezopasnost informatsionnykh tekhnologii. Kriterii otsenki bezopasnosti informatsionnykh tekhnologii, Ch. 1, 2 i 3. Rukovodyaschii dokument, Gostekhkomissiya Rossii, M., 2002

[5] Devyanin P. N., Analiz bezopasnosti upravleniya dostupom i informatsionnymi potokami v kompyuternykh sistemakh, Radio i svyaz, M., 2006, 176 pp.

[6] Kolegov D. N., “Analiz bezopasnosti informatsionnykh potokov po pamyati v kompyuternykh sistemakh s funktsionalno i parametricheski assotsiirovannymi suschnostyami”, Prikladnaya diskretnaya matematika, 2009, no. 1, 117–125

[7] NIST. Technical guide to information security testing and assessment, Recommendations of the National Institute of Standarts and Technology, September, 2008

[8] Bezopasnost informatsionnykh tekhnologii. Kontseptsiya otsenki sootvetstviya avtomatizirovannykh sistem trebovaniyam bezopasnosti informatsii, Rukovodyaschii dokument, FSTEK Rossii, M., 2004