Structural modeling of threats to information security of computer-aided design systems
Authors: Volosatova T.M., Chichvarin I.N. | Published: 12.09.2013 |
Published in issue: #3(92)/2013 | |
DOI: | |
Category: Informatics & Computing Technology | |
Keywords: threat models, information security of CAD system, threat of unauthorized access, false data vector, data leakage vector, probabilistic automation, fuzzy automation, non-deterministic automation, deterministic automation, composition of automata |
The state of the art of aids for ensuring security ofinformation systems is discussed. It is shown that since the Computer-Aided Design (CAD) system is a very specific information system, it is necessary also to develop specific models of its security threats. The fact that CAD is an open continuously varying system in which CALS technologies are applied is taken into account. The need is stressed for developing a unified methodology for creation of a threat model of the CAD information security (CAD IS), which allows the development of CAD IS subsystems to be approached from the common positions at different design institutions. It is shown that the CAD IS threat models must and can be equipped with an expert component enabling heuristics (that inevitably accompany the process of threat model formation for any information system) to be formalized.
References
[1] Norenkov I.P. Razrabotka sistem avtomatizirovannogo proektirovaniya [Computer-aided design]. Moscow, Bauman Moscow State Tech. Univ. Publ., 1994. 203 p.
[2] Volosatova T.M., Chichvarin I.N. Specifics of information security in CAD. Izv. Vyssh. Uchebn. Zaved. Ser. Mashinostr. Spets. Vyp. [Bull. Inst. Higher Educ. Ser. Mach. Constr. Spec. Issue], 2012, pp. 89-94 (in Russ.).
[3] Chichvarin N.V. Ekspertnye komponenty SAPR [Expert CAD components]. Moscow, Mashinostroenie Publ., 1991. 240 p.
[4] Volosatova T.M., Denisov A.V., Chichvarin N.V. Combined methods for protecting data in CAD. Inf. Tekhnol. [Inf. Technol.], 2012, no. 5, pp. 1-32 (in Russ.).
[5] Mishin E.T., Olenin Yu.A., Kapitonov A.A. Enterprise security: new accents. Konvers. Mashinostr. [Convers. Mach. Build.], 1998, no. 4, pp. 31-47 (in Russ.).
[6] OKB SAPR: Programmno-apparatnye kompleksy zashchity informatsii ot NSD [EDO CAD: Software and hardware systems to protect information from unauthorized access]. Available at: http://www.accord.ru
[7] Meshcheryakov V.A., Vyalykh S.A., Gerasimenko V.G. Methodical justification of requirements to the information protection from software and mathematical influence in automated information systems in critical applications. Zh. Bezop. Inf. Tekhnol. [J. Saf. Inf. Technol.], 1996, no. 2, pp. 37-51 (in Russ.).
[8] Hill I.O. Search technique for multimodal surfaces. J. IEEE Trans, 1969, vol. SSC-5, no. 1, pp. 2-8.
[9] Arbib M.A. Algebraic theory of machines, languages, and semi-groups. London, Academic Press, 1968. 359 p. (Russ. ed.: Arbib M. Algebraicheskaya teoriya avtomatov, yazykov i polugrupp. Moscow, Statistika Publ., 1975. 335 p.).