Systems and Means of Informatics
2014, Volume 24, Issue 3, pp 18-31
SECURE ARCHITECTURE OF DISTRIBUTED SYSTEMS
- A. A. Grusho
- N. A. Grusho
- E. E. Timonina
- S. Ya. Shorgin
Abstract
Distributed components of an enterprise information system (IS) interact among themselves through a network, providing information about production activity of an enterprise or an organization. There is a class of vulnerabilities creating threats to correct and safe execution of the functions of IS. Often, hackers look for vulnerabilities using a malicious code which independently extends between hosts of IS while getting to the least protected
nodes. Let V be the set of components of the distributed IS and E be the set of possible interactions between components, then G = (V, E) is the architecture of the distributed IS. The following decomposition of architecture of the distributed IS is considered as a hierarchy of architecture of classes of components. The architecture of the network of the distributed IS represents the bottom level of decomposition. The following levels of hierarchy are the architecture of applications and the architecture of information technologies. The top level of hierarchy is the architecture of the distributed IS. Architectural threats are the transit through hosts of the malicious code and information leakage through information technologies. Secure architecture is such architecture which within available means reduces risks of implementation of architectural threats. The architecture of IS is secured if there are no direct interactions between high- risky and high-valuable components. Necessary and sufficient conditions of existence of secure architecture of a distributed IS are found. It is defined under what condition it is possible to insert new tasks or information technologies to a distributed IS or to make other changes safely.
[+] References (5)
- Department of Defense Standard. December 1985. DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria.
- ISO/IEC 15408-1-2002. Informatsionnye tekhnologii. Metody i sredstva obespeche- niya bezopasnosti. Kriterii otsenki bezopasnosti informatsionnykh tekhnologiy. Chast' 1. Vvedenie i obshchaya model' [Information technology. Security techniques. Evaluation criteria for IT security. Part 1. Introduction and general model]. 2002. Moscow: IPK Standards Publishing House.
- ISO/IEC 15408-2-2008. Informatsionnye tekhnologii. Metody i sredstva obespeche- niya bezopasnosti. Kriterii otsenki bezopasnosti informatsionnykh tehnologiy. Chast' 2. Funktsional'nye trebovaniya bezopasnosti [Information technology. Security techniques. Evaluation criteria for IT security. Part 2. Security functional requirements]. 2008. Moscow: IPK Standards Publishing House.
- Denning, D.E., and J. Schlorer. 1983. Inference controls for statistical databases. Computer 1(7):69-82.
- Grusho, A., E. Primenko, and E. Timonina. 2009. Teoreticheskie osnovy komp'yuternoy bezopasnosti [Theoretical bases of computer security]. Moscow: Publishing Center Academy. 272 p.
[+] About this article
Title
SECURE ARCHITECTURE OF DISTRIBUTED SYSTEMS
Journal
Systems and Means of Informatics
Volume 24, Issue 3, pp 18-31
Cover Date
2013-11-30
DOI
10.14357/08696527140302
Print ISSN
0869-6527
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
information security of a distributed system; virtual system; risks; valuable information resources; architecture of a distributed information system
Authors
A. A. Grusho  ,  ,
N. A. Grusho , E. E. Timonina ,
and S. Ya. Shorgin
Author Affiliations
Institute of Informatics Problems, Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
Faculty of Computational Mathematics and Cybernetics, M. V. Lomonosov Moscow State University, 1-52 Leninskiye Gory, GSP-1, Moscow 119991, Russian Federation
|