Method of automatic assessment of security of information systems and system for realisation thereof

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to protection of information systems, and specifically to assessment of security of information systems through presentation of system states, security requirements and a model for monitoring and controlling access using predicate logic and automatic verification of meeting security requirements on several system states, taking into account rules of the model for monitoring and controlling access. The result is achieved due to predicate presentation of system states, a model for monitoring and controlling access, security requirements, as well as application of resolution (output) rules, automating verification of security requirements on system states.

EFFECT: cutting on number of security management errors, increased guarantee of meeting security requirements, cutting on time and resource expenses on assessing security of information systems.

10 cl, 3 dwg

 

The invention relates to the field of information systems protection, namely to evaluate the security of information systems by providing a system of States, security requirements, control model and access control using predicate logic and automatic verification of compliance with safety requirements on the set of system States using the control model and access control.

Modern information systems provide a variety of protection mechanisms. Therefore, security breaches (e.g., resolution of a modification of the system directories, use the settings specified by default)arising due to the extraordinary complexity of administration and management system, lead to the fact that any multi-component protection may become vulnerable. For this reason, the required regular assessment of the security of information systems that ensures compliance with the security proof the security of information systems, improving security administration, the effectiveness of safety management and improve the protection of information systems.

The definition of evidence-based assessment of the security of information systems is made in General to the class of mandate m the models of control and access control [L.J. LaPadula, Bell D.E. Secure Computer Systems: A Mathematical Model, ESD-TR-278, Vol.2, The Mitre Corp., 1973]. For the class of discretionary control models and access control is established, that in General case the problem of the proof of security is insoluble, but in the particular case for a particular system state solution exists in the form of verification of the fulfillment of safety requirements [M.H. Harrison, Ruzzo W.L, Ullman J.D. Protection in Operating Systems, Communications of the ACM, 19(8): 461-471, 1976]. Since the vast majority of modern information systems uses remedies that are based on discretionary control models and access control, and security evaluation in each system state is a difficult task, since the number of possible combinations of system security settings and their values, including users, groups, objects, security attributes, access rights, in the millions, the method and system of automatically assessing the security of information systems.

A well-known application for an invention relating to security checks Web services include the analysis of system conditions using criteria based security predicates (application No. 2005113389, G06F 1/00, publ. 2006-11-10). But it is not proposed method of assessing the security of the system States, universal type and purpose of information systems that automated the SQL procedure evaluation.

The basis of the invention is to provide a method and system for automatically assessing the security of information systems, the use of which provides a reduction in the number of errors security administration, increased warranty safety requirements, reducing time and resource costs to evaluate the security of information systems by representing predicates aggregate system States, control model and access control, security requirements, and by applying the rules of resolution (output)that automates the verification of safety requirements on the system state.

The solution of a technical problem is provided by the fact that in the method of automatically assessing the security of information systems, including a representation of a collection of system conditions, safety requirements, control model and access control using predicate logic and automatic verification of compliance with safety requirements on the set of system States subject to the rules of the model,

is a description of the system state, including the predicates representing the values of the current security settings of the system state;

is a description of the safety requirements, including predicates and is definitely on their logical function, specifies criteria security system of the state in the form of a set of safe values access of subjects to objects;

is a description of the rules of the control model and access control implemented in the system, including predicates and certain of their many rules that define the conversion function of the security settings and system status specified in the predicates describing the system state, the parameter values access of subjects to objects;

process description of the system state, for each criterion security included in the set of security requirements define a set of audited subjects and objects, and for each tested subject and object are converting existing security settings of the system state, presented in the description of the system state, the current parameter values access of subjects to objects according to the rules formulated in the description of the control model and access control;

compare safe parameter values access of subjects to objects defined in the description of the safety requirements, and operating parameter values access of subjects to objects derived from the current security settings of the system state in which the result of processing the description of the system state according to the rules formulated in the description of the control model and access control, and the difference of two sets determine what security settings of the system state you want to change the system to be protected,

make recommendations on elimination of the revealed violations of security.

As the security settings of the system state considering the variety of subjects presented in the form of a set of names and security IDs of users and groups of users; many of the security attributes of subjects, including many user groups, many groups of users, the set of privileges assigned to users and groups; the set of hierarchical objects represented as a set of absolute paths and the hierarchy of drives, directories and files, file system, registry key; many non-hierarchical objects represented as a set of names and IDs of all of the named system and user resources (for example, shared resources, printers, synchronization objects, kernel); many of the security attributes of objects, including object Type" and "object Owner" for all objects, inheritance Flag rights" and "distribution rights" for hierarchical objects and the individual barcode-specific attributes to other objects; many discretionary lists of access rights (discretionary access control list, DACL) of subjects to objects.

As parameters access of subjects to objects consider the composition of subjects and objects, the composition of the security attributes of subjects and objects, the values of security attributes of subjects and objects, list effective access rights. The list of effective permissions for a pair of "subject-object" represents a set of access rights derived from the discretionary access control lists object (discretionary access control list, DACL), given for a specific subject, taking into account inherited and explicit permissions and prohibitions, shared access rights, group rights, relevant to the privileges of the values of security attributes of subjects and objects, and the rights assigned to the dependent objects in the information system.

A system for automatically assessing the security of information systems, including security analyzer, which consists of

the capture module, the system state information systems, collecting existing security settings and forming their description in the form of predicates;

module compilation of safety requirements, forming a set of safety criteria that indicate the safe parameter values access of subjects to objects, and described the I in the form of predicates;

module control model and access control, specifying the description of the rules control model and access control implemented in the information system, in the form of predicates and certain of their many rules that specify a conversion function values of the security parameters of the system state specified in the predicates describing the system state, the parameter values access of subjects to objects;

associated with the transformation module security settings that handles the description of the system state obtained from the module fixing system state information system for each criterion security included in the description of the safety requirements derived from the module's compilation of safety requirements, defining set of audited subjects and objects, and for each tested subject and object conversion of existing security settings of the system state, presented in the description of the system state, the current parameter values access of subjects to objects according to the rules formulated in the description of the control model and access control received from the module control model and access control;

and module validation security requirements and generate recommendations ostranenie security breaches, performing a comparison of the safe parameter values access of subjects to objects defined in the description of the safety requirements derived from the module's compilation of safety requirements, with the current parameter values access of subjects to objects that are generated when processing the description of the system state obtained from the module fixing system state information system, determining which values of the parameters must be changed to the information system was protected, i.e. satisfy the security requirements, and the components of recommendations to address each of the identified security breaches.

The proposed method and a system for automatically assessing the security of information systems based on the description of the States of the information system and its rules of conduct in the form of predicates and rules resolution (output). The formal foundations of this approach is mathematical logic, automata theory and theory of proofs of theorems allow to automate the procedure for assessing the security of predicates to make model description an arbitrary secure information systems and security requirements applicable to them, and to use multiple predicates device resolution (output) to verify compliance with safety requirements.

The image is giving illustrated using figure 1-3. Figure 1 presents the diagram of a method of automatically assessing the security of information systems. Figure 2 shows the modular system automatically assessing the security of information systems. Figure 3 shows as an overlay and comparison of two sets constituting a valid and safe setting for the access of the subject to the object definition schema missing and redundant elements of parameter values access performed when verifying security requirements.

Providing the evidence base for estimation of information systems is achieved by providing opportunities to identify and describe the use of predicates in any protected information system has three components: system status, control rules and access control security requirements. Component corresponding to the system state is an abstraction of the security settings of information systems in the context of realized it control model and access control. Many of the security settings of the system state is formed by a set of subjects, objects and security attributes. The component containing the rules of control and access control defines the limitations of safety equipment information systems and the algorithm access permissions. PEFC is dni component security requirements - allows you to assess the security of the system, highlighting the protected status of many system States.

Formally, in General, the information system ∑ represents the machine state:where S- the set of system States; Q is the set of requests that are processed by the system; T is the transition function from state to state, T: Q×S→Sunder the action of a query q takes the system from statein the following;- the initial state of the system. The condition sachievable in the system ∑ if and only if there exists a sequencewhere,, a, 0≤i<n. For any system conditionattainable in a trivial way.

The control model and access control M in the General case is a tuple of sets M={S, R}, where S is the set of States of the model; R - the set of control rules and access control, formulated in the form of predicates of the form r(s1, s2)defined on the set S and which verifies that the transition from the state

s1in the state of s2permitted by the rules of the control model and control the program access.

A property security system can be formulated as Λ={M,∑,}, where M is the control model and access control, M={S, R}; ∑ - system; D - matching function, D: S→S determines the correspondence between the system States and the States in the model; - the set of security requirements formulated in the form of predicates-criteria of the form c(s)defined on the set S and which verifies the security of the state s. A state s∈S is secure if and only if each of the security requirements c∈C true predicate c(s), i.e., ∀c∈C: C(S) = true. Thus, the formal system Σ that implements the model M, is protected then and only then, when conditions are satisfied:

the system implements rules control model and access control:,and ∀r∈R: r(si, si+1) = true;

many existing security settings specified and any reachable from a given system state satisfies applied to the system security requirements: ∀c∈C,"the truth".

In accordance with the implementation of the method evaluated the security of information systems, based on the definition in the given system with the standing operating parameter values access of subjects to objects according to the rules of control model and access control, implemented in the system, and to determine compliance with the operating parameter values access of subjects to objects safe parameter values access of subjects to objects specified in the security requirements. The implementation of these activities will ensure evidence-based security evaluate the system with respect to the set of auditable security requirements. To achieve automation security estimation method and system implementation described in this invention are based on the use of predicates to build descriptions of information systems and processing rules such descriptions. Describe the information systems are an expression of the totality of the system state, control rules and access control, and security requirements. Processing descriptions is performed using the resolution (output) on the set specified in the descriptions of predicates and rules, and therefore it becomes possible to automatically compare the values of the security parameters of the system state, control rules and access control and security requirements.

When the process is a description of the system state, including predicates, containing information about current values of the following security settings of the system state:

many of the subjects is provided in the form of a set of names and security IDs of users and groups of users;

- the set of security attributes of subjects, including many user groups, many groups of users, the set of privileges assigned to users and groups;

- the set of hierarchical objects represented as a set of absolute paths and the hierarchy of drives, directories and files, file system, registry key;

- many non-hierarchical objects represented as a set of names and IDs of all of the named system and user resources (for example, shared resources, printers, synchronization objects, kernel objects;

many of the security attributes of objects, including object Type" and "object Owner" for all objects, inheritance Flag rights" and "distribution rights" for hierarchical objects and individual barcode-specific attributes to other objects;

many discretionary lists of access rights (discretionary access control list, DACL) of subjects to objects.

Then is a description of the safety requirements, including predicates and certain of their many rules that specify criteria for safety system States in terms of the safe parameter values access of subjects to objects. Each criterion security is a set of predicates, pishevaya safe parameter values access of subjects to objects and given their set of logical functions that describe the conditions under which the information system is protected. The criteria indicate safe parameter values access of subjects to objects whose presence in the system status indicates the information system security. Among the parameters of access of subjects to objects whose values indicate the criteria include:

- composition of subjects and objects;

- the composition of the security attributes of subjects and objects;

values of security attributes of subjects and objects;

lists the effective access rights of subjects access objects.

The list of effective permissions for a pair of "subject-object" represents a set of access rights derived from the discretionary access control lists object (discretionary access control list, DACL), given for a specific subject, taking into account inherited and explicit permissions and prohibitions, shared access rights, group rights, relevant to the privileges of the values of security attributes of subjects and objects, and the rights assigned to the dependent objects in the information system.

Is a description of the rules of the control model and access control implemented in the information system, including the predicates defined on their mn is the number of rules, specifies the conversion functions of the security settings and system status specified in the predicates describing the system state, the parameter values access of subjects to objects. Each mapping rule is a product that defines the conditions of the truth of the investigation (i.e. the value of the access of the subject to the object) under the conditions of the truth of the premises (i.e. the security settings of the system state). Rules control model and access control once built for a specific type of information system and then repeatedly used for estimation of all systems of this type.

When compiling the above descriptions of the principles of naming and many types of subjects and objects access the naming principles, many types, possible values of the security attributes and the effective rights of the subjects are determined by the specific implementation of the information system.

Then perform the processing of the description of the system state, for each criterion security included in the set of security requirements define a set of audited subjects and objects, and for each tested subject and object are converting existing security settings of the system state, represented in the description of the system with the situation, in the current parameter values access of subjects to objects according to the rules formulated in the description of the control model and access control.

Then compare safe parameter values access of subjects to objects defined in the description of the safety requirements, and operating parameter values access of subjects to objects derived from the current security settings of the system state as a result of processing the description of the system state according to the rules formulated in the description of the control model and access control, and determine what security settings of the system state you want to change the system to be protected, i.e. to satisfy the security requirements.

When comparing parameter values perform depending on the type of the parameters specified in the criteria. If the safety criteria specified composition of subjects and objects, in assessing information system security checks in the description of the system state of a multitude of subjects and objects specified in the criteria.

If the safety criteria specified part of the security attributes of subjects and objects to access, in assessing information system security checks in the description of the system state of each element of the set is tion of subjects and objects, specified in the criteria, and then for each confirmed subject and object check in the description of the system state set of security attributes.

If the safety criteria specified values of security attributes of subjects and objects to access, in assessing information system security checks in the description of the system state of each element of the set of subjects and objects specified in the criteria for each of the confirmed subject and object, check the description of the system state of each element of the set of security attributes, and then for each of the confirmed attribute check its value specified in the description of the system state.

If the safety criteria specified list of effective access rights of subjects to objects to access, in assessing information system security checks in the description of the system state of each element of the set of objects specified in the criteria for each accepted object, check the description of the system state discretionary access control lists (DACLs), and then confirmed for discretionary access control lists (DACL) and a pair of "subject-object" is defined by the description of the system status list of effective permissions and check its elements stored is in the list of effective rights the specified criteria.

The list of effective permissions for a pair of "subject-object" represents a set of access rights derived from the discretionary access control lists object (discretionary access control list, DACL), given for a specific subject, taking into account inherited and explicit permissions and prohibitions, shared access rights, group rights, relevant to the privileges of the values of security attributes of subjects and objects, and the rights assigned to the dependent objects in the information system.

Comparison of safe and effective access settings perform the comparison rules sets. Let Rallthe set of all elements of the value of some parameter of access (for example, the complete set of access rights). RPA- a lot of "necessary" items of value that should be provided to the subject according to the requirement of security for the system to be protected (for example, a list of access rights, which must have the subject to the object, so that an information system to assess how protected). RS- many elements specified in the current parameter value access RS⊆Rall(for example, a list of access rights, which really has the subject to the object in the information system). Rexcess- "redundant" elements of value that the bit is excluded in the information system, but their presence violates safety requirements. Rmiss- "missing" elements of value that are lacking in the information system in order to assess how protected.

Information system is assessed as protected in accordance with the security requirement, if RSspecified in the current value of the parameter access, coincides with the "required" RPA, RS=RPA(figure 3).

To identify all security breaches determine inconsistencies access settings specified in the safety requirements and are available in the system, by calculating the sets of elements of the security settings that are part of security breaches: Rexcess=RS-RPAand Rmiss=RPA-RS(figure 3).

If Rexcess≠⌀, the information system is unprotected, as in the current system state are prohibited elements parameter values. If Rmiss≠0, then the information system is unprotected, because in the current system state, no required elements of the parameter value.

By comparing the results safe and effective access settings are recommendations to address each of the identified security violations that indicate requirements b the safety, which does not match the information system, the security settings for which violations are found, the set of elements of the security settings that are part of the violations, and the list of changes that should be made to the security settings of the information system with the purpose of elimination of the revealed violations.

To automate the method of assessing the security of information systems applied to the system (figure 2), which includes the capture module state information system, the module compilation of safety requirements, the module control model and access control that are associated with the transformation module security settings and check module security requirements and generate recommendations to eliminate security breaches.

Way of automatically assessing the security of information systems implemented in the proposed system as follows.

Module fixing state of the information system collects existing security settings, and generates a description of the system state, including the predicates representing information about current security settings of the system state. The result of the operation of the module is the base state of the information system.

Module compilation tre is Avani security performs the conversion of the security requirements in many of the safety criteria which indicate safe parameter values access of subjects to objects, and generates a description of the safety requirements, including predicates and certain of their many rules that specify criteria for safety system States as safe parameter values access of subjects to objects. The result of the operation of the module is the base security requirements for the information system.

Module control model and access control contains a description of the rules of the control model and access control implemented in the information system, including predicates and certain of their many rules that define the conversion function of the security settings and system status specified in the predicates describing the system state, the parameter values access of subjects to objects.

The automatic evaluation, the user specifies the description of the state information system of the base conditions or commits the current system state, specifies the security requirements base requirements or is a new requirement security and initiates the processing of the description of the system state.

The transform module security settings and performs the processing specified description of the system state obtained from the module fixing system comprising the second information system. For each criterion the security that is included in this description of the safety requirements derived from the module's compilation of safety requirements, the transform module security settings and defines a set of scanned subjects and objects, and for each tested subject and object performs the conversion of the existing security settings of the system state, presented in the description of the system state, the current parameter values access of subjects to objects according to the rules formulated in the description of the control model and access control received from the module control model and access control.

The module then checks the security requirements and generation of recommendations on elimination of violations of security performs a comparison of the values of the safe parameters of access of subjects to objects defined in the description of the safety requirements derived from the module's compilation of safety requirements, operating parameters of the access of subjects to objects constructed during the processing of the description of the system state obtained from the module fixing system state information system, the difference of two sets determines what settings you want to change the system to be protected, i.e. the project is La safety requirements, and generates recommendations to address each of the identified security breaches, which specify the security requirements that do not match the information system, the security settings for which the detected violation, the stencil values that are part of the infringement and the list of changes that should be made to the security settings of an information system for the purpose of eliminating violations.

Consider using principles description and evaluation of security systems implemented in the proposed method and system, for example for assessing the security of Windows to audit user access rights to the normal.dot file (the template MS Word document). The system state is represented as a set of operating parameter values, security, fixed at some point in time. For example, in the proposed method, record the state of the template file using predicates:

In this example, the set of predicates describing the user, group and file of the template. Each predicate contains information about the identity of the entity and its security attributes. For example, the first predicate describes the admin user ID security, many of his privileges and groups; the second group of Users and privilege is; the third is the normal.dot file, the sid of the owner, the flag of inheritance rights and the actual access rights set in the form of discretionary list in the format "SID-biter".

Description of the functioning of the monitoring system and access control is written as inference rules that are defined on the set of logical conditions of access defined by the system. These rules represent the control model and access control, linking the existing security settings system status and parameter values access of subjects to objects. For example, the right of access reading of the file is allowed to the subjects of access according to the following rule defined on the set of predicates that describe the security settings of the system state:

In this example, the right Reading is available if the user has an effective read permission, i.e. set the permissions "Read" and "Read attributes" in the discretionary access control list, or the user has the privilege backup, or the right given to the groups to which the user belongs. Thus, you will replace the security settings of the system state determining access to the corresponding values of the parameters is s access of subjects to objects (in this example - on the effective access rights "Read").

The existence of procedures for the determination of parameter values access reduces the problem of checking safety requirements for comparison of sets of elements specified in the parameters that are available in the system and specified in the requirements. Vzaimoobyazannosti compliance parameter values allows for the detection of a security breach, i.e. with different data sets, to determine the condition of the violation and it is a parameter, its value elements and values that constitute a security breach.

Check the security requirement is a criterion of security set on the settings of the access of subjects to objects, for example:

This predicate describes the security requirement specified relative to the template file, normal.dot. In criteria specified condition under which the system is protected: only the subject SYSTEM (S-1-5-18) and group Administrators (S-1-5-32-544) can have full access to the file. Deviations from the specified conditions is interpreted as a breach of security, while the information system is assessed as vulnerable.

In the above example, check the security requirement is not performed in a given system state, which allows to evaluate the information system as unprotected. Analysis with the rod violations shows members of the Users group can perform read and write file normal.dot template.

The invention allows to assess the security of your system by checking the safety requirements using descriptions of the information system by using predicates and automatic data processing descriptions. The apparatus of the predicates and operations on them is universal with respect to the sets that comprise the scope of the predicates, and accordingly makes the proposed method and system for assessing the security of information systems independent from the type and purpose evaluate information systems.

The described method and implementing it system provide a reduction in the number of errors security administration, increased warranty safety requirements, reducing time and resource costs to evaluate the security of information systems through the use of automated verification of security requirements on the States of the information system.

1. Way of automatically assessing the security of information systems, including a representation of a collection of system States, security requirements and control model and access control, characterized in that use logic predicates and automatically check the compliance of the security-related on the variety of system conditions using the control model and access control for this is a description of the system state, including the predicates representing the values of the current security settings of the system state; is a description of the safety requirements, including predicates and certain in their set of logical functions that specify safety criteria of system States in terms of safe access of subjects to objects; is a description of the rules of the control model and access control implemented in the system, including predicates and certain of their many rules that define the conversion function of the security settings and system status specified in the predicates describing the system state, the parameter values access of subjects to objects; process description of the system state for each criterion the security included in the set of security requirements define a set of audited subjects and objects, and for each tested subject and object are converting values of existing security settings of the system state, presented in the description of the system state, the values of the operating parameters of the access of subjects to objects according to the rules formulated in the description of the control model and access control; safe compare parameter values access is bjectiv to objects, formulated in the description of the safety requirements, and operating parameter values access of subjects to objects derived from the current security settings of the system state as a result of processing the description of the system state according to the rules formulated in the description of the control model and access control, and the difference of two sets determine what security settings of the system state you want to change the system to be protected, and make recommendations on elimination of the revealed violations of security.

2. The method according to claim 1, characterized in that the composition of the recommendations on elimination of the revealed violations of security specify security requirements, which does not match the information system, the security settings for which violations are found, the set of elements of the security settings that are part of the infringement and the list of changes that should be made to the security settings of the information system with the purpose of elimination of the revealed violations.

3. The method according to claim 1, characterized in that the security settings of the system state considering the variety of subjects presented in the form of a set of names and security IDs of users and user groups is of Atala; many of the security attributes of subjects, including many user groups, many groups of users, the set of privileges assigned to users and groups; the set of hierarchical objects represented as a set of absolute paths and the hierarchy of drives, directories and files, file system, registry key; many non-hierarchical objects represented as a set of names and IDs of all of the named system and user resources (shared resources, printers, synchronization objects, kernel objects; the set of security attributes of objects, including object Type" and "object Owner" for all objects, inheritance Flag rights" and "distribution rights" for hierarchical objects and individual barcode-specific attributes to other objects; many discretionary lists the access rights of subjects to objects.

4. The method according to claim 1, characterized in that as parameters access of subjects to objects consider the composition of subjects and objects.

5. The method according to claim 1, characterized in that as parameters access of subjects to objects consider the composition of the security attributes of subjects and objects.

6. The method according to claim 1, characterized in that as parameters access of subjects to objects is ctam consider the values of security attributes of subjects and objects.

7. The method according to claim 1, characterized in that as parameters access of subjects to objects consider the list of effective permissions.

8. The method according to claim 7, characterized in that the composition of the list of effective access rights include a variety of access rights of discretionary access control lists of object specified for a specific subject, taking into account inherited and explicit permissions and prohibitions, shared access rights, group rights, relevant to the privileges of the values of security attributes of subjects and objects, and the rights assigned to the dependent objects in the information system.

9. The method according to claim 8, characterized in that the calculation of the list of effective access rights is carried out by applying the transformation rules of the security settings and system status parameter values access in accordance with the rules of the control model and access control implemented in the information system.

10. A system for automatically assessing the security of information systems, including safety analyzer, wherein the analyzer is security enabled module fixation system States, collecting existing security settings and forming their descriptions in the form of predicates, module compilation of safety requirements, forming a set criteria is safe which indicate safe parameter values access of subjects to objects and their descriptions in the form of predicates, the module control model and access control that sets the rules of the model in the form of predicates and certain of their many rules that specify a conversion function values of the security parameters of the system state specified in the predicates describing the system state, the parameter values access of subjects to objects that are associated with the transformation module security settings that handles the description of the system state obtained from the module fixing system States for each criterion security included in the description of the safety requirements derived from module the compilation of safety requirements, defining set of audited subjects and objects, and for each tested subject and object conversion of existing security settings of the system state, presented in the description of the system state, the current parameter values access of subjects to objects according to the rules formulated in the description of the control model and access control received from the module control model and access control; and module validation security requirements and generate recommendations n the elimination of security breaches performing a comparison of the safe parameter values access of subjects to objects defined in the description of the safety requirements derived from the module's compilation of safety requirements, with the current parameter values access of subjects to objects that are generated when processing the description of the system state obtained from the module fixing system States, the difference of two sets determines which parameter values must be changed to the system was protected, i.e. satisfy the security requirements, and the components of recommendations to address each of the identified security violations.



 

Same patents:

FIELD: physics; communications.

SUBSTANCE: invention relates to inspection technology and can be used in telecommunication systems. Values of disruptive effects on a communication line are monitored, while simultaneously evaluating transmission capacity of each type of communication line. The obtained values are scaled relative maximum values for each class of parametres. The given values are used to train artificial neural networks with radial basic elements for approximating dependency of efficiency of each type of communication line on values of disruptive effects. Matrices of synaptic weights of trained neural networks are filled and further installed in accordance with a specific designed communication network for evaluating transmission capacity from forecast values of disruptive effects, obtained with time delay. Based on the forecast values of transmission capacity for each communication line, the available network resource is allocated between subscribers taking into account their priority categories.

EFFECT: wider functional capabilities, lying in timely rendering of information services to subscribers of different categories with external disruptive effects acting on a communication network.

11 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to management of security of Windows family operating systems (including Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista Ultimate, Enterprise and Business 32-x and 64-x versions of any localisation), and specifically to comparison of configuration characteristics of operating systems from the view point of assessing their security. The result is achieved owing to possibility of comparing configuration parametres, monitoring the behaviour of changes in status and detection from a given "standard" status in Windows family operating systems after proposal of a procedure for comparing security status and switching to the analysed complete set of configuration parameters of security of user layer resources.

EFFECT: increased efficiency of assessing system security.

3 cl, 1 dwg

FIELD: physics; communications.

SUBSTANCE: invention relates to the technology of protecting digital content, and specifically to playing back digital content using licenses. A chain comprises an end license associated with content at one end, and a root license at the other end and all intermediate licenses in between. The end license and all intermediate licenses in the chain are attached to neighbouring licenses in the chain towards the root license, and the root license is attached to the private key owner (PR-U). Each license in the chain is verified and confirmation is made of whether the license allows content playback. A decryption key is obtained from the end license based on application of (PR-U) to the root license. The obtained key is used to decrypt the encrypted content, and the decrypted content is played back.

EFFECT: provision of playback of encrypted digital content on a computer in accordance with a license chain, on which a request for playing back encrypted content is received and a license chain corresponding to that content is found.

5 cl, 5 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to systems and methods for coordinating software components. Version management policy, which is included in the target component, shows how to access the target component, for instance either as a library component or as a platform component. A component can be designated a library component when it creates a version which is compatible at the binary code level. When other components request for such a component, they receive exactly the component version which they requested. On the other hand, a component can be designated a platform component when it creates a version which is compatible at the bit code level. When other components request for such a component, they receive the last updated version of the requested component instead. That way, access to the corresponding component version is provided (even a version which is different from the requested version). Other implementation versions include mechanisms for stratification of the component application field, based on different data processing levels.

EFFECT: improved version management.

23 cl, 8 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to computer security. In the system, according to the invention, a basic operating system is used together with a highly reliable operating system. The basic operating system is at least a certain part of infrastructure of the highly reliable system. Occlusion of elements of the graphical user interface, related to the highly reliable operating system, is prevented. Also part of the secret information, which upon command can be displayed by elements of the graphical user interface, related to the highly reliable system, is stored. Coordination of defined components of images of all elements of the graphical user interface, related to the highly reliable operating system, also enables identification of valid elements. In the system for managing windows of the basic operating system there is public heading information for window identification, belonging to the process operating under control of the highly reliable operating system. Information of the secret heading, related to same window, is used only in the highly reliable operating system.

EFFECT: invention increases security of computer systems from hacking.

30 cl, 9 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to architecture and a method of permitting display of digital content with the corresponding digital license, associated with a specific computer device. Transmitting and receiving computer devices are connected to each other over a network. A transmitting device transmits protected digital content to a receiving device such that, the receiving device can access that content even if the content is directly licensed to the transmitting device and not to the receiving device.

EFFECT: coordinated access to content between computer devices on a network.

20 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: inventions are related to computer systems and methods for provision of protected access to database. System comprises memory device for protection descriptors, which store information about protection, related to at least one line of database, besides database contains at least one table that includes at least one line and two columns, in one of columns there is a protection descriptor stored, being related to line, information stored in protection descriptor comprises data about which type of access and to which principal is permitted or prohibited; database processor that issues response to query of database, based at least partially on information about protection stored in protection descriptor, which is assessed on the basis of information stored in database, and context of user that makes query; query component that contains optimiser of queries, which defines optimal route for response provision to query.

EFFECT: improved protection of access to database.

20 cl, 9 dwg, 2 tbl

FIELD: information technologies.

SUBSTANCE: there chosen is domain identifier and connection of at least one user (P1, P2, …, PN1), at least one device (D1, D2, …, DM) and at least one information element (C1, C2, …, CN2) to Authorised Domain (AD) specified with domain identifier (Domain_ID). By means of that there have been obtained many checked devices (D1, D2, …, DM) and many checked personalities (P1, P2, …, PN1), which is authorised for access to information element of the above Authorised Domain (100). Thus, access of user who controls the device to information element of authorised domain is obtained either by checking the fact that information element and user are connected to one and the same domain or by checking the fact that device and information element are connected to one and the same domain.

EFFECT: ensuring method and system for providing Authorised Domain structure based both on personalities and on devices.

12 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: checking method of certificate validity, which includes the key connected to network devices, involves the step of receiving the encoded content and validity index connected to that content in the network. Certificate validity is evaluated from the time index included in the certificate where the time index has the value corresponding to the certificate issuing date, and from validity index connected to the above encoded content.

EFFECT: simplifying the checking process of certificate validity, which provides access to data without reducing data access security.

20 cl, 12 dwg

FIELD: information technologies.

SUBSTANCE: method and device for determining authenticity of the system user is based on comparing coordinates of peculiar features of papillary patterns of fingers at double finger touch of the receiving scanner surface. During the first registration there obtained are pictures of at least two fingerprints, and during the second registration there obtained is the picture of at least one fingerprint, at that, the second registration is performed upon "request-answer" protocol command. Authenticity is considered confirmed in case of non-linear dependence of coordinate offsets of peculiar features of the first and the second pictures. Device for implementing the method consists of a scanner, picture processing unit, database, comparing unit, protocol forming unit connected to the scanner, and comparing unit. Protocol forming unit display panel is located on the scanner front surface.

EFFECT: ensuring high accuracy of authenticity and excluding the access of occasional persons to the protected system.

3 cl, 3 dwg

FIELD: engineering of devices and methods for using server for access to processing server, which performs given processing.

SUBSTANCE: for this in accordance to method reservation is requested, reservation is confirmed, authentication information included in reservation information is stored, service is requested on basis of authentication information, server utilization is authenticated and server is utilized on basis of authentication result, while on stage of reservation confirmation device for controlling reservation transfers reservation setting information, and on stage of authentication server utilization is only confirmed when authentication information matches authentication information transferred from user terminal. Device contains receiving means, information generation device and transmitting means.

EFFECT: creation of method for using server, device for controlling server reservation and means for storing a program, capable of providing multiple users with efficient utilization of functions of processing server with simultaneous decrease of interference from unauthorized users without complicated processing or authentication operations.

6 cl, 51 dwg

FIELD: distribution devices, terminal devices.

SUBSTANCE: in distribution device groups of two or more informational products which represent digital informational content are stored with information about policy administration which indicates user's rights to this group by interrelated method. Distribution device transfers the user requested informational content from group to the terminal device with license certificate (LC), refreshes information about policy administration decreasing policy validity. On return of the renewed LC distribution device increases the decreased policy validity taking into account the part of policy validity which is indicated in the renewed LC. On user's demand distribution device again transfers LC or other digital informational content.

EFFECT: distribution of digital content for a more complete satisfaction of user's demand.

22 cl, 58 dwg

FIELD: access to protected system restriction technics; avoidance of accidental persons access to system.

SUBSTANCE: fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.

EFFECT: increased level of protection against access of accidental persons.

3 cl, 2 dwg

FIELD: access to protected system restriction technics; avoidance of accidental persons access to system.

SUBSTANCE: fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.

EFFECT: increased level of protection against access of accidental persons.

3 cl, 2 dwg

FIELD: engineering of technical means for complex protection of information during its storage and transfer.

SUBSTANCE: method for complex information protection is realized in following order: prior to transfer into communication channel or prior to recording into memory, state of used communication channel or information storage environment is analyzed, from M possible codes parameters of optimal (n,k) code for current status of channel or information storage end are determined, information subject to protection is split on q-nary symbols l bits long (q=2l) for each q-nary system gamma combinations l bits long are formed independently from information source, for each set of k informational q-nary symbols (n-k) excessive q-nary symbols are formed in accordance to rules of source binary (n,k) code, each q-nary symbol is subjected to encrypting stochastic transformation with participation of gamma, after receipt from communication channel or after reading from memory for each q-nary symbol combination of gamma with length l is generated, synchronously with transferring side, reverse stochastic decrypting transformation is performed for each q-nary symbol with participation of gamma, by means of checking expressions of source binary code localized are correctly read from memory or received q-nary symbols, untrustworthily localized symbols are deleted, integrity of message is restored by correcting non-localized and erased q-nary symbols of each block, expressing their values through values of trustworthily localized or already corrected q-nary symbols, if trustworthy restoration of integrity of code block is impossible it is deleted, number of deleted blocks is counted, optimality is determined within observation interval of used code with correction of errors for current state of channel, if code optimum criterion exceeds given minimal and maximal limits, code is replaced with optimal code synchronously at transferring and receiving parts of channel in accordance to maximum transfer speed criterion.

EFFECT: efficiency of each protection type and increased quality of maintenance of guaranteed characteristics of informational system.

18 cl

FIELD: technology for improving lines for transferring audio/video signals and data in dynamic networks and computer environments and, in particular, setting up communication lines with encryption and protection means and controlling thereof in such environment.

SUBSTANCE: invention discloses method for setting up protected communication lines for transferring data and controlling them by means of exchanging keys for protection, authentication and authorization. Method includes setup of protected communication line with limited privileges with usage of identifier of mobile computing block. This is especially profitable is user of mobile block does not have information identifying the user and fit for authentication. Also, advantage of provision by user of information taken by default, identifying the user, is that it initiates intervention of system administrator instead of refusal based on empty string. This decentralized procedure allows new users to access the network without required physical presence in central office for demonstration of their tickets.

EFFECT: simplified setup of dynamic protected lines of communication between client computer and server device.

6 cl, 10 dwg

FIELD: automatics and computer science, in particular, identification means for controlling access to autonomous resources.

SUBSTANCE: method includes changing identification information during each new query of autonomous resource, which information is used for identification of carrier during following queries to autonomous resources, by including it in algorithmically converted form on information carrier and in database of central device and checking of its correspondence in a row of previous queries to autonomous resources. Each autonomous resource has memory block for storing conversion algorithms and signs of these algorithms and block for reading/recording carrier information. Central device contains at appropriate data bank addresses the virtual memory blocks for storing information for identification of carriers and memory block for storing a set of algorithms for converting code from one type to another and signs of these algorithms, and for each carrier - information storage address which was used during previous accesses. Carrier contains energy-independent additional memory block for recording, storing and reading additional information code after identification of carrier, available both during manufacture of carrier and its submission to autonomous resource.

EFFECT: increased level of protection from unsanctioned access.

3 cl, 1 dwg

FIELD: digital data processing, namely, remote user authentication.

SUBSTANCE: in accordance to method, electronic user identification data is formed and saved in authentication server database, which data is compared to identification data of user during realization of procedure of user access to computer network of protected system and on basis of that comparison, decision is taken about degree of user authority.

EFFECT: possible passive user authentication mode without usage of hardware.

2 cl, 2 dwg

FIELD: information dissemination systems.

SUBSTANCE: in accordance to the invention, encoded event, containing information which is not meant to be published before time of publishing, is dispatched to clients before the time of publishing. In the moment of the time of publishing, small decryption key is dispatched to each client. In another variant, highly reliable boundary servers, which can be trusted not to publish the information before appropriate time, dispatch non-encrypted event or decode an encrypted event and dispatch decrypted event in certain time or before it, but after the time of publishing, so that decrypted or non-encrypted event reached clients, which can not store and decrypt an encrypted event, approximately at the same time when the key reaches other clients. Therefore, every client may receive information at approximately one and the same time, independently from client throughput or client capacity for storage and decryption of information.

EFFECT: ensured valid dissemination between various clients.

10 cl, 7 dwg

FIELD: information safety of digital communication systems, possible use in distributed computing networks, combined through the Internet network.

SUBSTANCE: in the method, initial data is set, initial data packet is generated at sender side. Then received data packet is encoded and transformed to TCP/IP format. After that current addresses of sender and receiver are included in it and formed packet is transferred. Sender address is replaced. At receiver side, sender and receiver addresses are selected and compared to predetermined addresses. In case of mismatch received packets are not analyzed, and in case of match encoded data is extracted from received packet and decoded. Receiver address is replaced. Then initial data packet is repeatedly formed at sender side. Protection device consists of 2 identical local protection segments 31 and 3k, one of which is connected to local computing network li, and k one is connected to local computing network lk. Local computing networks are interconnected through corresponding routers 41,4k and the Internet.

EFFECT: increased safety and concealment of communication channel operation.

6 cl, 27 dwg

Up!