<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">vdgtu</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Дагестанского государственного технического университета. Технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of Dagestan State Technical University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2073-6185</issn><issn pub-type="epub">2542-095X</issn><publisher><publisher-name>Daghestan State Technical University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21822/2073-6185-2019-46-4-123-133</article-id><article-id custom-type="elpub" pub-id-type="custom">vdgtu-720</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАТИКА, ВЫЧИСЛИТЕЛЬНАЯ ТЕХНИКА И УПРАВЛЕНИЕ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>COMPUTER SCIENCE, COMPUTER ENGINEERING AND MANAGEMENT</subject></subj-group></article-categories><title-group><article-title>МЕТОДИКА ОЦЕНИВАНИЯ ЗАЩИЩЕННОСТИ ИНФОРМАЦИИ ПО ТЕХНИЧЕСКИМ КАНАЛАМ НА ОБЪЕКТЕ ИНФОРМАТИЗАЦИИ СПЕЦИАЛЬНОГО НАЗНАЧЕНИЯ</article-title><trans-title-group xml:lang="en"><trans-title>METHODOLOGY FOR ASSESSING THE SECURITY OF INFORMATION PASSED THROUGH THE TECHNICAL CHANNELS OF A SPECIAL-PURPOSE INFORMATISATION OBJECT</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Рогозин</surname><given-names>Е. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Rogozin</surname><given-names>E. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>доктор технических наук, профессор, профессор кафедры автоматизированных информационных систем органов внутренних дел,</p><p>394065, г. Воронеж, пр. Патриотов, 53</p></bio><bio xml:lang="en"><p>Dr. Sci. (Technical), Prof., Department of Automated Information Systems of Internal Affairs,</p><p>53 Patriotov St., Voronezh 394065</p></bio><email xlink:type="simple">aevgenirogozin@yandex.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Силка</surname><given-names>Д. Г.</given-names></name><name name-style="western" xml:lang="en"><surname>Silka</surname><given-names>D. G.</given-names></name></name-alternatives><bio xml:lang="ru"><p>инженер-электроник отдела информационно технического обеспечения учебного процесса,</p><p>394065, г. Воронеж, пр. Патриотов, 53</p></bio><bio xml:lang="en"><p>electronic engineer of the Department of Information and Technical Support of the Educational process,</p><p>53 Patriotov St., Voronezh 394065</p></bio><email xlink:type="simple">sdg.silka@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Гуляев</surname><given-names>О. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Gulyaev</surname><given-names>O. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>инженер-электроник отдела информационно технического обеспечения учебного процесса,</p><p>105318, г. Москва, ул. Ткацкая, д. 19</p></bio><bio xml:lang="en"><p>General Director,</p><p>19 Tkatskaya St., Moscow 105318</p></bio><email xlink:type="simple">sdg.silka@gmail.com</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Воронежский институт Министерства внутренних дел России</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Voronezh Institute of the Ministry of the Interior of the Russian Federation</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>АО «Аэроприбор Восход»</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Joint Stock Company «Aeropribor Voskhod»</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2019</year></pub-date><pub-date pub-type="epub"><day>02</day><month>01</month><year>2020</year></pub-date><volume>46</volume><issue>4</issue><fpage>123</fpage><lpage>133</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Рогозин Е.А., Силка Д.Г., Гуляев О.А., 2020</copyright-statement><copyright-year>2020</copyright-year><copyright-holder xml:lang="ru">Рогозин Е.А., Силка Д.Г., Гуляев О.А.</copyright-holder><copyright-holder xml:lang="en">Rogozin E.A., Silka D.G., Gulyaev O.A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.dgtu.ru/jour/article/view/720">https://vestnik.dgtu.ru/jour/article/view/720</self-uri><abstract><sec><title>Цель</title><p>Цель. В целях определения «защищенности» объекта информатизации специального назначения, необходимо провести расчёт показателей эффективности мероприятий по защите информации (ЗИ) от угроз НСД, связанных с утечкой информации по техническим каналам (по акустическому каналу). С целью определения актуальных каналов утечки информации необходимо разработать перечень действий, по нейтрализации потенциальных угроз (включая разработку системы защиты информации для объекта информатизации специального назначения).</p></sec><sec><title>Метод</title><p>Метод. Оценка защищенности объекта информатизации специального назначения проводиться с использованием экспертно-документального и инструментального методов.</p></sec><sec><title>Результат</title><p>Результат. Приведены результаты оценивания показателей защищённости от утечки информации по воздушному (акустическому) каналу и определены аспекты совершенствования специальных мероприятий по защите информации на объекте информатизации специального назначения.</p></sec><sec><title>Вывод</title><p>Вывод. Направление данного исследования является весьма актуальным и требует дальнейшего развития организационно-технических мероприятий, по реализации требований нормативно правовых документов по защите информации на объектах информатизации специального назначения. </p></sec></abstract><trans-abstract xml:lang="en"><sec><title>Objectives</title><p>Objectives. In order to determine the security of a special-purpose informatisation object, it is necessary to calculate the effectiveness indicators of information security (IS) measures aimed at preventing unauthorised access (UA) threats associated with information leakage through technical (acoustic) channels. In order to determine the actual channels of information leakage, it is necessary to develop a list of actions to neutralise potential threats, including the development of an information protection system for a special-purpose informatisation object.</p></sec><sec><title>Method</title><p>Method. A security assessment of the special-purpose informatisation object is carried out using expert documentary and instrumental methods.</p></sec><sec><title>Results</title><p>Results. The results of evaluating the indicators of protection against information leakage through the air (acoustic) channel are presented and aspects of improving special measures for protecting information at the special-purpose informatisation object are identified.</p></sec><sec><title>Conclusion</title><p>Conclusion. Due to its relevance, the direction of this study requires further development of organisational and technical measures to implement the requirements of regulatory documents on the protection of information in special-purpose informatisation objects. </p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>объект информатизации специального назначения</kwd><kwd>оценка защищенности</kwd><kwd>аттестационные испытания</kwd><kwd>эффективность</kwd><kwd>утечка защищаемой информации</kwd><kwd>несанкционированное получение информации</kwd><kwd>закладные устройства</kwd></kwd-group><kwd-group xml:lang="en"><kwd>special purpose informatisation object</kwd><kwd>security assessment</kwd><kwd>certification tests</kwd><kwd>efficiency</kwd><kwd>leakage of protected information</kwd><kwd>unauthorised access</kwd><kwd>covert devices</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Зайцев А.П., Шелупанов А.А., Технические средства и методы защиты информации. М.: Машиностроение, 2009. – 507 с.</mixed-citation><mixed-citation xml:lang="en">Zaytsev A.P., Shelupanov A.A., Tekhnicheskiye sredstva i metody zashchity informatsii. M.: Mashinostroyeniye, 2009. – 507 s. [Zaitsev AP, Shelupanov AA, Technical means and methods of information protection. M .: Engineering, 2009. 507 p. (In Russ)]</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Хорев А.А., Защита информации от утечки по техническим каналам. Часть 1. Технические каналы утечки информации. – М.: Гостехкомиссия РФ, 1998. – 320 с.</mixed-citation><mixed-citation xml:lang="en">Khorev A.A., Zashchita informatsii ot utechki po tekhnicheskim kanalam. Chast' 1. Tekhnicheskiye kanaly utechki informatsii. – M.: Gostekhkomissiya RF, 1998. – 320 s. [Khorev AA, Protection of information from leakage through technical channels. Part 1. Technical channels of information leakage. - M.: State Technical Commission of the Russian Federation, 1998. -320 p. (In Russ)]</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Кабанов А.С. Временная модель оценивания риска нарушения информационной безопасности / А.С. Кабанов, А.Б. Лось, В.И. Трунцев // Доклады Томского государственного университета систем управления и радиоэлектроники. 2012. Т. 1. № 25. С. 87-91.</mixed-citation><mixed-citation xml:lang="en">Kabanov A.S. Vremennaya model' otsenivaniya riska narusheniya informatsionnoy bezopasno-sti / A.S. Kabanov, A.B. Los', V.I. Truntsev // Doklady Tomskogo gosudarstvennogo univer-siteta sistem upravleniya i radioelektroniki. 2012. T. 1. № 25. S. 87-91. [Kabanov A.S. A temporary model for assessing the risk of information security breach / A.S. Kabanov, A.B. Moose, V.I. Truntsev // Reports of Tomsk State University of Control Systems and Radioelectronics. 2012.V. 1. No. 25. pp. 87-91. (In Russ)].</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Хорев А.А., Способы и средства защиты информации. Учебное пособие. – М.: МО РФ, 2000. – 316 с.</mixed-citation><mixed-citation xml:lang="en">Khorev A.A., Sposoby i sredstva zashchity informatsii. Uchebnoye posobiye. – M.: MO RF, 2000. – 316 s. [Khorev AA, Methods and means of information protection. Tutorial. - M .: MO RF, 2000 . 316 p. (In Russ)].</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Торокин А.А.. Инженерно-техническая защита информации: Гелиос АРВ. – 2005, - 960с.</mixed-citation><mixed-citation xml:lang="en">Torokin A.A.. Inzhenerno-tekhnicheskaya zashchita informatsii: Gelios ARV. – 2005, - 960s. [Torokin A.A. Engineering and technical information protection: Helios ARV. 2005, 960p. (In Russ)].</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Бузов Г.А. Защита от утечки информации по техническим каналам : учеб. пособие / Г.А. Бузов, С.В. Калинин, А.В. Кондратьев. М.: Горячая линия Телеком, 2014. 416 с.</mixed-citation><mixed-citation xml:lang="en">Buzov G.A. Zashchita ot utechki informatsii po tekhnicheskim kanalam : ucheb. posobiye / G.A. Bu-zov, S.V. Kalinin, A.V. Kondrat'yev. M.: Goryachaya liniya Telekom, 2014. 416 s. [Buzov G.A. Protection against information leakage through technical channels: textbook. allowance / G.A. Buzov, S.V. Kalinin, A.V. Kondratyev. M .: Hotline Telecom, 2014.416 p. (In Russ)]</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Charaf Н. A colored Petri-net model for control execution of distributed systems / H. Charaf, S. Azzouzi // 4th International Conference on Control, Decision and Information Technologies (CoDIT). 2017. pp. 277–282.</mixed-citation><mixed-citation xml:lang="en">Charaf Н. A colored Petri-net model for control execution of distributed systems / H. Charaf, S. Azzouzi // 4th International Conference on Control, Decision and Information Technologies (CoDIT). 2017. pp. 277–282.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Jasiul В. Detection and Modeling of Cyber Attacks with Petri Nets / B. Jasiul, M. Szpyrka, J. Sliwa // Entropy. 2014. Vol. 16. Issue 12. pp. 6602–6623.</mixed-citation><mixed-citation xml:lang="en">Jasiul В. Detection and Modeling of Cyber Attacks with Petri Nets / B. Jasiul, M. Szpyrka, J. Sliwa // Entropy. 2014. Vol. 16. Issue 12. pp. 6602–6623.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Network security analyzing and modeling based on Petri net and Attack tree for SDN / Y. Linyuan [and others] // 2016 International Conference on Computing, Networking and Communications (ICNC). — 2016. pp. 133–187.</mixed-citation><mixed-citation xml:lang="en">Network security analyzing and modeling based on Petri net and Attack tree for SDN / Y. Linyuan [and others] // 2016 International Conference on Computing, Networking and Communications (ICNC). 2016. pp. 133–187.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Павловский Ю.Н. Имитационные модели и системы / Ю.Н. Павловский. — М.: Фазис: ВЦ РАН, 2000. С. 134.</mixed-citation><mixed-citation xml:lang="en">Pavlovskiy YU.N. Imitatsionnyye modeli i sistemy / YU.N. Pavlovskiy. — M.: Fazis: VTS RAN, 2000. — S. 134. [Pavlovsky Yu. N. Simulation models and systems / Yu. N. Pavlovsky. M.: Fazis: VC RAN, 2000. 134 p. (In Russ)].</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Краснощёков П.С. Оптимизация в автоматизированном проектировании / П.С. Краснощёков, В.В. Морозов, Н.М. Попов. М.: МАКС Пресс, 2008. 323 с.</mixed-citation><mixed-citation xml:lang="en">Krasnoshchokov P.S. Optimizatsiya v avtomatizirovannom proyektirovanii / P.S. Krasnoshchokov, V.V. Morozov, N.M. Popov. M.: MAKS Press, 2008. 323 s. [Krasnoshchekov P.S. Optimization in computer-aided design / P.S. Krasnoshchekov, V.V. Morozov, N.M. Popov. M.: MAKS Press. ] 2008. 323 p. (In Russ)]</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Nikishin K. Implementation of time-triggered ethernet using colored Petri NET / K. Nikishin, N. Konnov, D. Pashchenko // International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). 2017. pp. 1–5.</mixed-citation><mixed-citation xml:lang="en">Nikishin K. Implementation of time-triggered ethernet using colored Petri NET / K. Nikishin, N. Konnov, D. Pashchenko // International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). 2017. рр. 1–5.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Korniyenko B.Y. Design and research of mathematical model for information security system in computer network / B.Y. Korniyenko, L.P. Galata // Science-Based Technologies. 2017. Vol. 34. Issue 2. pp. 114–118.</mixed-citation><mixed-citation xml:lang="en">Korniyenko B.Y. Design and research of mathematical model for information security system in computer network / B.Y. Korniyenko, L.P. Galata // Science-Based Technologies. 2017. Vol. 34. Issue 2. pp. 114–118.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">White S.C. Comparison of Security Models: Attack Graphs Versus Petri Nets / S.C. White, S.S. Sarvestani // Advances in Computers. 2014. Vol. 94. pp. 1–24.</mixed-citation><mixed-citation xml:lang="en">White S.C. Comparison of Security Models: Attack Graphs Versus Petri Nets / S.C. White, S.S. Sarvestani // Advances in Computers. 2014. Vol. 94. pp. 1–24.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
