Methodological approach to quantitative assessment of the security of open operating systems AS of the Internal Affairs Bodies

Objective. The article considers the provisions of the fuzzy logic approach in relation to the method of quantifying the security of open operating systems (OS) of automated systems of the internal affairs bodies of the Russian Federation (AS of the Russian Federation), taking into account possible security threats and the requirements of the standard GOST R ISO/IEC 15408 for leveling possible consequences. Information Message № 240/24/4893 dated October 18, 2016 «On Approval of Information Security Requirements for Operating Systems» of the FSTEC of Russia defines 6 OS security classes. Operating systems corresponding to protection classes 1, 2 and 3 are used in information (automated) systems in which information containing information constituting a state secret is processed, operating systems corresponding to protection classes 4, 5 and 6 are not intended for processing such information. In the presented study, the open operating systems of the AS of the Russian Federation are understood as OS AS, in which information containing information constituting a state secret is not processed. Method. The study was conducted based on the method of analyzing possible security threats to open operating systems, as well as the requirements of GOST R ISO/IEC 15408 standard, using the provisions of fuzzy logic. Result. The result of the automated system for calculating the security index of the analyzed open OS is one of the specified criteria for the degree of security of the OS, based on the provisions of fuzzy logic. Conclusion. The authors propose a method for assessing the security of open OS of the AS of the Russian Federation, based on the provisions of fuzzy logic.

1. Algorithm for calculating the security assessment of operating systems of the AIS OVD, developed on the basis of the analysis of the security requirements of GOST R ISO / IEC 15408 and possible threats / A.I. Yangirov, E.A. Rogozin, O.I. Bokova, S.B. Akhlyustin. Herald of the Daghestan State Technical University. Technical Sciences. 2023;50(3):167-171. - DOI 10.21822/2073-6185-2023-50-3-167-171. - EDN QIOPOE. (In Russ)

2. On the issue of assessing the security of operating systems used in automated information systems of internal affairs bodies. A.I. Yangirov. Security, safety, communication. 2023; 8-3:83-90. – EDN SLCGLG. (In Russ)

3. Calculation of the security assessment of open operating systems based on the analysis of security requirements according to GOST r ISO/IEC 15408 / A.I. Yangirov, E.A. Rogozin // Issues of ensuring security in cyberspace: Proceedings of the All-Russian scientific and technical conference, Makhachkala, 12/16/2022. – Makhachkala: Dagestan State Technical University, 2022;243-248. – EDN EDHHEY. (In Russ)

4. Development of an automated system for calculating the security assessment of operating systems of information systems based on the analysis of security requirements. A.I. Yangirov, E.A. Rogozin, E.Yu. Nikulina, A.V. Kalach . Bulletin of the Voronezh Institute of the Federal Penitentiary Service of Russia. 2022; 4:182-188. – EDN BNBXNZ. (In Russ)

5. Information message of October 18, 2016 No. 240/24/4893 "On approval of the Information Security Requirements for Operating Systems" of the FSTEC of Russia - [Electronic resource] - Access mode. - URL: https://fstec.ru/dokumenty/vse-dokumenty/informatsionnye-i-analiticheskie-materialy/informatsionnoesoobshchenie-fstek-rossii-ot-18-oktyabrya-2016-g-n-240-24-4893 (Accessed: 01.02.2024). (In Russ)

6. Information Security Threat Database - [Electronic resource] - Access mode. - URL: https://bdu.fstec.ru/ (Accessed: 01.02.2024). (In Russ)

7. GOST R ISO/IEC 15408-2-2013. Information technology. Security methods and tools. Information technology security evaluation criteria. Part 2. Security functional components [Electronic resource] – Access mode. – URL: https://docs.cntd.ru/document/1200105710 (Accessed: 27.12.2023). (In Russ)

8. GOST R ISO/IEC 15408-3-2013. Information technology. Security methods and tools. Information technology security evaluation criteria. Part 3. Security assurance requirements [Electronic resource] – Access mode. – URL: https://docs.cntd.ru/document/1200105711 (Accessed: 27.12.2023). (In Russ)