Mathematical model for quantitative assessment of the Security of open operating systems when selecting in the AS of the Internal Affairs Bodies

Objective. The article considers a mathematical model for quantitative assessment of the security of open operating systems (hereinafter referred to as OS) of automated systems of the internal affairs bodies of the Russian Federation (hereinafter referred to as AS OVD RF), developed based on the requirements of the standard GOST R ISO/IEC 15408. Method. The study was conducted based on the methods: analysis of possible threats to the security of open operating systems and the requirements of the standard GOST R ISO / IEC 15408, analysis of hierarchies and applications of fuzzy logic provisions. Result. The result of calculating the security indicator of the analyzed OS is a linguistic indicator of the degree of OS security and an OS security indicator expressed as a percentage. Conclusion. The authors propose a mathematical model for assessing the security of open operating systems when choosing them in the AS OVD RF.

1. GOST R ISO/IEC 15408-1-2012. Information technology. Security techniques. Evaluation criteria for IT security. Part 1. Introduction and general model – [Electronic resource] – Access mode. – URL: https://docs.cntd.ru/document/1200101777 (Date of access: 01.08.2024).

2. GOST R ISO/IEC 15408-2-2013. Information technology. Security techniques. Evaluation criteria for IT security. Part 2. Security functional components – [Electronic resource] – Access mode. – URL: https://docs.cntd.ru/document/1200105710 (Date of access: 01.08.2024).

3. GOST R ISO/IEC 15408-3-2013. Information technology. Security techniques. Evaluation criteria for IT security. Part 3. Security assurance requirements – [Electronic resource] – Access mode. – URL: https://docs.cntd.ru/document/1200105711 (Date of access: 01.08.2024).

4. Algorithmization for calculating the security assessment of ais operating systems of internal affairs bodies, developed on the basis of an analysis of security requirements GOST R ISO/IEC 15408 and possible threats. A.I. Yangirov, E.A. Rogozin, O.I. Bokova, S.B. Ahlyustin. Herald of Daghestan State Technical University. Technical Science. 2023; 50(3):167-171. – DOI 10.21822/2073-6185-2023-50-3-167-171. – EDN QIOPOE.

5. Development of an automated system for calculating the security assessment of operating systems of information systems based on the analysis of security requirements. A.I. Yangirov, E.A. Rogozin, E.Yu. Nikulina, A.V. Kalach. Herald of Voronezh Institute of the Russian Federal Penitentiary Service. 2022;4: 182-188. – EDN BNBXNZ.

6. Databank of information security threats – [Electronic resource] – Access mode. – URL: https://bdu.fstec.ru/ (Date of access: 04.08.2024).

7. Information message dated October 18, 2016 № 240/24/4893 «On approval of Information Security Requirements for operating systems» FSTEC of Russia – [Electronic resource] –Access mode. – URL: https://fstec.ru/dokumenty/vse-dokumenty/informatsionnye-i-analiticheskie-materialy/informatsionnoesoobshchenie-fstek-rossii-ot-18-oktyabrya-2016-g-n-240-24-4893 (Date of access:20.07.2024).

8. The method of calculating the quantitative indicator of security of the automated systems on the basis of GOST R 15408-1-2013 / Drovnikova I.G., Nikitin A.A., Zmeev A.A. // Herald of Voronezh Institute of the Ministry of Internal Affairs of Russia. 2015. №3. URL: https://cyberleninka.ru/article/n/sposob-vychisleniyakolichestvennogo-pokazatelya-zaschischyonnosti- avtomatizirovannyh-sistem-na-osnove-trebovaniy-gost-r-iso-mek15408 (Date of access: 04.08.2024).

9. Development of information security research organization on the basis of method of analysis hierarchy / Е.А. Arefeva, М.А. Safronova, А.V. Nikitina // Tula State University News. Technical sciences. 2016. №11-1. URL: https://cyberleninka.ru/article/n/razrabotka-sistemy-issledovaniyainformatsionnoy-bezopasnosti-organizatsii-na-osnove-metoda-analiza-ierarhii (Date of access: 04.08.2024).

10. Using «General Criteria» for Building Automated Design Systems for Information Security Systems / M.A. Bagaev, M.V. Korotkov, E.A. Rogozin.Voprosyi zaschityi informatsii: nauch.-praktich. zhurnal. M.: FGUP «VIMI», 2003; 4 (63):5–7.

11. On the issue of quantitative assessment of the security of open operating systems AS ATS of the Russian Federation based on the theory of fuzzy logic / A.I. Yangirov, I.M. Yangirov, E.A. Rogozin, S.B. Ahlyustin. Security, safety, communications. 2024;9(1):163-170. – EDN FKQAIL.

12. Protecting Critical Infrastructure from Terrorist Attacks: A Compendium of Best Practices URL: URL:https://www.un.org/securitycouncil/ctc/sites/www.un.org. (Date of access: 10.08.2024).

13. Rules for the categorization of critical information infrastructure objects of the Russian Federation, approved by Decree of the Government of the Russian Federation dated February 8, 2018 № 127 «On approval of the Rules for the categorization of critical information infrastructure objects of the Russian Federation, as well as a list of indicators of criteria for the significance of critical information infrastructure objects of the Russian Federation and their meanings».(In Russ)