FUNCTIONAL PERFORMANCE INDICATORS DURING SYSTEMS DEVELOPMENT TO PROTECT INFORMATION FROM UNAUTHORISED ACCESS

Objectives. In order to investigate the property of the operational effectiveness of automated systems for protecting information from unauthorised access, it is necessary to analyse the normative documents (both international and Russian) and scientific materials devoted to the evaluation of software quality. The aim of the study consists in the analysis of the existing deficiencies in systems for protecting information from unauthorised access, on the basis of which analysis it is possible to develop performance indicators, substantiate and develop the criteria for assessing the operational effectiveness of the information protection systems from unauthorised access in automated information systems  and develop an algorithm for the integrated evaluation of the operational effectiveness of information protection systems on the basis of the established criteria and indicators.

Methods. One of the methods for solving the set goals consists in the main provisions of efficiency and systems theories, which in turn became the theoretical basis for solving problems involved in the creation of criteria and assessment of performance indicators of information protection systems.

Results. The criteria and performance indicators for the creation of automated information systems are developed on the basis of the analysis of open literature sources and existing shortcomings in the real use of systems for protecting information from unauthorised access. An algorithm for the integrated evaluation of the operational effectiveness of the information protection systems is developed.

Conclusion. In the article, based on the analysis of normative documents (both international and Russian), as well as on the scientific materials devoted to the quality (function efficiency) of complex software systems, to which the information protection systems can be related, a system of performance indicators was developed. These can be indicators can be classified as partial (static, practically independent of time, the evaluation of which is based on expert estimates) and integral (dynamic, time-dependent, the evaluation of which is based on mathematical modeling).

1. FSTEK Rukovodyashchii dokument Zashchita ot nesanktsionirovannogo dostupa k informatsii. Terminy i opredeleniya. URL: https://fstec.ru/component/attachments/download/298 (data obrashcheniya: 26.02.2018). [FSTEK Guidance document Protection against unauthorized access to information. Terms and Definitions. URL: https://fstec.ru/component/attachments/download/298 (access date: 26.02.2018). (In Russ.)]

2. Gerasimenko V.G. Problemy obespecheniya informatsionnoi bezopasnosti pri ispol'zovanii otkrytykh informatsionnykh tekhnologii v sistemakh kriticheskikh prilozhenii. Informatsiya i bezopasnost': Region. nauch.-tekhn. vestnik. Voronezh: VGTU. 1999;4:66 - 67. [Gerasimenko V.G. Problems of ensuring information security when using open information technologies in critical application systems. Information and Security: Region. nauch.-tekhn. vestnik. Voronezh: VGTU. 1999;4:66 - 67. (In Russ.)]

3. Rogozin E.A., Popov A D., Shagirov T.V. Proektirovanie sistem zashchita informatsii ot nesanktsionirovannogo dostupa v avtomatizirovannykh sistemakh organov vnutrennikh del. Vestnik Voronezhskogo instituta MVD Rossii. 2016;2:174 - 183. [Rogozin E.A., Popov A D., Shagirov T.V. Designing systems to protect information from unauthorized access in automated systems of internal affairs bodies. The Bulletin of the Voronezh Institute of the Ministry of Internal Affairs of Russia. 2016;2:174 - 183. (In Russ.)]

4. Petukhov G.B., Yakunin V.I. Metodologicheskie osnovy vneshnego proektirovaniya tselenapravlennykh protsessov i tseleustremlennykh sistem. M: ACT; 2006. 504 s. [Petukhov G.B., Yakunin V.I. Methodological bases of external designing of purposeful processes and purposeful systems. M: ACT; 2006. 504 p. (In Russ.)]

5. Avduevskii V.S. i dr. Nadezhnost' i effektivnost' v tekhnike: T. 1 Metodologiya. Organizatsiya. Terminologiya. Pod red. A.I. Rembezy. M: Mashinostroenie; 1986. 224 s. [Avduevskii V.S. et al. Reliability and efficiency in technology: V. 1 Methodology. Organisation. Terminology. A.I. Rembeza (Ed.). M: Mashinostroenie; 1986. 224 p. (In Russ.)]

6. Drobin V.U. i dr. Nadezhnost' i effektivnost' v tekhnike: T. 3 Effektivnost' tekhnicheskikh sistem. Pod red. V.F. Utkina, Yu. V. Kryuchkova. M: Mashinostroenie; 1988. 328 s. [Drobin V.U. et al. Reliability and efficiency in technology: V. 3 Efficiency of technical systems. V.F. Utkin, Yu. V. Kryuchkov (Eds.). M: Mashinostroenie; 1988. 328 p. (In Russ.)]

7. FSTEK RF. Rukovodyashchii dokument. Kontseptsiya zashchity sredstv vychislitel'noi tekhniki i avtomatizirovannykh sistem ot nesanktsionirovannogo dostupa k informatsii. URL: https://fstec.ru/component/attachments/download/299 (data obrashcheniya: 26.02.2018). [FSTEK of the Russian Federation. Guidance document. The concept of protecting computer facilities and automated systems from unauthorised access to information. URL: https://fstec.ru/component/attachments/download/299 (access date: 26.02.2018). (In Russ.)]

8. GOST 28806-90 Kachestvo programmnykh sredstv. Terminy i opredeleniya. URL: http://www.kimmeria.nw.ru/standart/glosys/gost_28806_90.pdf (data obrashcheniya: 23.02.2018). [GOST 28806-90 The quality of software. Terms and Definitions. URL: http://www.kimmeria.nw.ru/standart/glosys/gost_28806_90.pdf (access date: 23.02.2018). (In Russ.)]

9. ISO/IEC TR 9126-2:2003 Software engineering – Product quality – Part 2: External metrics. URL: https://www.iso.org/standard/22750.html (access date: 26.02.2018).]

10. ISO/IEC TR 9126-3:2003 Software engineering – Product quality – Part 3: Internal metrics. URL: https://www.iso.org/standard/22891.html (access date: 26.02.2018)

11. ISO/IEC TR 9126-4:2004 Software engineering – Product quality – Part 4: Quality in use metrics. URL: https://www.iso.org/standard/39752.html (access date: 26.02.2018).

12. SZI ―Strazh NT‖. Rukovodstvo administratora. URL: http://www.guardnt.ru/download/doc/admin_guide_nt_3_0.pdf (data obrashcheniya: 23.02.2018). [SZI ―Strazh NT‖. Administrator's guide. URL: http://www.guardnt.ru/download/doc/admin_guide_nt_3_0.pdf (access date: 23.02.2018). (In Russ.)]

13. Sistema zashchity informatsii ot nesanktsionirovannogo dostupa ―Strazh NT‖. Opisanie primeneniya. URL: http://www.rubinteh.ru/public/opis30.pdf (data obrashcheniya: 23.02.2018). [System to protect information from unauthorised access ―Strazh NT‖. Description of the application. URL: http://www.rubinteh.ru/public/opis30.pdf (access date: 23.02.2018). (In Russ.)]

14. Lipaev V. V. Kachestvo programmnykh sredstv. Metodicheskie rekomendatsii. Pod. red. A. A. Polyakova. M.: YanusK; 2002. 400 s. [Lipaev V. V. The quality of software. Guidelines. A. A. Polyakov (Ed.). M.: Yanus-K; 2002. 400 p. (In Russ.)]

15. Boem B., Braun Dzh., Kaspar Kh. i dr. Kharakteristiki kachestva programmnogo obespecheniya. M.: Mir; 1981. 208 s. [Boem B., Braun Dzh., Kaspar Kh. et al. Characteristics of software quality. M.: Mir; 1981. 208 p. (In Russ.)]

16. Chernikov B.V., Poklonov B.E. Otsenka kachestva programmnogo obespecheniya: Praktikum: uchebnoe posobie. M.: ID ―FORUM‖: INFRA-M; 2012. 400 s. [Chernikov B.V., Poklonov B.E. Evaluation of software quality: Workshop: a tutorial. M.: ID ―FORUM‖: INFRA-M; 2012. 400 p. (In Russ.)]

17. Gerasimenko V.A., Malyuk A.A. Osnovy zashchity informatsii Moskva: MIFI; 1997. 537 s. [Gerasimenko V.A., Malyuk A.A. Fundamentals of Information Security: MIFI; 1997. 537 p. (In Russ.)]

18. GOST R 50922–2006 Zashchita informatsii. Osnovnye terminy i opredeleniya. M.: Standartinform; 2006. 12 s. [GOST R 50922–2006 Information protection. Basic terms and definitions. M.: Standartinform; 2006. 12 p. (In Russ.)]

19. Yusupov R.M., Musaev A.A. Osobennosti otsenivaniya effektivnosti informatsionnykh sistem i tekhnologii. Trudy SPIIRAN. 2017; 2(51):5 - 34. [Yusupov R.M., Musaev A.A. Features of the evaluation of the effectiveness of information systems and technologies. Collected works of SPIIRAN. 2017; 2(51):5 - 34. (In Russ.)]

20. Wang H., Fang D., Li J., Chang Y., Yu L. The Research and Discussion on Effectiveness Evaluation of Software Protection. 12th International Conference on Computational Intelligence and Security (CIS) Year: 2016. P. 628 – 632.

21. Wang H., Fang D., Wang N., Tang Z., Chen F., Gu Y. Method to Evaluate Software Protection Based on Attack Modeling. IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing Year: 2013 P. 837 – 844.

22. GOST 25010–2015 Trebovaniya i otsenka kachestva sistem i programmnogo obespecheniya (SQuaRE). Modeli kachestva sistem i programmnykh produktov URL: http://ingraf.su/wp-content/uploads/GOST-R-ISO-MEK25010-2015.pdf (data obrashcheniya: 21.02.2018). [GOST 25010–2015 Requirements and assessment of the quality of systems and software (SQuaRE). Models of quality of systems and software products. URL: http://ingraf.su/wpcontent/uploads/GOST-R-ISO-MEK-25010-2015.pdf (access date: 21.02.2018). (In Russ.)]

23. McCall J.A., Richards P.K., Walters G.F. Factors in Software Quality: Metric Data Collection and Validation. Final Technical Report. Vol. 2. National Technical Information Service, Springfield. 1977.

24. McCall J.A., Richards P.K., Walters G.F. Factors in Software Quality: Preliminary Handbook.

25. FEA Consolidated Reference Model Document.

26. Drovnikova I.G., Meshcheryakova T.V., Popov A.D, Rogozin E.A., Sitnik S.M. Matematicheskaya model' otsenki effektivnosti sistem zashchity informatsii s ispol'zovaniem preobrazovaniya Laplasa i chislennogo metoda Givensa. Trudy SPIIRAN. 2017;3(52):234 - 258. [Drovnikova I.G., Meshcheryakova T.V., Popov A.D, Rogozin E.A., Sitnik S.M. A mathematical model for evaluating the effectiveness of information security systems using the Laplace transform and the Givens numerical method. Collected works of SPIIRAN. 2017;3(52):234 – 258. (In Russ.)]