Modeling of Operation of Information System for Critical Use in the Conditions of Influence of a Complex Certain Negative Factor

Abstract

The development of the infosphere is accompanied by a proportional increase in the amount of personalized information and the threats of unauthorized access to it. This confrontation is especially acute when it comes to the resources of information systems for critical use (ISCU), unauthorized access to which can cause significant material or human losses. The specificity of ISCU determines the only rational way of evolution of means of ensuring their dependability — the mathematical modeling of the process of operation of the studied systems under the influence of certain negative factors. When determining a certain negative factor, the authors rely on the hierarchical classification of modern cyber threats presented in the specialized database of the Open Web Application Security Project (OWASP). The article presents an improved Markov mathematical model of operation of ISCU in the conditions of aggressive cyberphysical space in which, in contrast to the existing ones, the process of confrontation of the information protection subsystem of the studied system and the complex certain negative factor is analytically formalized. The proposed model takes into account that the interdependent components of the complex negative factor were created by cyber-attackers with a focus on invulnerability to individual protection schemes. The authors consider a complex negative factor as an ordered interconnected sequence of certain negative factors. An applied result of mathematical modeling is analytical equations in the first approximation to calculate the time to failure of the studied system, which operates under the influence of complex negative factor, and stochastic description of the allowable states in which the studied system may be at any discrete time. © 2022, ICROS, KIEE and Springer.