To formulate the problem, we consider some initial conditions. Such conditions for us will create a model of the expected behavior of the potential offender.
The behavior model of a potential intruder
An infringement is an attempt of unauthorized access to any part of the information to be protected that is stored, processed and transmitted in the information system.
Since the time and place of manifestation of intentional unauthorized access is impossible to predict, it is advisable to recreate some model of behavior of a potential intruder, assuming the most dangerous situation:
- the intruder may appear at any time and anywhere on the perimeter of the information system;
- a) the intruder may appear at any time and anywhere on the perimeter of the information system;
- b) the qualification and awareness of the violator may be at the level of the developer of this system;
- c) permanently stored information about the principles of the system, including secret information, is known to the violator;
- d) in order to achieve his goal, the violator will choose the weakest link in the defense;
- e) not only an outsider, but also a legitimate user of the system can be a violator;
- g) the offender acts alone.
This model allows you to determine the source data for building protection and outline the basic principles of its construction.
According to subsection “a”, it is necessary to build a permanent closed loop (or shell) of protection (perimeter) around the subject of protection.
According to paragraph “b”, the properties of the barrier constituting the protection should, as far as possible, correspond to the expected qualifications and awareness of the offender.
According to paragraph “c,” variable secret information known only to him is required to enter the system of a legitimate user.
According to paragraph “d”, the final strength of the protective circuit is determined by its weakest link.
According to paragraph “e”, if there are several legitimate users, it is useful to ensure that their access to information is delimited in accordance with the powers and functions performed, thus realizing the principle of least awareness for each user in order to reduce damage if one of them is irresponsible. It also follows that the calculation of the strength of protection should be made for two possible initial positions of the intruder:
- outside the controlled territory (perimeter);
- inside her.
According to subsection “g”, we also consider, as the initial premise, that there is only one intruder, since protection from a group of intruders is the task of the next stage of research. However, this does not exclude the possibility of protection by the proposed methods and means against such situations, although such a task is much more complicated. Moreover, a group of violators is understood as a group of people performing one task under general leadership.
However, for the various purposes and principles of building information systems, the type and value of the information processed in them, the most “dangerous” behavior model of a potential intruder can also be different. For military systems, this is the level of a professional intelligence officer, for commercial systems, it is the level of a qualified user, etc. For medical systems, for example, most likely, protection against spurious electromagnetic radiation and interference is not required, but protection against user irresponsibility is simply necessary. It is obvious that in order to protect information from a more qualified and knowledgeable intruder, it will be necessary to consider a larger number of possible channels of unauthorized access and apply a larger number of security features with higher strength indicators.
Based on the above, a differentiated approach is appropriate for choosing the initial model of behavior of a potential violator. Since the qualification of the violator is a very relative and approximate concept, it is possible to take four security classes as a basis:
- Grade 1 is recommended to protect vital information, leakage, destruction or modification of which can lead to large losses for the user. The strength of the defense must be designed for the professional offender;
- The 2nd class is recommended to be used to protect important information during the work of several users who have access to different data arrays or who create their own files that are not accessible to other users. Strength of protection should be designed for a highly qualified violator, but not for a professional cracker;
- Grade 3 is recommended to protect relatively valuable information, the constant unauthorized access to which through its accumulation can lead to leakage and more valuable information. At the same time, the strength of protection should be designed for a relatively qualified violator-non-professional;
- Grade 4 is recommended to protect other information that is not of interest to serious violators. However, its necessity is dictated by the observance of the technological discipline of accounting and processing information for official use in order to protect against accidental violations as a result of users’ irresponsibility and some security against cases of intentional unauthorized access.
The implementation of the listed security levels should be ensured by a set of appropriate security measures that block a certain number of possible unauthorized access channels in accordance with the expected class of potential violators. The security level of protection within the class is ensured by a quantitative assessment of the strength of individual protective equipment and an assessment of the strength of the protection circuit against intentional unauthorized access using the calculation formulas, the conclusion of which is given below.