St Petersburg Institute For Informatics And Automation Spiiras

Saint Petersburg, Russia

St Petersburg Institute For Informatics And Automation Spiiras

Saint Petersburg, Russia
SEARCH FILTERS
Time filter
Source Type

Desnitsky V.,St Petersburg Institute For Informatics And Automation Spiiras | Levshun D.,St Petersburg Institute For Informatics And Automation Spiiras | Chechulin A.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,St Petersburg Institute For Informatics And Automation Spiiras
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications | Year: 2016

As elements of complex information systems, embedded devices define informational and physical connections between the level of software control of the system on the one hand, and its technical environment and users on the other. Operating in a potentially volatile and untrusted cyber-physical environment, using insufficiently secure communication channels and sensors as well as various external influences cause such devices are subject to specific attacking actions. As a result the design of such systems is a challenging task often requiring expert based solutions. The main contribution of the paper is a design technique for secure embedded devices on the basis of combinations of security components, optimization approach and developed software tools for decision making support. The correctness of the technique is confirmed by its use in the development of the integrated cyberphysical security system. © 2016, Innovative Information Science and Technology Research Group. All rights reserved.


Saenko I.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,St Petersburg Institute For Informatics And Automation Spiiras
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2010

The paper presents the formulation of the problem of access control to information resources located in virtual local area networks. We define the initial data, the objective function and constraints of the problem. To solve the proposed problem we suggest the method of genetic optimization of access control scheme based on the poly-chromosomal representation of intermediate points. The results of computer simulation and evaluation of the proposed method are discussed. © Springer-Verlag 2010.


Desnitsky V.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,St Petersburg Institute For Informatics And Automation Spiiras
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2010

The paper outlines to the problem of correlation between security and scalability of software protection against tampering based on the remote entrusting principles. The goal of the paper is to propose a technique allowing choosing the most effective combination of different protection methods to apply. The technique is aimed at finding a trade-off between performance of the protection mechanism and its security, ensuring both a necessary security level and an appropriate scalability. The technique encompasses the evaluation of particular protection methods belonging to the whole protection mechanism and getting quantitative metrics of their performance and security level. © Springer-Verlag 2010.


Saenko I.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,St Petersburg Institute For Informatics And Automation Spiiras
Studies in Computational Intelligence | Year: 2016

Virtual local area networks (VLAN) is a well-known technology of computer security in heterogeneous network infrastructures. It does not require significant computing resources. For this reason, it should find success in Internet of things. The VLAN access control scheme formation is divided into the tasks of initial configuration and reconfiguration. The paper presents an approach to the reconfiguration of VLAN access control schemes based on the improved class of genetic algorithms. Unlike the initial configuration, the reconfiguration additionally uses the previous access control scheme as input. Its search criterion is focused on minimizing the possible changes in the previous scheme. The paper shows that this problem is a special form of the Boolean matrix factorization. Main enhancements relate to generation of the initial population based on trivial solutions, using the columns of the connectivity matrix as the genes of chromosomes and applying in the fitness function the criterion of minimal cost to modify the access scheme. Experimental results demonstrate the proposed genetic algorithm has a high enough effectiveness. © Springer International Publishing Switzerland 2016.


Saenko I.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,St Petersburg Institute For Informatics And Automation Spiiras
Proceedings - 19th International Euromicro Conference on Parallel, Distributed, and Network-Based Processing, PDP 2011 | Year: 2011

The paper proposes a new approach to solve role mining problem in role-based access control systems. This approach is founded on applying genetic algorithms as heuristic optimization methods that are effectively used when the search space is too huge to be fully explored. To realize genetic algorithms, we propose some important novelties: having many chromosomes by individuals, presentation of genes as complex objects, dividing selection and mutation into several phases, accounting data confidentiality and availability in fitness functions and other. Proposed genetic algorithms were tested on randomly generated data sets for "basic" and "edge" role mining problems. The test results allow to assert that genetic algorithms may be successfully applied to efficiently solve main kinds of role mining problems. © 2011 IEEE.


Doynikova E.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,St Petersburg Institute For Informatics And Automation Spiiras
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2016

The paper suggests an approach to countermeasure selection that is based on the application of quantitative risk metrics. The approach incorporates several techniques. These techniques differ for the static and dynamic modes of operation of the security analysis and countermeasure selection component. The techniques consider available input data on the network security state. The approach is based on the application of open standards for unified specification of security data, application of attack graphs and service dependency graphs to calculate different security metrics, and takes into account events and information from security information and events management (SIEM) systems. © Springer International Publishing Switzerland 2016.


Fedorchenko A.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,St Petersburg Institute For Informatics And Automation Spiiras | Chechulin A.,St Petersburg Institute For Informatics And Automation Spiiras
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications | Year: 2015

Security evaluation systems usually use various information sources to estimate computer network security. One of the important tasks in these systems is integration and storage of information from various sources. The paper is devoted to investigation and development of models and methods to integrate open security databases into one repository. The model of integration proposed in the paper helps to improve the accuracy of attack detection systems. As sources for security information, different open databases of vulnerabilities, exploits, and dictionaries of products are used, and open databases of weaknesses, attack patterns and configurations are planned to be used. The object of research and development is the mechanisms intended to bind and combine heterogeneous security information. We propose the structure of the integrated repository and the model of security information integration, describe the repository implementation and analyze the results of experiments with the repository. © 2015 Innovative Information Science and Technology Research Group All Rights Reserved.


Kolomeets M.,St Petersburg Institute For Informatics And Automation Spiiras | Chechulin A.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,St Petersburg Institute For Informatics And Automation Spiiras
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2016

In this paper we propose an approach to the development of the computer network visualization system for security monitoring, which uses a conceptually new model of graphic visualization that is similar to the Voronoi diagrams. The proposed graphical model uses the size, color and opacity of the cell to display host parameters. The paper describes a technique for new graphical model construction and gives examples of its application along with traditional graph based and other models. © IFIP International Federation for Information Processing 2016.


Desnitsky V.,St Petersburg Institute For Informatics And Automation Spiiras | Kotenko I.,Institute of Information Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2014

The sweeping growth of the amount of embedded devices together with their extensive spread pose extensively new design challenges for protection of embedded systems against a wide set of security threats. The embedded device specificity implies combined protection mechanisms require effective resource consumption of their software/hardware modules. At that the design complexity of modern embedded devices, characterized by the proper security level and acceptable resource consumption, is determined by a low structuring and formalization of security knowledge. The paper proposes an approach to elicit security knowledge for subsequent use in automated design and verification tools for secure systems with embedded devices. © IFIP International Federation for Information Processing 2014.


Kotenko I.,Institute of Information Security | Doynikova E.,St Petersburg Institute For Informatics And Automation Spiiras
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications | Year: 2014

The paper is devoted to the security assessment problem. Authors suggest an approach to the security assessment based on the attack graphs that can be implemented in contemporary Security Information and Event Management (SIEM) systems. Key feature of the approach consists in the application of the developed security metrics system based on the differentiation of the input data for the metrics calculations. Input data includes, among others, current events from the SIEM system. Proposed metrics form the basis for security awareness and reflect current security situation, including development of attacks, attacks sources and targets, attackers’ characteristics. The suggested technique is demonstrated on a case study. © 2014, Innovative Information Science and Technology Research Group. All rights reserved.

Loading St Petersburg Institute For Informatics And Automation Spiiras collaborators
Loading St Petersburg Institute For Informatics And Automation Spiiras collaborators