Models of socio-cyber-physical systems security

The development of technologies and computing resources has not only expanded the range of digital services in all spheres of human activity, but also determined the range of targeted cyber attacks. Targeted attacks are aimed at destroying not only the business structure, but also its individual components that determine critical business processes. The continuity of such business processes is a critical component of any company, organization or enterprise of any form of ownership, which has a critical impact on making a profit or organizing production processes. The proposed concept of determining the security level of critical business processes is based on the need to use multiloop information security systems. This makes it possible to ensure the continuity of critical business processes through a timely objective assessment of the level of security and the timely formation of preventive measures. This approach is based on the proposed rules for determining the reach of a given security level, based on assessments of the integrity, availability and confidentiality of information arrays, as well as computer equipment for different points of the organization's business processes. The issues of applying situational management methods to ensure the safe functioning of objects of socio-cyberphysical systems, logical and transformational rules that form the foundation for building a situational type cybersecurity management system are considered. One of the main tasks of systems of this type is described – the task of replenishing the description of the situation. The use of pseudophysical logics, various types of pseudophysical logics, the method of their construction and their interconnection are proposed. Particular attention is paid to causal pseudophysical logic, as the least developed for the purposes of ensuring cybersecurity. The formation of smart technologies, as a rule, uses the wireless standards of communication channels IEEE 802.11X, IEEE 802.15.4, IEEE 802.16, which use only authentication protocols and privacy mechanisms that are formed on the basis of symmetric algorithms. In the conditions of the post-quantum period (the appearance of a full-scale quantum computer), the stability of such algorithms is questioned. Such systems, as a rule, are formed on the basis of the synthesis of socio-cyber-physical systems and cloud technologies, which simplifies the implementation of Advanced Persistent Threat attacks, both on the internal loop of control systems and on the external one. The proposed creation of multi-circuit information protection systems allows for an objective assessment of the flow state of the system as a whole and the formation of preventive measures against cyber threats. In the thied chapter, models of probable threats and information protection in public networks are proposed. The most general model of the formal description of the protection system is the model of the security system with full overlap, in which a complete list of protection objects and threats to information is determined, and means of ensuring security are determined from the point of view of their effectiveness and contribution to ensuring the security of the entire telecommunications system. It is also shown that the combination of four models (M1, M2, M3, M4) in various variants provides wide opportunities for modeling various known types of threats and their implementation. However, in connection with the continuity of the process of developing new and improving existing methods and means of implementing threats, it is necessary to use such approaches to ensuring information protection that allow detecting and preventing threats of unknown types and carrying out dynamic correction of protection behavior, adapting it to specific application conditions. The M5 basic model is described, which enables continuous refinement of threat classes and response measures, and continuous training of the adaptive component of the CSI, which, in turn, detects and prevents threats of unknown types. The M6 basic model is introduced with the aim of obtaining higher security due to the presence of a special module of internal diagnostics that diagnoses the entire protection system, decides on the correction of the SHI behavior algorithm, and makes it possible to achieve SHI fault tolerance; a special module that diagnoses the communication channel with subsequent changes in the level of protection, allows to achieve the adaptability of the SHI. The fourth chapter is deal with the development of cryptographic primitives based on cellular automata. The definition of a cellular automaton is given and the elementary rules of intercellular interaction are described. A number of generators of pseudorandom binary sequences have been developed based on a combination of elementary rules of intercellular interaction, as well as cell interaction according to a rule of our own development. In the “cryptographic sponge” architecture, a cryptographic hashing function with a shuffling function based on cellular automata was developed and its statistical characteristics and avalanche effect were investigated. A block cipher in the SP-network architecture is constructed, in which cellular automata are used to deploy the key, and the encryption process is based on elementary procedures of replacement and permutation. Substitution blocks are used from the well-known AES cipher, a description of a stream cipher is given, where a personal computer keyboard and mouse are used as the initial entropy. Random data received from the specified devices is processed by a proprietary hashing function based on a "cryptographic sponge". All developed cryptographic functions and primitives demonstrated good statistical characteristics and avalanche properties. The fifth chapter proposes a methodology for analyzing the quality of the mechanism for validating the identified vulnerabilities of a corporate network, which is based on integral equations that take into account the quantitative characteristics of the vulnerability validation mechanism under study at a certain point in time. This technique allows you to build the laws of distribution of quality indicators of the vulnerability validation process and quantify the quality of the mechanism for validating detected vulnerabilities, which allows you to monitor and control the validation of identified vulnerabilities in real time during active security analysis. A method is proposed for constructing a fuzzy knowledge base for making decisions when validating vulnerabilities of software and hardware platforms with an active analysis of the security of a target corporate network based on the use of fuzzy logic, which makes it possible to provide reliable information about the quality of the mechanism for validating vulnerabilities indirectly. The constructed knowledge base allows you to form decisive decision-making rules for the implementation of a particular attacking action, which allows you to develop expert systems to automate the decision-making process when validating the identified vulnerabilities of target information systems and networks. An improved method of automatic active security analysis is proposed, which, based on the synthesis of the proposed models, techniques and methods, allows, in contrast to the existing ones, to abstract from the conditions of dynamic changes in the environment, i.e. constant development of information technologies, which leads to an increase in the number of vulnerabilities and corresponding attack vectors, as well as an increase in ready-to-use exploits of vulnerabilities and their availability, and take into account only the quality parameters of the vulnerability validation process itself.