Article

Article title DEVELOPMENT OF THE MODELS OF THE PROTECTION OBJECT AND SECURITY THREATS IN THE INFORMATION SYSTEM, BASED ON VIRTUALIZATION TECHNOLOGY
Authors L.R. Tuliganova, I.A. Pavlova, I.V. Mashkina
Section SECTION I. INFORMATION SECURITY RISKS MANAGEMENT
Month, Year 08, 2014 @en
Index UDC 004.934.2
DOI
Abstract Offers structural verbal model that includes four types of resources. Pose and solve the problem of analysis and organization of information on the infrastructure and services virtual segment information system as the object of protection. Developed structural verbal model of security threats implemented in virtual segment. The model format specifies information about the objects of attacks, the threats, the structure of the threat, the ways of its distribution, the possible consequences. Discusses threats that lead to the seizure of control in a virtualization environment at the expense of: violations of the procedure of authentication of subjects of access to the virtual environment, unauthorized access to means of virtualization, virtual machine images, to the hypervisor, attacks on virtual hardware – user physical network information system, users of the virtual network, working with instances on the same physical server and on different physical servers.

Download PDF

Keywords Virtualization technology; model of the object of protection; structural verbal model; threat modeling.
References 1. Ivonin P.V. Bezopasnost' v oblakakh v detalyakh [Security in the cloud is in the details], Bezopasnost' informatsionnykh tekhnologiy [Information Technology Security], 2013, No. 2, pp. 37-40.
2. Demurchev N.G., Ishchenko S.O. Problemy obespecheniya informatsionnoy bezopasnosti pri perekhode na oblachnye vychisleniya [Problems of information security in the transition to cloud computing], Materialy XI Mezhdunarodnoy nauchno-prakticheskoy konferentsii «Informatsionnaya bezopasnost'» [Proceedings of the XI International scientific-practical conference "Information security". Part 1. Taganrog: Izd-vo TTI YuFU, 2010, 256 p.
3. GOST R ХХХХХ – 20 ХХ (proekt, pervaya redaktsiya) «Zashchita informatsii. Trebovaniya po zashchite informatsii, obrabatyvaemoy s ispol'zovaniem tekhnologii virtualizatsii. Obshchie polozheniya» [State Standard R ХХХХХ – 20 ХХ. Protection of information. Requirements for the protection of information processed by using virtualization technology. General provisions]. Available at: https://drive.google.com/file/d/0B5PXq-icGjzLbTd4LVln (accessed 3
April 2014).
4. National Vulnerability Database. Available at: http://nvd.nist.gov/ (accessed 3 April 2014).
5. Riz D. Oblachnye vychisleniya [Cloud computing]: Per. s angl. St. Petersburg: BKhV-Peterburg, 2011, 288 p.
6. Mikheev M.O. Administrirovanie VMware vSphere 5 [Administering VMware vSphere 5]. Moscow: DMK Press, 2012, 508 p.
7. Tikhonov V.A., Raykh V.V. Informatsionnaya bezopasnost': kontseptual'nye, pravovye, organizatsionnye i tekhnicheskie aspekty [Information security: conceptual, legal, organizational and technical aspects]: Uchebnoe posobie [textbook]. Moscow: Gelios ARV, 2006, 528 p.
8. Kort S.S. Teoreticheskie osnovy zashchity informatsii [Theoretical basics of information security]: Uchebnoe posobie [textbook]. Moscow: Gelios ARV, 2004, 240 p.
9. Mashkina I.V. Upravlenie zashchitoy informatsii v segmente korporativnoy informatsionnoy sistemy na osnove intellektual'nykh tekhnologiy [Management of information security in the corporate information system based on intelligent technologies: Dr. of eng. sc. diss]. Ufa, 2009, 354 p.
10. Torokin A.A. Inzhenerno-tekhnicheskaya zashchita informatsii [Engineering and technical protection of information]: Uchebnoe posobie [textbook]. Moscow: Gelios ARV, 2005, 960 p.

Comments are closed.