Authors E.N. Tishenko, K.A. Butsik, V.V. Derevyashko
Month, Year 05, 2015 @en
Index UDC 004.771
Abstract The article describes the concept and logical model of a trusted network boot for operating system image to prevent insider’s attacks. The model is developed for existing automated systems of client-server architecture with terminal access, built on thin client technology (PXE network boot and link 100 / 1000Base-TX). The article presents the results of the analysis of traditional models and methods of a trusted network boot and insider’s opportunities for their deception. Traditional model means the use of specialized software and hardware software modules of trusted boot, as well as modification of software BIOS (UEFI). For each method (model) are determined an actual directions (vectors) insider"s attacks that determines a disadvantages of this method. The conception and technological state of a new model of trusted network boot without such deficiencies are defined as the analysis results. The basis of the new model is control of time slots of regular requests exchanging between the workstation and the server. The new model is based on a peripheral network modules and a central controller in conjunction with workstations and servers respectively. This method allows you to control the state of the firewall and the network boot server and provides blocking network traffic of protected sites of the automated system in case of activity characteristic of insider attacks. The research findings indicate: a) structure and technology of the new model realization; b) algorithm of the new model; c) examples of neutralizing insider"s attacks that are successful in case of using of traditional models and methods.

Download PDF

Keywords “Thin-client”; terminal operating system; trusted (secure) network boot; peripheral network module; special network controller; non-cryptographic methods of information security.
References 1. Nasimuddin A., Shekhar T., Neeraj A. Practical Handbook Of Thin-Client Implementation, New Age International, 2005, pp. 214.
2. Schastnyy D.Yu. Postroenie sistem zashchity ot nesanktsionirovannogo dostupa k termi-nal'nym sistemam [Building systems to protect against unauthorized access to the terminal systems], Informatsionnaya bezopasnost' [Information Security], 2008, No. 2, pp. 48-49.
3. Mukha M.D. Sistema kontrolya tselostnosti i autentichnosti obrazov operatsionnykh sistem, zagruzhaemykh po seti [Control system the integrity and authenticity of the operating system images that are downloaded over the network], Kompleksnaya zashchita informatsii: Sbornik mat. XII Mezhdunarodnoy konferentsii (Yaroslavl', 13–16 maya 2008 g.) [Integrated data protection: proceedings of the XII International conference (Moscow, 13-16 may 2008)]. Moscow, 2008, pp. 139-140.
4. Kohlenberg T., Ben-Shalom O., Dunlop J., Rub J. Evaluating Thin-Client Security in a Changing Threat Landscape, Intel Information Technology. Business Solutions, 2010, pp. 8.
5. Kelly E. Thin Client 280 Success Secrets. Emereo Publishing, 2014, 206 p.
6. Derevyashko V.V., Butsik K.A. Problemy zashchity informatsii ot nesanktsionirovannogo dostupa, sovremennye sredstva zashchity ot NSD, perspektivy i puti dal'neyshego razvitiya SZI ot NSD [Problems of information protection against unauthorized access, a modern means of protection against unauthorized access, Outlook, and ways of further development of GIS from unauthorized access], Aktual'nye voprosy informatsionnoy bezopasnosti regionov v usloviyakh globalizatsii informatsionnogo prostranstva: Sbornik mat. III Vserossiyskoy nauch.-prakt. konferentsii (Volgograd, 24–25 aprelya 2014 g.) [Current issues of information security of regions in the conditions of globalization of information space: Collection of materials of the III all-Russian scientific-practical conference (Volgograd, April 24-25, 2014). Volgograd, 2014, pp. 201-206.
7. Wojtczuk R., Kallenberg C. Attacks on UEFI security, inspired by Darth Venamis's misery and Speed Racer, CanSecWest.Vancouver, 2015.
8. Yusupov R. Mozhno li zashchitit'sya ot slezhki i krazhi dannykh pri ispol'zovanii informatsionnykh tekhnologiy? [Is it possible to defend against spying and data theft when using information technology?], Mezhdunarodnaya spetsializirovannaya vystavka-konferentsiya po informatsionnoy bezopasnosti Infobez-expo [International specialized exhibition-conference of information security Infobez-expo], 2013, 17 p.
9. Schastnyy D.Yu. Apparatnaya zashchita terminal'nykh sessiy [Hardware protection terminal sessions], Kompleksnaya zashchita in-formatsii: Cbornik mat. X Mezhdunarodnoy konferentsii (Suzdal', 4–7 apr. 2006 g.). [Integrated data protection: proceedings of the X International conference (Suzdal, 4-7 April 2006)]. Minsk, 2006, pp135-136.
10. Sinyakin S.A. Osobennosti sovmestimosti AKKORD-AMDZ i sovremennykh SVT [Features compatibility CHORD-ASGM and modern SVT], Kompleksnaya zashchita informatsii: Sbornik mat. XVIII Mezhdunarodnoy konferentsii (Brest, 21–24 maya 2013 g.) [Comprehensive protection of information: a Compilation of the Mat. XVIII International conference (Brest, 21-24 may 2013)]. Brest, 2013, pp. 102-105.
11. Schastnyy D.Yu. Terminal'nye klienty: nachala zashchity [Terminal clients: start protection], Kompleksnaya zashchita informatsii: Sbornik mat. XIV Mezhdunarodnoy konferentsii (Minsk, 19-22 maya 2009 g.) [Comprehensive protection of information: a Compilation of the Mat. XIV International conference (Minsk, may 19-22, 2009)]. Minsk, 2009, pp. 210-211.
12. Dudarev D.A., Poletaev V.M., Poltavtsev A.V., Romantsev Yu.V., Syrchin V.K. Ustroystvo sozdaniya doverennoy sredy dlya komp'yuterov informatsionno-vychislitel'nykh sistem [The device creating trusted environments for computers, information and computing systems]. Patent RF No. 2013131871/08, 11.07.2013.
13. Reynolds G., Schwarzbacher A. Th. Reducing IT Costs through the Design and Implementation of a Thin Client Infrastructure in Educational Environments, IEE Irish Signals and Systems Conference. Dublin, 2006, pp. 28-30.
14. Chugrinov A.V. Doverennye seansy svyazi i sredstva ikh obespecheniya [Trusted sessions and their means of support], Informatsionnaya bezopasnost' [Information Security], 2010, No. 4, pp. 54-55.
15. Tekhnologiya «Zashchishchennyy tonkiy klient» [Technology "Secure thin client”, Prezentatsiya kompanii «ANCUD» [Company presentation "ANCUD"]. Available at: (Accessed 13 November 2014).
16. Gatchin Yu.A., Teploukhova O.A. Realizatsiya kontrolya tselostnosti obraza operatsionnoy sistemy, zagruzhaemogo po seti na tonkiy klient [Implementation monitoring the integrity of the operating system image that is loaded over the network to the thin client], Sbornik tezisov dokladov kongressa molodykh uchenykh. Elektronnoe izdanie [The book of abstracts of the Congress of young scientists. Electronic edition]. St. Petersburg: Universitet ITMO, 2015.
17. Hocking M. Feature: Thin client security in the cloud, Network Security, 2011, Issue 6, pp. 17-19.

Comments are closed.