Methodological approach to quantitative assessment of the security of open operating systems AS of the Internal Affairs Bodies

Abstract

Read online

Objective. The article considers the provisions of the fuzzy logic approach in relation to the method of quantifying the security of open operating systems (OS) of automated systems of the internal affairs bodies of the Russian Federation (AS of the Russian Federation), taking into account possible security threats and the requirements of the standard GOST R ISO/IEC 15408 for leveling possible consequences. Information Message № 240/24/4893 dated October 18, 2016 «On Approval of Information Security Requirements for Operating Systems» of the FSTEC of Russia defines 6 OS security classes. Operating systems corresponding to protection classes 1, 2 and 3 are used in information (automated) systems in which information containing information constituting a state secret is processed, operating systems corresponding to protection classes 4, 5 and 6 are not intended for processing such information. In the presented study, the open operating systems of the AS of the Russian Federation are understood as OS AS, in which information containing information constituting a state secret is not processed. Method. The study was conducted based on the method of analyzing possible security threats to open operating systems, as well as the requirements of GOST R ISO/IEC 15408 standard, using the provisions of fuzzy logic. Result. The result of the automated system for calculating the security index of the analyzed open OS is one of the specified criteria for the degree of security of the OS, based on the provisions of fuzzy logic. Conclusion. The authors propose a method for assessing the security of open OS of the AS of the Russian Federation, based on the provisions of fuzzy logic.

Keywords

• security assessment
• security requirements
• data bank of information security threats
• security indicator
• security criteria
• operating system
• automated calculation system