Безопасность информационных технологий (Mar 2022)
Method for creating a specialized trusted device for analyzing information in protected operational system
Abstract
This work aims to create a specialized trusted information analysis device (SDU AI) designed to control and filter information when controlling channel-forming means in an automated system in a secure design that processes restricted access information and can transmit information over open (unprotected from unauthorized access) communication channels. With the development of automated systems, automation of functions, including the control of channel-forming means, the security of processed information and the efficiency of tasks are becoming increasingly important. At the same time, in automated systems in protected execution (ASZI), for the organization of operational automated control of channel-forming means, as a rule, it must ensure the interaction of networks varying degrees of confidentiality of the processed information. The object of the study is ASZI processing restricted access information in one network and implementing the exchange of information through open (unprotected from unauthorized access) communication channels with another network. The subject of the study is to assess the possibility of using SDU AI to ensure the possibility of interfacing networks with varying degrees of confidentiality of processed information, performing the functions of monitoring and filtering information when managing channel-forming means. A unified architecture of the SDU AI has been developed. The threats to information security arising from the implementation of information exchange through open communication channels are considered. A method for creating a SDU AI based on trusted hardware and software platform designed for use in the ASZI to protect against identified threats to information security is proposed.
Keywords
