Вестник Дагестанского государственного технического университета: Технические науки (Aug 2023)
Assessment of the level of security (safety of functioning) of automated systems based on their vulnerabilities, formalized using the theory of queuing systems
Abstract
Objective. The aim of the work is to develop a methodological apparatus, as well as a mathematical model based on the theory of queuing systems designed to assess the level of security of automated systems.Method. The theory of queuing systems is considered as a mathematical apparatus. In particular, the problem of eliminating vulnerabilities was considered as a multi-channel CFR with an unlimited queue. The flow of detected vulnerabilities of the automated system was considered as an incoming flow of applications. The system, due to the possibility of detecting many vulnerabilities in a short time, has a queue of vulnerabilities. Information security specialists responsible for eliminating vulnerabilities in this system are considered as service channels. Despite the possibility of mutual assistance between specialists, this paper considers a situation where each employee is tasked with eliminating a specific vulnerability. The outgoing flow of applications is the flow of eliminated vulnerabilities of the automated system.Result. A methodological and mathematical apparatus for assessing the level of security of automated systems based on their vulnerabilities and the process of eliminating vulnerabilities has been developed. The theory of queuing systems was used as a basis. The assessment of security levels is given depending on the probability of a queue of unresolved vulnerabilities.Conclusion. The developed methodology can be used to assess the level of security of automated systems. And also allows you to assess the sufficiency of resources spent on eliminating vulnerabilities of a specific automated system.
Keywords