The concept of protecting computing equipment and automated systems from unauthorized access to information.

1. GENERAL PROVISIONS

1.1. This document sets out a system of views and basic principles that form the basis of the problem of protecting information from unauthorized access (UA), which is part of the general problem of information security.

1.2. The concept is intended for customers, developers and users of computer systems and automated systems that are used to process, store and transmit information that requires protection.

1.3. The concept is a methodological basis for normative, technical and methodological documents aimed at solving the following problems:

• development of requirements for the protection of computer equipment and automated systems from unauthorized access to information;

• creation of computer equipment and automated systems protected from unauthorized access to information;

• certification of protected computer equipment and automated systems.

1.4. The concept provides for the existence of two relatively independent and, therefore, different directions in the problem of protecting information from unauthorized access: the direction associated with the computer technology and the direction associated with the automated systems.

The difference between the two directions is due to the fact that computer technology is developed and supplied to the market only as elements from which functionally oriented automated systems are subsequently built, and therefore, without solving applied problems, computer technology does not contain user information.

In addition to user information, when creating an AS, such characteristics of the AS as user powers, intruder model, and information processing technology that are absent when developing a computer technology system appear.

In this regard, if the concepts of security (protection) of information from unauthorized access in an AS and security (protection) of an AS from unauthorized access to information are equivalent, then in the case of a computer technology system, we can only talk about the security (protection) of a computer technology system from unauthorized access to information, for the processing, storage, and transmission of which it is intended.

In this case, the security of the computer equipment is potential security, i.e. the ability to prevent or significantly complicate unauthorized access to information in the future when using the computer equipment in the AS.

2. DEFINITION OF UNAUTHORIZED ACCESS

2.1. When analyzing the general problem of information security, those areas are identified in which intentional or unintentional human activity, as well as malfunctions of technical equipment, software errors or natural disasters can lead to leakage, modification or destruction of information.

There are such areas of research into the problem of information security as radio engineering, side electromagnetic radiation and interference, acoustic, unauthorized access, etc.

2.2. Unauthorized access is defined as access to information that violates the established rules for access control, using standard tools provided by the computer equipment or automated system.

Standard tools are understood to mean a set of software, firmware, and hardware support for the computer equipment or automated system.

3. BASIC PRINCIPLES OF PROTECTION AGAINST UNTILITY

3.1. Protection of computer equipment and automated systems is based on the provisions and requirements of existing laws, standards and regulatory and methodological documents on protection against unauthorized access to information.

3.2. Protection of computer equipment is provided by a set of software and hardware tools.

3.3. Protection of automated systems is provided by a set of software and hardware tools and organizational measures that support them.

3.4. The protection of the AS must be ensured at all technological stages of information processing and in all modes of operation, including during repair and maintenance work.

3.5. Software and hardware protection tools must not significantly impair the basic functional characteristics of the AS (reliability, speed, ability to change the configuration of the AS).

3.6. An integral part of the protection work is the assessment of the effectiveness of protection means, carried out according to the methodology that takes into account the entire set of technical characteristics of the object being assessed, including technical solutions and practical implementation of protection means.

3.7. The protection of the AS must provide for monitoring the effectiveness of protection means against unauthorized access. This monitoring can be either periodic or initiated as needed by the AS user or regulatory authorities.

4. MODEL OF AN INtruder in the AS

4.1. An intruder is a subject who has access to work with the standard means of the AS and the SVT as part of the AS.

Intruders are classified according to the level of capabilities provided to them by the standard means of the AS and the SVT. Four levels of these capabilities are distinguished.

The classification is hierarchical, i.e. each subsequent level includes the functional capabilities of the previous one.

4.2. The first level defines the lowest level of capabilities for conducting a dialogue in the AS — launching tasks (programs) from a fixed set that implement pre-provisioned functions for processing information.

The second level is determined by the ability to create and launch your own programs with new functions for processing information.

The third level is determined by the ability to control the functioning of the AS, i.e. influencing the basic software of the system and the composition and configuration of its equipment.

The fourth level is determined by the entire scope of capabilities of persons engaged in the design, implementation and repair of technical means of the AS, up to the inclusion in the composition of the SBT of their own technical means with new functions for processing information.

4.3. At his level, the intruder is a highly qualified specialist, knows everything about the AS and, in particular, about the system and its means of protection.

5. MAIN METHODS OF NSD

The main methods of NSD include:

• direct access to access objects;

• creation of software and hardware that access objects bypassing security measures;

• modification of security measures that allows for unauthorized access;

• introduction of software or hardware mechanisms into the technical means of the computer equipment or automated system that disrupt the intended structure and functions of the computer equipment or automated system and allow for unauthorized access.

6. MAIN DIRECTIONS OF ENSURING PROTECTION AGAINST UNAUTHORIZED ACCESS

6.1. The protection of the computer equipment and the automated system is ensured by:

• the access control system (ACS) of subjects to access objects;

• supporting means for the ACS.

6.2. The main functions of the ACS are:

• implementation of access control rules (ACR) of subjects and their processes to data;

• implementation of the PRD of subjects and their processes to devices for creating hard copies;

• isolation of programs of the process executed in the interests of the subject from other subjects;

• data flow control in order to prevent recording of data on media with an inappropriate classification;

• implementation of rules for data exchange between subjects for AS and SVT built on network principles.

6.3. Supporting means for the SRD perform the following functions:

• identification and recognition (authentication) of subjects and maintaining the binding of a subject to the process performed for the subject;

• registration of the actions of a subject and its process;

• providing the ability to exclude and include new subjects and access objects, as well as changing the powers of subjects;

• response to unauthorized access attempts, such as signaling, blocking, recovery after unauthorized access;

• testing;

• cleaning RAM and work areas on magnetic media after the user has finished working with the protected data;

• accounting for output printed and graphic forms and hard copies in the AS;

• monitoring the integrity of the software and information part of both the RDS and the means that support it.

6.4. Resources associated with both the DRS and the means that support it are included in access objects.

6.5. The methods for implementing the DRS depend on the specific features of the computer system and the automated system. The following protection methods and any combinations thereof may be used:

• distributed DRS and DRS localized in a software and hardware complex (security core);

• DS within an operating system, DBMS, or application programs;

• DS in the means of implementing network interactions or at the application level;

• use of cryptographic transformations or methods of direct access control;

• software and (or) technical implementation of the SRD.

7. MAIN CHARACTERISTICS OF TECHNICAL MEANS OF PROTECTION AGAINST NSD

7.1. The main characteristics of technical means of protection are:

• degree of completeness and quality of coverage of the PRD of the implemented SRD;

• composition and quality of supporting means for the DRS;

• guarantees of the correct functioning of the DRS and the means supporting it.

7.2. The completeness and quality of coverage of the DRS is assessed by the presence of clear, consistent rules for access to access objects and measures for their reliable identification embedded in the DRS. The possibilities of monitoring various disciplines of access to data are also taken into account.

7.3. When assessing the composition and quality of the supporting means for the SRD, the means of identification and recognition of subjects and the procedure for their use, the completeness of the accounting of the actions of subjects and the methods of maintaining the binding of the subject to its process are taken into account.

7.4. Guarantees of correct functioning are assessed based on the design and implementation methods of the RDS and the means supporting it (formal and informal verification) and on the composition and quality of the means preventing the RDS from being bypassed (maintaining the integrity of the RDS and the means supporting it, recovery after failures, refusals and attempts at unauthorized access, distribution control, the possibility of testing at the operational stage).

7.5. The assessed AS or ICS shall be carefully documented. The documentation shall include a User Guide for the Use of Protective Mechanisms and a Guide to the Management of Protective Equipment. For AS and ICS claiming a high level of protection, the assessment shall be carried out in the presence of design documentation (draft, technical and working designs), as well as descriptions of testing procedures and their results.

8. AS CLASSIFICATION

8.1. Classification is necessary for a more detailed, differentiated development of requirements for protection against unauthorized access, taking into account the specific features of these systems.

8.2. The AS classification system shall be based on the following characteristics of objects and subjects of protection, as well as the methods of their interaction:

• informational, determining the value of information, its volume and degree (classification) of confidentiality, as well as possible consequences of improper functioning of the AS due to distortion (loss) of information;

• organizational, determining the powers of users;

• technological, determining the conditions of information processing, for example, the processing method (autonomous, multiprogram, etc.), circulation time (transit, storage, etc.), type of AS (autonomous, network, stationary, mobile, etc.).

9. ORGANIZING WORK ON PROTECTION FROM UNTILITIES

9.1. The organization of work on protecting computer equipment and automated systems from unauthorized access to information should be part of the general organization of work on information security.

9.2. Ensuring protection is based on the requirements for protection of the computer equipment and automated systems being developed, formulated by the customer and agreed upon with the developer.

These requirements are specified either in the form of the desired level of protection of the computer equipment or the automated system, or in the form of a specific list of requirements corresponding to this level.

The protection requirements are provided by the developer in the form of a set of protection tools. Organizational measures for the automated system are implemented by the customer.

Responsibility for the development of the security system is assigned to the chief designer of the computer equipment or automated system.

9.3. Verification of compliance with the technical requirements for protection is carried out in the same way as with other technical requirements during testing (preliminary, state, etc.).

Based on the results of successful testing, a document (certificate) is issued certifying the compliance of the computer equipment or automated system with the protection requirements and giving the developer the right to use and (or) distribute them as protected.

9.4. The development of protection measures should be carried out simultaneously with the development of the computer equipment and the automated systems and be carried out using financial and material-technical resources allocated for the development of computer equipment and the automated systems.