Алгоритм построения профилей защиты и заданий по безопасности банковского ПО
Keywords:
security profile, security target, database, security environment, security objectives, functional requirements, level of trust, assessment levelAbstract
The project analyzes and develops an algorithm for constructing protection profiles and tasks for the security of banking software. Lack of similar solutions, increased needs with the release of new provisions 683-P and 684-P, ease and availability of use, transmission and maintenance of our solution allows us to get demand when entering the market. The practical significance of the project lies in the accelerated formation of documents, the availability of the necessary data and components, as well as the ease of administration of the solution, which will keep the site up to date. The result of the work is the creation of a software algorithm for building protection profiles and tasks for the security of banking software. For the algorithm, the GOSTs described in the work, ready-made and approved by FSTEC protection profiles, as well as the created database, which contained the security environment, security objectives, functional security requirements and trust requirements, were used. The result of the work is a full-fledged algorithm, when using which, protection profiles are created in accordance with all GOSTs.
Author Biographies
Alina Viktorovna Aleksandrova, Moscow Polytechnic University
5th year student in the direction "Information security of automated systems" of the Moscow Polytechnic University
Анатолий Александрович Широков, Московский политехнический университет
Cтудент 5-го курса, направление «Информационная безопасность автоматизированных систем», Московский политехнический университет.
Дмитрий Викторович Соболь, Московский политехнический университет
Cтудент 5-го курса, направление «Информационная безопасность автоматизированных систем», Московский политехнический университет.
Николай Владимирович Федоров, Московский политехнический университет
Кандидат технических наук, заведующий кафедрой «Информационная безопасность», Московский политехнический университет.
Valentina Valentinovna Britvina, Moscow Polytechnic University
Candidate of Pedagogy, Associate Professor of the Department of "Infocognitive Technologies" of the Moscow Polytechnic University, Associate Professor of the Department of "Management and Informatics in Technical Systems" of the Moscow State Technological University "STANKIN"
References
ГОСТ Р 57628-2017 «Методы и средства обеспечения безопасности».
ГОСТ Р ИСО/МЭК 15408-2-2013.
Наби Ф. Процесс унификации свойств обеспечения безопасности для логики приложений / Ф. Наби, М.Наби // Международный журнал электроники и информационной инженерии. — 2017. — №6, С. 40–48.
Kriaa, S., Pietre-Cambacedes, L., Bouissou, M. и Halgand, Y. (2015) Обзор подходов, сочетающих безопасность и защищенность для промышленных систем управления. Надежность и безопасность систем, 139, 156-178.
Методический документ ФСТЭК России «Профиль защиты средств контроля подключения съемных машинных носителей информации пятого класса защиты» (ИТ.СКН.П5.ПЗ). — 2014.
Downloads
Published
How to Cite
Issue
Section
License
The author transfers for a period of 5 years to the Central Research Institute of Russian Sign Language non-exclusive rights to use the article in any form and in any way specified in Article 1270 of the Civil Code of the Russian Federation. The transfer of rights occurs at the time of downloading any materials through an automated system on this site.
