1. Science
  2. Publications
  3. Science and Technology of the Air Force of Ukraine
  4. 2(31)'2018
  5. Security assessment of programmable logic-based systems using cases: taxonomy, notation, concept

Security assessment of programmable logic-based systems using cases: taxonomy, notation, concept

O. Illiashenko
Annotations languages:


Description: The paper is devoted to the aspects of assessing the security of information and control systems, which use programmable logic as an object of implementation of the main functions. A process-product model of safety assessment is considered to identify all discrepancies in the processes of assessment and provision of information security. Comparison of existing types of cases for justification of correctness and implemented requirements and / or claims is given. A modified notation of programmable logicbased information and control systems security assessment is proposed. It is based on the terminology accepted in the field of both functional safety and informational security, as well as assessment with the use of advanced security assurance cases. The proposed notation also contains features of the combined life cycle of the development of safe and secure information and control systems based on the programming logic. The peculiarities of assessing the security of such systems, taking into account the features of programmable logic are considered. The modified notation is also characterized by the combination of the gap analysis of the process of security assessment together with intrusions modes, effects and criticality analysis. Taxonomy modification was carried out in the aspect of developing the algorithmization of the decision-making process for security assurance, which makes it possible to reduce the uncertainty of the assessment. The results of the development of the concept of information security assessment of systems on programmable logic with the use of advanced security assurance cases are presented. It includes notation, case-model (improved information security assurance case), which is based on the presented notation, and case-technology as which is given a set of tools, a sequence of actions and a result presented in a formalized and evident form.


Keywords: programmable logic, safety, security, case, assurance, advanced security assurance case, ASAC

Reference:
 Illiashenko, O.O. (2018), “Otsiniuvannia informatsiinoi bezpeky system na prohramovnii lohitsi z vykorystanniam keisiv: taksonomiia, notatsiia, kontseptsiia” [Security assessment of programmable logic-based systems using cases: taxonomy, notation, concept], Science and Technology of the Air Force of Ukraine, No. 2(31), pp. 97-103. https://doi.org/10.30748/nitps.2018.31.12.