Американский Научный Журнал METHOD OF THE STUDY OF PRIVACY PROTECTION IN INFORMATION SYSTEMS

Abstract. The article presents an analysis of the problem of investigating the security of confidential information, formulates a goal, principles, and provides a multi-level research scheme, the content of work at each level (problem, concept, system, and detail). The description of single-level and multilevel models for analysis and synthesis of confidential information protection subsystem. The article describes the conditions for selecting an effective concept for building a subsystem for information confidentiality protection based on sufficient result and minimizing costs principles. Practical considerations for the application of the method of justification of requirements to the subsystem of protection of confidentiality, conclusions, and directions for further research. Скачать в формате PDF
American Scientific Journal № ( 32) / 2019 47

ФИЗИКО -МАТЕМАТИЧЕСКИ Е

METHOD OF THE STUDY OF PRIVACY PROTECTIO N IN INFORMATION SYS TEMS

Voevodin V.A.
Candid ate of technical Sciences, associate Professor,
National Research University of Electronic Technology Z elenograd , Moscow, Russia

Abstract . The article presents an analysis of the problem o f investigating the security of confidential
information, formulates a goal, principles, and provides a multi -level research scheme, the content of work at each
level (problem, concept, system, and detail). The description of single -level and mult ilevel mo dels for analysis
and synthesis of confidential information protection subsystem. The article describes the conditions for selecting
an effective concept for building a subsystem for information confidentiality protection based on sufficient resul t
and min imizing costs principles. Practical considerations for the application of the method of justification of
requirements to the subsystem of protection of confidentiality, conclusions, and directions for further research.
Keywords : security system , confiden tiality, system of information protection, privacy protection subsystem.

Introduction
The need for research on the protection of
information confidentiality (IC)) occurs at all stages of
the information system life cycle (IS).
The urgency of the p roblem is determined
primarily by the fact that the effectiveness of decisions
depends largely on the completeness and reliability of
the data obtained at the IC study stage.
The requirement to ensure the reliability and
completeness of the data, when perf orming th e IC
study, is one of the key points to effectively build the
information protection subsystem (SPP) and
information protection management in the
corresponding information system (IS) as a whole. The
nature and content of the stages of the IS life cycle ar e
given in [6, 3], these stages are typical for SPP. The
basic concepts, models and methods for developing
similar solutions are given in [1, 2, 6, 7, 8, 9].
The General theoretical provisions for the
synthesis of complex hierarchical (multilevel) systems
is given in [9, 10, 11].
Based on the study of the material given in [3, 4,
5, 6, 7, 8, 9], it can be argued that the IC study at each
stage of the IS life cycle is expedient to spend in
accordance with the general scheme of multilevel
analysis and synthes is shown in figure 1.
THE PURPOSE OF THE RESEARCH IS THE
INFORMATION CONFIDEN TIALITY PROTECTION
Studies on the information confidentiality
protection are ca rried out in order:
The formulation of the problem as of the IC
provision, establishing its causes, relationship to other
problems (for example, ensuring the availability,
integrity, etc.), to understand its nature, relevance,
solvability.
Identification a nd modelling of the situation, in
which this problem has arisen or may arise.
The formulation of the problem situation, the
definition of completeness, reliability or adequacy of
the information about a problem situation.
Formation and analysis of multiple alternative
goals, the achievement of which will solve the problem
of ensuring that CI, justificati on of selection rules work
from many acceptable alternatives.
Research ways to implement the working
alternatives and the definition of significant limitati ons
that affect the choice of means and methods of a goal
achievement, the decomposition of complex goals on
private.
Justification of the necessary resources.

Fig. 1. The scheme of the study the confidentiality of information
Detail
ed
System
Engineeri
Concept
ual
Proble
m
Tec hnical solutions
Conceptual solution
System engineering solutions
Formulation of the problem

48 American Scientific Journal № ( 32) / 20 19
The purpose of the CI study at the problem level
[9, 11]:
To determine whether there is the problem of
protecting CI, its causes, relationship to other problems,
to assess the relevance, solvab ility, and the urgency of
a solution.
To identify and describe the situation in which
there is and can be a problem exists or may exist.
To formulate and define the problem situation the
heuristic and formal m ethods.
To determine the completeness and relia bility of
information about the problem situation for measures
to be taken in order to obtain the information missing.
To explore alternative goals, the achievement of
which solves the problem, and to choose one of them
as the main one.
To explore ways to achieve the goal, perform its
decomposition.
To choose the means to achieve the goal.
To formulate the General problem, statement the
information confidentiality stu dy.
The purpose of a problem situation conceptual
study:
To build an adequate model of the problem
situation, to plan the experiment with the model
constructed and to formulate conclusions on the
experiment results.
The allocation of privacy protection sub system in
the information protection system.
Substantiation of rational behavior of the pri vacy
protection subsystem.
To ensure the selection of the subsystem
functioning efficiency indicators on the life cycle
stages and descriptions of research results.
Assessment of conformity of the selected indicator
current values, the desired level and ju stify the selection
of the indicator measurement scale.
Conceptual modelling of confidentiality
subsystem functioning process in the information
system.
Decompositio n of the confidentiality study
purpose.
Definition of an external supplement for system -
tec hnical research .
The purpose of engineering research:
Statement of the task of system -technical research
regarding the problem of the information
confidentiality ens uring .
The formation of a complex system and technical
strategies of building a privacy pro tection subsystem
Analysis of engineering characteristics of the
privacy protection subsystem (SPP).
Assessment of structural and functional
redundancy.
To provide a choice of means and methods of
engineering modelling of processes of information
security (of the information security processes
engineering).
To justify the set of initial data, clarifying their
limitations and efficiency.
To ensure the processes of the confidentiality
protection system engineering.
The purpose of the CI detailed studies:
1. To ensure the work statement for the
Confidentiality of detailed research.
2. To specification, external additions resulted
from the Confidentiality engineering rese arch.
3. To ensure the selection of performance
indicators and sustainable solution criteri on for SPP
elements construction.
The procedure for the development of solutions to
protect information confidentiality.
When formulating the general procedure for a
solution development aimed to ensure the information
confidentiality as well as for its fu rther improvement it
is necessary to follow the principles of complex
systems multi -level synthesis, specified in [1, 2, 6, 10,
11], taking into account the information security
peculiarities:
The principle of decomposition is to split the
system into part s.
The principle of system modelling and the
processes of its functioning.
The principle of levels harmonization.
The pri nciple of external additions. The validation
of research results obtained at each level is carried out
using the models and methods lis ted above in the
hierarchy of systems.
The principle of the field -proven methodological
support. It is necessary for the research to use
experimentally tested models and methods to make
sure the model is adequate to the process researched
and to obtain rel iable results.
III. GENERAL CHARACTERISTI CS OF THE MODEL
The single layer model (method) allows
determining the relations hip between output and
internal variables under the given selection conditions
of the input variables at appropriate levels research
privacy.
y i =F i (u i, g i, i), (1)
where:
yi - is the output value characterizing the CI at the
i-th level of the study;
Fi is a model of the SPP at the i-th level of research
in the form of a certain set of techniques that allow ui,
gi, i to be displa yed in the value of yi or (and) to
calculate the value of yi;
ui - the values of the input variables that
characterize the external addition at the i-th level of the
study;
gi - the value of the internal variables
characterizing the SPP in the ISS at the i-th level of the
study;
i - a variant of internal variab les choice, which
corresponds to the option of constructing an SPP as part
of the ISS at the i-th level of the study.
Multilevel models (methods) allow determining
the connection between the i-th lev el choice parameters
and values of outcome variables of t he following (i+1)
level.
yi+1 =F i+1(ui+1, ui, g i+1, i, i+1), (2)
Where:
yi+1 is the value of the output variable
characterizing the CI at the (i + 1) -th level;

American Scientific Journal № ( 32) / 2019 49

Fi+1 - the model of the SPP as part of the ISS on
the (i+1) level of the research in the form of some
functional, the techniques allowing to display ( ui+1, u i,
gi+1, i, i+1)i in the value yi+1 or (and) calculate the
value of yi+1;
ui+1, u i - the values of the input variables that
represen t the outer complement at the i-th and (i+1) -th
levels of the investigation;
gi+1 - the values of the internal variables
characterizing the CI in the ISS at the (i+1) -th level of
the study;
i, i+1 - the values of the internal vari ables
characterizing the CI in i-th at the (i+1) -th level of the
study.
The criterion for selecting internal variables
defines the set of values of the internal variables
G*1G1, which satisfies the requirements imposed on
the output variables at the corre sponding level g1G1*.
The choice of criterion depends on the purpose.
For the criterion of the suitability of gig0 and a
scalar metric gi region G1* is poll interval [ g0, ).
For the optimality criterion gi→max the domain
degenerates to a point corresponding to the maximum
valu e of internal variables selection parameters and
given selection conditions i, i+1.
IV. GENERALIZED PROCEDURE OF MULTI -
LEVEL SYNTHESIS
Taking into account the accepted notation and the
above princi ples, we propose the following generalized
multi -level s ynthesis procedure, as well as how to use
it [11]:
formulation and decomposition of the objective
function;
choice of the list of input, internal and output
variables, private methods and methods of d ifferent
levels;
definition of the conditions for the se lection of
internal variables values showing an indirect influence
of the external environment;
to evaluate the possibility of integration with other
private methods;
the need to use multilevel algori thms as well as to
define constraints for variable value s;
the choice of efficiency criterion that determines
the order of selection effective concept engine protect
privacy.
The modelling of the process for application of the
confidentiality protection su bsystem is the part of the
information protection system as an element and
forecasting of the ranges of Y* Yi output variables
values, characterizing the subsystem development
concept and meeting system requirements and their
limitations i.
gi= F i (ui, yi,i)  Gi*, (3)
where
Fi (ui, yi,i) - a function that allows calculating the
value of the CI indicator at the i-th level;
G1* G1 - the selection criterion in accordance
with the accepted preference. If Y1*Y1, then it is
necessary to clarify the concept of constructing the SPP
as part of the ISS, to adjust t he accepted constraints 1
and repeat the definition of Y1*;
Y* - the required value of the CI indicator, which
is specified by the IS as an external addition;
Yi - the value of the CI indicator in the choice of
the i-th alternative to constructing the SP P as part of the
ISS;
If the set Y1* satisfying the condition Y*Y1 is
empty, Y1* =, then the assertion about the non -
feasibility of the ISS development concept in terms of
providing CI with the specified requirements from the
IS side is accepted;
forecas ting the possibility of achieving the
required values of the output variables Y1*, using the
existing functional and physical structure of the ISS and
determining the need for its improvement.
For this purpose, using the inter -layer
dependencies F12 the re gion G2* of the required values
of g2 satisfying the condition:
y1=F 12 (g2, u1, u2, 1,2)  Y1* , (4)
and the condition G2* G2 is verified. If G2* G2,
then it is necessary to return to the previous level, make
changes to the concept of the SPP developme nt as part
of the ISS, make corrections to the constraints, and
repeat the definition of the region Y1* and verify the
feasibility of g2.
The iterations are repeated until the condition
G2* G2, is fulfilled, after which a set of G2* values are
fixed and a transition to the next lower level occurs.
A similar procedure is repeated for each of the
levels until the required characteristics of the SPP in the
ISS are determined.
With a multi -level c onceptual study of the system,
the guiding principle is the prin ciple of minimum costs.
The sufficient results principle is realized in case
of selecting the sufficiency criterion and development
of models fan of SPP elements being a part of ISS and
a link between. This allows choosing a constructive
solution at each l evel of SPP concept development. In
accordance with the general task formulation it is
possible to write down the condition for choosing SPP
construction effective concept as a part of ISS.
In accordance with the general formulation, of the
problem, it is possible to write down the condition for
choosing an effective concept of SPP constructing as
part of the ISS:
(5)
where gm is the predicted increment in the
effective index of the SPP as part of the ISS.
In the event that feasible assumptions on
monotonicity increasing function С(y) and gm(y),
the solution of the problem must be sought on the
borders of inequality gm(y) gm0 by sequentially
increasing the values of the relevant variables.
In this case, a rational sequence of leve ls (stages)
improvement of ISS will be determined using the
followin g ratios: ( )
( ) ( ) ( )


С у
g у g y g y y g
y Y
m m m mo

 

= + 

min,
, , , ,
,
,    0 0

50 American Scientific Journal № ( 32) / 20 19
y1=0, C 1 (0) =0, gm1(0) =0,
y2=0, C 2 (y2) =0, gm2(y2)>0,
y3=0, C 3 (y3) =0, gm3(y3) = ,
y4=0, C 4 (y4)> C 3 (y3), gm4(y4) = ,
........................................ .......................................
yn=0, C n (yn)> C 3 (yn-1), gmn(yn)=. (6)
In accordance with the above relations:
at the first level, the compliance of the
characteristics of the existing SPP in th e ISS with the
requirements imposed by t he IS is checked;
on the second one only those characteristics that
do not require additional resources are improved;
at the third one and subsequent levels, the
characteristics are improved using external resources.
Moreover, the distribution of changes i n internal
variables and resources is carried out in such a way as
to ensure the same increment in the performance
indicators gm(yk)=, k=3,4, ..., n increase in the
increment of costs when moving to the next level , i. е.
С(yk) > C( yk-1), k=4, 5, ...,n.
The solution ends at the i-th level when the
condition is fulfilled:
(7)
This approach to the justification of the concept of
the design and development of the SPP (SPP design and
development concept) as part of the ISS will ensure
minimum or near -minimum costs for building and
further ISS improvement in terms of providing the
required level of CI.
Indeed if the process ends at levels 1 and 2, and
the solution is found at the third and subsequent levels,
then the costs of С(y)=0 will be minimal compared to
another sequence of levels providing the same
increment of a performance indicator.
We can distinguish the following generalized
levels of ISS improvement [6]: initial, organizational,
additional resources.
Level of SPP concept de velopment as a part of
ISS:
source: g m(y0,)  gm0, y 1=y 0, C 1=0; (8)
organizational: gm(y2,) gm 0, y2=y 0, C 1=0 ; (9)
additional resources: C(y3)→min или
С(y3)C0, (10)
CONCLUSION
Thus for an empiric study of the information
sensitivity processes and practi cal application of the
results received it is necessary to follow the multilevel
synthesis of complex systems, adapted to features of
construction of personal data protection subsystem.
The results are accepted for implement ation as
part of a project to de velop an educational and
methodological complex for organizing a practical
audit. This project has been applied at the National
Research University of Electronic Technology [12].
This article presents the general strategy of the
empiric study. In fact the transition from models (1),
(2), (3), (4), (5), (6), (7), (8). (9), (10) to model of a
specific operation, i.e. the construction of a
mathematical or other formal model is very complex
and time -consuming. This is particularl y evident when
the target of res earch is under the design, development,
application or re -engineering the author keeps working
on these tasks.
Confirmation
The work is done in the framework of the task of
justification of the annual budget on information
security of the Department "Infor mation "Information
security".

References
ISO/IEC 27001:2005 Information technology —
Security techniques — Information security
management systems — Requirements (IDT).
ISO/IEC 27001:2013 Information technology —
Security t echniques — Information security
management systems — Requirements (IDT).
Volkova V. N., Voronkov V. A. and Denisov A.A.
System theory and systems analysis methods in
management and communication. − M.: Radio and
communication. − 1983.
Romanov V. N. The te chnique of the analysis of
compl ex systems. − SPb.: SZTU 2011.
Ovchinnikov V. A. The graphs in problems of
analysis and synthesis of structures of difficult systems
/ V. A. Ovchinnikov. − M.: MGTU N. E. Bauman,
2014.
Larin A. A. Theoretical bases of manage ment. Part
I. Processes, systems and control. M.: RVSN, 1998.
Mesarovic, M. D. Macko and Y. Takahara. Theory
of Hierarchical Multilevel Systems. Academic Press,
New York and London, 1970. pp. 4 -34, 34 -63.
Khokhlachov E. N. The theoretical foundations of
management. Part 2. Analysis and synthesis of control
systems. – M.: RVSN, 1996.
G. J. Klir, Architecture of Systems Problem
Solving. Springer Science+Business Media New York,
1985, pp. 1 -29, 175 -293, 417 -468.
Utkin L.V. Risk analysis and decision making
with incomplete information. SPb.: Science 2007, 404
p.
Reliability and efficiency in technique. Reference
guide in 10 volumes: vol. 3. The effectiveness of
technical systems./ Under the General editorship of V.
V. Utkin, Y. V. Kryuchkova. M.: Mechanical
eng ineering, 1988.
Associate Profes sor Voevodin V.A., Igoshin V.V.,
Makoveev K.D. and Makhaylovskaya A.S. About
APCS public key infrastructure unauthorized access
information security audit program. – M.: Processing of
the international Conference REDS -2018 R adio -
electronic devices and syst ems for information and
communication technologies, 2018. pp. 318 -322. ( ) ( )
( ) ( )
g y g y g g
g y g y g g
m i m mi m i
j
m j m mi m i
j
, , ,
, , .
 
 
= + 
= + 
=
− =



0 0
1
1 0 0
1
1