METHOD OF RANDOM CONTROL TRANSFER BETWEEN NETWORK NODES WITH OPTIMIZATION OF SECURITY RESOURCE CENTRALIZATION

Abstract

The current state of development of OS security subsystems is analyzed. Attention is paid to the principles of building centralized security systems for network OSes based on dynamic control transfer between network nodes. This provides increased resistance to leaks of confidential information as a result of the destructive effects of malicious software and computer attacks. A description of the process of dynamic control transfer between computer network nodes is presented, and mechanisms for forming centralized security resource databases are considered. The issue of optimizing security resources that are subject to centralized control by the current network control node when using dynamic control transfer between computer network nodes is also considered.

Strategies for forming global privilege databases, security policies, and network connections during each control transfer cycle from the current computer network node to the next are presented.

Several series of experiments with a network of virtual machines running the FreeBSD 13.1 OS have been conducted, the results of which were confirmed by theoretical calculations and mathematical modeling.

A comparative analysis of the effectiveness of full centralization of security resources and their partial centralization during dynamic control transfer between computer network nodes was performed. The advantages of the proposed approach were manifested in a significant reduction in the time of control transfer between network nodes, a reduction in the attack surface due to the minimization of points of influence of malicious software on the security system.