METHOD OF ORGANIZING THE FUNCTIONING OF DISTRIBUTED SYSTEMS BASED ON THE AUTOMATIC APPLICATION OF SECURITY CRITERIA

Abstract

The modern development of information technologies is accompanied by an active transition to distributed computing architectures, in particular cloud environments, microservice systems, containerized infrastructures and edge computing. Such approaches provide high scalability, flexibility and fault tolerance, but significantly complicate the provision of information security due to the dynamics of the topology, a significant number of interacting components and different levels of trust between them. In these conditions, traditional methods based on static policies and manual administration are not effective enough, which necessitates the automation of security processes.

The paper proposes a method of organizing the functioning of distributed systems based on the automated application of formalized security criteria, which is focused on analyzing the impact of changes in computer networks on cyber security arguments. The method involves the use of a metamodel of security arguments, a set of typical templates, a mechanism of semantic traceability, a formalized catalog of consistency rules, and a model of the relationships of verification and validation results. This makes it possible to ensure the integration of security requirements into the structure of the system, to automate the control of their implementation, and to detect inconsistencies in a timely manner.

The developed software implements the proposed method and provides analysis of four typical patterns of security arguments: access control, network perimeter protection, intrusion detection, and configuration integrity. Experimental verification showed high accuracy in determining the consistency of arguments (94–97%), minimal number of false positives, full coverage of changes and low processing time of scenarios (1–1.5 s). The obtained results confirm the adequacy and practical suitability of the method for use in dynamic distributed environments.

Further research should be focused on expanding and detailing models for different types of security arguments and increasing their adaptability.

Keywords: distributed system, computer system, computer network, automation, security criteria, indicators of compromise, cyber security, perimeter protection, access control.