Risk Assessment Methodology for the Software Architecture under Development

The paper discusses Markov models of attacks on the information system, which are based on the interpretation of the threat of an attack by a parallel vulnerability backup scheme. These models are suitable for describing attacks on any information or physical systems and allow you to evaluate each attack step according to certain criteria. The article discusses this process for analyzing the information flows of a commercial bank, taking into account the types of attacks specific to this institution.

1. Badyukov V. F., Sych G. L. Software development risk classification and analysis // Bulletin of the Khabarovsk State University of Economics and Law. 2016;(3):9–16. (In Russ.)

2. Vasilyeva T.N., Lvova A.V. Using risk evaluation methods in information security management // Journal of Applied Informatics. 2009;(5):68–76. (In Russ.)

3. Shcheglov A. Yu. Mathematical models and methods of formal design of information systems protection systems: Textbook/A.Yu. Shcheglov, K.A. Shcheglov. St. Petersburg: ITMO University. 2015. 93 p. (In Russ.) — EDN ZUZBXP

4. Pleskunov M.A. Theory of mass service: Textbook for university students studying at the USN01.00.00 «Mathematics and Mechanics» / M.A. Pleskunov; Ministry of Science and Higher Education of the Russian Federation, Ural Federal University named after the first President of Russia B.N. Yeltsin. Yekaterinburg: Ural University Publishing House, 2022. 2022. 264 p. ISBN 978-5-7996-3539-8. (In Russ.) — EDN RSQUKA

5. Drobotun E. B. Theoretical foundations of building protection systems against computer attacks for automated control systems: monograph. St. Petersburg: High-tech technologies, 2017. 120 p. ISBN 978-5-9909412-2-9. (In Russ.)

6. Drobotun E. B., Tsvetkov O. V. Modeling information security threats in the automated control system for crucial objects on the basis of attack scenarios // Software & Systems. 2016;(3):42–50. (In Russ.). https://doi.org/10.15827/0236-235X.115.042-050

7. Anferov, V.N. Reliability of technical systems / V.N. Anferov, S.I. Vasiliev, S.M. Kuznetsov. MoscowBerlin: Direct Media, 2018. - 108 p. (In Russ.) ISBN 978-5-4475-9701-6. – EDN YNNRUD

8. Kofman A., Crewon R. Mass service. Theory and applications /trans. with French. V. Neimana/ M.: Mir. 1965. 302 p.

9. Saati T. Elements of queuing theory and its applications. M. Ed. «SOVIET RADIO,» 1965. 511 p. (In Russ.)

10. Methods and models of teletraffic theory / V.T. Eremenko, A.P. Fisun, I.A. Saitov [et al.. Oryol: Oryol State University named after I. S. Turgenev, 2019. 244 p. ISBN 978-5-9929-0650-9. (In Russ.) — EDN OJQMSU

11. Rosenko A.P. Markov Models of confidential information security assessment taking into account impact on the automated information system of internal threats // Bulletin of Stavropol State University. 2005;(43):34–40. (In Russ.)

12. Sokolov A.V., Shangin V.F. Information protection in distributed corporate networks and systems. M. DMK Press, 2002–656 p. (In Russ.)