The concept of building security of the network with elements of the semiotic approach
Abstract
The object of research: First, to identify and discuss the security problems of cyber-physical systems associated with the emergence of qualitatively new technologies and qualitatively new affordable artificial intelligence software. Secondly, building the concept of the security structure of a cyber-physical system based on the Zero Trust Security approach. Creation of a new secure load transfer structure based on the semiotic approach.
Investigated problem: Information system security problems continue to cause significant costs and damage to organizations. Sustainability requires comprehensive and integrated security platforms that reach customers, whether they work at headquarters, in a branch office, or individually from random touchpoints.
The main scientific results: the concept of a structured protection system with the Zero Trust Security approach has been developed. The structure of the semiotic analysis of the segmentation of the transmitted load on the blocks is proposed. Blocks by signs are subjected to individual analysis. According to the features, the blocks are transformed by the selected representation into an object/groups of objects. Groups for transmission in the load are tagged, have different coding severity (depth), depending on the risk assessment. Groups are transmitted through the network in different ways (paths) – VPN (different ESP), unencrypted tunnel, open access, etc.
This solution improves the throughput of malicious load analysis prior to transmission. The performance overhead for encoding/decoding the load and encapsulating/de-encapsulating during transmission is reduced. The transmission bandwidth is increased.
The area of practical use of the research results: businesses requiring secure access to on-premise resources and mission-critical cloud environments. Organizations using employees in distributed networks. Specialists in the deployment and analysis of the protection of cyber-physical systems.
Innovative technological product: The semiotic security concept extends the zero-trust security model, which focuses on protecting network traffic within and between organizations. This concept uses load traffic segmentation, which combines an advanced analysis and transfer load transformation framework.
This concept provides for integration with other cybersecurity technologies such as endpoint discovery and response (EDR) and security information and event management (SIEM) to provide a more comprehensive security solution.
This solution improves the throughput of malicious load analysis prior to transmission. Reduced performance resources for encode/decode load and encapsulate/deencapsulate in transit.
Scope of the innovative technological product: this concept can be applied to enterprises that already have some elements of zero trust in their corporate infrastructure, but cannot strictly control the state of the requested assets, are limited in implementing security policies for certain classes of users. This deployment model can also be applied to enterprises that use cloud services for individual business processes.
It can be useful for researchers and administrators in the development of corporate cybersecurity plans, which uses the concepts of zero-trust and covers relationships between components, workflow planning, and access policies.
Downloads
References
Riordan, A. O., Fagas, G., O’Flynn, B., Rohan Galvin, J. P., Mathúna, C. Ó. (2022). More Than Moore. International Roadmap for Devices and Systems (IRDS) white paper.
NISTIR 8413 – Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process (2022). Available at: https://csrc.nist.gov/publications/detail/nistir/8413/final
Mosca, M., Piani, M. (2022). Quantum threat timeline report 2021. Available at: https://globalriskinstitute.org/publication/2021-quantum-threat-timeline-report-global-risk-institute-global-risk-institute/
Shor, P. W. (1994). Algorithms for quantum computation: discrete logarithms and factoring. Proceedings 35th Annual Symposium on Foundations of Computer Science, 124–134. doi: https://doi.org/10.1109/sfcs.1994.365700
Grover, L. K. (1996). A fast quantum mechanical algorithm for database search. Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing – STOC ’96, 212–219. doi: https://doi.org/10.1145/237814.237866
Hao, K. (2020). OpenAI is giving Microsoft exclusive access to its GPT-3 language model. MIT Technology Review. Available at: https://www.technologyreview.com/2020/09/23/1008729/openai-is-giving-microsoft-exclusive-access-to-its-gpt-3-language-model/
Tabassi, E. (2023). AI Risk Management Framework. doi: https://doi.org/10.6028/nist.ai.100-1
Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2
Nevliudov, I., Yevsieiev, V., Maksymova, S., Filippenko, I. (2020). Development of an architectural-logical model to automate the management of the process of creating complex cyber-physical industrial systems. Eastern-European Journal of Enterprise Technologies, 4 (3 (106)), 44–52. doi: https://doi.org/10.15587/1729-4061.2020.210761
Rose, S., Borchert, O., Mitchell, S., Connelly, S. (2020). Zero Trust Architecture. National Institute of Standards and Technology (NIST) Special Publication 800-207. Gaithersburg. doi: https://doi.org/10.6028/nist.sp.800-207
National Vulnerability Database. Available at: http://nvd.nist.gov
Shmatko, O., Balakireva, S., Vlasov, A., Zagorodna, N., Korol, O., Milov, O. et al. (2020). Development of methodological foundations for designing a classifier of threats to cyberphysical systems. Eastern-European Journal of Enterprise Technologies, 3 (9 (105)), 6–19. doi: https://doi.org/10.15587/1729-4061.2020.205702
Andersen, P. B. (2000). What Semiotics Can and Cannot Do for HCI. Position paper for the CHI’2000 Workshop on Semiotic Approaches to User Interface Design.
Marx, P. W. (1999). The Paradise of Immediacy is closed. Some Remarks Concerning a Semiotics of Culture Rooting in Cassirerean Philosophy and Greimassian Semiotics. S. European Journal for Semiotic Studies, 11 (1-3), 327–352.
Talcott, C.; Wirsing, M., Banâtre, J. P., Hölzl, M., Rauschmayer, A. (Eds.) (2008). Cyber-Physical Systems and Events. Software-Intensive Systems and New Computing Paradigms. Lecture Notes in Computer Science. Vol. 5380. Berlin, Heidelberg: Springer, 101–115. doi: https://doi.org/10.1007/978-3-540-89437-7_6
Zhang, M., Wang, L., Jajodia, S., Singhal, A. (2021). Network Attack Surface: Lifting the Concept of Attack Surface to the Network Level for Evaluating Networks’ Resilience Against Zero-Day Attacks. IEEE Transactions on Dependable and Secure Computing, 18 (1), 310–324. doi: https://doi.org/10.1109/tdsc.2018.2889086
Tabassi, E. (2023). AI Risk Management Framework. doi: https://doi.org/10.6028/nist.ai.100-1
Cassottana, B., Roomi, M. M., Mashima, D., Sansavini, G. (2023). Resilience analysis of cyber-physical systems: A review of models and methods. IET Cyber-Physical Systems: Theory & Applications, 6 (3), 139–150. doi: https://doi.org/10.1111/risa.14089
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J. M. (2002). Automated generation and analysis of attack graphs. Proceedings 2002 IEEE Symposium on Security and Privacy, 273–284. doi: https://doi.org/10.1109/secpri.2002.1004377
Wang, L., Noel, S., Jajodia, S. (2006). Minimum-cost network hardening using attack graphs. Computer Communications, 29 (18), 3812–3824. doi: https://doi.org/10.1016/j.comcom.2006.06.018
Wang, L., Albanese, M., Jajodia, S. (2014). Network Hardening: An Automated Approach to Improving Network Security. Springer Publishing Company, Incorporated, 60. doi: https://doi.org/10.1007/978-3-319-04612-9
Grassi, P. A., Garcia, M. E., Fenton, J. L. (2017). Digital Identity Guidelines. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-63-3. doi: https://doi.org/10.6028/NIST.SP.800-63-3
Shang, L., Lu, Z., Li H. (2015). Neural Responding Machine for Short-Text Conversation. Proceedings of the 53rd Annual Meeting of the Association for Computational Linguistics and the 7th International Joint Conference on Natural Language Processing (Vol. 1: Long Papers). Beijing: Association for Computational Linguistics, 1577–1586. doi: https://doi.org/10.3115/v1/p15-1152
Copyright (c) 2023 Serhii Yevseiev, Maksym Tolkachov, Darshan Shetty, Vladyslav Khvostenko, Anna Strelnikova, Stanislav Milevskyi, Sergii Golovashych
This work is licensed under a Creative Commons Attribution 4.0 International License.
Our journal abides by the Creative Commons CC BY copyright rights and permissions for open access journals.
Authors, who are published in this journal, agree to the following conditions:
1. The authors reserve the right to authorship of the work and pass the first publication right of this work to the journal under the terms of a Creative Commons CC BY, which allows others to freely distribute the published research with the obligatory reference to the authors of the original work and the first publication of the work in this journal.
2. The authors have the right to conclude separate supplement agreements that relate to non-exclusive work distribution in the form in which it has been published by the journal (for example, to upload the work to the online storage of the journal or publish it as part of a monograph), provided that the reference to the first publication of the work in this journal is included.
