Abstract
Background: One of the communication characteristics is the availability of information system for critical use (ISCU), which provides the allocation of computational resources in a finite volume, limited by the concept of a virtual machine (VM) to the authorized person (AP) in response to his input request and access to critical data in accordance with the created control schemes, taking into account privileges of AP in the form of system security policy rules.
Objective: The objective of the article is to optimize the communication capabilities of the information system for critical use, to synthesize a mathematical concept of availability oriented to practical application.
Methods: The article presents new mathematical models for controlling the availability of ISCU, which, unlike the existing ones, take into account the features of the ISCU topology, the rules, and the essence of its service operations while controlling the access process of APs to the information environment (IE) of the system. These models also formalize the connection of the set of service operations with the set of system responses to the input requests from the APs in the form of a controlled semi-Markov process with reserving resources for the self-security of a system from the consequences of the actions of the APs. On the basis of suggested models, the mathematical programming task was formulated that allows to identify the optimal strategy for managing the availability of the ISCU by minimizing the costs of its functioning and to obtain a stochastic estimation of the availability of the system at any stage of its life cycle.
Results: Based on the created mathematical models, simulation of the availability of ISCU was performed using the Matlab software environment. The research results showed that the rules for responding to incoming requests from APs based on the proposed models, depending on the system load and service operations performed in the system IE, make it possible to maintain the probability of incoming requests being rejected from APs within specified limits, minimizing the cost of functioning the ISCU. However, analysis of empirical results showed that during the time of construction of the system security policy rules based on the proposed model of availability of ISCU with reserving resources to ensure the security of the system IE from the actions of APs with the rapidly increasing intensity of incoming requests from APs with high values of the danger characteristic, the number of access rejections starts to increase quadratically. In general, the obtained experimental results confirmed the adequacy of the proposed mathematical models for the availability of ISCU.
Conclusion: The study proposes the mathematical models of the availability of the information system for critical use to optimize control of its communication capabilities. Studies have shown that to neutralize the consequences of the above situation leading to a decrease in the availability of ISCU, it is necessary to lay a 20% reserve of system resources at the design stage.
Keywords: Availability, information system for critical use, mathematical model, optimization, security policy, access process.
Graphical Abstract