-
Creating a vulnerable node based on the vulnerability MS17-010
Authors:
Aleksey Novokhrestov,
Anton Kalyakin,
Aleksandr Kovalenko,
Vladimir Repkin
Abstract:
The creation of a vulnerable node has been demonstrated through the analysis and implementation of the MS17-010 (CVE-2017-0144) vulnerability, affecting the SMBv1 protocol on various Windows operating systems. The principle and methodology of exploiting the vulnerability are described, with a formalized representation of the exploitation in the form of a Meta Attack Language (MAL) graph. Additiona…
▽ More
The creation of a vulnerable node has been demonstrated through the analysis and implementation of the MS17-010 (CVE-2017-0144) vulnerability, affecting the SMBv1 protocol on various Windows operating systems. The principle and methodology of exploiting the vulnerability are described, with a formalized representation of the exploitation in the form of a Meta Attack Language (MAL) graph. Additionally, the attacker's implementation is outlined as the execution of an automated script in Python using the Metasploit Framework. Basic security measures for systems utilizing the SMBv1 protocol are provided.
△ Less
Submitted 26 January, 2024;
originally announced January 2024.
-
Life cycle models and security threats to a microcircuit during its development and operation
Authors:
D. S. Belyakov,
E. O. Kalinin,
A. A. Konev,
A. A. Shelupanov,
A. K. Novokhrestov
Abstract:
The growth of Internet of Things devices has shown the need to develop the direction of information security in the field of development and operation of microcircuits, since modern information systems are built around the latter. This article presents the life cycle of secure chips used as a root of trust ( Root of Trust ) information systems. The main stages of the life cycle of protected microc…
▽ More
The growth of Internet of Things devices has shown the need to develop the direction of information security in the field of development and operation of microcircuits, since modern information systems are built around the latter. This article presents the life cycle of secure chips used as a root of trust ( Root of Trust ) information systems. The main stages of the life cycle of protected microcircuits are described, namely, the life cycle models during development and during operation by the end user.
△ Less
Submitted 30 January, 2023;
originally announced January 2023.
-
Ty** of data transfer processes in the information system within the framework of threat modeling
Authors:
E. S. Romanova,
A. K. Novokhrestov,
A. A. Konev
Abstract:
Work is aimed at automating the process of obtaining a list of security threats aimed at the information system in the work processes of data transfer are considered, definitions for each process are presented. The typification of processes and the formalization of the list of basic data transfer processes are considered. Based on the presented typical data transmission processes, schemes of these…
▽ More
Work is aimed at automating the process of obtaining a list of security threats aimed at the information system in the work processes of data transfer are considered, definitions for each process are presented. The typification of processes and the formalization of the list of basic data transfer processes are considered. Based on the presented typical data transmission processes, schemes of these processes have been developed that describe transmission channels and information carriers.
△ Less
Submitted 30 January, 2023;
originally announced January 2023.
-
System Attack Modeling Techniques Critical Information Infrastructure
Authors:
A. K. Novokhrestov,
A. A. Konev,
A. S. Kovalenko,
N. I. Sermavkin
Abstract:
Every day around the world, various organizations are exposed to more than a hundred attacks, most of which are success-fully repelled by information security specialists. However, attacks are also carried out that some information systems or specialists are unable to repel, which is why a large number of enterprises, as well as individuals, suffer huge monetary and reputational losses. The aim of…
▽ More
Every day around the world, various organizations are exposed to more than a hundred attacks, most of which are success-fully repelled by information security specialists. However, attacks are also carried out that some information systems or specialists are unable to repel, which is why a large number of enterprises, as well as individuals, suffer huge monetary and reputational losses. The aim of the work is to train specialists through cyber polygons and interactive games to a high level of knowledge and skills in the field of information security
△ Less
Submitted 18 December, 2021;
originally announced December 2021.
-
Threats to the information system in the physical environment and cyberspace
Authors:
Valeria Ageeva,
Aleksey Novokhrestov,
Maria Kholodova
Abstract:
The purpose of the study is to supplement and update the list of threats to the confidentiality and integrity of the system. The article focuses on the already compiled list of threats and a model of system, but also considers new threats and types of threats. Scientific novelty is in the interdisciplinary consideration of the issue with the involvement of the works of modern Russian and Western s…
▽ More
The purpose of the study is to supplement and update the list of threats to the confidentiality and integrity of the system. The article focuses on the already compiled list of threats and a model of system, but also considers new threats and types of threats. Scientific novelty is in the interdisciplinary consideration of the issue with the involvement of the works of modern Russian and Western scientists. As a result of the study, new threats to the confidentiality and integrity of the system were described, the type of these threats was determined and classified by channels of communication.
△ Less
Submitted 4 December, 2020;
originally announced December 2020.