MATHEMATICAL MODEL FOR ASSESSING CYBER THREATS AND INFORMATION IMPACTS IN MICROCONTROLLERS
DOI:
https://doi.org/10.31649/1999-9941-2024-59-1-69-82Keywords:
microcontroller, model, vulnerabilityAbstract
Abstract. The paper is presents the research materials of the analysis cyber threats and their influences on information processes in microcontrollers (MC). The optimization of the existing mathematical model of cyber threats influences(impacts) on the information assessment was carried out. Also was performs of the evaluation and analysis of the main information risks of cyber threats in microcontrollers, which work as part of control and automation systems of various general and specialized devices. The mathematical model of cyber threats has been improved for the more data assessments of cyber threats in microcontrollers systems, taking into account the interference of factors of the informational influences. The main indicators of the risk assessment of cyber threats in microcontrollers are determined, which are taken into account in the mathematical model of cyber threats for the information system of microcontrollers. The improved mathematical model describes the total impact factors of information threats, its influences and the main vectors of cyber attacks in MC. This model also will describes and makes possible to evaluate additional harmful factors, and information influences through secondary channels on the data processes in MC’s with the aim of it’s compensation compensating. The performed researches by computer simulations and modeling were shown in practice the results and their nature of the cyber threats influences on information security of the MC’s. The model allows determine and assess the impact of dominant cyber threats and the main risks in microcontroller information systems, what work as part of complex automation systems or Internet of Things devices. The work also provides the development of the main principles’ of the creating a vector mathematical model which will describes and assessings the impacts of the cyber threats on MC’s. It’s results can be used for the formation of a complete vector mathematical model and method for precision assessing of the cyber threats effects in MC’s for it’s more information security and stability. This can make it possible to evaluate the main stability indicators of entire information system of the microcontroller. The model can also make possible to estimate the average values of the effects of information influences on the stability of the functioning of the MC. It also can estimate of the averaged value of cyber threats impacts for determine of main vulnerabilities in information system of the microcontroller. The proposed model is designed and can be used for the future further development of a method for increasing of the information security level of microcontrollers and their adjacent circuits for ensure their more stable and safe functioning.
References
В.І. Маліновський, Л.М. Куперштейн, Аналіз загроз безпеки мікроконтролерів, «Інформаційні технології та комп‘ютерна інженерія», Вінниця, ВНТУ, №3(55), С. 21-32, 2022.
Маліновський В.І. Мінімізація факторів кіберзагроз і спеціалізовані підходи до інформаційного захисту мікропроцесорних систем індустріального Інтернету речей. Матеріали LI-ї Науково-технічної конференції факультету інформаційних технологій та комп`ютерної інженерії (ФІТКІ), Вінниця, Україна: ВНТУ, 2022. [Електронний ресурс]. Режим доступу URL: https://conferences.vntu.edu.ua/index.php/all-fitki/all-fitki-2022/paper/view/15000 . (Дата звернення 13.02.2024).
Cybersecurity Enablers in MSPM0 MCUs: Application Note / Texas instruments Incorporated, 19.p., 2023. [Електронний ресурс]. Режим доступу URL: https: // https://www.ti.com/lit/an/slaae29/slaae29.pdf?ts=1708675272061&ref_url=https%253A%252F%252Fwww.google.de%252F . (Дата звернення 24.02.2024).
Шологон Ю. З. Вразливості апаратного забезпечення кіберфізичних систем. Репозитарій Націо-нального університету «Львівська політехніка» (Lviv Polytechnic National University Institutional Repository ), 12.с., 2023. [Електронний ресурс]. Режим доступу URL: http://ena.lp.edu.u . (дата звернення 24.02.2024).
Ю.М. Щебланін, Д.І. Рабчун, Математична модель порушника інформаційної безпеки. Кібербез-пека: освіта, наука , техніка. №1(1), С.63-72, 2018, ISSN 2663-4023.
В. М. Савченко, О. В. Мнушка. Модель безпеки інформаційної системи на базі технологій IoT. Вісник Національного технічного університету "ХПІ". № 28(1353), 2019, ISSN 2079-0031.
Yuan Xiao, Yinqian Zhang, Radu Teodorescu. Speechminer: a Framework for investigating and meas-uring speculative execution vulnerabilities. [Електронний ресурс]. Режим доступу URL: https://arxiv.org/pdf/1912.00329.pdf. (Дата звернення: 20.10.2023р.).
Meltdown and Spectre: Which systems are affected by Meltdown. [Електронний ресурс]. Режим до-ступу URL: https://meltdownattack.com/#faq-systems-meltdown. (Дата звернення: 20.10.2023р.).
Meltdown and Spectre: Which systems are affected by Meltdown. [Електронний ресурс]. Режим до-ступу URL: https://meltdownattack.com/#faq-systems-meltdown. (Дата звернення: 20.10.2023р.).
Speculative Processor Vulnerability. ARM Developer Forum. Specifications Updated, March 8, 2022. [Електронний ресурс]. Режим доступу URL: https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor %20Vulnerability. (Дата звернення: 20.10.2023р.).
Cache Speculation Side-channels white paper. ARM Developer Forum. Specifications Updated March 8, 2022. [Електронний ресурс]. Режим доступу URL: https://developer.arm.com/documentation/102816/0205/. (Дата звернення: 20.10.2023р.).
Kernel Side-Channel Attack using Speculative Store Bypass – CVE-2018-3639. [Електронний ре-сурс]. Режим доступу URL: https://access.redhat.com/security/vulnerabilities/ssbd . (Дата звернення: 20.10.2023р.).
Kakareka, Almantas, У Vacca, John. Computer and Information Security Handbook. Morgan Kauf-mann Publications, Elsevier Inc., p. 393, ISBN 978-0-12-374354-1.
Serdar Yegulalp Rowhammer hardware bug threatens to smash notebook security / by Serdar Yegu-lalp// InfoWorld, March 9, 2015. [Електронний ресурс]. Режим доступу URL: https://www.infoworld.com/article/2894497/rowhammer-hardware-bug-threatens-to-smash-notebook-security.html. (Дата звернення: 20.10.2023р.).
Kuljit Bains et al. Patent US № 20140059287 A1: Row hammer refresh command. [Електронний ре-сурс]. Режим доступу URL: https://patents.google.com/patent/US20140059287. (Дата звернення: 20.10.2023р.).
Introduction to STM32 microcontrollers security. Application note. ST Microelectronics, 58 p., 2023. [Електронний ресурс]. Режим доступу URL: https://www.st.com/resource/en/application_note/an5156-introduction-to-stm32-microcontrollers-security-stmicroelectronics.pdf. (Дата звернення: 22.02.2024р.).
Automatic Microprocessor Performance Bug Detection / E. C. Barboza, S. Jacob, M. Ketkar, M.Kishinevsky, M., Gratz, P., & Hu, J. IEEE International Symposium on High-Performance Computer Architecture (HPCA). IEEE Publications, 2021. [Електронний ресурс]. Режим доступу URL: https://arxiv.org/pdf/2011.08781.pdf . (Дата звернення: 22.02.2024р.).
Automatic Microprocessor Performance Bug Detection / Barboza, E. C., Jacob, S., Ketkar, M., Kishi-nevsky, M., Gratz, P., & Hu, J. IEEE International Symposium on High-Performance Computer Archi-tecture (HPCA). IEEE Publications, 2021. [Електронний ресурс]. Режим доступу URL: https://doi.org/10.1109/hpca51647.2021.00053/ . (Дата звернення: 22.02.2024р.).
References
V.I. Malinovsʹkyy, L.M. Kupershteyn, Analiz zahroz bezpeky mikrokontroleriv, «Informatsiyni tekhnolohiyi ta komp‘yuterna inzheneriya», Vinnytsya, VNTU, №3(55), S. 21-32, 2022.
Malinovsʹkyy V.I. Minimizatsiya faktoriv kiberzahroz i spetsializovani pidkhody do informatsiynoho zakhystu mikroprotsesornykh system industrialʹnoho Internetu rechey. Materialy LI-yi Naukovo-tekhnichnoyi konferentsiyi fakulʹtetu informatsiynykh tekhnolohiy ta komp`yuternoyi inzheneriyi (FITKI), Vinnytsya, Ukrayina: VNTU, 2022. [Elektronnyy resurs]. Rezhym dostupu URL: https://conferences.vntu.edu.ua/index.php/all-fitki/all-fitki-2022/paper/view/15000.
Cybersecurity Enablers in MSPM0 MCUs: Application Note / Texas instruments Incorporated, 19.p., 2023. [Elektronnyy resurs]. Rezhym dostupu URL: https: // https://www.ti.com/lit/an/slaae29/slaae29.pdf?ts=1708675272061&ref_url=https%253A%252F%252Fwww.google.de%252F . (Data zvernennya 24.02.2024).
Sholohon YU. Z. Vrazlyvosti aparatnoho zabezpechennya kiberfizychnykh system. Repozytariy Natsio-nalʹnoho universytetu «Lʹvivsʹka politekhnika» (Lviv Polytechnic National University Institutional Repository ), 12.s., 2023. [Elektronnyy resurs]. Rezhym dostupu URL: http://ena.lp.edu.u . (data zvernennya 24.02.2024).
YU.M. Shcheblanin, D.I. Rabchun, Matematychna modelʹ porushnyka informatsiynoyi bezpeky. Kiberbez-peka: osvita, nauka , tekhnika. №1(1), S.63-72, 2018, ISSN 2663-4023.
V. M. Savchenko, O. V. Mnushka. Modelʹ bezpeky informatsiynoyi systemy na bazi tekhnolohiy IoT. Visnyk Natsionalʹnoho tekhnichnoho universytetu "KHPI". № 28(1353), 2019, ISSN 2079-0031.
Yuan Xiao, Yinqian Zhang, Radu Teodorescu. Speechminer: a Framework for investigating and meas-uring speculative execution vulnerabilities. [Elektronnyy resurs]. Rezhym dostupu URL: https://arxiv.org/pdf/1912.00329.pdf. (Data zvernennya: 20.10.2023r.).
Meltdown and Spectre: Which systems are affected by Meltdown. [Elektronnyy resurs]. Rezhym do-stupu URL: https://meltdownattack.com/#faq-systems-meltdown. (Data zvernennya: 20.10.2023r.).
Meltdown and Spectre: Which systems are affected by Meltdown. [Elektronnyy resurs]. Rezhym do-stupu URL: https://meltdownattack.com/#faq-systems-meltdown. (Data zvernennya: 20.10.2023r.).
Speculative Processor Vulnerability. ARM Developer Forum. Specifications Updated, March 8, 2022. [Elektronnyy resurs]. Rezhym dostupu URL: https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor %20Vulnerability. (Data zvernennya: 20.10.2023r.).
Cache Speculation Side-channels white paper. ARM Developer Forum. Specifications Updated March 8, 2022. [Elektronnyy resurs]. Rezhym dostupu URL: https://developer.arm.com/documentation/102816/0205/. (Data zvernennya: 20.10.2023r.).
Kernel Side-Channel Attack using Speculative Store Bypass – CVE-2018-3639. [Elektronnyy re-surs]. Rezhym dostupu URL: https://access.redhat.com/security/vulnerabilities/ssbd . (Data zvernennya: 20.10.2023r.).
Kakareka, Almantas, U Vacca, John. Computer and Information Security Handbook. Morgan Kauf-mann Publications, Elsevier Inc., p. 393, ISBN 978-0-12-374354-1.
Serdar Yegulalp Rowhammer hardware bug threatens to smash notebook security / by Serdar Yegu-lalp// InfoWorld, March 9, 2015. [Elektronnyy resurs]. Rezhym dostupu URL: https://www.infoworld.com/article/2894497/rowhammer-hardware-bug-threatens-to-smash-notebook-security.html. (Data zvernennya: 20.10.2023r.).
Kuljit Bains et al. Patent US № 20140059287 A1: Row hammer refresh command. [Elektronnyy re-surs]. Rezhym dostupu URL: https://patents.google.com/patent/US20140059287. (Data zvernennya: 20.10.2023r.).
Introduction to STM32 microcontrollers security. Application note. ST Microelectronics, 58 p., 2023. [Elektronnyy resurs]. Rezhym dostupu URL: https://www.st.com/resource/en/application_note/an5156-introduction-to-stm32-microcontrollers-security-stmicroelectronics.pdf. (Data zvernennya: 22.02.2024r.).
Automatic Microprocessor Performance Bug Detection / E. C. Barboza, S. Jacob, M. Ketkar, M.Kishinevsky, M., Gratz, P., & Hu, J. IEEE International Symposium on High-Performance Computer Architecture (HPCA). IEEE Publications, 2021. [Elektronnyy resurs]. Rezhym dostupu URL: https://arxiv.org/pdf/2011.08781.pdf . (Data zvernennya: 22.02.2024r.).
Automatic Microprocessor Performance Bug Detection / Barboza, E. C., Jacob, S., Ketkar, M., Kishi-nevsky, M., Gratz, P., & Hu, J. IEEE International Symposium on High-Performance Computer Archi-tecture (HPCA). IEEE Publications, 2021. [Elektronnyy resurs]. Rezhym dostupu URL: https://doi.org/10.1109/hpca51647.2021.00053/ . (Data zvernennya: 22.02.2024r.).
Downloads
-
PDF (Українська)
Downloads: 48