Researching of firewall capabilities during organizing multi-user work

Fundamental concept in human life is a concept of a «system». This concept is extended to all of the directions of the human’s activity. A great number of the economic, engineering, biological and many others kinds of the objects are rather complicatedly organized systems. Any system has a great number of parameters which characterize its organization and operation. Among these parameters a special point is associated with system safety. It can be determined as a state of system immunity to the different destructive impacts which can have a negative effect on its operation and/or its structure. In any variant of consideration this system is formed by participants of some relationships and it can have as organizational, as technical or some other nature at one and the same time. Examples of the organizational systems are enterprises, offices and organizations. Examples of the technical structures are infocommunication, telecommunication systems and networks. The performed analysis means a system character not only of the system safety, but also indicates at the aspects that determine safety. Moreover, it is possible to reveal a conflict character of interaction between some aspects of the system safety. This occasion provides a reasonable application for the simulation of the systems in the game theory. Examples of this application are also presented in this article.


Introduction
One can quite clearly state that the property of safety itself is of systemic character [1,2]. In a majority of cases system safety is determined by: 1) threatsare capable in reality or in potential to influence the system; 2) vulnerabilitieswhich can have: -subjective characterthey appear due to insufficient engineering, organizational or economical solutions realized in the office; -objective characterthey can appear as a result of the absence or insufficient efficiency of the engineering, organizational or economical measures at the modern stage of development; 3) measures providing the safetya complicated activity directed either at the countermeasures to the threats or at the elimination of the system vulnerabilities.
For example, failure to perform Federal normative documents in the systems concerning content of the confidential information can result in the formation of vulnerabilities of the organizational character. The use of inefficient means of struggle with a scumware in the telecommunication systems can develop vulnerabilities of the technical kind. Regardless of the type of the considered system there is always a possibility of the presence of a party desiring to decrease the safety level. It means that there is an intruder and an opposite party realizing the measures on the prohibiting of this phenomenon. Nevertheless, a situation is possible when the measures concerning safety provision can be directed not at the counteraction to the threats themselves but at the elimination of the vulnerabilities in the system and vice versa.
Threats, vulnerabilities and measures concerning provision of the safety have a compound structure. They can have a number of characteristics and each of them is presented by several parameters. For example, a threat to the confidentiality of information can become apparent in disclosure, leakage and/or unauthorized access to the information. In this example disclosure of the information is determined by the following parameters: format of the message, reliability of the content or transmission, probability of loss and some others. Hence, in order to estimate protection of the system it is required to correlate threats, vulnerabilities and measures on the safety provision between each other.

Statement and analysis of the problem from the viewpoint of game theory
With the account of the chosen approach we can state the problem. Assume that an intruder disposes four means of software, engineering or program-technical kind which can have a negative effect on the 3 safety of the office. Suppose that threats have the following factors: cost, index of the destructive action and certain labor intensiveness of application for the intruder. While performing observation of the safety in the office there were found vulnerabilities of the system in the amount of three cases. Elimination of these vulnerabilities by the employees requires a set of the measures which are characterized by: their value, efficiency of the measures and cost-based value of the measures for an office. Let us make an assumption that elimination of one vulnerability is possible by the realization of not a single measure. And vice versa, intruder can realize several threats. Thus, it is required to assess the level of a system safety for an office.
3. Group-theoretical approach to the assessment of the system safety As it follows from the statement of the problem, one of the indicesthe cost of threats and vulnerabilities are described by the quantitative values while all the other parameters are described as qualitative ones. The latter ones can be assessed by the linguistic constructions of the type: high, middle, low. It means the use of different scales [3,4].
There are different approaches in the processing of fuzzy data. At present, there are certain methods based on the latent variables [5,6], as well as a theory of fuzzy sets. These mathematical approaches possess certain advantages and drawbacks. One of the drawbacks is a complexity of the practical use in the models that would be accessible for application by the employees of the real offices and departments.
A transition from the linguistic constructions to their numerical expression can be done with the use of the expert assessment or basing on the matrix of pairwise comparison for these constructions. As a result, the relative values will be obtained. In order to get the common energy scale the cost indices should be normalized. As a result, matrices of the uniform values will be obtained.
While calculating an integrated estimate for each of the threats and vulnerabilities it should be taken into account that certain parameters can make positive contribution, but some of them − the negative one. For example, disruptiveness of a threaten is a positive value from the viewpoint of intruder while programming labor is a negative one. At the same time, for the measures efficiency has a positive value, while programming cost is negative one. Considering all of these moments corresponding aggregate values will be calculated. It should be noted that the negative values of the integrated estimate are connected with the fact that only one characteristics made a positive contribution into the estimate. In the real conditions for a great number of parameters positive values can be obtained along with the negative ones. One can also take into account that a certain characteristic may be of defining value for the estimate of a threat or vulnerability. To account for this fact the additional weight coefficients can be introduced.
Keeping in mind core items of the games theory the detected threats and vulnerabilities of an office represent in fact strategies of an intruder and strategies of an office concerning vulnerabilities elimination. Hence, the integrated estimates of the strategies provide a possibility to pass to the formation of matrix of the game interaction between the participants of the considered system. It should be also specially noted that this interaction is obviously of a confrontation kind, i.e. it is antagonistic one. This is reason that substantiates application of matrix games theory for the simulation of interaction between intruder and office [7]. In this variant of the problem statement different ways for calculations of the values for matrix elements are possible. Keeping in mind that the article pursues the aim of the studya possibility of application of the games theory to the assessment of the system safety we shall determine the values of matrix elements as the difference between the values of vulnerabilities parameters (measures) and the estimates of threats. As a result, game matrix can be obtained.  Application of minimax and maximin approach to the represented game matrix allows determining that a saddle point surely exists here.
The obtained result needs to be interpreted. To do this it is required to compare the data in Tables 1-4 with the results in Table 7. For the intruder most reasonable is the application of a third strategy, while for the office it is the realization of the first strategy. In the considered problem the threats and complexes of measures correspond to these strategies, respectively. According to the provisions of the matrix game theory deviations from these strategies do not appear to be sufficiently reasonable since it may lead to deterioration of the result. If intruder deviates from this strategy then programming labor for the application of a scumware increases or reduces its disruptiveness, while the costs for the office also increase or efficiency of the measures decreases as compared with the threats of intruder. This conclusion is confirmed by the numerical data in the Tables 1 and 3. Solution of the game is of the negative value. It means that the measures concerning elimination of the vulnerabilities prove to be quite insufficient in regard to the actions of intruder. However, the value of deviation is quite insignificant and is close to zero.
If solution in the pure strategies is absent, then it should be searched in the mixed strategies. The search can be realized basing on the different methods; one of these methods is a linear programming technique. (3) 1 ≥ 0; 2 ≥ 0; 3 ≥ 0; 4 ≥ 0.
In order to find solutions we use software add-on «Search for solution» in Excel. Solution in the mixed strategies makes it possible to determine the probability of the strategy choice by every of the players. For the obtained results the third threat of intruder is the most probable while the fourth measure concerning elimination of the threats seems to be the most efficient one. Solution of the game equal to 0.081 means the efficiency of the system safety of the office.
In the real situation the office operates in the conditions of multiple external threats and objective limitations concerning the number of the responsive techniques to these threats. In these conditions can appear the problem of the distribution of the procured resources according to the detected threat, but with the account of characteristics of these threats. This problem can be solved with the application of the cooperative game theory.
According to this theory basing on the idea of Shepley vector it is possible to obtain a single distribution of a certain resource over multiple objects.
Let us formulate statement of the problem for the application of the cooperative games theory. Suppose that a certain number of intruders are acting against a certain institution. Each of the intruders has a certain arsenal of tools, where their characteristics can be defined similar to the data in Table 1. The office has a certain number of countermeasures specified by the analogy with Table 3. It is necessary to determine the distribution of the office's means over the intruders, taking into account the parameters that characterize them. As a result of solution of the problem certain measures can be determined, which are necessary for the realization relative to each of the intruder.
In this variant of the problem's statement the problem can not be solved with the use of the matrix games theory since it allows considering the interaction only between two participants.