Mathematical model for assessing cyber threats and information impacts in microcontrollers

Vadim Malinovskyi; Leonid Kupershtein; Vitalii Lukichov; Vadim Malinovskyi; Leonid Kupershtein; Vitalii Lukichov

https://doi.org/10.31649/1999-9941-2024-59-1-69-82

Retrieved from Vol. 21 No. 1, 2024

Received 25.01.2024, Revised 26.04.2024, Accepted 30.05.2024

Mathematical model for assessing cyber threats and information impacts in microcontrollers

Vadim Malinovskyi, Leonid Kupershtein, Vitalii Lukichov

The paper is presents the research materials of the analysis cyber threats and their influences on information processes in microcontrollers (MC). The optimization of the existing mathematical model of cyber threats influences(impacts) on the information assessment was carried out. Also was performs of the evaluation and analysis of the main information risks of cyber threats in microcontrollers, which work as part of control and automation systems of various general and specialized devices. The mathematical model of cyber threats has been improved for the more data assessments of cyber threats in microcontrollers systems, taking into account the interference of factors of the informational influences. The main indicators of the risk assessment of cyber threats in microcontrollers are determined, which are taken into account in the mathematical model of cyber threats for the information system of microcontrollers. The improved mathematical model describes the total impact factors of information threats, its influences and the main vectors of cyber attacks in MC. This model also will describes and makes possible to evaluate additional harmful factors, and information influences through secondary channels on the data processes in MC’s with the aim of it’s compensation compensating. The performed researches by computer simulations and modeling were shown in practice the results and their nature of the cyber threats influences on information security of the MC’s. The model allows determine and assess the impact of dominant cyber threats and the main risks in microcontroller information systems, what work as part of complex automation systems or Internet of Things devices. The work also provides the development of the main principles’ of the creating a vector mathematical model which will describes and assessings the impacts of the cyber threats on MC’s. It’s results can be used for the formation of a complete vector mathematical model and method for precision assessing of the cyber threats effects in MC’s for it’s more information security and stability. This can make it possible to evaluate the main stability indicators of entire information system of the microcontroller. The model can also make possible to estimate the average values of the effects of information influences on the stability of the functioning of the MC. It also can estimate of the averaged value of cyber threats impacts for determine of main vulnerabilities in information system of the microcontroller. The proposed model is designed and can be used for the future further development of a method for increasing of the information security level of microcontrollers and their adjacent circuits for ensure their more stable and safe functioning

microcontroller, model, vulnerability

69-82

Malinovskyi, V., Kupershtein, L., & Lukichov, V. (2024). Mathematical model for assessing cyber threats and information impacts in microcontrollers. Information Technologies and Computer Engineering, 21(1), 69-82. https://doi.org/10.31649/1999-9941-2024-59-1-69-82

References

[1] Malinovskyi, V.I., & Kupershtein, L.M. (2022). Analysis of security threats of microcontrollers. Information Technologies and Computer Engineering, 3(55), 21-32. doi: 10.31649/1999-9941-2022-55-3-21-32.

[2] Malinovsky, V.I. (2022). Minimization of cyber threat factors and specialized approaches to information protection of microprocessor systems of the industrial Internet of Things. In Materials of the LI scientific and technical conference of the faculty of information technologies and computer engineering (FITKI). Vinnytsia: VNTU.

[3] Cybersecurity Enablers in MSPM0 MCUs. (2023). Retrieved from https://www.ti.com/lit/an/slaae29/slaae29.pdf?ts=1708675272061&ref_url=https%253A%252F%252Fwww.google.de%252F.

[4] Shologon, Yu.Z. (2023). Hardware vulnerabilities of cyberphysical systems. Lviv: Lviv Polytechnic National University.

[5] Shcheblanin, Yu.M., & Rabchun, D.I. (2018). Mathematical model of information security violator. Cyber Security: Education, Science, Technology, 1(1), 63-72. doi: 10.28925/2663-4023.2018.1.6372.

[6] Savchenko, V.M., & Mnushka, O.V. (2019). Information system security model based on IoT technologies. Bulletin of the National Technical University “KhPI”, 28, article number 1353.

[7] Xiao, Y., Zhang, Y., & Teodorescu, R. (2019). Speechminer: A framework for investigating and measuring speculative execution vulnerabilities. Retrieved from https://arxiv.org/pdf/1912.00329.pdf.

[8] Meltdown and spectre: Which systems are affected by Meltdown. (n.d.). Retrieved from https://meltdownattack.com/#faq-systems-meltdown.

[9] Meltdown and spectre: Which systems are affected by Meltdown. (n.d.). Retrieved from https://meltdownattack.com/#faq-systems-meltdown.

[10] Speculative Processor Vulnerability. (2022). Retrieved from https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor%20Vulnerability.

[11] Cache Speculation Side channels v2.5. (n.d.). Retrieved from https://developer.arm.com/documentation/102816/0205.

[12] Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639. (2018). Retrieved from https://access.redhat.com/security/vulnerabilities/ssbd.

[13] Vacca, J. (2017). Computer and information security handbook. Burlington: Morgan Kaufmann Publications.

[14] Yegulalp, S. (2015). Rowhammer hardware bug threatens to smash notebook security. Retrieved from https://www.infoworld.com/article/2894497/rowhammer-hardware-bug-threatens-to-smash-notebooksecurity.html.

[15] Bains, K., Halbert, J., Mozak, C., Schoenborn, T., & Greenfield, Z. (2013). Row hammer refresh command. (Patent US № 20140059287 A1). Retrieved from https://patents.google.com/patent/US20140059287.

[16] Introduction to STM32 microcontrollers security. (2024). Retrieved from https://www.st.com/resource/en/application_note/an5156-introduction-to-stm32-microcontrollerssecurity-stmicroelectronics.pdf.

[17]. Barboza, E.C., Jacob, S., Ketkar, M., Kishinevsky, M., Gratz, P., & Hu, J. (2021). Automatic microprocessor performance bug detection. In IEEE international symposium on high-performance computer architecture (HPCA) (pp. 545-556). Seoul: IEEE.

[18] Barboza, E.C., Jacob, S., Ketkar, M., Kishinevsky, M., Gratz, P., & Hu, J. (2021). Automatic microprocessor performance bug detection. In IEEE international symposium on high-performance computer architecture (HPCA) (pp. 545-556). Seoul: IEEE.