Analysis of the main information threats and impacts in modern microcontroller systems (analytical review)
DOI:
https://doi.org/10.31649/1681-7893-2022-44-2-100-113Keywords:
information threat, cyber threat, information influence, secondary channel, interface, microcontroller (MC), vulnerability, firmware, software module, algorithtmic threadAbstract
The article presents and provides materials for the analysis of the main distributed information. Influences and information threats in microcontroller systems that work as part of electronic systems of modern electronic devices and automation. The main widespread information threats and the ways of intervention of informational influences are determined. An assessment of their impact and short-term ways of minimizing them are provided. The main basic types of widespread cyberthreats and channels directly affect the stability and safety of the microprograms of the MK itself and, as a result, the operation of the electronic devices in which this MK is included. The channels of information threats for microcontrollers are their weak points, which need to be studied in order to further eliminate and minimize them. This made it possible to assess the main vulnerabilities in the MK architecture and, in the future, to plan an action plan to minimize and neutralize the main threats and information influences in the MK for the stable and safe functioning of electronic systems based on microcontrollers.
References
V.I. Malinovsky. Analysis of security threats of microcontrollers / V.I. Malinovskyi, L.M. Kuperstein. // Information technologies and computer engineering. - 2022. - Vinnytsia: UNIVERSUM - Vinnytsia, VNTU – No. 3 (55). – P. 21 - 32.
V.I. Malinovsky. Minimization of cyber threat factors and specialized approaches to information protection of microprocessor systems of the industrial Internet of Things / V.I. Malinovskyi // Proceedings of the 3rd Scientific and Technical Conference of the Faculty of Information Technologies and Computer Engineering - 2022. 31.05.2022. – VNTU: [Electronic resource]. –: URL: https://conferences.vntu.edu.ua/index.php/all-fitki/all-fitki-2022/paper/view/15000.
V.A. Gapanovych, E.N. Rozenberg, I.B. Shubynskyi / Some provisions of fail-safe and cyber security of control systems / Reliability. – 2014. – No. 2. - P.88-100.
S.G. Antonov, S.M. Klymov. Methodology for assessing the risks of disruption of the stability of the functioning of software and hardware complexes in the conditions of informational and technical effects // Nadezhnost. – 2017. – Volume 17. – No. 1. - P.32-39.
S.M., Klimov, S.V. Kupin, D.C. Kupin. Models of malware and fault tolerance information and telecommunication networks // Reliability. – 2017. – Volume 17, No. 4. – P. 36-43. DOI:10.21683/1729-2640-2017-17-4.
Cybersecurity and Data Stability Analysis of IoT Devices / Malinovskyi Vadym, Kupershtein Leonid, Lukichov Vitaliy / / Materials of 2022 IEEE 9th International Conference on Problems of Infocommunications. Science and Technology(PIC S&T`2022). - IEEE Ukraine Section. - Kharkiv National University of Radio Electronics
Risks Assessment and Approaches to Creative of the Reliable Software Modules for IoT Devices / Malinovskyi Vadym, Kupershtein Leonid, Lukichov Vitaliy. - Materials of International Conference on Innovative Solutions in Software Engineering. - November 29-30, 2022.- Ivano-Frankivsk, Ukraine.
Yuan Xiao, Yinqian Zhang, Radu Teodorescu. [Online]. Speech miner: a Framework for investigating and measuring speculative execution vulnerabilities [Electronic resource]: https://arxiv.org/pdf/1912.00329.pdf
Meltdown and Spectre: Which systems are affected by Meltdown?: [Electronic resource]: https://meltdownattack.com/#faq-systems-meltdown
Meltdown and Spectra: Which systems are affected by Meltdown?: [Electronic resource]: https://meltdownattack.com/#faq-systems-meltdown
Speculative Processor Vulnerability [Online]. ARM Developer Forum. Specifications Updated March 8, 2022 [Electronic resource]. – Режим доступу: https://developer.arm.com/Arm%20Security%20 Center/Speculative%20Processor%20Vulnerability
Cache Speculation Side-channels white paper [Online]. ARM Developer Forum. Specifications Updated March 8, 2022 [Electronic resource: https://developer.arm.com/documentation/102816/0205/
Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639 [Electronic resource]: https://access.redhat.com/security/vulnerabilities/ssbd.
ISO/IEC, «Information technology — Security techniques-Information security risk management» ISO/IEC FIDIS 27005:2008.
Kakareka, Almantas (2009). 23. У Vacca, John. Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. с. 393. ISBN 978-0-12-374354-1.
Serdar Yegulalp Rowhammer hardware bug threatens to smash notebook security / by Serdar Yegulalp// – March 9 – 2015 [Electronic resource]: https://www.infoworld.com/article/2894497/rowhammer-hardware-bug-threatens-to-smash-notebook-security.html
Kuljit Bains Patent US 20140059287 A1: Row hammer refresh command, February 27, 2014, by Kuljit Bains et al. [Electronic resource]: https://patents.google.com/patent/US20140059287
Cisco Systems security advisory. Row Hammer Privilege Escalation Vulnerability, // Cisco Systems security advisory. - March 11. – 2015 [Electronic resource]: Cisco Systems
S.G., Antonov, S.M. Klymov. Methodology for assessing the risks of disruption of the stability of the functioning of software and hardware complexes in the conditions of informational and technical effects // Nadezhnost. – 2017. – Volume 17. – No. 1. - P.32-39.
Sudhakar Govindavajhala and Andrew W. Appel. Using Memory Errors to Attack a Virtual Machine. // Princeton Edu University press – March 6.–2003. – [Electronic resource]: https://www.cs.princeton.edu/~appel/ papers/memerr.pdf.
M.V. Kartashov. Probability, processes, statistics. – Kyiv: VOC Kyiv University, 2007. – 504 p.
Threats and vulnerabilities of wireless networks. [Electronic resource] http://dspace.kntu.kr.ua/jspui/bitstream/123456789/5022/1/AUConferenceCyberSecurity_November2016_p146.pdf
Analysis of protection mechanisms and vulnerabilities of wireless Wi-Fi networks. [Electronic resource]: http://ir.nmu.org.ua/butstream/handle
M. Swanson. NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems / M. Swanson, P. Bowen, A. W. Phillips, D. Gallup, D. Lynes. – 2010. – 149 p. –: URL: https://conferences.vntu.edu.ua/index.php/all-fitki/all-fitki-2022/paper/view/15000.
Downloads
-
pdf (Українська)
Downloads: 96
Published
How to Cite
Issue
Section
License
Автори, які публікуються у цьому журналі, погоджуються з наступними умовами:- Автори залишають за собою право на авторство своєї роботи та передають журналу право першої публікації цієї роботи на умовах ліцензії Creative Commons Attribution License, котра дозволяє іншим особам вільно розповсюджувати опубліковану роботу з обов'язковим посиланням на авторів оригінальної роботи та першу публікацію роботи у цьому журналі.
- Автори мають право укладати самостійні додаткові угоди щодо неексклюзивного розповсюдження роботи у тому вигляді, в якому вона була опублікована цим журналом (наприклад, розміщувати роботу в електронному сховищі установи або публікувати у складі монографії), за умови збереження посилання на першу публікацію роботи у цьому журналі.
- Політика журналу дозволяє і заохочує розміщення авторами в мережі Інтернет (наприклад, у сховищах установ або на особистих веб-сайтах) рукопису роботи, як до подання цього рукопису до редакції, так і під час його редакційного опрацювання, оскільки це сприяє виникненню продуктивної наукової дискусії та позитивно позначається на оперативності та динаміці цитування опублікованої роботи (див. The Effect of Open Access).
