1. ISTCMTM
  2. All Volumes and Issues
  3. Volume 85, no.3, 2024
  4. COMPREHENSIVE APPROACH TO PROTECTING DATA AND THE INFORMATION SYSTEM INTEGRITY

COMPREHENSIVE APPROACH TO PROTECTING DATA AND THE INFORMATION SYSTEM INTEGRITY

ISTCMTM.
2024;
Volume 85(3), Number 3
: pp.47-53
https://doi.org/10.23939/istcmtm2024.03.047
Authors:
  1. Ulyana Dzelendzyak
  2. Nazar Mashtaler
1
Lviv Polytechnic National University
2
Lviv Polytechnic National University

The article discusses key information security principles, focusing on confidentiality, integrity, availability, traceability, and the DIE model (Distributed, Immutable, Ephemeral). Confidentiality emphasizes the importance of secrecy and controlling access to prevent sensitive information from misappropriation. Integrity ensures that data remains accurate and trustworthy, with measures to prevent unauthorized modifications. Availability highlights the necessity of reliable and timely access to data, even in the face of potential system failures or disasters, by implementing safeguards like backups. Traceability, or audit trails, ensures accountability by logging user actions, which is crucials for investigating suspicious activities or data loss.

The DIE model presents a modern approach to information security. Distributed systems minimize the impact of attacks by avoiding a single point of failure and incorporating redundancies. Immutable systems maintain unalterable logs to quickly identify and address anomalies, preventing malicious actors from covering up their actions. Ephemeral systems differentiate between essential, long-term "pets" and disposable "cattle," advocating for a flexible infrastructure that can easily adapt to new challenges and retire vulnerable legacy systems. This model enhances security by reducing the attack surface and ensuring that only necessary, secure systems are maintained.

information security
confidentiality
data integrity
system availability
Traceability
access control
data protection
distributed systems
immutability
and ephemeral infrastructure
  1. Mark G. Graff, Kenneth R. van Wyk, Secure Coding: Principles and Practices, O'Reilly Media, Inc., 2023.  https://www.amazon.com/Secure-Coding-Principles-Mark-Graff/dp/0596002424
  2. Welcome to the OWASP Top 10 – 2021 OWASP 2022. [Online]. Available https://owasp.org/Top10/
  3. Paco Hope, Ben Walther, Web Security Testing Cookbook,              O'Reilly  Media,   Inc.,        2008. https://www.oreilly.com/library/view/web-security- testing/9780596514839/
  4. Secure coding guidelines, Microsoft 2021. [Online]. Available: https://learn.microsoft.com/en-us/dotnet/ standard/security/secure-coding-guidelines
  5. Mark J. Price. C# 9 and .NET 5 – Modern Cross- Platform Development: Build intelligent apps, websites, and services with Blazor, ASP.NET Core, and Entity Framework Core using Visual Studio Code, 5th ed; Packt Publishing: 35 Livery Street Birmingham   B3,   2PB,   UK,   2020.https://www.amazon.com/NET-Cross-Platform- Development-intelligent-Framework/dp/180056810X
  6. Samuele Resca. Hands-On RESTful Web Services with ASP.NET Core 3 1st ed; Packt Publishing: 35 Livery Street Birmingham B3, 2PB, UK, 2019. https://www.amazon.com/Hands-RESTful-Services-ASP-NET-Core/dp/1789537614
  7. Secure development and deployment guidance, National Cyber Security Centre. [Online]. Available: https://www.ncsc.gov.uk/collection/developers- collection
  8. Adam Freeman. Pro ASP.NET Core 6: Develop Cloud-Ready Web Applications Using MVC, Blazor, and Razor Pages, 9th ed; Appres: London, UK, 2022. https://www.amazon.com/Pro-ASP-NET-Core-Cloud-Ready-Applications/dp/1484279565
  9. Cesar de la Torre, Bill Wagner, Mike Rousos, NET Microservices Architecture for Containerized .NET Applications,    One     Microsoft    Way    Redmond, Washington          98052-6399,        2022.     https://learn. microsoft.com/en-us/dotnet/architecture/ microservices/
  10. V. Samotyy, U. Dzelendzyak, N. Mashtaler, “A Comparative Study of Data Annotations and Fluent Validation in. NET”, International Journal of Computing, Vol. 23, iss. 1, p. 72–77, 2024, doi: 10.47839/ijc.23.1.3437.
  11. Suliman Alazmi; Daniel Conte De Leon, “A Systematic Literature Review on the Characteristics and Effectiveness of Web Application Vulnerability Scanners”, IEEE Access, Vol. 10, p. 33200 - 33219, 2022, doi: 10.1109/ACCESS.2022.3161522
  12. Andreas Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, Eric Bodden, “Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite”, IEEE Transactions on Software Engineering, Vol. 48, p. 3613 - 3625, 2022, doi: 10.1109/ TSE.2021.3101739.
  13. Ishan Siddiqui, Ankit Pandey, Saurabh Jain, Hetang Kothadia, Renuka Agrawal, Neha Chankhore, “Comprehensive Monitoring and Observability with Jenkins and Grafana: A Review of Integration Strategies, Best Practices, and Emerging Trends”, Comprehensive Monitoring and Observability with Jenkins and Grafana: A Review of Integration Strategies, Best Practices, and Emerging Trends , Ankara, Turkiye, 26-28 October 2023, doi: 10.1109/ISMSIT58785.2023.10304904.
  14. Muhammad Usman, Simone Ferlin, Anna Brunstrom, Javid Taheri, “A Survey on Observability of Distributed Edge & Container- Based Microservices”, IEEE Access, Vol. 10, p. 86904 - 86919 , 2022, doi: 10.1109/ ACCESS.2022.3193102