3.1. Periodic resource monitoring models

Let us conditionally present the IS software (SW) operating process as alternating flows of errors I(y), normal operation recovery I(z), failures I(Q), and SW/environment control (Figure 2).

Being mutually alternative, the flows of failures and normal system operation recovery result from the flow of errors and are shifted with respect thereto by the values Q(t) and z(t). The maximum of these values determines the manifestation of a respective flow. Assuming the recovery time to be instantaneous, the normal operation recovery flow may be considered part

<sup>1</sup> ISO/IEC 15408–1:2009: IT—security techniques—evaluation criteria for IT security.

of the control flow. In this case, the task of providing SW functional stability comes down to that of optimizing restricted control that meets the condition z(t) < Q(t).

Let us consider the SW life cycle period t, having regard to the conducted inspection control of repeatable accuracy. Because the period t far exceeds the control time, let us assume the latter to be instantaneous. Then, the SW repeatable accuracy is characterized by the probability P(^z <Q) = F^z (Q) that the irregularity/vulnerability/error detection time ^z within the intercontrol interval is not longer than the permissible SW life cycle period Q, where there is an irregularity. A periodic control fragment is shown in Figure 3.

Let us consider the flow of irregularities (errors and vulnerabilities) to be the simplest one with the density of interval y distribution among them: ^

$$\mathfrak{g}\_{\hat{y}} = \lambda \mathfrak{e}^{-\lambda y} \tag{1}$$

where λ is the intensity of irregularities.

The analytical review of regulatory documents and methodologies defining the requirements

As the completed review shows (Tables 1 and 2), there are clear requirements for periodic monitoring and backup though their main parameters are defined either by expert judgments

Considering high subjectivity of such decisions, it is reasonable to develop mathematical

As noted earlier, the basic mechanism for providing functional stability to information systems (ISs) is systematic monitoring and backup against possible failures. There are two key approaches to arranging monitoring in IS. The first one relates to the occurrence of a certain event of the computation process (message processing, initiating an exchange among processes, system program call, etc.) [6]. This approach's drawbacks are the difficulty in identifying a set of controlled events of the computation process and the potential for unlimited growth of control points. The latter makes the approach hard to apply during IS normal

The second approach involves a periodic check of the system at predetermined intervals [7–10]. This is consistent with time schedules and allows the existing resource restrictions to be taken into consideration, but fails to fully reflect the stochastic nature of the occurrence of various errors and irregularities. Furthermore, a number of subjective factors make it impossible, in the first place, to organize periodic control in ergatic systems at strictly specified intervals. There is another approach, however, that takes into account the stochastic external

Under ISO/IEC 15408–1:2009,<sup>1</sup> monitoring covers not only SW (assessment object) but also the operational environment. Let us consider stochastic and deterministic models of the earlier

Let us conditionally present the IS software (SW) operating process as alternating flows of errors I(y), normal operation recovery I(z), failures I(Q), and SW/environment control (Figure 2).

Being mutually alternative, the flows of failures and normal system operation recovery result from the flow of errors and are shifted with respect thereto by the values Q(t) and z(t). The maximum of these values determines the manifestation of a respective flow. Assuming the recovery time to be instantaneous, the normal operation recovery flow may be considered part

factors of IS functional stability, given the specified time and economic constraints.

for information security relating to periodic backup and recovery is shown in Table 2.

models for the calculation of periodic monitoring and backup parameters.

3. Mathematical models of periodic monitoring and backup

operation, given the specified resource and task-time restrictions.

ISO/IEC 15408–1:2009: IT—security techniques—evaluation criteria for IT security.

or by management order.

216 Probabilistic Modeling in System Engineering

procedures.

1

3.1. Periodic resource monitoring models

Let us define a stochastic model for the detection of irregularities. In this case, control is undertaken a certain number of times with equal probability and independently of one another. Thus, the limited flow formed by all the control points is Bernoulli's flow with the density of interval T^ distribution among the control points [11]:

Figure 2. Flows of errors, failures, recovery, and control.

Figure 3. A fragment of the inspection control of an information security tool.

$$f\_{\vec{T}} = \mathbf{n} / \mathbf{t} (\mathbf{1} - T/t)^{n-1} \tag{2}$$

In order to compare stochastic and deterministic models, let us elaborate on the latter. The deterministic model's control points form a regular flow with a constant value of the interval

It can be shown that the expression for the distribution function in the deterministic model is

Comparison of the expressions for the models (Eqs. (4) and (8)) suggests that the models under review conform to the process of detecting SW repeatable accuracy disturbances (at specified

The irregularity detection probability Pn for the SW life cycle period t can be presented as

A review of the models discussed earlier showed an advantage of the stochastic model, given a small number of inspection control points. Conceptually, it can be accounted for by the fact that even with a small number of random points of SW characteristics control, there is always a likelihood that an irregularity is detected once it has occurred, whereas in the case of the

The control of restrictions imposed on SW primarily involves inspecting SW environment and operation/production conditions. Such inspections help rule out irregularities (errors, vulnerabilities) concerning the SW front-end interface. In this regard, the procedures for detecting environment irregularities can be interpreted as a mechanism to prevent SW irregularities.

When developing environment control models, we will adhere to the approach outlined in the previous section. We will assume SW repeatable accuracy to be characterized by the probability Pð Þ¼ ^z < Q F^z Qð Þ that the preliminary control ^z time between the environment control point and a possible point of occurrence of SW characteristic disturbance does not exceed the permissible time Q. Let us define a stochastic model of environment irregularity control

deterministic model, the inspection period may not be less than the specified value.

�λð Þ <sup>T</sup>�<sup>z</sup> ; ð Þ <sup>0</sup> <sup>&</sup>lt; <sup>z</sup> <sup>&</sup>lt; <sup>T</sup> (7)

Periodic Monitoring and Recovery of Resources in Information Systems

http://dx.doi.org/10.5772/intechopen.75232

219

<sup>λ</sup><sup>z</sup> � <sup>1</sup> ; ð Þ <sup>0</sup> <sup>&</sup>lt; <sup>z</sup> <sup>&</sup>lt; <sup>T</sup> (8)

Pn ¼ ð Þ n þ 1 ∙Fz^ (10)

<sup>z</sup>^ð Þz (9)

^<sup>z</sup> ð Þ<sup>z</sup> ; Fd <sup>z</sup>^ð Þ<sup>z</sup> .

T = t/(n + 1) and the irregularity detection time distribution density:

Fd <sup>z</sup>^ ¼ e

as follows:

follows:

(Figure 5).

values λ, Q, t, and n):

gz^ ¼ λe

�λ<sup>T</sup> e

Fs <sup>z</sup>^ð Þ<sup>z</sup> <sup>≶</sup>Fd

where <sup>n</sup> is the number of inspection control points (n > 0), Fz^ <sup>¼</sup> max <sup>F</sup><sup>s</sup>

Environment control requirements are specified by ISO 15408 standards.

Let us consider IS operation where an SW error prevention mechanism is available.

3.2. Operational environment periodic control model

where n is the number of control points.

The delay time ^<sup>z</sup> <sup>=</sup> <sup>T</sup>^ � <sup>y</sup>^ is a function of two stochastic variables and has the following distribution function:

$$F\_z^s = \iint\_{\left(\mathcal{S}\right)} \frac{n}{t\left(1 - \frac{T}{t}\right)^{n-1}} \lambda e^{-\lambda y} dT dy; \left(t > 0, n > 0\right) \tag{3}$$

Having defined the integration limit (Figure 4), we obtain the following:

$$\mathbf{F}\_{\mathbf{z}}^{\mathbf{s}} = \int\_{0}^{t-x} \left( \int\_{\mathbf{y}}^{y+x} n/t (1 - \mathbf{T}/\mathbf{t})^{\mathbf{n}-1} \,\lambda \mathbf{e}^{-\lambda y} d\mathbf{T} \right) d\mathbf{y} + \int\_{t-z}^{t} \left( \int\_{y}^{t} n/t (1 - \mathbf{T}/\mathbf{t})^{\mathbf{n}-1} \,\lambda \mathbf{e}^{-\lambda y} d\mathbf{T} \right) d\mathbf{y} \tag{4}$$

After simplifying (Eq. (4)), we have the following formula:

$$F\_{\hat{z}}^{\circ} = \lambda / t^{\pi} \left( \int\_{0}^{t-z} e^{-\lambda y} ((t-y)^{\pi} - (t-z-y)^{\pi}) dy + \int\_{t-z}^{t} e^{-\lambda y} ((t-y)^{\pi}) dy \right) \tag{5}$$

Having expanded the formula integrands as a power series, we obtain an approximate value of the distribution function that is the basic computational ratio:

$$F\_{\vec{z}}^{s} = \lambda \sum\_{i=0}^{n} \sum\_{j=0}^{r} \sum\_{l=1}^{n+j+1} (-1)^{i+j+l+1} C\_{n}^{i} C\_{n+j+1}^{l} \frac{\lambda^{j} t^{j+1-l} z^{l}}{j!(1+j+l)} \tag{6}$$

where r is the number of iterations.

Figure 4. Domain of integrating the irregularity detection time delay interval.

In order to compare stochastic and deterministic models, let us elaborate on the latter. The deterministic model's control points form a regular flow with a constant value of the interval T = t/(n + 1) and the irregularity detection time distribution density:

$$\mathbf{g}\_{\hat{z}} = \lambda e^{-\lambda(T-z)}; \quad (0 < z < T) \tag{7}$$

It can be shown that the expression for the distribution function in the deterministic model is as follows:

$$F\_{\hat{z}}^{l} = e^{-\lambda T} \left( e^{\lambda z} - 1 \right); \quad (0 < z < T) \tag{8}$$

Comparison of the expressions for the models (Eqs. (4) and (8)) suggests that the models under review conform to the process of detecting SW repeatable accuracy disturbances (at specified values λ, Q, t, and n):

$$F^\circ\_\sharp(z) \lessapprox F^d\_\sharp(z) \tag{9}$$

The irregularity detection probability Pn for the SW life cycle period t can be presented as follows:

$$P\_n = (n+1) \cdot F\_{\hat{z}} \tag{10}$$

where <sup>n</sup> is the number of inspection control points (n > 0), Fz^ <sup>¼</sup> max <sup>F</sup><sup>s</sup> ^<sup>z</sup> ð Þ<sup>z</sup> ; Fd <sup>z</sup>^ð Þ<sup>z</sup> .

A review of the models discussed earlier showed an advantage of the stochastic model, given a small number of inspection control points. Conceptually, it can be accounted for by the fact that even with a small number of random points of SW characteristics control, there is always a likelihood that an irregularity is detected once it has occurred, whereas in the case of the deterministic model, the inspection period may not be less than the specified value.

#### 3.2. Operational environment periodic control model

<sup>f</sup> <sup>T</sup>^ <sup>¼</sup> <sup>n</sup>=t 1ð Þ � <sup>T</sup>=<sup>t</sup> <sup>n</sup>�<sup>1</sup> (2)

dTdy; tð Þ > 0; n > 0 (3)

�λy dT

<sup>j</sup>!ð Þ <sup>1</sup> <sup>þ</sup> <sup>j</sup> <sup>þ</sup> <sup>i</sup> (6)

dy (4)

(5)

<sup>n</sup>=tð Þ <sup>1</sup> � <sup>T</sup>=<sup>t</sup> <sup>n</sup>�<sup>1</sup> <sup>λ</sup><sup>e</sup>

!

�λ<sup>y</sup> ð Þ <sup>t</sup> � <sup>y</sup> <sup>n</sup> ð Þdy

The delay time ^<sup>z</sup> <sup>=</sup> <sup>T</sup>^ � <sup>y</sup>^ is a function of two stochastic variables and has the following

�λy

dy þ ðt t�z

� �

Ci nCl nþjþ1

ðt y

> ðt t�z e

> > λj t jþ1�l zl

where n is the number of control points.

218 Probabilistic Modeling in System Engineering

Fs <sup>z</sup>^ ¼ ðð

ð Þ S

<sup>n</sup>=t 1ð Þ � <sup>T</sup>=<sup>t</sup> <sup>n</sup>�<sup>1</sup> <sup>λ</sup>e�λ<sup>y</sup>

!

After simplifying (Eq. (4)), we have the following formula:

of the distribution function that is the basic computational ratio:

Xr j¼0

n X þjþ1

l¼1

i¼0

Figure 4. Domain of integrating the irregularity detection time delay interval.

Fs

where r is the number of iterations.

<sup>z</sup>^ <sup>¼</sup> <sup>λ</sup> <sup>X</sup><sup>n</sup>

Having defined the integration limit (Figure 4), we obtain the following:

n <sup>t</sup> <sup>1</sup> � <sup>T</sup> t � �<sup>n</sup>�<sup>1</sup> <sup>λ</sup><sup>e</sup>

dT

�λ<sup>y</sup> ð Þ <sup>t</sup> � <sup>y</sup> <sup>n</sup> � ð Þ <sup>t</sup> � <sup>z</sup> � <sup>y</sup> <sup>n</sup> ð Þdy <sup>þ</sup>

Having expanded the formula integrands as a power series, we obtain an approximate value

ð Þ �<sup>1</sup> <sup>i</sup>þjþlþ<sup>1</sup>

distribution function:

ð<sup>t</sup>�<sup>z</sup> 0

> Fs <sup>z</sup>^ ¼ λ=t n ð<sup>t</sup>�<sup>z</sup> 0 e

ð<sup>y</sup>þ<sup>z</sup> y

Fs <sup>z</sup>^ ¼

> The control of restrictions imposed on SW primarily involves inspecting SW environment and operation/production conditions. Such inspections help rule out irregularities (errors, vulnerabilities) concerning the SW front-end interface. In this regard, the procedures for detecting environment irregularities can be interpreted as a mechanism to prevent SW irregularities.

Environment control requirements are specified by ISO 15408 standards.

Let us consider IS operation where an SW error prevention mechanism is available.

When developing environment control models, we will adhere to the approach outlined in the previous section. We will assume SW repeatable accuracy to be characterized by the probability Pð Þ¼ ^z < Q F^z Qð Þ that the preliminary control ^z time between the environment control point and a possible point of occurrence of SW characteristic disturbance does not exceed the permissible time Q. Let us define a stochastic model of environment irregularity control (Figure 5).

It can be shown that the preliminary control time is a function of two random values ^<sup>z</sup> <sup>¼</sup> <sup>y</sup>^ � <sup>T</sup>^ and has the following distribution function:

$$F\_{\vec{z}}^{s} = \iint\_{\left(\mathcal{S}\right)} \frac{n}{t\left(1 - \frac{T}{t}\right)^{n-1}} \lambda e^{-\lambda y} dT dy; \qquad (t > 0, n > 0) \tag{11}$$

Fs <sup>z</sup>^ <sup>≈</sup> <sup>n</sup> <sup>X</sup><sup>r</sup> i¼0

e�λ<sup>z</sup>.

iþjþ1

<sup>2</sup><sup>j</sup> � <sup>e</sup>�λ<sup>z</sup> � �ð Þ <sup>t</sup> � <sup>z</sup>

follows:

follows:

criterion to choose a model:

unlikely to result in higher costs [11].

3.3. Periodic backup models

Xn�1 j¼0

gz^ ¼ λe

�λ<sup>T</sup> <sup>1</sup> � <sup>e</sup>

Fs <sup>z</sup>^ð Þ<sup>z</sup> <sup>≶</sup>Fd

0 @

where <sup>r</sup> is the number of iterations; <sup>b</sup><sup>1</sup> ¼ �ð Þ<sup>1</sup> �iþ<sup>j</sup>

the following preliminary control time distribution density:

Fd <sup>z</sup>^ ¼ e

where <sup>n</sup> is the number of control points (n > 0), Fz^ <sup>¼</sup> max Fs

b1b<sup>2</sup>

1 A � e

�λ<sup>t</sup> z t � �<sup>n</sup>

Let us compare the obtained stochastic model and the deterministic one. The deterministic model's control points form a regular flow with a constant value of the interval T = t/(n + 1) and

Hence, the expression for the distribution function in the deterministic model will be as

By comparing computational model expressions at specified values λ, Q, t, and n, we obtain a

The probability Pn of irregularity prevention for SW life cycle period t can be presented as

Comparative analysis of stochastic and deterministic models showed the former's effectiveness with a small number of control points. Therefore, when managing system information security by numerical methods, it is possible to identify preferred models (stochastic, deterministic, or combined) that bolster confidence in SW. This gives an effect akin to introducing structure redundancy, that is, a special type of redundancy—stochastic—the use of which is

The previous subsections dealt with deterministic and stochastic SW control models. When tackling comprehensive tasks of providing IS operational reliability and security, it is important

An example of comparing deterministic and stochastic models is shown in Figure 7.

Ci n�1

; tð Þ > 0; n > 0 (13)

http://dx.doi.org/10.5772/intechopen.75232

<sup>i</sup>þjþ<sup>1</sup> � <sup>z</sup><sup>i</sup>þjþ<sup>1</sup>

221

λj j!t

Periodic Monitoring and Recovery of Resources in Information Systems

�λð Þ <sup>T</sup>þ<sup>z</sup> ; ð Þ <sup>0</sup> <sup>&</sup>lt; <sup>z</sup> <sup>&</sup>lt; <sup>T</sup> (14)

�λ<sup>z</sup> � �; ð Þ <sup>0</sup> <sup>&</sup>lt; <sup>z</sup> <sup>&</sup>lt; <sup>T</sup> (15)

Pn ¼ ð Þ n þ 1 ∙Fz^ (17)

<sup>z</sup>^ð Þ<sup>z</sup> ; Fd <sup>z</sup>^ð Þ<sup>z</sup> � �.

<sup>z</sup>^ð Þz (16)

<sup>i</sup>þ<sup>1</sup> ð Þ ð Þ <sup>i</sup>þjþ<sup>1</sup> ; <sup>b</sup><sup>2</sup> <sup>¼</sup> <sup>t</sup>

where n is the number of environment control points and λ is the SW characteristic disturbance intensity.

Having defined integration limits (Figure 6) and simplified the expression, we obtain the following:

$$F\_{\hat{z}}^{s} = \int\_{0}^{z} f\hat{T}(T)e^{-\lambda T}(1 - e^{-\lambda T})dT + \int\_{z}^{t-z} f\hat{T}(T)e^{-\lambda T}(1 - e^{-\lambda z})dT + \int\_{t-z}^{t} f\hat{T}(T)e^{-\lambda T}dT - e^{-\lambda t}\left(\frac{z}{t}\right)^{n},\tag{12}$$

Having expanded the formula integrands as a power series, we obtain an approximate value of the distribution function that is the basic computational ratio:

Figure 5. Operation of the system, with an irregularity error prevention mechanism available.

Figure 6. Domain of integrating the irregularity prevention time interval.

Periodic Monitoring and Recovery of Resources in Information Systems http://dx.doi.org/10.5772/intechopen.75232 221

$$F\_{\vec{z}}^{\vec{s}} \approx n \sum\_{i=0}^{r} \left( \sum\_{j=0}^{n-1} b\_1 b\_2 \right) - e^{-\lambda t} \left( \frac{z}{t} \right)^n; \qquad (t > 0, n > 0) \tag{13}$$

where <sup>r</sup> is the number of iterations; <sup>b</sup><sup>1</sup> ¼ �ð Þ<sup>1</sup> �iþ<sup>j</sup> Ci n�1 λj j!t <sup>i</sup>þ<sup>1</sup> ð Þ ð Þ <sup>i</sup>þjþ<sup>1</sup> ; <sup>b</sup><sup>2</sup> <sup>¼</sup> <sup>t</sup> <sup>i</sup>þjþ<sup>1</sup> � <sup>z</sup><sup>i</sup>þjþ<sup>1</sup> <sup>2</sup><sup>j</sup> � <sup>e</sup>�λ<sup>z</sup> � �ð Þ <sup>t</sup> � <sup>z</sup> iþjþ1 e�λ<sup>z</sup>.

Let us compare the obtained stochastic model and the deterministic one. The deterministic model's control points form a regular flow with a constant value of the interval T = t/(n + 1) and the following preliminary control time distribution density:

$$\mathbf{g}\_{\hat{z}} = \lambda \mathbf{e}^{-\lambda(T+z)}; \quad \text{ ( $0 < z < T$ )}\tag{14}$$

Hence, the expression for the distribution function in the deterministic model will be as follows:

$$F\_{\vec{z}}^d = e^{-\lambda T} \left( 1 - e^{-\lambda z} \right); \quad \quad (0 < z < T) \tag{15}$$

By comparing computational model expressions at specified values λ, Q, t, and n, we obtain a criterion to choose a model:

$$F^s\_\sharp(\mathbf{z}) \lessapprox F^l\_\sharp(\mathbf{z}) \tag{16}$$

The probability Pn of irregularity prevention for SW life cycle period t can be presented as follows:

$$P\_n = (n+1) \cdot F\_{\hat{z}} \tag{17}$$

where <sup>n</sup> is the number of control points (n > 0), Fz^ <sup>¼</sup> max Fs <sup>z</sup>^ð Þ<sup>z</sup> ; Fd <sup>z</sup>^ð Þ<sup>z</sup> � �.

Comparative analysis of stochastic and deterministic models showed the former's effectiveness with a small number of control points. Therefore, when managing system information security by numerical methods, it is possible to identify preferred models (stochastic, deterministic, or combined) that bolster confidence in SW. This gives an effect akin to introducing structure redundancy, that is, a special type of redundancy—stochastic—the use of which is unlikely to result in higher costs [11].

An example of comparing deterministic and stochastic models is shown in Figure 7.

#### 3.3. Periodic backup models

It can be shown that the preliminary control time is a function of two random values ^<sup>z</sup> <sup>¼</sup> <sup>y</sup>^ � <sup>T</sup>^

�λy

where n is the number of environment control points and λ is the SW characteristic distur-

Having defined integration limits (Figure 6) and simplified the expression, we obtain the

Having expanded the formula integrands as a power series, we obtain an approximate value

�λ<sup>T</sup> <sup>1</sup> � <sup>e</sup>

�λ<sup>z</sup> � �dT <sup>þ</sup>

ðt t�z

dTdy; tð Þ > 0; n > 0 (11)

<sup>f</sup> T T ^ð Þ<sup>e</sup>

�<sup>λ</sup>TdT � <sup>e</sup>

�λ<sup>t</sup> z t � �<sup>n</sup> ,

(12)

and has the following distribution function:

220 Probabilistic Modeling in System Engineering

�λ<sup>T</sup> <sup>1</sup> � <sup>e</sup>

�λ<sup>T</sup> � �dT <sup>þ</sup>

bance intensity.

following:

Fs <sup>z</sup>^ ¼ ðz 0 <sup>f</sup> T T ^ð Þ<sup>e</sup> Fs <sup>z</sup>^ ¼ ðð

ð Þ S

n <sup>t</sup> <sup>1</sup> � <sup>T</sup> t � �<sup>n</sup>�<sup>1</sup> <sup>λ</sup><sup>e</sup>

> ð<sup>t</sup>�<sup>z</sup> z

Figure 5. Operation of the system, with an irregularity error prevention mechanism available.

of the distribution function that is the basic computational ratio:

Figure 6. Domain of integrating the irregularity prevention time interval.

<sup>f</sup> T T ^ð Þ<sup>e</sup>

The previous subsections dealt with deterministic and stochastic SW control models. When tackling comprehensive tasks of providing IS operational reliability and security, it is important to ensure information safety in case of incidents. This can be achieved by developing an incident management system.2

Apart from control models, this work also investigates backup and recovery models.

The backup mechanism is intended to recover a system's normal operation in case of a failure or an incident, such a recovery starting from the last backup time (Figure 8).

The backup mechanism control task boils down to developing a checkpoint (CP) setting model that minimizes the mathematical expectation of the program operation delay time, given the restrictions on the total SW operation time and the number of CP. The issues of minimizing the mathematical expectation of delay time by changing the CP setting frequency and the determined interval among checkpoints are discussed in [9].

Let us consider a situation when an interval is a random value.

If the failure flow of the computation process is regarded as simple, it can be shown that the delay time ^<sup>z</sup> <sup>=</sup> <sup>y</sup>^ <sup>T</sup>^ is a function of two random values and has the following mathematical expectation:

> M<sup>s</sup> ^<sup>z</sup> ¼ ðð

following:

M<sup>s</sup> ^<sup>z</sup> ¼ ðt 0

> <sup>2</sup><sup>n</sup> ( 1

where <sup>b</sup><sup>1</sup> <sup>¼</sup> <sup>e</sup>�λ<sup>t</sup>

where <sup>b</sup><sup>2</sup> <sup>¼</sup> <sup>1</sup>

ð Þ S

<sup>n</sup>=tð Þ <sup>1</sup> � <sup>T</sup>=<sup>t</sup> <sup>n</sup>�<sup>1</sup> <sup>e</sup>�λ<sup>T</sup>

M<sup>s</sup>

<sup>2</sup>iþ2ð Þ <sup>i</sup>þjþ<sup>2</sup> � <sup>1</sup>

<sup>z</sup>^ <sup>≈</sup> <sup>n</sup> <sup>X</sup><sup>n</sup>�<sup>1</sup> i¼0

gz^ ¼ λe

<sup>λ</sup> þ nt=ð ÞÞ 2n þ 2 .

mathematical expectation of delay time:

ð Þ <sup>λ</sup>ð Þ <sup>i</sup>þjþ<sup>1</sup> � <sup>t</sup>

a constant value of the interval <sup>T</sup> <sup>¼</sup> <sup>t</sup>

deterministic model is as follows:

ð Þ <sup>y</sup> � <sup>T</sup> <sup>n</sup> t

Figure 9. Domain of integrating the program operation delay time interval.

<sup>1</sup> � <sup>T</sup> t � �<sup>n</sup>�<sup>1</sup>

<sup>λ</sup> dT �

Xr j¼0

where n is the number of environment control points and λ is system's failure intensity.

Having defined integration limits (Figure 9) and simplified the expression, we obtain the

Having expanded the integrands as a power series, we obtain an approximate value of the

ð Þ �<sup>1</sup> <sup>j</sup>þ<sup>i</sup> Ci nþ1 λj t j b2

In order to compare the obtained stochastic model (Eq. (20)) and the deterministic one, we consider the latter in more detail. The deterministic model's checkpoints form a regular flow with

It can be shown that the expression for the mathematical expectation of delay time in the

ð<sup>t</sup>=<sup>2</sup> 0

λe

<sup>n</sup>=tð Þ <sup>1</sup> � <sup>T</sup>=<sup>t</sup> <sup>n</sup>�<sup>1</sup>

<sup>2</sup>iþ1λð Þ <sup>i</sup>þjþ<sup>1</sup> , r is the number of iterations.

e

<sup>n</sup>þ1. The delay time distribution density will be as follows:

�λð Þ <sup>T</sup>þ<sup>z</sup> ; ð Þ <sup>0</sup> <sup>&</sup>lt; <sup>z</sup> <sup>&</sup>lt; <sup>T</sup> : (21)

�2λ<sup>T</sup> <sup>T</sup> <sup>þ</sup>

�<sup>λ</sup>ydTdy; tð Þ <sup>&</sup>gt; <sup>0</sup>; <sup>n</sup> <sup>&</sup>gt; <sup>0</sup> (18)

Periodic Monitoring and Recovery of Resources in Information Systems

http://dx.doi.org/10.5772/intechopen.75232

223

1 λ

<sup>j</sup>! � <sup>b</sup>1, (20)

� �dT � <sup>b</sup>1, (19)

Figure 7. Irregularity prevention probability versus the number of preliminary control points.

Figure 8. Program operation using a checkpoint mechanism.

<sup>2</sup> ISO/IEC TR 18044:2004 IT—security techniques—information security incident management.

Figure 9. Domain of integrating the program operation delay time interval.

$$M\_{\bar{z}}^{s} = \iint\_{\left(\bar{S}\right)} \left(y - T\right) \frac{n}{t} \left(1 - \frac{T}{t}\right)^{n-1} \lambda e^{-\lambda y} dT dy; \qquad (t > 0, n > 0) \tag{18}$$

where n is the number of environment control points and λ is system's failure intensity.

Having defined integration limits (Figure 9) and simplified the expression, we obtain the following:

$$M\_{\hat{z}}^{s} = \int\_{0}^{t} n/t(1 - T/t)^{n-1} \frac{e^{-\lambda T}}{\lambda} \, dT - \int\_{0}^{t/2} n/t(1 - T/t)^{n-1} \, e^{-2\lambda T} \left(T + \frac{1}{\lambda}\right) dT - b\_{1\prime} \tag{19}$$

where <sup>b</sup><sup>1</sup> <sup>¼</sup> <sup>e</sup>�λ<sup>t</sup> <sup>2</sup><sup>n</sup> (<sup>1</sup> <sup>λ</sup> þ nt=ð ÞÞ 2n þ 2 .

to ensure information safety in case of incidents. This can be achieved by developing an incident

The backup mechanism is intended to recover a system's normal operation in case of a failure

The backup mechanism control task boils down to developing a checkpoint (CP) setting model that minimizes the mathematical expectation of the program operation delay time, given the restrictions on the total SW operation time and the number of CP. The issues of minimizing the mathematical expectation of delay time by changing the CP setting frequency and the deter-

If the failure flow of the computation process is regarded as simple, it can be shown that the delay time ^<sup>z</sup> <sup>=</sup> <sup>y</sup>^ <sup>T</sup>^ is a function of two random values and has the following mathematical

Apart from control models, this work also investigates backup and recovery models.

or an incident, such a recovery starting from the last backup time (Figure 8).

mined interval among checkpoints are discussed in [9].

Let us consider a situation when an interval is a random value.

Figure 7. Irregularity prevention probability versus the number of preliminary control points.

ISO/IEC TR 18044:2004 IT—security techniques—information security incident management.

Figure 8. Program operation using a checkpoint mechanism.

management system.2

222 Probabilistic Modeling in System Engineering

expectation:

2

Having expanded the integrands as a power series, we obtain an approximate value of the mathematical expectation of delay time:

$$M\_{\vec{z}}^{s} \approx n \sum\_{i=0}^{n-1} \sum\_{j=0}^{r} (-1)^{j+i} \mathsf{C}\_{n+1}^{i} \frac{\lambda^{j} t^{j} b\_{2}}{j!} - b\_{1} \tag{20}$$

where <sup>b</sup><sup>2</sup> <sup>¼</sup> <sup>1</sup> ð Þ <sup>λ</sup>ð Þ <sup>i</sup>þjþ<sup>1</sup> � <sup>t</sup> <sup>2</sup>iþ2ð Þ <sup>i</sup>þjþ<sup>2</sup> � <sup>1</sup> <sup>2</sup>iþ1λð Þ <sup>i</sup>þjþ<sup>1</sup> , r is the number of iterations.

In order to compare the obtained stochastic model (Eq. (20)) and the deterministic one, we consider the latter in more detail. The deterministic model's checkpoints form a regular flow with a constant value of the interval <sup>T</sup> <sup>¼</sup> <sup>t</sup> <sup>n</sup>þ1. The delay time distribution density will be as follows:

$$g\_{\bar{z}} = \lambda e^{-\lambda \left(T + z\right)}; \quad \text{ (} 0 < z < T\text{)}.\tag{21}$$

It can be shown that the expression for the mathematical expectation of delay time in the deterministic model is as follows:

$$M\_{\tilde{z}}^d = \frac{e^{-\lambda T}}{\lambda} \left(1 - e^{-\lambda T}(\lambda T + 1)\right); \quad (0 < z < T) \tag{22}$$

By comparing the expressions (Eqs. (20) and (22)), we obtain a criterion allowing a model to be chosen at specific values λ, t, and n:

$$M^s\_{\tilde{z}}(z) \lessapprox M^d\_{\tilde{z}}(z) \tag{23}$$

This allowed the error flow to be considered a stationary Poissonian flow. A study of the electronic archive DB operation in 2000–2017 showed that the restriction on the correctable

Control type Number of control points Man hours Recovery probability

Periodic Monitoring and Recovery of Resources in Information Systems

http://dx.doi.org/10.5772/intechopen.75232

225

Conventional 7 42 1.0 Deterministic 4 24 0.99996 Stochastic 3 18 0.99997

The DB recovery probabilities calculated by the formulas (Eqs. (20) and (22)) and their dependence on the number of control points for the first half of 2010 (t = 1052 h) are shown in Figure 10. Taking into account the electronic archive availability requirements, it is advisable to use only

Thus, the practical solutions offered in this work allow for the stochastic nature of DB errors. This permits the desired error detection model to be chosen at a specified DB and electronic

In general, IS periodic control involves performing a number of standard procedures:

one can define the system availability ratio (operational availability factor [13]):

1

np is the error detection probability in case of np SW control points.

<sup>n</sup> <sup>=</sup> ð Þ ne <sup>þ</sup> <sup>1</sup> <sup>∙</sup>F^z; error detection probability—Pp

Choosing a strategy and the number of control/backup points helps manage the system's stability, integrity, and accessibility levels [12]. For example, considering the earlier procedures,

<sup>A</sup> <sup>p</sup> <sup>þ</sup> ð Þ <sup>1</sup> � <sup>p</sup> Pe

delay time in case of nr being the backup points, p is the SW error-free performance (SW

In the above formula, p is the SW failure-free performance probability; error prevention

ne is the error prevention probability in case of ne environment control points,

ne <sup>þ</sup> <sup>1</sup> � Pe

ne � �P<sup>p</sup>

nr is the mathematical expectation of the program operation

np � � � � (25)

<sup>n</sup> <sup>=</sup> np <sup>þ</sup> <sup>1</sup> � �∙Fz^; availability

error detection time Q was more than 1 month.

Table 3. An example of control parameter calculation results.

archive parameters.

• software error control;

• backup in case of failure.

where t is the task solution time, Mr

efficiency), Pe

probability—P<sup>e</sup>

and P<sup>p</sup>

three control points when applying the stochastic model (Table 3).

4. System functional stability management

• operational environment error control; and

<sup>R</sup> <sup>¼</sup> <sup>t</sup>

0 @

<sup>t</sup> <sup>þ</sup> Mr nr � �

Considering the CP setting time and restart to be instantaneous, we obtain a total SW operation time model, given the availability of the CP mechanism:

$$t'(n) = t + (n+1)M\_{\hat{z}} \tag{24}$$

where <sup>t</sup> is the SW operation time, <sup>n</sup> is the number of checkpoints, and Mz^ <sup>¼</sup> max Ms <sup>z</sup>^ð Þ<sup>z</sup> ; Md <sup>z</sup>^ð ÞÞ z is the mathematical expectation of the SW operation delay time in case of failure.

Here is an example using the department archive data for the first half of 2017. The database (DB) was inspected seven times over this period. The inspections revealed 12 errors, all of which were corrected by standard methods, with the relevant entry made in the administrator log. The following error parameters were calculated:


Figure 10. DB error detection probabilities versus the number of control points.


Table 3. An example of control parameter calculation results.

M<sup>d</sup> <sup>z</sup>^ <sup>¼</sup> <sup>e</sup>�λ<sup>T</sup>

tion time model, given the availability of the CP mechanism:

log. The following error parameters were calculated:

• the average quadratic deviation δz^ = 30.04 h; and

• Cramér-von Mises criterion (goodness of fit) k(n) = 0.55.

Figure 10. DB error detection probabilities versus the number of control points.

• the average time between errors Mz^ = 43.83 h;

• the error intensity λ = 0.022 1/h;

chosen at specific values λ, t, and n:

224 Probabilistic Modeling in System Engineering

<sup>λ</sup> <sup>1</sup> � <sup>e</sup>

t 0

By comparing the expressions (Eqs. (20) and (22)), we obtain a criterion allowing a model to be

<sup>z</sup>^ð Þ<sup>z</sup> <sup>≶</sup>Md

Considering the CP setting time and restart to be instantaneous, we obtain a total SW opera-

Here is an example using the department archive data for the first half of 2017. The database (DB) was inspected seven times over this period. The inspections revealed 12 errors, all of which were corrected by standard methods, with the relevant entry made in the administrator

Ms

where <sup>t</sup> is the SW operation time, <sup>n</sup> is the number of checkpoints, and Mz^ <sup>¼</sup> max Ms

is the mathematical expectation of the SW operation delay time in case of failure.

�λ<sup>T</sup>ð Þ <sup>λ</sup><sup>T</sup> <sup>þ</sup> <sup>1</sup> ; ð Þ <sup>0</sup> <sup>&</sup>lt; <sup>z</sup> <sup>&</sup>lt; <sup>T</sup> (22)

ð Þ¼ n t þ ð Þ n þ 1 Mz^ (24)

<sup>z</sup>^ð Þz (23)

<sup>z</sup>^ð Þ<sup>z</sup> ; Md

<sup>z</sup>^ð ÞÞ z

This allowed the error flow to be considered a stationary Poissonian flow. A study of the electronic archive DB operation in 2000–2017 showed that the restriction on the correctable error detection time Q was more than 1 month.

The DB recovery probabilities calculated by the formulas (Eqs. (20) and (22)) and their dependence on the number of control points for the first half of 2010 (t = 1052 h) are shown in Figure 10.

Taking into account the electronic archive availability requirements, it is advisable to use only three control points when applying the stochastic model (Table 3).

Thus, the practical solutions offered in this work allow for the stochastic nature of DB errors. This permits the desired error detection model to be chosen at a specified DB and electronic archive parameters.
