RUS  ENG
Full version
JOURNALS // Prikladnaya Diskretnaya Matematika // Archive

Prikl. Diskr. Mat., 2023 Number 62, Pages 55–70 (Mi pdm820)

Mathematical Backgrounds of Computer Security

The model and metrics of awareness in confidential information. Part 2. Actual awareness

N. A. Gaydamakin

Ural Federal University named after the First President of Russia B. N. Yeltsin, Ekaternburg, Russia

Abstract: The actual awareness of users in confidential information is considered as the possession of relevant information, characterized by the degree of perception (assimilation) and the possibility of using information (“extraction” from memory). Within the subject-object class of access control models in computer systems, the concept of awareness is formalized as a result of user access to objects containing confidential information. Access to the object (by reading), having a time frame (duration), forms the user's awareness of the confidential information of the corresponding object, the value of which is proportional to the volume of confidential information of the object, the index of complexity (readability) of the text of the object, the duration of access and and also depends on the user's individual ability to perceive (reading speed) and master (understanding, processing) information. At the same time, the volume of confidential information of an object is defined as a value proportional to the number of words in the text and the coefficient of informativeness of the object. Over time, according to the Ebbinghaus forgetting curve, the user's awareness of sensitive information decreases. The degree of decrease in awareness depends on the individual characteristics of the user and the level of confidentiality of the information. Subsequent accesses to the object can restore the degree of awareness depending on the duration of the accesses and the time elapsed since the previous access. The type and parameters of the function of reducing/restoring awareness over time and depending on the access history are considered. The user's awareness of all confidential information contained (processed) in a computer system consists of awareness of all access objects, taking into account the synergetic effect, which can be either positive (knowledge about the system of objects is greater than the sum of knowledge about objects) or negative. The nature and features of users' actual awareness in confidential information are illustrated by examples with various parameters of access objects, access history and individual characteristics of users.

Keywords: confidential information, awareness, actual awareness, awareness model, awareness metrics, informativeness of the access object, complexity of the access object text, understanding of the access object text, duration of access, information forgetting curve, access history, synergy effect in awareness.

UDC: 004.94

DOI: 10.17223/20710410/62/5



© Steklov Math. Inst. of RAS, 2024