Secure architecture of distributed systems

Distributed components of an enterprise information system (IS) interact among themselves through a network, providing information about production activity of an enterprise or an organization. There is a class of vulnerabilities creating threats to correct and safe execution of the functions of IS. Often, hackers look for vulnerabilities using a malicious code which independently extends between hosts of IS while getting to the least protected nodes. Let $V$ be the set of components of the distributed IS and $E$ be the set of possible interactions between components, then $G = (V, E)$ is the architecture of the distributed IS. The following decomposition of architecture of the distributed IS is considered as a hierarchy of architecture of classes of components. The architecture of the network of the distributed IS represents the bottom level of decomposition. The following levels of hierarchy are the architecture of applications and the architecture of information technologies. The top level of hierarchy is the architecture of the distributed IS. Architectural threats are the transit through hosts of the malicious code and information leakage through information technologies. Secure architecture is such architecture which within available means reduces risks of implementation of architectural threats. The architecture of IS is secured if there are no direct interactions between high-risky and high-valuable components. Necessary and sufficient conditions of existence of secure architecture of a distributed IS are found. It is defined under what condition it is possible to insert new tasks or information technologies to a distributed IS or to make other changes safely.