Dear colleagues!

For several years The State University – Higher School of Economics (HSE, http://www.hse.ru/lingua/en/ ) cooperates with several respectable universities worldwide. In particular, such cooperation provides for possibility of carrying out joint scientific and research projects in topical areas having value for staff members, research engineers and students of all parties involved.

Particularly, at the present time Higher School of Economics performs training (at both BS and MS levels) in the new educational area called “Software Engineering”. School of Software Engineering (SSE) as a subdivision of the Faculty of Business Informatics was established in the year of 2006 – first students were accepted in the same year. Professor Sergey M. AVDOSHIN (savdoshin@hse.ru) is the unchallenged Head of the School (and the Head of the Department of Software

Engineering Management) over a nearly four-year period.

More specifically, in the field of education SSE forms up its activity on the basis of approved training program that fully meets well-known Computing Curricula 2005, Computer Science 2001 и Software Engineering 2004 international guidelines and embraces a wide range of aspects (viz. mathematical, methodological, economi-cal, legal, marketing, and managerial) related to software production.

Bachelor degree (BS) program directs main attention to the training of technical specialists to be, qualified software designers and architects, software quality and engineering process managers.

Besides, School of Software Engineering offers two Master degree (MS) programs – the first one (“Software Management”) aimed at training of professional managerial staff, project and programming team managers to come both at technological and economic levels. The second MS program named “Information Software Security” concentrates primary attention at training of future experts in the field of secure software systems and information security audit.

The stated summary of research, scientific and educational interests of some SSE instructors is an attempt to pave the way for establishing potential contacts with staff members of your respected University. The 14-page document summarizes proposals stated straight by Professors, Assoc. Professors and Lecturers as well as their lively interest in obtaining additional information concerning training process organization in whole and peculiarities of certain academic courses offered in your University (relevant details are provided on the page 14).

Undoubtedly, teaching staff members will be pleased to get response and to discuss possible issues and proposals concerning materials mentioned on the following pages – corresponding personal e-mail addresses are listed next to their (instructors) names. Additionally, in order to facilitate the process of coordination on condition that mutual interests of parties are found, you can contact directly Dr. Konstantin Y. DEGTYAREV (Assoc.Prof., Department of Software Engineering Management) at kdegtiarev@hse.ru.

Thank you!

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 1

The rest of the document is organized as follows:

■ proposals by Assoc. Prof. Dr. Sergey V. ZYKOV ……………………. pages 3-5

(courses Software Lifecycle –

Introduction to Information Systems / OOAD –

Enterprise Software Systems Development) ■ proposal by Assoc. Prof. Dr. Efim M. GRINKRUG ……………………. page 6

(Research Areas and Presentation Proposal) ■ proposal by Prof. Dr. Irina A. LOMAZOVA ……………………. page 7

(lecture / presentation topic: Distributed systems with dynamic structure: formal models and analysis of behavior properties) ■ proposal by Lecturer Ilya A. KALASHNIKOV ……………………. page 8

(Information Injection) ■ proposal by Lecturer Bayram D. ANNAKOV ……………………. page 8

(Computer Simulation of Software Development Processes Dynamics) ■ proposals by Lecturer Alexandra A. SAVELIEVA ……………………. pages 9-11

(lecture topics: A New Approach to Evaluation of Cryptographic Systems

Personal Data Protection in Russia: Trends of the Last Decade) ■ proposal by Assoc. Prof. Dr. Konstantin Y. DEGTYAREV ……………………. pages 12-13

(lecture/presentation topic: Perceptual Approach to System’s Structural Complexity Estimate in the Framework of Q-analysis Holistic Methodology (cognition in system’s analysis) ■ ■ ■ To our colleagues in the University: We would like to learn more …

……………………. page 14

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 2

► Assoc. Prof. Dr. ZYKOV Sergey V. School of Software Engineering Department of Software Engineering Management [ szykov@hse.ru

]

[1] Course Title: Software LifecycleSoftware LifecycleDetailed information can be obtained at http://www.icarnegie.com/mkt/Programs/courseDetails.php?id=16Additional information concerning lecture modules (tentative plan) can be outlined as follows:

Software Specification, Testing, and Maintenance

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 3

1.1 Software Challenges and Myths 1.2 History and Evolution 1.3 Life Cycle and Economy 1.4 Terminology Multiple-Choice Quiz 1

Unit 1. Overview of Software Engineering 2.1.1 Problem Identification and Scope 2.1.2 Requirements Analysis and Specification 2.1.3 System Design 2.1.4 Implementation 2.1.5 Testing and Delivery 2.1.6 Maintenance 2.1 Overview of the Life Cycle 2.2.1 Build-and-Fix Model 2.2.2 Waterfall Model 2.2.3 Rapid Prototyping Model 2.2.4 Incremental Model 2.2.5 Synchronize-and-Stabilize Model 2.2.6 Spiral Model 2.2.7 Object-Oriented Life-Cycle Models 2.2.8 Comparison of the Models 2.2 Life-Cycle Methodologies Exercise 1 Multiple-Choice Quiz 2

Unit 2. Software Life Cycle 3.1.1 Informal Specifications 3.1.2 Data Flow Diagrams 3.1.3 Process Logic 3.1.4 Data Dictionaries 3.1.5 Input Output Specifications 3.1 Structured Systems Analysis 3.2 Entity-Relationship Modeling Exercise 2 Multiple-Choice Quiz 3

Unit 3. Analysis and Specification Exam 1 Multiple-Choice Exam 1 Practical Exam 1 4.1.1 Object-Oriented vs Structured Analysis 4.1.2 Use Case Modeling 4.1.3 Class Modeling 4.1.4 Dynamic Modeling 4.1 OOA Principles 4.2.1 Defining User Roles 4.2.2 Use Case Diagrams in UML 4.2.3 Writing Use Case Scenarios Exercise 3 4.2 OOA Practice 1: Use Case Modeling 4.3.1 Noun Extraction and Preliminary Class Refinement 4.3.2 Object Diagrams in UML 4.3.3 State Transition Diagrms in UML Exercise 4 4.3 OOA Practice 2: Class and Dynamic Modeling Multiple-Choice Quiz 4

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 4

Unit 4. Object-Oriented Analysis (OOA) 5.1.1 Cohesion and Coupling 5.1.2 Approaches to Software Design 5.1.3 The Role of Architectural Design 5.1.4 Detailed Design 5.1.5 Design Testing 5.1 OOD Principles 5.2.1 Sequence Diagrams in UML 5.2.2 Collaboration Diagrms in UML 5.2.3 Detailed Class Diagrms in UML Exercise 5 5.2 OOD Practice 1 5.3.1 Client-Object Diagrms in UML 5.3.2 Specifying Modular Interfaces 5.3.3 Detailed Design Specifications 5.3.4 Formal Design Review Exercise 6 5.3 OOD Practice 2 Multiple-Choice Quiz 5

Unit 5. Object-Oriented Design (OOD) Exam 2 Multiple-Choice Exam 2 Practical Exam 2 6.1.1 Reuse 6.1.2 Choice of Programming Language 6.1.3 Good Programming Practices and Coding Standards 6.1 Implementation 6.2.1 Execution-Based Testing 6.2.2 Non-execution-Based Testing 6.2.3 Other testing Approaches 6.2.4 A Comparison of Module-Testing Techniques 6.2 Module Testing 6.3 Integration Testing 6.4 Product and Acceptance Testing 6.5 CASE Technology Exercise 7 Multiple-Choice Quiz 6

Unit 6. Build and Test the Solution 7.1 The Documentation Life Cycle 7.2 Documentation during Implementation 7.3 Final Documentation 7.4 Why Document? 7.5 Documentation Aids Exercise 8 Multiple-Choice Quiz 7

Unit 7. Documenting the Solution 8.1 What is Maintenance? 8.2 Managing Maintenance 8.3 Maintaining Object-Oriented Software 8.4 Aids to Maintenance Exercise 9 Multiple-Choice Quiz 8

Unit 8. Deployment and Maintenance Exam 3 Multiple-Choice Exam 3 Practical

[2] Course Title: IntroIntroductionduction to Information Systems to Information Systems // OOADOOADDetailed information can be obtained at http://www.icarnegie.com/mkt/Programs/CourseType2.phpAdditional information concerning lecture modules:

Introduction to Information Systems (OOAD)

Unit 1. The World Wide Web 1.1 Using the Web

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 5

1.1.1 Surfing the Web 1.1.2 Your Web Pages 1.1.3 Clients, Servers, and URLs 1.1.4 Searching the Web 1.1.5 Commerce on the Web 1.1.6 Some Ethical Considerations Exam 1 Multiple-Choice Exam 1 Practical Exam 1 2.1.1 Programming with Objects 2.1.2 Java Program Development 2.1.3 First Look at Java Practical Quiz 4 Exercise 4 2.1.4 Elements of a Java Servlet 2.1.5 Planning Servlet Development 2.1.6 Guidelines for Java Development Multiple-Choice Quiz 4 Practical Quiz 5 Exercise 5 2.1 Programming with Java 2.2.1 Designing Classes 2.2.2 Transforming English Specification to Java 2.2.3 Lifecycle of Objects 2.2.4 The HtmlPage Class 2.2.5 Using Class Documentation 2.2.6 The AlgaeColony Class Multiple-Choice Quiz 5 Practical Quiz 6 Exercise 6 2.2 Fundamentals of Object-Oriented Programming 2.3.1.1 Data Types 2.3.1.2 Variables 2.3.1.3 Using Variables 2.3.1 Data Types and Variables 2.3.2 Arithmetic Operators and Expressions 2.3.3 Boolean and Relational Operators and Expressions 2.3.4 Control Flow 2.3.5 Iteration 2.3.6 Using Vector Multiple-Choice Quiz 6 Practical Quiz 7 Exercise 7 2.3 Fundamentals of Java

Unit 2. Introduction to Java and Object-Oriented Programming Exam 2 Multiple-Choice Exam 2 Practical Exam 2 3.1 Introduction to Inheritance 3.2 Using Inheritance 3.3 Designing a Class Hierarchy Multiple-Choice Quiz 7 Practical Quiz 8 Exercise 8

Unit 3. Inheritance Exam 3 Multiple-Choice Exam 3 Practical Exam 3

[3] Course Title: EnterpriseEnterprise Software Systems Development Software Systems DevelopmentDetailed information can be obtained at http://www.hse.ru/data/2009/12/02/1227417245/ESSD_Program_2009-2010.pdf

► Assoc. Prof. Dr. GRİNKRUG Efim M. The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 6

School of Software Engineering Department of Software Engineering Management [ egrinkrug@hse.ru ]

[1] ResearchResearch Areas and Presentation Proposal Areas and Presentation ProposalProposed research areas are directly connected with Software Engineering (SE) theory and practice – creating applications from reusable software components. Various aspects of Component Oriented Programming are to be presented along with live demonstrations to illustrate them with corresponding projects results.

Preliminary plan for the presentation(s) can be outlined as follows:

Component-oriented programming in general (overview). Component-oriented programming in Java (history, frameworks, tools, specifications,

etc.). Java Beans component model. Advantages / disadvantages. Applications: Connecting virtual and real worlds together

o Virtual Reality modeling and representation. Implementing 3D-Graphics engine using Java Beans components:

VRML / X3D overview and implementations comparison Event-driven and Sensors-based behavior modeling. Component-based approach and architecture of the 3D-Graphics engine in POJO. Design patterns comparison (visitor-based traversing vs MVC-based architecture) Java Beans for VRML/X3D implementation. Demonstrations. 3D applications, applets and components created. Lessons learned – what are the drawbacks of Java Beans components architecture?

Possible directions for the approach evolution and enhancements in 3D-Graphics modeling area.

o Interacting with real world using Wireless Sensor Networking (WSN) WSN standards, usage areas, products and developers communities (overview). Physical WSN level – IEEE 802.15.4 Standard(s). Implementations available. WSN Communication Protocol Stack Architectures and Standards. ZigBee Alliance WSN Standards and Profiles. Implementing ZigBee PRO Stack in Java, using IEEE 802.15.4 compliant USB-

Dongles. WSN modeling. Bridging virtual and real WSN nodes together in Wireless

Network(s). Demonstrations. Application to model WSN(s) made from virtual and real

wireless nodes (with ZigBee PRO compliant stack), Smart Energy ZigBee profile implementation, etc.

Lessons learned – drawbacks of WSN Stack specification and implementation. Perspective issues in WSN software development area.

o Putting that all together. Organizing interactions with real and virtual world by means of java components architecture and wireless network communications.

The way to next generation of Java Beans – an approach to the Dynamic Java Beans (research directions overview).

NOTES

The level of details in the plan outlined above can vary depending on the time available for presentations (lectures, seminars, etc.) and should be discussed in case of interest attracted. Java language and environments used in implementations were used according authors preferences and experience. Approaches proposed can implemented for and using other environments (with embedded environments – as the most perspective ones).

SHORT CVEfim Grinkrug received his degree in applied mathematics from the Moscow Institute for Electronic machines building in 1974, his CSc in System Programming degree in 1983. He worked on operating systems design and development for SU-made supercomputers at the Scientific Research Institute of Calculating Complexes named after M.Kartzev, Moscow (1974 - 1993), as banking systems developer at Intrasoft,SA, Athens, Greece (1993-1996), as 3D-Graphics programmer, expert, at ParallelGraphics (www.parallelgraphics.com) company (1996-2004) and as CTO at Meshnetics (www.meshnetics.com), wireless sensor networks / ZigBee development company (2004 - 2008). Starting from 2009 he is an associate professor in Software Engineering, Higher School of Economics, Moscow, Russia. Member of IEEE (and ISA, ZigBee, OPC, web3d communities, formerly).

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 7

► Prof. Dr. LOMAZOVA Irina A. School of Software Engineering Department of Software Engineering Management [ ilomazova@hse.ru ]

[1] Lecture / Presentation Topic: Distributed Systems with Dynamic Distributed Systems with Dynamic Structure:Structure: Formal Models and Analysis of Formal Models and Analysis of BehaviorBehavior PropertiesPropertiesANNOTATION:A major goal of software engineering is to enable developers to construct systems that operate reliably despite their complexity. Ensuring the correctness of distributed systems is an especially difficult task. One way of achieving system reliability is by using formal models and methods. The most common model for a distributed system is a Petri net. Petri nets are quite simple and illustrative, but have very high expressive power and can be used as a model of complex parallel and distributed systems. Due to their formal semantics and easy-to-understand graphical representation, Petri nets are often used in many application areas. However, standard “flat” Petri nets are often not ample for dealing with complex dynamic and adaptive systems.

We present several topics connected with extending Petri net formalism for modeling distributed systems with dynamic structure and analysis of behavioral properties of such systems, as follows:

1) To capture dynamics and object structure of distributed systems a new class of Petri nets - Nested Petri nets - was introduced. Nested Petri nets is an extension of classical Petri nets, in which tokens model dynamical objects and are themselves represented by Petri nets. It was shown, than Nested Petri nets, being more expressive than classical Petri nets, still preserve some of their nice decidability properties.

2) Resources in general Petri nets. In Petri net models tokens are often interpreted as resources, that are consumed/produced by actions. The notion of resource is defined as a submarking of a Petri net. Resources in our considerations are parts of markings, which may or may not provide some behaviour of the system. The problem, whether some resource can be replaced by another one without changing the system’s behaviour, is investigated. To solve this problem we define the relations of resource similarity and resource bisimulation in Petri nets. Two resources are called similar if replacing one of them by another one in any marking does not change the observable net behavior. The resource similarity relation has a natural interpretation and can be useful for the analysis of resource dependencies in modeled systems. Moreover, it can be used for net reductions.

3) Unambiguous representation of business processes is a critical issue in workflow modeling: models and their semantics should have a formal mathematical basis. Formal semantics is not only necessary for an unambiguous interpretation of business processes, it is also essential for the verification of their properties. Petri nets proved to be a good theoretical basis for workflow processes. WF-net (WorkFlow nets) – a special subclass of colored Petri nets, designed for representing and analysis of business processes. We present some approaches for dynamic modeling of workflow with Petri nets and analysis of soundness – the crucial behavioral property of workflow systems.

SELECTED REFERENCES

1. Irina A. Lomazova. Interacting Workflow Nets for Workflow Process Re-Engineering // Fundamenta Informaticae, Vol. 101, No 1-2, 2010, pages 59-70.

2. Irina A. Lomazova. Nested Petri nets for adaptive process modeling. Pillars of Computer Science: Essays Dedicated to Boris (Boaz) Trakhtenbrot on the Occasion of His 85th Birthday, Arnon Avron, Nachum Dershowitz, and Alexander Rabinovich, editors, Lecture Notes in Computer Science, vol. 4800, Springer-Verlag, Berlin, 2008. P. 413-426.

3. Kees M. van Hee, Olivia Oanea, Alexander Serebrenik, Natalia Sidorova, Marc Voorhoeve, Irina A. Lomazova: Checking Properties of Adaptive Workflow Nets. Fundamenta Informaticae, Volume 79, Number 3-4, 2007. P. 347-362.

4. Kees van Hee, Irina A. Lomazova, Olivia Oanea, Alexander Serebrenik, Natalia Sidorova and Marc Voorhoeve. Nested Nets for Adaptive Systems. 27th International Conference on Application and Theory of Petri Nets and Other Models of Concurrency. Turku, Finland, June 26-30, 2006, (S. Donatelli and P. S. Thiagarajan, eds), Lecture Notes in Computer Science, vol. 4024, Springer Verlag, 2006, pp. 241--260.

5. Bashkin V.A., Lomazova I.A. Similarity of generalized resources in Petri nets. Lecture Notes in Computer Science, Vol. 3606, 2005, p.27-41.

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 8

6. Irina A. Lomazova. Communities of Interacting Automata for Modelling Distributed Systems with Dynamic Structure. Fundamenta Informaticae, Vol. 60, No 1-4, 2004, pages 225-235.

7. Irina A. Lomazova. Interacting Automata for Modelling Distributed Systems. Lecture Notes in Computer Science, 2658 (2003), 851-860.

► Lecturer KALASHNİKOV İlya A. School of Software Engineering Department of Software Engineering Management [ ilia@inbox.ru ]

[1] General Presentation Topic: InformationInformation Injection InjectionTHEMES 1,2: Using Informational Injection in education process. Informational Injection as a method for comfort living in Information society.

DESCRIPTION: Informational Injection – is a story, analytics, joke, fable, the fact, fairy tale or some information that motivates you to do something. For example – somebody stole a mobile phone from the Jack’s jacket. Jack received an information injection. Now he will be more accurate for his stuff. Jane given up smoking when she saw lungs of the smoker in a cut. Jane received an information injection too. And Bill started to plan his future on the paper, when he received an analytics that people who write their aims earn in 20 times more than other. I offer many facts and stories as an information injection to improve education, to make education process more interesting, to form an information culture.

THEME 3: Methods of improving our information life, to make working with information more effective.

DESCRIPTION: My interests are near theme how we can live in Information society with pleasure. Not to be depressed because of information overload. I study and approve many methods from different disciplines which can be useful for information culture. I want to understand what things we should teach to make an Information culture, to stop information overload in our everyday life. Than I want to write a book about it.

► Lecturer ANNAKOV Bayram D. School of Software Engineering Department of Software Engineering Management [ bayram.annakov@empatika.com ]

[1] Presentation Topic: ComputerComputer Simulation of Software Simulation of Software DevelopmentDevelopment Processes DynamicsProcesses DynamicsANNOTATION: Managing software development processes is a complex task which requires understanding interactions of multiple factors: both technical and social in nature. A good way to explore such complexities is computer simulation. The goal of this seminar is to explain how System Dynamics modeling framework, one of the best techniques for reasoning about the effects of complex interacting changes, could be applied to software project and process management. Theoretical information is explained using simulation model developed for exploring dynamics of a real software project.

ADDITIONAL INFORMATION:

Duration: 8 academic hours (may be split into four two-hour sessions).The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 9

► Lecturer SAVELİEVA Alexandra A. School of Software Engineering Department of Software Engineering Management [ asavelieva@hse.ru ]

[1] Lecture Topic: A New A New ApproachApproach to Evaluation of Cryptographic to Evaluation of Cryptographic SystemsSystems [with PROF. DR. AVDOSHIN SERGEY M.] We introduce a complex approach to evaluating cryptographic protection efficiency. The main thread of our work is the development of mathematical models of threats to analyze the security of cryptographic systems based on various types of attacks that a cryptographic system is exposed to. The second main thread is the development of software tools to facilitate the process of cryptosystem efficiency assessment by computer security specialists. The new approach allows to build an economic rationale for investments to cryptographic systems and to provide sound arguments for implementing an information security strategy.

Index Terms — cryptographic system, threat modeling, risk management, discounted cash flow, cryptanalysis.

I. INTRODUCTION

Classically, the research of cryptographic tools has mostly focused on cryptographic security, leaving out of scope other important parameters such as performance, cost, implementation complexity etc. Meanwhile, as Bruce Schneier declares in [1], “it becomes increasingly clear that the term "security" doesn’t have meaning unless also you know things like "Secure from whom?" or "Secure for how long?"”

Our analysis of modern publications on security ([2-7] et al.) revealed a lack of methods designed to facilitate the process of context-dependent cryptographic protection efficiency evaluation. In [2] Bennet S. Yee emphasizes the importance of cryptographic parameters security measurement; in the same time, he demonstrates the difficulty of this problem by providing some interesting mathematical and game-theoretical implications of cryptography. The straight-forward approach of ranking cryptographic systems based only on cryptographic security leads to an approximation where the adversaries’ computational resources and knowledge of the cryptosystem implementation are overlooked. Economic perspective is embraced by formalized security risk analysis and management methodologies such as RiskWatch [3] and GRIF [4]. However, they are focused on information system security as a whole and do not consider the peculiarities of evaluating cryptographic systems. Finally, various tools for cryptographic protocols analysis [5 - 7] focus only on the high-level, conceptual design of a protocol on the supposition that cryptographic algorithms satisfy perfect encryption assumptions, so the strength of ciphers remains out of scope.

The purpose of our work is to design a method for evaluation of cryptographic systems. In order to achieve the goal, we need to:1) formulate the steps of cryptographic systems evaluation process;2) develop a mathematical model of security threats;3) design software tools to facilitate the process of cryptosystem efficiency assessment by a computer

security specialist;4) select appropriate economic indicators as a basis to provide sound arguments for implementing an

information security strategy.

II. CRYPTOGRAPHIC SYSTEMS EVALUATION PROCESS

The process of cryptosystem efficiency assessment can be described as a sequence of steps, each of them directed at answering a specific question:

Step 1: What cryptosystem is the object of attack? Step 2: Who wants to attack the cryptosystem? Step 3: Which attack techniques are most likely to be used to break the cryptosystem? Step 4: Is the cryptosystem capable of withstanding such attacks? Step 5: Does the cryptosystem provide sufficient security in the given context?

The environment typically imposes restrictions on the attack scenarios that the cryptographic systems

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 10

are exposed to, so Steps 1 to 3 imply modeling threats to a cryptographic system in a given context. Step 4 is about analyzing the cryptographic system resistance to the types of attacks defined at Steps 1 - 3. Finally, Step 5 involves using various risk analysis techniques and economic tools to evaluate the data obtained during Steps 1-4.

III. ABC-MODEL OF SECURITY THREATS

We can assume that an adversary is most likely to choose an attack with the maximum benefit for a given cost, or choose the least costly attack that gives them a particular benefit [8]. Each cryptosystem has a set of attacks that is applicable to it and a set of attacks that is not. These statements perfectly fit into common risk-management methodologies and result in the following approach to evaluating security threats.

Each crypto attack has a value of risk assigned to it defined as the product of probability of the hazard and its potential impact:

Risk = Probability Impact

Impact refers to effect of an attack on a specific type of cryptographic system. Probability reflects the likelihood that an adversary will consider a specific type of attack appropriate in terms of available resources and target secret data. Thus, a formal model of the cryptosystem coupled with formal models of the adversaries will yield a set of the most hazardous attacks that the cryptosystem is exposed to. The model of security threats represented as a composition of 3 elements will be referred to as an ABC-model (‘A’ for attack, ‘B’ for codebreaker and ‘C’ for cryptosystem). We suggest using multiple-category divisions of cryptographic systems, adversaries and attacks [9] as a basis for modeling the components of a security threats.

IV. SOFTWARE TOOLS FOR CRYPTANALYSIS

The statistics on breaking cryptosystems are not always available and quickly become out-of-date with the advent of new attack techniques and computation power growth. Therefore, computer security specialists need a set of tools to support evaluation of cryptographic system capability to resist various types of attacks. Software tools CRYPTO [10] are designed as a means for conducting cryptanalysis of public-key cryptosystems. CRYPTO consist of two components: a dynamic-link library DESIGNER, and an application ANALYST. ANALYST provides a friendly graphical user interface to access functions of DESIGNER. DESIGNER is a high-performance, portable C++ library providing necessary elements to design and evaluate modern techniques for cryptanalysis of ciphers based on factorization and discrete logarithm problems. Our implementation makes use of NTL (a Library for doing Number Theory) written and maintained by Viktor Shoup [11].The rationale for the core library is its functionality, performance, and portability.

V. ECONOMIC PERSPECTIVE

We suggest that the discounted cash flow (or DCF) approach [12] should be used to provide economic rationale for investments to cryptographic systems. In finance, DCF is a method of valuing a project, company, or asset using the concepts of the time value of money. All future cash flows are estimated and discounted to give their present values. The discount rate used is generally the appropriate cost of capital and may incorporate judgments of the uncertainty (riskiness) of the future cash flows.

The cash flow related to a cryptographic system can be described using the following formula:

,

where is the cost of a implementation, deployment and support of the cryptographic system; is the value of information assets being protected;

refers to the hazard in case of unauthorized access to the asset by an adversary; is the probability of an adversary to break the cryptographic system;

is the time (e.g. in years) before the future cash flow occurs.

VI. CONCLUSION

Ross Anderson summarizes his well-known paper [13] saying “the evaluator should not restrict herself to technical tools like cryptanalysis and information flow, but also apply economic tools”. Our paper aims at providing a formal way of analyzing cryptographic systems security. We expect that economic perspective introduced in this paper will be of value to security specialists for justifying IT budget and communicating their proposals to the co-workers with financial background.

Theoretical results: a five-step process designed to focus on the specific aspects of cryptographic systems

efficiency ABC-model for formalizing of security threats to cryptographically protected data in a given

context; multiple-category divisions of cryptographic systems, adversaries and attacks as a basis for

modeling the components of a security threatPractical results:

a built-in expert knowledge base to aid in-house cryptographic systems expertise – joint efforts with DialogueScience, Inc. [14] (Russian leading system integrator and software value added

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 11

reseller for information security needs) – project in development. software tools designed as a means for conducting research in information safety and number

theory.

REFERENCES

[1] Schneier B. Modeling security threats // Dr. Dobb’s Journal, December, 1999. [2] Yee. B. S. Security Metrology and Monty Hall Problem. Available at: http://www.cs.ucsd.edu/bsy/pub/metrology.pdf,

April 2001. [3] RiskWatch Official website // RiskWatch, Inc. Available at: http://www.riskwatch.com/[4] Digital Security: GRIF //Available: http://www.dsec.ru/products/grif/[5] Bodei C., Buchholtz M., Degano P., Nielson F., Riis Nielson H. Automatic validation of protocol narration. In

Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW 2003), IEEE Computer Society Press, Washington, 2003. Pp. 126 - 140.

[6] Boreale M., De Incola R., Pugliese R. Proof techniques for cryptographic processes. SIAM J. Comput., 31(3), 2002. Pp. 947-986.

[7] Cheminod M., Cibrario Bertolotti I., Durante L., Sisto R., Valenzano A. Tools for cryptographic protocols analysis: A technical and experimental comparison // Computer Standards & Interfaces, 2008.

[8] Schneier B. Beyond Fear. Thinking Sensibly about Security in an Uncertain World. Copernicus Books (September 2003)

[9] Savelieva A. Formal methods and tools for evaluating cryptographic systems security // St. Petersburg, ISP RAS, In Proceedings of the Second Spring Young Researchers’ Colloquium on Software Engineering (SYRCoSE’2008), 2008, Vol 1. ISBN 978-5-91474-006-8. Pp. 33-36.

[10] Avdoshin S.M., Savelieva A.A. Tools for asymmetric ciphers analysis: Industrial registration certificate No. 10193 dated 18.03.2008 (in Russian).

[11] Library for doing Number Theory. Available at: http://www.shoup.net/ntl/ 07.07.2009[12] Kruschwitz L., Loeffler A. Discounted Cash Flow: A Theory of the Valuation of Firms (The Wiley Finance Series). Wiley,

2005. 178 p.[13] Anderson R. Why information security is hard - an economic perspective // Proceedings of the 17th Annual Computer

Security Applications Conference (ACSAC '01), 10-14 Dec 2001, New Orleans, Louisiana, USA, 2001.[14] DialogueScience Official website // DialogueScience , Inc. Available at : http://www.antivir.ru/english/

[2] Lecture Topic: PersonalPersonal Data Protection in Russia: Trends of the Data Protection in Russia: Trends of the LastLast DecadeDecade [with PROF. DR. AVDOSHIN SERGEY M.] The purpose of this lecture is to emphasize the importance of joint international measures and standards on security. We will take a look at the Federal Law on Personal Data adopted in the Russian Federation in 2006 to address individual privacy protection in information society. We will demonstrate the timeliness of this law and its role in harmonization of Russian law base with international security agreements.

Index Terms — Personally Identifiable Information, Federal Law on Personal Data, International Security Agreements.

In 2001 Russian Federation became a signatory to Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of the Council of Europe. This event initiated integration of security principles defined in the document into the regulatory framework of the Russian Federation. Ratification of this convention took place in 2005, followed by implementation in the form of the Federal Law of the Russian On Personal Data in 2006.

The purpose of this act is to ensure individual’s rights for privacy when their personal data is being processed. The act guarantees that data subject has a full authority to access their personal data and has an excusive right to decide whether to submit their personal data to an operator for processing. The act regulates relations with regard to processing of personal data and defines responsibilities of any organization or individual that is processing personal data.

The period of bringing information systems into compliance with the Federal Law on Personal Data was initially defined as 1 January 2010. However, global economic crisis that forced companies to cut budgets coupled with a few ambiguities in legislative requirements interfered with the feasibility of the plans, and the deadline was prolonged until 1 January 2011. As of this date, the designated authority will start the regular monitoring activities of personal data processing in public and private sector. Until then, inspections are conducted only on request of data subject who declare their rights in the processing of their personal data to be infringed.

Although the majority of operators were unable to bring information systems in line with the requirements on time, the Federal Law on Personal Data has had a significant impact on business and mentality in Russia:

For a few years, the discussions around the Federal Law on Personal Data have been hitting the headlines, thereby improving the awareness of people in terms of their rights in the processing of their personal data. Google search statistics shows an enormous growth of interest to such requests as ‘personal data’ or ‘personal data protection’ in Russia (while in the rest of the world overall trend was declining)

Chief Security officers received a sound argument to justify investments into information security. Moreover, lawyers became involved in IT projects focused on personal data protection.

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 12

The State designated an authority to ensure the data subject rights protection. The effectiveness of this step is evidenced by the growing number of legal recourses and court victories of data subjects (for instance, a case with unauthorized publication of tax-dodgers personal data in public media by a tax office that took place in 2009).

► Assoc. Prof. Dr. DEGTYAREV Konstantin Y. School of Software Engineering Department of Software Engineering Management [ kdegtiarev@hse.ru ]

[1] Lecture / Presentation Topic: PerceptualPerceptual Approach to System’s Approach to System’s StructuralStructural Complexity Estimate in the Complexity Estimate in the Framework ofFramework of Q-analysis Holistic Q-analysis Holistic Methodology (cognition inMethodology (cognition in system’s analysis)system’s analysis) ANNOTATION: One of the main stages in systems studying is a stage of analysis that leads to obtaining important information both on systems under design and real systems (natural or as a man-made). Analysis process dwells upon the observer’s «level of understanding» of a system as a whole, his ability to distinguish without destruction the integrity properties of a system using a priori knowledge about an object.

The intense growth of interest in problems arising in the field of large complex systems has led to the application of profound mathematical methods for initiating a systematic inquiry into structural analysis of systems and measures of their complexity. The notions of «complexity» and «structure» are used in systems science (and elsewhere) in various ways, and this presentation examines and discusses from the systematic point of view some modifications of the holist approach proposed by R.H.Atkin for analysis of systems structures both at the global level (system as a whole) and at the local level (level of elements that are connected to each other to form a structure), as well as for estimation of structural complexity of systems based on the results of such analysis. One might say that the gist of the procedure known as Q-analysis (or, Polyhedral Dynamics) is grounded on mathematical ideas of the seminal paper of C.Dowker that traces fairly its roots back to prior publications Analysis Situs and Complement a l’Analysis Situs by

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 13

A.Poincare, who brought into life the «idea of computing with topological objects». Within the scope of Q-analysis approach a structure of the system under consideration is used with a purpose of obtaining its geometric and algebraic representation in the form of simplicial complex formed by multidimensional simplices (faces of ). The aggregate of these convex hulls of points in the space or polyhedra with different number of faces – potentially, they can be isolated points, line segments, triangles, tetrahedrons, etc. by rise of dimension value – constitutes formal representation of the system (model). Consequently, its analysis is performed at each dimensional level starting from the lowest zero level to the highest one revealed in complex through studying clusters of simplices joined by chains of connectivity, which link simplices together causing the appearance of specific connectivity components at each level q. A measure of structural complexity of deals with the results of performed analysis.

In last three decades Q-analysis in essence has been employed successfully in modeling, processing and analysis of urban structures, water distribution systems, transportation and street networks, geology and social sciences, methods related to estimation of complexity based on cognitive processes, census returns, manufacturing systems, content analysis of print communication (newspapers), data management, spatial topology of geographic information systems (GIS) and static (structural) complexity of Internet-based teleoperation schemes, to name a few. Furthermore, early publications of R.Atkin gave a stimulus to start research activity aimed at developing a general connectivity theory of simplicial complexes.

A concept of complex system (or, complexity in general) is many-sided and rich, and because of that we distinguish only structural features which could bring a valuable contribution to systems studying. Classification of systems as simple or complex normally takes into account several factors, among which a variety of elements and interactions (connections) are of importance. Preliminary conclusions on complexity of system are drawn on the basis of observation of its behavior, which depends upon a system’s organization. In general, organization is a dynamic component, but it includes a fixed (constant) part – namely, it is structure. What we mean here are those aspects of hypothetical complexity, which appear in a system’s structure and «arise through connectivity and the inter-relationships of a system’s constituent elements».

Structural complexity (connectivity) estimates in the context of specific type of description of ascertained interrelations between system’s elements can be expressed from the perspective of diverse considerations and prerequisites put forward by the domain expert. Such viewpoint suggests material aggregate effect of relativity and subjectivity factors on both interpretation of obtained results and carried out formal calculations.

We may cautiously surmise that among determinative factors that affect in the main the estimate of complex’s structural complexity (its perception) lies not so much virtually suggested computational scheme as expert knowledge by virtue of domain-specific expertise, observations, sound guess-work and so-called «number sense». The latter is one of commonly referenced concepts in education and cognitive science; on the whole it can be understood as a human mental ability to grasp the meaning of numbers and (closeness) relationships between them, quickly perform approximation of quantities that arise from basic or more complex calculations on numeric entities.

The following items are stipulated by the plan of presentation:

Background: Algebraic topology concepts (simplices, simplicial complex, chains of connectivity).

Initial stage of systems analysis (structural complexity, parts/connections, flow transfer (between system’s parts)).

Mathematical model of the system (level of system’s description, interconnection matrix).

Measure of structural complexity; connectivity. General observations. Q-analysis and complexity of the structure.

Results of Q-Analysis, their interpretation. Feature vectors and interpretation of closeness; proximity measures.

Similarity measures: conceptual space and distances. Human perception, represention and use of information (facts) for classification and

reasoning (general observations and comments). Potential partnering of cognitive psychology, fuzzy logic and Q-analysis methods.

Conclusion.

SELECTED REFERENCES

- Atkin, R. “An Algebra for Patterns On a Complex, I”, Int. Journal Man-Mach. Stud. (6) : 285-307, 1974.- Atkin, R.H. and Casti, J.L. “Polyhedral dynamics and the geometry of systems”, IIASA (Int. Institute for Appl. Syst. Analysis) Report, Laxenburg, 1977.- Atkin, R.H. “From cohomology in physics to q-connectivity in social science”, Int. Journal of Man-Mach. Stud. (4) : 139-167, 1972.- Cornacchio, J.V. “System complexity - a bibliography”, Int. Journal of Gen. Syst., 3 : 267-271, 1977.- Cox, T.F. and Cox, M.A. “Multidimensional Scaling”, CRC Press, 2001.- de Rosnay, J. “The Macroscope” (Ch. 2 - The systemic revolution: a new culture, 1997), Harper & Row, URL: http://pespmc1.vub.ac.be/MACRBOOK.html

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 14

- Degtyarev, K.Y. “Systems Analysis: Mathematical Modeling and Approach to Structural Complexity Measure Using Polyhedral Dynamics Approach”, Complexity International, 7 : 1-22, 2000.- Degtyarev, K.Y. “Perceptual proximity-based approach to structural complexity estimate of simplicial complex in the framework of Q-analysis holistic methodology” // Proceedings of the 5th International Conference on Soft Computing, Computing with Words and Perceptions in System Analysis, Decision and Control (ICSCCW), 2009.- Dehaene, S. “Precis of “The Number Sense”, Mind & Language, 16 (5) : 16-36, 2001.- Dowker, C.H. “Homology groups of relations”, Annals of Mathematics, 56(1), 1952.- Gärdenfors, P. “Conceptual Spaces. The Geometry of Thought”, The MIT Press (Bradford), 2004.- Garner, W.R. “The Processing of Information and Structure”, Lawrence Erlbaum (Wiley), 1974.- Gartell, A.C. “Distance and Space: A Geographical Perspective”, Oxford University Press, 1983.- Goldstone, R.L. and Son J.Y. “Similarity” (Ch.2), in The Cambridge Handbook of Thinking and Reasoning, ed. Holyoak K.J. and Morrison, R.G., 13-36, 2005.- Gould P. “Q-analysis, or a Language of Structure: An Introduction for Social Scientists, Geographers and Planners”, Int. Journal of Man-Mach. Stud., 13(2) : 169-199, 1980.

To our colleagues in the University : WeWe would like to would like to learn morelearn more …… Besides the proposals presented on pages 1-13, our instructors also take an interest in obtaining additional information concerning certain courses, selected topics and peculiarities of organization of educational process in Faculties and Institutes of your respectable University; their views can be summarized as follows:

1. From the standpoint of skill sharing in the field of information security it would be interesting to have a firsthand acquaintance with a plan (syllabus), credit system, method of approaching information security management and certification procedure in respect to certificate program in Security Engineering,

2. Organization (and other relevant details) associated with courses on Security is also attracting interest,

3. To wide extent, it would be rather beneficial to become familiar with the organization of the whole educational process in Software Engineering and Computer Science/Engineering areas

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 15

as it is established in your University – in particular, deeper comprehension of the “process-oriented approach” to schedule various courses and disciplines (with their contents) is of great value, e.g.

- how the dependecies among courses are controlled and managed, - how the courses are planned so that there is no redundancy while flexibility is preserved, and - how the whole process may be traced (monitored) from the very beginning to the very end in

clear and precise manner (for example, using a kind of Gantt’s diagram or so).

Thank you for your attention and interest!

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 16