COALITION-BASED APPROACH TO CYBERSECURITY MANAGEMENT OF INFORMATION SYSTEMS EMPLOYING CLOUD TECHNOLOGIES

Authors

DOI:

https://doi.org/10.28925/2663-4023.2025.27.825

Keywords:

dependability; cybersecurity; threat; information protection; communication network.

Abstract

Ensuring cybersecurity in the context of cloud technologies requires effective cooperation between organizations that jointly operate information systems within a shared infrastructure. This is especially relevant for structures with hierarchical management systems and departmental information protection requirements. In such settings, a coalition-based approach to cybersecurity management plays a key role by aligning the actions of various participants to achieve a common goal—protecting information assets in cloud environments. Research shows that coordinated efforts enhance the effectiveness of protection, reduce data leakage risks, and contribute to system dependability. This approach is particularly critical for networks of situational centers operating in the national security domain. This study explores the use of the Role-Based Access Control (RBAC) model, the method of one-time logins, and proposes an organizational and technical model for access management in coalition-based cybersecurity systems built on cloud technologies. This work applies methods of systems analysis, architectural modeling of information systems, formalization of access roles based on the RBAC (Role-Based Access Control) reference model, and coalition management methods for coordinating cybersecurity policies across organizations. Additionally, an authentication approach using one-time login credentials is implemented to enhance access control security in cloud environments. The study addresses the challenges of building a secure information and communication system based on cloud technologies utilizing data center services. A specific feature of such systems is the involvement of multiple organizations with individual information protection regulations, necessitating a coalition-based approach to cybersecurity management. Based on a detailed analysis, the essence of this approach is defined as the coordinated interaction of stakeholders aimed at enhancing data protection effectiveness and service quality. The paper proposes a model for organizational and technical assurance of dependability and cybersecurity, an ontological access management model based on the RBAC methodology, and a method of using one-time login credentials for authentication. The proposed solutions aim to strengthen the cyber resilience of systems utilizing cloud services. Further research will focus on software implementation of the suggested approaches. This study presents a model for organizational and technical assurance of dependability and cybersecurity based on a coalition-based protection strategy; an ontological model for securing business processes according to the RBAC methodology; and a method for applying one-time login credentials in access control systems. These models and methods are aimed at enhancing the security level of information and communication systems that utilize cloud services. Future research will concentrate on the software modeling aspects of the proposed solutions.

Downloads

Download data is not yet available.

References

On the Protection of Information in Information and Telecommunication Systems, Law of Ukraine No. 80/94-VR (1994) (Ukraine). https://zakon.rada.gov.ua/laws/show/80/94-вр#Text

Grechaninov, V. F. (2021). Some issues of improving the network of situational centers in the security and defense sector. Mathematical Machines and Systems, 3.

Grechaninov, V. F., Oksanych, I. M., & Lopushanskyi, A. V. (2022). The use of cloud technologies to solve the integration of information in multilevel control systems. Control Systems and Computers, 4, 24–34. https://doi.org/10.15407/csc.2022.03.04.024

INCITS 359-2012. Information Technology – Role-Based Access Control. https://csrc.nist.gov/projects/role-based-access-control/rbac-library

Virginia, N. L. Franqueira et al. (2011). RBAC in Practice. International Journal of Chronic Obstructive Pulmonary Disease. https://www.researchgate.net/publication/254860593

Saltzer, J., & Schroeder, M. (1975). The Protection of Information in Computer Systems. Symposium on Operating Systems Principles.

Smirnova, T. et al. (2024). Research of cybersecurity technologies for cloud services: IAAS, PAAS and SAAS. Cybersecurity: Education, Science, Technique, 4(24), 6–27. https://doi.org/10.28925/2663-4023.2024.24.627

Gouglidis, A., Mavridis, I. (2012). domRBAC: An access control model for modern collaborative systems. Computers & Security, 31(4), 540–556.

Esna-Ashari, M. et al. (2011). Reliability of separation of duty in ANSI standard role-based access control. Scientia Iranica D, 18(6), 1416–1424.

On approval of the Rules for ensuring information protection in information, electronic communication and information-telecommunication systems, Resolution of the Cabinet of Ministers of Ukraine, No. 373 (2006) (Ukraine). https://zakon.rada.gov.ua/laws/show/373-2006-п#Text

Information technology – Security techniques – Information security management systems – Requirements (DSTU ISO/IEC 27001:2015). https://www.assistem.kiev.ua/doc/dstu_ISO-IEC_27001_2015.pdf

Weske, M. (2024). Business Process Management: Concepts, Languages, Architectures. Fourth Edition. Springer-Verlag.

Borek, A. et al. (2014). Total Information Risk Management: Maximizing the Value of Data and Information Assets. Elsevier. https://doi.org/10.1016/C2012-0-00446-2.

Stoiljković Ranđelović, A. et al. (2018). Identification and analysis of key business process management factors. Economic Themes, 56(1), 57–78. https://doi.org/10.2478/ethemes-2018-0004

Matthews, B. (2024). What Is a RACI Matrix? Definition, Examples, Uses. URL: https://project-management.com/understanding-responsibility-assignment-matrix-raci-matrix/#:~:text=The%20four%20

components%20of%20a,to%20be%20updated%20on%20progress

Korbut, O. A., & Finkelshtein, Yu.Yu. (1969). Discrete Programming. Kyiv: Nauka.

Kellerer, H., Pferschy, U., & Pisinger, D. (2004). Knapsack Problems. Berlin: Springer.

Hnatiienko, H. M., & Snytjuk, V. Ye. (2008). Expert Technologies for Decision Making. Kyiv: Maclaut LLC.

Hulak, H. M. et al. (2023). Information and Cybersecurity of the Enterprise. Lviv: Publisher Marchenko T.V.

Downloads


Abstract views: 5

Published

2025-06-26

How to Cite

Skladannyi, P., Hulak, H., & Korniets, V. (2025). COALITION-BASED APPROACH TO CYBERSECURITY MANAGEMENT OF INFORMATION SYSTEMS EMPLOYING CLOUD TECHNOLOGIES. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(28), 8–25. https://doi.org/10.28925/2663-4023.2025.27.825

Issue

Vol. 4 No. 28 (2025): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2025 Павло Складанний , Геннадій Гулак, Віктор Корнієць

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Most read articles by the same author(s)

1 2 3 4 > >>