Dear colleagues!

For several years The State University – Higher School of Economics (HSE,
http://www.hse.ru/lingua/en/ ) cooperates with several respectable universities worldwide. In particular,
such cooperation provides for possibility of carrying out joint scientific and research projects in
topical areas having value for staff members, research engineers and students of all parties
involved.
Particularly, at the present time Higher School of Economics performs training (at both BS
and MS levels) in the new educational area called “Software Engineering”.
School of Software Engineering (SSE) as a subdivision of the Faculty of Business
Informatics was established in the year of 2006 – first students were accepted in
the same year. Professor Sergey M. AVDOSHIN (savdoshin@hse.ru) is the
unchallenged Head of the School (and the Head of the Department of Software
Engineering Management) over a nearly four-year period.
More specifically, in the field of education SSE forms up its activity on the basis of approved
training program that fully meets well-known Computing Curricula 2005, Computer Science 2001
и Software Engineering 2004 international guidelines and embraces a wide range of aspects (viz.
mathematical, methodological, economi-cal, legal, marketing, and managerial) related to
software production.
Bachelor degree (BS) program directs main attention to the training of technical specialists to
be, qualified software designers and architects, software quality and engineering process
managers.
Besides, School of Software Engineering offers two Master degree (MS) programs – the first one
(“Software Management”) aimed at training of professional managerial staff, project and
programming team managers to come both at technological and economic levels. The second
MS program named “Information Software Security” concentrates primary attention at training of
future experts in the field of secure software systems and information security audit.

The stated summary of research, scientific and educational interests of some SSE instructors is
an attempt to pave the way for establishing potential contacts with staff members of your
respected University.
The 14-page document summarizes proposals stated straight by Professors, Assoc. Professors
and Lecturers as well as their lively interest in obtaining additional information concerning
training process organization in whole and peculiarities of certain academic courses offered in
your University (relevant details are provided on the page 14).
Undoubtedly, teaching staff members will be pleased to get response and to discuss possible
issues and proposals concerning materials mentioned on the following pages – corresponding
personal e-mail addresses are listed next to their (instructors) names. Additionally, in order to
facilitate the process of coordination on condition that mutual interests of parties are found, you
can contact directly Dr. Konstantin Y. DEGTYAREV (Assoc.Prof., Department of Software
Engineering Management) at kdegtiarev@hse.ru.

Thank you!

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 1
The rest of the document is organized as follows:

■ proposals by Assoc. Prof. Dr. Sergey V. ZYKOV ……………………. pages 3-5

(courses Software Lifecycle –
Introduction to Information Systems / OOAD –
Enterprise Software Systems Development)

■ proposal by Assoc. Prof. Dr. Efim M. GRINKRUG ……………………. page 6

(Research Areas and Presentation Proposal)

■ proposal by Prof. Dr. Irina A. LOMAZOVA ……………………. page 7

(lecture / presentation topic: Distributed systems with dynamic structure:
formal models and analysis of behavior properties)

■ proposal by Lecturer Ilya A. KALASHNIKOV …………………….

page 8
(Information Injection)

■ proposal by Lecturer Bayram D. ANNAKOV …………………….

page 8
(Computer Simulation of Software Development Processes Dynamics)

■ proposals by Lecturer Alexandra A. SAVELIEVA ……………………. pages 9-

11
(lecture topics: A New Approach to Evaluation of Cryptographic Systems
Personal Data Protection in Russia: Trends of the Last Decade)

■ proposal by Assoc. Prof. Dr. Konstantin Y. DEGTYAREV ……………………. pages 12-

13
(lecture/presentation topic: Perceptual Approach to System’s Structural
Complexity Estimate in the Framework of
Q-analysis Holistic Methodology (cognition in
system’s analysis)
■■■ To our colleagues in the University: We would like to learn more …
……………………. page 14

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 2
 ► Assoc. Prof. Dr. ZYKOV Sergey V.
School of Software Engineering
Department of Software Engineering Management  [ szykov@hse.ru
]

[1] Course Title: Software Lifecycle

Detailed information can be obtained at http://www.icarnegie.com/mkt/Programs/courseDetails.php?id=16
Additional information concerning lecture modules (tentative plan) can be outlined as follows:
Software Specification, Testing, and Maintenance

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 3
1.1 Software Challenges and Myths
1.2 History and Evolution
1.3 Life Cycle and Economy
1.4 Terminology
Multiple-Choice Quiz 1
Unit 1. Overview of Software Engineering
2.1.1 Problem Identification and Scope
2.1.2 Requirements Analysis and Specification
2.1.3 System Design
2.1.4 Implementation
2.1.5 Testing and Delivery
2.1.6 Maintenance
2.1 Overview of the Life Cycle
2.2.1 Build-and-Fix Model
2.2.2 Waterfall Model
2.2.3 Rapid Prototyping Model
2.2.4 Incremental Model
2.2.5 Synchronize-and-Stabilize Model
2.2.6 Spiral Model
2.2.7 Object-Oriented Life-Cycle Models
2.2.8 Comparison of the Models
2.2 Life-Cycle Methodologies
Exercise 1
Multiple-Choice Quiz 2
Unit 2. Software Life Cycle
3.1.1 Informal Specifications
3.1.2 Data Flow Diagrams
3.1.3 Process Logic
3.1.4 Data Dictionaries
3.1.5 Input Output Specifications
3.1 Structured Systems Analysis
3.2 Entity-Relationship Modeling
Exercise 2
Multiple-Choice Quiz 3
Unit 3. Analysis and Specification
Exam 1 Multiple-Choice
Exam 1 Practical
Exam 1
4.1.1 Object-Oriented vs Structured Analysis
4.1.2 Use Case Modeling
4.1.3 Class Modeling
4.1.4 Dynamic Modeling
4.1 OOA Principles
4.2.1 Defining User Roles
4.2.2 Use Case Diagrams in UML
4.2.3 Writing Use Case Scenarios
Exercise 3
4.2 OOA Practice 1: Use Case Modeling
4.3.1 Noun Extraction and Preliminary Class Refinement
4.3.2 Object Diagrams in UML
4.3.3 State Transition Diagrms in UML
Exercise 4
4.3 OOA Practice 2: Class and Dynamic Modeling
Multiple-Choice Quiz 4

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 4
Unit 4. Object-Oriented Analysis (OOA)
5.1.1 Cohesion and Coupling
5.1.2 Approaches to Software Design
5.1.3 The Role of Architectural Design
5.1.4 Detailed Design
5.1.5 Design Testing
5.1 OOD Principles
5.2.1 Sequence Diagrams in UML
5.2.2 Collaboration Diagrms in UML
5.2.3 Detailed Class Diagrms in UML
Exercise 5
5.2 OOD Practice 1
5.3.1 Client-Object Diagrms in UML
5.3.2 Specifying Modular Interfaces
5.3.3 Detailed Design Specifications
5.3.4 Formal Design Review
Exercise 6
5.3 OOD Practice 2
Multiple-Choice Quiz 5
Unit 5. Object-Oriented Design (OOD)
Exam 2 Multiple-Choice
Exam 2 Practical
Exam 2
6.1.1 Reuse
6.1.2 Choice of Programming Language
6.1.3 Good Programming Practices and Coding Standards
6.1 Implementation
6.2.1 Execution-Based Testing
6.2.2 Non-execution-Based Testing
6.2.3 Other testing Approaches
6.2.4 A Comparison of Module-Testing Techniques
6.2 Module Testing
6.3 Integration Testing
6.4 Product and Acceptance Testing
6.5 CASE Technology
Exercise 7
Multiple-Choice Quiz 6
Unit 6. Build and Test the Solution
7.1 The Documentation Life Cycle
7.2 Documentation during Implementation
7.3 Final Documentation
7.4 Why Document?
7.5 Documentation Aids
Exercise 8
Multiple-Choice Quiz 7
Unit 7. Documenting the Solution
8.1 What is Maintenance?
8.2 Managing Maintenance
8.3 Maintaining Object-Oriented Software
8.4 Aids to Maintenance
Exercise 9
Multiple-Choice Quiz 8
Unit 8. Deployment and Maintenance
Exam 3 Multiple-Choice
Exam 3 Practical

[2] Course Title: Introduction to Information Systems / OOAD

Detailed information can be obtained at http://www.icarnegie.com/mkt/Programs/CourseType2.php
Additional information concerning lecture modules:
Introduction to Information Systems (OOAD)
Unit 1. The World Wide Web
1.1 Using the Web

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 5
 1.1.1 Surfing the Web
1.1.2 Your Web Pages
1.1.3 Clients, Servers, and URLs
1.1.4 Searching the Web
1.1.5 Commerce on the Web
1.1.6 Some Ethical Considerations
Exam 1 Multiple-Choice
Exam 1 Practical
Exam 1
2.1.1 Programming with Objects
2.1.2 Java Program Development
2.1.3 First Look at Java
Practical Quiz 4
Exercise 4
2.1.4 Elements of a Java Servlet
2.1.5 Planning Servlet Development
2.1.6 Guidelines for Java Development
Multiple-Choice Quiz 4
Practical Quiz 5
Exercise 5
2.1 Programming with Java
2.2.1 Designing Classes
2.2.2 Transforming English Specification to Java
2.2.3 Lifecycle of Objects
2.2.4 The HtmlPage Class
2.2.5 Using Class Documentation
2.2.6 The AlgaeColony Class
Multiple-Choice Quiz 5
Practical Quiz 6
Exercise 6
2.2 Fundamentals of Object-Oriented Programming
2.3.1.1 Data Types
2.3.1.2 Variables
2.3.1.3 Using Variables
2.3.1 Data Types and Variables
2.3.2 Arithmetic Operators and Expressions
2.3.3 Boolean and Relational Operators and Expressions
2.3.4 Control Flow
2.3.5 Iteration
2.3.6 Using Vector
Multiple-Choice Quiz 6
Practical Quiz 7
Exercise 7
2.3 Fundamentals of Java
Unit 2. Introduction to Java and Object-Oriented Programming
Exam 2 Multiple-Choice
Exam 2 Practical
Exam 2
3.1 Introduction to Inheritance
3.2 Using Inheritance
3.3 Designing a Class Hierarchy
Multiple-Choice Quiz 7
Practical Quiz 8
Exercise 8
Unit 3. Inheritance
Exam 3 Multiple-Choice
Exam 3 Practical
Exam 3

[3] Course Title: Enterprise Software Systems Development

Detailed information can be obtained at
http://www.hse.ru/data/2009/12/02/1227417245/ESSD_Program_2009-2010.pdf

► Assoc. Prof. Dr. GRİNKRUG Efim M.

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 6
School of Software Engineering
Department of Software Engineering Management  [ egrinkrug@hse.ru ]

[1] Research Areas and Presentation Proposal

Proposed research areas are directly connected with Software Engineering (SE) theory and
practice – creating applications from reusable software components. Various aspects of
Component Oriented Programming are to be presented along with live demonstrations to
illustrate them with corresponding projects results.
Preliminary plan for the presentation(s) can be outlined as follows:
• Component-oriented programming in general (overview).
• Component-oriented programming in Java (history, frameworks, tools, specifications,
etc.).
• Java Beans component model. Advantages / disadvantages.
• Applications: Connecting virtual and real worlds together
o Virtual Reality modeling and representation. Implementing 3D-Graphics
engine using Java Beans components:
 VRML / X3D overview and implementations comparison
 Event-driven and Sensors-based behavior modeling.
 Component-based approach and architecture of the 3D-Graphics engine in POJO.
 Design patterns comparison (visitor-based traversing vs MVC-based architecture)
 Java Beans for VRML/X3D implementation.
 Demonstrations. 3D applications, applets and components created.
 Lessons learned – what are the drawbacks of Java Beans components architecture?
Possible directions for the approach evolution and enhancements in 3D-Graphics
modeling area.
o Interacting with real world using Wireless Sensor Networking (WSN)
 WSN standards, usage areas, products and developers communities (overview).
 Physical WSN level – IEEE 802.15.4 Standard(s). Implementations available.
 WSN Communication Protocol Stack Architectures and Standards.
 ZigBee Alliance WSN Standards and Profiles.
 Implementing ZigBee PRO Stack in Java, using IEEE 802.15.4 compliant USB-
Dongles.
 WSN modeling. Bridging virtual and real WSN nodes together in Wireless
Network(s).
 Demonstrations. Application to model WSN(s) made from virtual and real
wireless nodes (with ZigBee PRO compliant stack), Smart Energy ZigBee
profile implementation, etc.
 Lessons learned – drawbacks of WSN Stack specification and implementation.
Perspective issues in WSN software development area.
o Putting that all together. Organizing interactions with real and virtual
world by means of java components architecture and wireless network
communications.
• The way to next generation of Java Beans – an approach to the Dynamic Java
Beans (research directions overview).

NOTES
The level of details in the plan outlined above can vary depending on the time available for presentations
(lectures, seminars, etc.) and should be discussed in case of interest attracted.
Java language and environments used in implementations were used according authors preferences and
experience. Approaches proposed can implemented for and using other environments (with embedded
environments – as the most perspective ones).

SHORT CV
Efim Grinkrug received his degree in applied mathematics from the Moscow Institute for Electronic
machines building in 1974, his CSc in System Programming degree in 1983. He worked on operating
systems design and development for SU-made supercomputers at the Scientific Research Institute of
Calculating Complexes named after M.Kartzev, Moscow (1974 - 1993), as banking systems developer at
Intrasoft,SA, Athens, Greece (1993-1996), as 3D-Graphics programmer, expert, at ParallelGraphics
(www.parallelgraphics.com) company (1996-2004) and as CTO at Meshnetics (www.meshnetics.com), wireless
sensor networks / ZigBee development company (2004 - 2008). Starting from 2009 he is an associate

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 7
professor in Software Engineering, Higher School of Economics, Moscow, Russia. Member of IEEE (and ISA,
ZigBee, OPC, web3d communities, formerly).

► Prof. Dr. LOMAZOVA Irina A.

School of Software Engineering
Department of Software Engineering Management [
ilomazova@hse.ru ]

[1] Lecture / Presentation Topic: Distributed Systems with Dynamic

Structure:
Formal Models and Analysis of
Behavior
Properties
ANNOTATION:
A major goal of software engineering is to enable developers to construct systems that operate reliably
despite their complexity. Ensuring the correctness of distributed systems is an especially difficult task. One
way of achieving system reliability is by using formal models and methods. The most common model for a
distributed system is a Petri net. Petri nets are quite simple and illustrative, but have very high expressive
power and can be used as a model of complex parallel and distributed systems. Due to their formal
semantics and easy-to-understand graphical representation, Petri nets are often used in many application
areas. However, standard “flat” Petri nets are often not ample for dealing with complex dynamic and
adaptive systems.
We present several topics connected with extending Petri net formalism for modeling distributed systems
with dynamic structure and analysis of behavioral properties of such systems, as follows:
1) To capture dynamics and object structure of distributed systems a new class of Petri nets - Nested Petri
nets - was introduced. Nested Petri nets is an extension of classical Petri nets, in which tokens model
dynamical objects and are themselves represented by Petri nets. It was shown, than Nested Petri nets,
being more expressive than classical Petri nets, still preserve some of their nice decidability properties.
2) Resources in general Petri nets. In Petri net models tokens are often interpreted as resources, that are
consumed/produced by actions. The notion of resource is defined as a submarking of a Petri net. Resources
in our considerations are parts of markings, which may or may not provide some behaviour of the system.
The problem, whether some resource can be replaced by another one without changing the system’s
behaviour, is investigated. To solve this problem we define the relations of resource similarity and resource
bisimulation in Petri nets. Two resources are called similar if replacing one of them by another one in any
marking does not change the observable net behavior. The resource similarity relation has a natural
interpretation and can be useful for the analysis of resource dependencies in modeled systems. Moreover,
it can be used for net reductions.
3) Unambiguous representation of business processes is a critical issue in workflow modeling: models and
their semantics should have a formal mathematical basis. Formal semantics is not only necessary for an
unambiguous interpretation of business processes, it is also essential for the verification of their
properties. Petri nets proved to be a good theoretical basis for workflow processes. WF-net (WorkFlow nets)
– a special subclass of colored Petri nets, designed for representing and analysis of business processes. We
present some approaches for dynamic modeling of workflow with Petri nets and analysis of soundness – the
crucial behavioral property of workflow systems.

SELECTED REFERENCES

1. Irina A. Lomazova. Interacting Workflow Nets for Workflow Process Re-Engineering // Fundamenta
Informaticae, Vol. 101, No 1-2, 2010, pages 59-70.
2. Irina A. Lomazova. Nested Petri nets for adaptive process modeling. Pillars of Computer Science: Essays
Dedicated to Boris (Boaz) Trakhtenbrot on the Occasion of His 85th Birthday, Arnon Avron, Nachum
Dershowitz, and Alexander Rabinovich, editors, Lecture Notes in Computer Science, vol. 4800, Springer-
Verlag, Berlin, 2008. P. 413-426.
3. Kees M. van Hee, Olivia Oanea, Alexander Serebrenik, Natalia Sidorova, Marc Voorhoeve, Irina A.
Lomazova: Checking Properties of Adaptive Workflow Nets. Fundamenta Informaticae, Volume 79,
Number 3-4, 2007. P. 347-362.
4. Kees van Hee, Irina A. Lomazova, Olivia Oanea, Alexander Serebrenik, Natalia Sidorova and Marc
Voorhoeve. Nested Nets for Adaptive Systems. 27th International Conference on Application and Theory

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 8
 of Petri Nets and Other Models of Concurrency. Turku, Finland, June 26-30, 2006, (S. Donatelli and P. S.
Thiagarajan, eds), Lecture Notes in Computer Science, vol. 4024, Springer Verlag, 2006, pp. 241--260.
5. Bashkin V.A., Lomazova I.A. Similarity of generalized resources in Petri nets. Lecture Notes in Computer
Science, Vol. 3606, 2005, p.27-41.
6. Irina A. Lomazova. Communities of Interacting Automata for Modelling Distributed Systems with
Dynamic Structure. Fundamenta Informaticae, Vol. 60, No 1-4, 2004, pages 225-235.
7. Irina A. Lomazova. Interacting Automata for Modelling Distributed Systems. Lecture Notes in Computer
Science, 2658 (2003), 851-860.

► Lecturer KALASHNİKOV İlya A.

School of Software Engineering
Department of Software Engineering Management  [ ilia@inbox.ru ]

[1] General Presentation Topic: Information Injection

THEMES 1,2:
Using Informational Injection in education process.
Informational Injection as a method for comfort living in Information society.
DESCRIPTION:
Informational Injection – is a story, analytics, joke, fable, the fact, fairy tale or some
information that motivates you to do something. For example – somebody stole a
mobile phone from the Jack’s jacket. Jack received an information injection. Now he will
be more accurate for his stuff. Jane given up smoking when she saw lungs of the
smoker in a cut. Jane received an information injection too. And Bill started to plan his
future on the paper, when he received an analytics that people who write their aims
earn in 20 times more than other. I offer many facts and stories as an information
injection to improve education, to make education process more interesting, to form
an information culture.

THEME 3:
Methods of improving our information life, to make working with
information more effective.
DESCRIPTION:
My interests are near theme how we can live in Information society with pleasure. Not to be depressed
because of information overload. I study and approve many methods from different disciplines which can
be useful for information culture. I want to understand what things we should teach to make an Information
culture, to stop information overload in our everyday life. Than I want to write a book about it.

► Lecturer ANNAKOV Bayram D.

School of Software Engineering
Department of Software Engineering Management
 [ bayram.annakov@empatika.com ]

[1] Presentation Topic: Computer Simulation of Software

Development
Processes Dynamics
ANNOTATION:
Managing software development processes is a complex task which requires understanding interactions of
multiple factors: both technical and social in nature. A good way to explore such complexities is computer
simulation. The goal of this seminar is to explain how System Dynamics modeling framework, one of the

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 9
best techniques for reasoning about the effects of complex interacting changes, could be applied to
software project and process management. Theoretical information is explained using simulation model
developed for exploring dynamics of a real software project.

ADDITIONAL INFORMATION:

Duration: 8 academic hours (may be split into four two-hour sessions).

► Lecturer SAVELİEVA Alexandra A.

School of Software Engineering
Department of Software Engineering Management [
asavelieva@hse.ru ]

[1] Lecture Topic: A New Approach to Evaluation of Cryptographic

Systems
[with PROF. DR. AVDOSHIN SERGEY M.] We introduce a complex approach to evaluating cryptographic
protection efficiency. The main thread of our work is the development of mathematical models of threats to
analyze the security of cryptographic systems based on various types of attacks that a cryptographic
system is exposed to. The second main thread is the development of software tools to facilitate the process
of cryptosystem efficiency assessment by computer security specialists. The new approach allows to build
an economic rationale for investments to cryptographic systems and to provide sound arguments for
implementing an information security strategy.
Index Terms — cryptographic system, threat modeling, risk management, discounted cash flow,
cryptanalysis.

I. INTRODUCTION
Classically, the research of cryptographic tools has mostly focused on cryptographic security, leaving out
of scope other important parameters such as performance, cost, implementation complexity etc.
Meanwhile, as Bruce Schneier declares in [1], “it becomes increasingly clear that the term "security"
doesn’t have meaning unless also you know things like "Secure from whom?" or "Secure for how long?"”
Our analysis of modern publications on security ([2-7] et al.) revealed a lack of methods designed to
facilitate the process of context-dependent cryptographic protection efficiency evaluation. In [2] Bennet S.
Yee emphasizes the importance of cryptographic parameters security measurement; in the same time, he
demonstrates the difficulty of this problem by providing some interesting mathematical and game-
theoretical implications of cryptography. The straight-forward approach of ranking cryptographic systems
based only on cryptographic security leads to an approximation where the adversaries’ computational
resources and knowledge of the cryptosystem implementation are overlooked. Economic perspective is
embraced by formalized security risk analysis and management methodologies such as RiskWatch [3] and
GRIF [4]. However, they are focused on information system security as a whole and do not consider the
peculiarities of evaluating cryptographic systems. Finally, various tools for cryptographic protocols analysis
[5 - 7] focus only on the high-level, conceptual design of a protocol on the supposition that cryptographic
algorithms satisfy perfect encryption assumptions, so the strength of ciphers remains out of scope.
The purpose of our work is to design a method for evaluation of cryptographic systems. In order to
achieve the goal, we need to:
1) formulate the steps of cryptographic systems evaluation process;
2) develop a mathematical model of security threats;
3) design software tools to facilitate the process of cryptosystem efficiency assessment by a computer
security specialist;
4) select appropriate economic indicators as a basis to provide sound arguments for implementing an
information security strategy.
The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 10
 II. CRYPTOGRAPHIC SYSTEMS EVALUATION PROCESS
The process of cryptosystem efficiency assessment can be described as a sequence of steps, each of
them directed at answering a specific question:
• Step 1: What cryptosystem is the object of attack?
• Step 2: Who wants to attack the cryptosystem?
• Step 3: Which attack techniques are most likely to be used to break the cryptosystem?
• Step 4: Is the cryptosystem capable of withstanding such attacks?
• Step 5: Does the cryptosystem provide sufficient security in the given context?
The environment typically imposes restrictions on the attack scenarios that the cryptographic systems
are exposed to, so Steps 1 to 3 imply modeling threats to a cryptographic system in a given context. Step 4
is about analyzing the cryptographic system resistance to the types of attacks defined at Steps 1 - 3.
Finally, Step 5 involves using various risk analysis techniques and economic tools to evaluate the data
obtained during Steps 1-4.

III. ABC-MODEL OF SECURITY THREATS

We can assume that an adversary is most likely to choose an attack with the maximum benefit for a
given cost, or choose the least costly attack that gives them a particular benefit [8]. Each cryptosystem has
a set of attacks that is applicable to it and a set of attacks that is not. These statements perfectly fit into
common risk-management methodologies and result in the following approach to evaluating security
threats.
Each crypto attack has a value of risk assigned to it defined as the product of probability of the hazard
and its potential impact:
Risk = Probability ×
Impact
Impact refers to effect of an attack on a specific type of cryptographic system. Probability reflects the
likelihood that an adversary will consider a specific type of attack appropriate in terms of available
resources and target secret data. Thus, a formal model of the cryptosystem coupled with formal models of
the adversaries will yield a set of the most hazardous attacks that the cryptosystem is exposed to. The
model of security threats represented as a composition of 3 elements will be referred to as an ABC-model
(‘A’ for attack, ‘B’ for codebreaker and ‘C’ for cryptosystem). We suggest using multiple-category divisions
of cryptographic systems, adversaries and attacks [9] as a basis for modeling the components of a security
threats.

IV. SOFTWARE TOOLS FOR CRYPTANALYSIS

The statistics on breaking cryptosystems are not always available and quickly become out-of-date
with the advent of new attack techniques and computation power growth. Therefore, computer security
specialists need a set of tools to support evaluation of cryptographic system capability to resist various
types of attacks. Software tools CRYPTO [10] are designed as a means for conducting cryptanalysis of
public-key cryptosystems. CRYPTO consist of two components: a dynamic-link library DESIGNER, and an
application ANALYST. ANALYST provides a friendly graphical user interface to access functions of
DESIGNER. DESIGNER is a high-performance, portable C++ library providing necessary elements to design
and evaluate modern techniques for cryptanalysis of ciphers based on factorization and discrete logarithm
problems. Our implementation makes use of NTL (a Library for doing Number Theory) written and
maintained by Viktor Shoup [11].The rationale for the core library is its functionality, performance, and
portability.

V. ECONOMIC PERSPECTIVE

We suggest that the discounted cash flow (or DCF) approach [12] should be used to provide economic
rationale for investments to cryptographic systems. In finance, DCF is a method of valuing a project,
company, or asset using the concepts of the time value of money. All future cash flows are estimated and
discounted to give their present values. The discount rate used is generally the appropriate cost of capital
and may incorporate judgments of the uncertainty (riskiness) of the future cash flows.
The cash flow Rt related to a cryptographic system can be described using the following formula:
Rt = - Costt + Profitt ×(1 - Rt ) - Losst ×Rt ,
where Costt is the cost of a implementation, deployment and support of the cryptographic system;
Profitt is the value of information assets being protected;
Losst refers to the hazard in case of unauthorized access to the asset by an adversary;
Rt is the probability of an adversary to break the cryptographic system;
t is the time (e.g. in years) before the future cash flow occurs.

VI. CONCLUSION
Ross Anderson summarizes his well-known paper [13] saying “the evaluator should not restrict herself to
technical tools like cryptanalysis and information flow, but also apply economic tools”. Our paper aims at
providing a formal way of analyzing cryptographic systems security. We expect that economic perspective
introduced in this paper will be of value to security specialists for justifying IT budget and communicating
their proposals to the co-workers with financial background.

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 11
 Theoretical results:
• a five-step process designed to focus on the specific aspects of cryptographic systems
efficiency
• ABC-model for formalizing of security threats to cryptographically protected data in a
given context;
• multiple-category divisions of cryptographic systems, adversaries and attacks as a basis
for modeling the components of a security threat
Practical results:
• a built-in expert knowledge base to aid in-house cryptographic systems expertise – joint
efforts with DialogueScience, Inc. [14] (Russian leading system integrator and software value
added reseller for information security needs) – project in development.
• software tools designed as a means for conducting research in information safety and
number theory.

REFERENCES
[1] Schneier B. Modeling security threats // Dr. Dobb’s Journal, December, 1999.
[2] Yee. B. S. Security Metrology and Monty Hall Problem. Available at: http://www.cs.ucsd.edu/bsy/pub/metrology.pdf,
April 2001.
[3] RiskWatch Official website // RiskWatch, Inc. Available at: http://www.riskwatch.com/
[4] Digital Security: GRIF //Available: http://www.dsec.ru/products/grif/
[5] Bodei C., Buchholtz M., Degano P., Nielson F., Riis Nielson H. Automatic validation of protocol narration. In
Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW 2003), IEEE Computer Society Press,
Washington, 2003. Pp. 126 - 140.
[6] Boreale M., De Incola R., Pugliese R. Proof techniques for cryptographic processes. SIAM J. Comput., 31(3), 2002. Pp.
947-986.
[7] Cheminod M., Cibrario Bertolotti I., Durante L., Sisto R., Valenzano A. Tools for cryptographic protocols analysis: A
technical and experimental comparison // Computer Standards & Interfaces, 2008.
[8] Schneier B. Beyond Fear. Thinking Sensibly about Security in an Uncertain World. Copernicus Books (September
2003)
[9] Savelieva A. Formal methods and tools for evaluating cryptographic systems security // St. Petersburg, ISP RAS, In
Proceedings of the Second Spring Young Researchers’ Colloquium on Software Engineering (SYRCoSE’2008), 2008,
Vol 1. ISBN 978-5-91474-006-8. Pp. 33-36.
[10] Avdoshin S.M., Savelieva A.A. Tools for asymmetric ciphers analysis: Industrial registration certificate No. 10193
dated 18.03.2008 (in Russian).
[11] Library for doing Number Theory. Available at: http://www.shoup.net/ntl/ 07.07.2009
[12] Kruschwitz L., Loeffler A. Discounted Cash Flow: A Theory of the Valuation of Firms (The Wiley Finance Series). Wiley,
2005. 178 p.
[13] Anderson R. Why information security is hard - an economic perspective // Proceedings of the 17th Annual Computer
Security Applications Conference (ACSAC '01), 10-14 Dec 2001, New Orleans, Louisiana, USA, 2001.
[14] DialogueScience Official website // DialogueScience , Inc. Available at : http://www.antivir.ru/english/

[2] Lecture Topic: Personal Data Protection in Russia: Trends of the

Last
Decade
[with PROF. DR. AVDOSHIN SERGEY M.] The purpose of this lecture is to emphasize the importance of joint
international measures and standards on security. We will take a look at the Federal Law on Personal Data
adopted in the Russian Federation in 2006 to address individual privacy protection in information society.
We will demonstrate the timeliness of this law and its role in harmonization of Russian law base with
international security agreements.
Index Terms — Personally Identifiable Information, Federal Law on Personal Data, International Security
Agreements.

In 2001 Russian Federation became a signatory to Convention for the Protection of Individuals with regard
to Automatic Processing of Personal Data of the Council of Europe. This event initiated integration of
security principles defined in the document into the regulatory framework of the Russian Federation.
Ratification of this convention took place in 2005, followed by implementation in the form of the Federal
Law of the Russian On Personal Data in 2006.
The purpose of this act is to ensure individual’s rights for privacy when their personal data is being
processed. The act guarantees that data subject has a full authority to access their personal data and has
an excusive right to decide whether to submit their personal data to an operator for processing. The act
regulates relations with regard to processing of personal data and defines responsibilities of any
organization or individual that is processing personal data.
The period of bringing information systems into compliance with the Federal Law on Personal Data
was initially defined as 1 January 2010. However, global economic crisis that forced companies to cut
budgets coupled with a few ambiguities in legislative requirements interfered with the feasibility of the
plans, and the deadline was prolonged until 1 January 2011. As of this date, the designated authority will
start the regular monitoring activities of personal data processing in public and private sector. Until then,
inspections are conducted only on request of data subject who declare their rights in the processing of their
personal data to be infringed.

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 12
 Although the majority of operators were unable to bring information systems in line with the
requirements on time, the Federal Law on Personal Data has had a significant impact on business and
mentality in Russia:
• For a few years, the discussions around the Federal Law on Personal Data have been hitting the
headlines, thereby improving the awareness of people in terms of their rights in the processing of
their personal data. Google search statistics shows an enormous growth of interest to such
requests as ‘personal data’ or ‘personal data protection’ in Russia (while in the rest of the world
overall trend was declining)
• Chief Security officers received a sound argument to justify investments into information security.
Moreover, lawyers became involved in IT projects focused on personal data protection.
• The State designated an authority to ensure the data subject rights protection. The effectiveness
of this step is evidenced by the growing number of legal recourses and court victories of data
subjects (for instance, a case with unauthorized publication of tax-dodgers personal data in public
media by a tax office that took place in 2009).

► Assoc. Prof. Dr. DEGTYAREV

Konstantin Y.
School of Software Engineering
Department of Software Engineering Management  [ kdegtiarev@hse.ru ]

[1] Lecture / Presentation Topic: Perceptual Approach to System’s

Structural
Complexity Estimate in the
Framework of

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 13
 Q-analysis Holistic
Methodology (cognition in
system’s analysis)
ANNOTATION:
One of the main stages in systems studying is a stage of analysis that leads to obtaining important
information both on systems under design and real systems (natural or as a man-made). Analysis process
dwells upon the observer’s «level of understanding» of a system as a whole, his ability to distinguish
without destruction the integrity properties of a system using a priori knowledge about an object.
The intense growth of interest in problems arising in the field of large complex systems has led to the
application of profound mathematical methods for initiating a systematic inquiry into structural analysis of
systems and measures of their complexity. The notions of «complexity» and «structure» are used in
systems science (and elsewhere) in various ways, and this presentation examines and discusses from the
systematic point of view some modifications of the holist approach proposed by R.H.Atkin for analysis of
systems structures both at the global level (system as a whole) and at the local level (level of elements that
are connected to each other to form a structure), as well as for estimation of structural complexity of
systems based on the results of such analysis. One might say that the gist of the procedure known as Q-
analysis (or, Polyhedral Dynamics) is grounded on mathematical ideas of the seminal paper of C.Dowker
that traces fairly its roots back to prior publications Analysis Situs and Complement a l’Analysis Situs by
A.Poincare, who brought into life the «idea of computing with topological objects». Within the scope of Q-
analysis approach a structure of the system under consideration is used with a purpose of obtaining its
geometric and algebraic representation in the form of simplicial complex K formed by multidimensional
simplices (faces of K ). The aggregate of these convex hulls of points in the space or polyhedra with
different number of faces – potentially, they can be isolated points, line segments, triangles, tetrahedrons,
etc. by rise of dimension value – constitutes formal representation of the system (model). Consequently, its
analysis is performed at each dimensional level q starting from the lowest zero level to the highest one
revealed in complex K through studying clusters of simplices joined by chains of connectivity, which link
simplices together causing the appearance of specific connectivity components at each level q. A measure
of structural complexity Ψ ≡ Ψ (K) of K deals with the results of performed analysis.
In last three decades Q-analysis in essence has been employed successfully in modeling, processing and
analysis of urban structures, water distribution systems, transportation and street networks, geology and
social sciences, methods related to estimation of complexity based on cognitive processes, census returns,
manufacturing systems, content analysis of print communication (newspapers), data management, spatial
topology of geographic information systems (GIS) and static (structural) complexity of Internet-based
teleoperation schemes, to name a few. Furthermore, early publications of R.Atkin gave a stimulus to start
research activity aimed at developing a general connectivity theory of simplicial complexes.
A concept of complex system (or, complexity in general) is many-sided and rich, and because of that we
distinguish only structural features which could bring a valuable contribution to systems studying.
Classification of systems as simple or complex normally takes into account several factors, among which a
variety of elements and interactions (connections) are of importance. Preliminary conclusions on complexity
of system are drawn on the basis of observation of its behavior, which depends upon a system’s
organization. In general, organization is a dynamic component, but it includes a fixed (constant) part –
namely, it is structure. What we mean here are those aspects of hypothetical complexity, which appear
in a system’s structure and «arise through connectivity and the inter-relationships of a system’s constituent
elements».
Structural complexity (connectivity) estimates in the context of specific type of description of ascertained
interrelations between system’s elements can be expressed from the perspective of diverse considerations
and prerequisites put forward by the domain expert. Such viewpoint suggests material aggregate effect of
relativity and subjectivity factors on both interpretation of obtained results and carried out formal
calculations.
We may cautiously surmise that among determinative factors that affect in the main the estimate of
complex’s structural complexity Ψ (its perception) lies not so much virtually suggested computational
scheme as expert knowledge by virtue of domain-specific expertise, observations, sound guess-work
and so-called «number sense». The latter is one of commonly referenced concepts in education and
cognitive science; on the whole it can be understood as a human mental ability to grasp the meaning of
numbers and (closeness) relationships between them, quickly perform approximation of quantities that
arise from basic or more complex calculations on numeric entities.
The following items are stipulated by the plan of presentation:
• Background: Algebraic topology concepts (simplices, simplicial complex, chains of
connectivity).
• Initial stage of systems analysis (structural complexity, parts/connections, flow transfer
(between system’s parts)).
• Mathematical model of the system (level of system’s description, interconnection
matrix).

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 14
 • Measure of structural complexity; connectivity. General observations. Q-analysis and
complexity of the structure.
• Results of Q-Analysis, their interpretation. Feature vectors and interpretation of
closeness; proximity measures.
• Similarity measures: conceptual space and distances.
• Human perception, represention and use of information (facts) for classification and
reasoning (general observations and comments). Potential partnering of cognitive
psychology, fuzzy logic and Q-analysis methods.
• Conclusion.

SELECTED REFERENCES

- Atkin, R. “An Algebra for Patterns On a Complex, I”, Int. Journal Man-Mach. Stud. (6) : 285-307, 1974.
- Atkin, R.H. and Casti, J.L. “Polyhedral dynamics and the geometry of systems”, IIASA (Int. Institute for Appl. Syst.
Analysis) Report,
Laxenburg, 1977.
- Atkin, R.H. “From cohomology in physics to q-connectivity in social science”, Int. Journal of Man-Mach. Stud. (4) : 139-
167, 1972.
- Cornacchio, J.V. “System complexity - a bibliography”, Int. Journal of Gen. Syst., 3 : 267-271, 1977.
- Cox, T.F. and Cox, M.A. “Multidimensional Scaling”, CRC Press, 2001.
- de Rosnay, J. “The Macroscope” (Ch. 2 - The systemic revolution: a new culture, 1997), Harper & Row, URL:
http://pespmc1.vub.ac.be/MACRBOOK.html
- Degtyarev, K.Y. “Systems Analysis: Mathematical Modeling and Approach to Structural Complexity Measure Using
Polyhedral Dynamics
Approach”, Complexity International, 7 : 1-22, 2000.
- Degtyarev, K.Y. “Perceptual proximity-based approach to structural complexity estimate of simplicial complex in the framework of
Q-analysis holistic methodology” // Proceedings of the 5th International Conference on Soft Computing, Computing with
Words and
Perceptions in System Analysis, Decision and Control (ICSCCW), 2009.
- Dehaene, S. “Precis of “The Number Sense”, Mind & Language, 16 (5) : 16-36, 2001.
- Dowker, C.H. “Homology groups of relations”, Annals of Mathematics, 56(1), 1952.
- Gärdenfors, P. “Conceptual Spaces. The Geometry of Thought”, The MIT Press (Bradford), 2004.
- Garner, W.R. “The Processing of Information and Structure”, Lawrence Erlbaum (Wiley), 1974.
- Gartell, A.C. “Distance and Space: A Geographical Perspective”, Oxford University Press, 1983.
- Goldstone, R.L. and Son J.Y. “Similarity” (Ch.2), in The Cambridge Handbook of Thinking and Reasoning, ed. Holyoak K.J.
and Morrison,
R.G., 13-36, 2005.
- Gould P. “Q-analysis, or a Language of Structure: An Introduction for Social Scientists, Geographers and Planners”, Int.
Journal of
Man-Mach. Stud., 13(2) : 169-199, 1980.

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 15
 To our colleagues in the University : We would like to
learn more …
Besides the proposals presented on pages 1-13, our instructors also take an interest in obtaining additional
information concerning certain courses, selected topics and peculiarities of organization of educational
process in Faculties and Institutes of your respectable University; their views can be summarized as follows:
1. From the standpoint of skill sharing in the field of information security it would be interesting to
have a firsthand acquaintance with a plan (syllabus), credit system, method of approaching
information security management and certification procedure in respect to certificate program in
Security Engineering,
2. Organization (and other relevant details) associated with courses on Security is also attracting
interest,
3. To wide extent, it would be rather beneficial to become familiar with the organization of the whole
educational process in Software Engineering and Computer Science/Engineering areas
as it is established in your University – in particular, deeper comprehension of the “process-oriented
approach” to schedule various courses and disciplines (with their contents) is of great value, e.g.
- how the dependecies among courses are controlled and managed,
- how the courses are planned so that there is no redundancy while flexibility is preserved, and
- how the whole process may be traced (monitored) from the very beginning to the very end in
clear
and precise manner (for example, using a kind of Gantt’s diagram or so).

Thank you for your attention and interest!

The State University – Higher School of Economics | School of Software Engineering | Mar - Sep 2010 > page 16