NAME: Faik A. Farmanov AFFILIATION: Head of Laboratory of the Department of Computer-Aided Control Systems of Azerbaijan Academy of Sciences ADDRESS: Azerbaijan,370010, Baku, str.Pushkin-5/32 E-MAIL: fa@fa.az TEL: +99412-971056 FAX: +99412-971056 The constructing and efficiency raising methods for general system facility of security service The designing of generalsystem security facility occupies an important place in the organization of architecture of security service system (SSS). Such characteristics of SSS as adjustability and expandability of the system, the mobility and realizability of software, the cost and convenience of exploitation in many respects depends from the successful designing of generalsystem security aids. Each of enumerated characteristics have their demands upon generalsystem architecture of SSS and consequently the complexity of generalsystem structure of SSS is defined by the degree of these demands. As it is known to present moment there exist separate methods and facility for data protection but well- organized, theoretically well-founded designing solutions on SSS architecture are absent. The principal problem in this field is the development of the structure and the systematization of metho- dology to main problems of which there belong the decomposition of the structure and the regulation of functions for generalsystem facility of data security, synthesis of structure components, the development of interfaces and etc. considered in this paper. In open computer networks, the data resource security is the principal problem as in any computer system. Further, we shall consider the problems of system organization of security system, the optimization of its structure, the data security software structure and etc. SSS in computer network (CN) is the upper element in the system hierarchy and performs the following functions: 1. Log-in control; 2. Check of the system access; 3. Registration of log-in and system access; 4. Authentication; 5. Check of the user authority and privilege; 6. Data security service; 7. Key management; 8. Security of data integrity and confidentiality; 9. State analysis and threat control; 10. Prevention of violations in the system; 11. Reconfiguration of security service system. The enumerated functions have different degree of realization complexity and they interact with each other. Depending on the SSS structure the performed functions may have the following relations between themselves’4: - the functions can be performed independently; - the functions can be performed in strict sequence; - the execution of one function can be correlated with other functions, even with all of them; - the execution of one function can entail the execution of other function; - execution of one function can inhibit the other functions or even require cancellation of those already executed. The problem of synthesis for effective SSS structure is the classification of SSS functions to separate subsets and their arrangement on network nodes such that to achieve certain aims as raising the reaction speed, the reliability, the mobility, the simplification of realization and etc. Such approach to the synthesis of SSS structure generates the following two problems: vertical and horizontal partitioning of SSS structure.The vertical partitioning of the SSS structure results in stratification of security system functions, the main criterion being the maximum independence of the levels. Such subdivision facilitates the process of SSS realization favors is further improvement on the one hand and enables control over SSS performance on the other hand. Horizontal partitioning defines a control method by the distributed processing process which may be centralized, decentralized (distributed), centralized-decentralized (hybrid), centralized with complete or partial copying, decentralized with complete or partial copying of security system functions. Horizontal partitioning problem consisting of geographical distribution of security system function between the nodes, belongs to physical designing problems. The problems of synthesis of SSS structure are been considered in the paper. The problems of vertical and horizontal partitioning of the structure for Azerbaijan Republican network including both the nodes of international networks INTERNET, BITNET, EUROMATH and a set of local networks on the base of Novel NetWare and Windows-95 have been solved maximal independent levels of SSS on which the described eleven macrofunctions of SSS are distributed have been defined. The matrix of dependence between SSS functions realized in SSS has been built.