Preview

The Herald of the Siberian State University of Telecommunications and Information Science

Advanced search

Key principles for building an MLOps information security subsystem

https://doi.org/10.55648/1998-6920-2026-20-2-77-92

Abstract

The article examines the key principles for building an information security subsystem for MLOps (Machine Learning Operations), taking into account the increasing relevance and vulnerability of machine learning systems in modern conditions. The work considers the main regulatory requirements for information security of systems using machine learning, including an analysis of the requirements of the Russian Federal Service for Technical and Export Control (FSTEC). It argues for the need to adapt modern MLSecOps solutions to the conditions of Russian legislation. The analysis covers the key cybersecurity risks characteristic of each stage of the MLOps lifecycle, as well as existing methods and approaches for mitigating them. The work presents a mathematical formalization for assessing the security of the system, taking into account technical, regulatory, and import substitution requirements. The conceptual structure of the information security subsystem is presented. The results of the research are aimed at creating an effective and reliable protection system for MLOps pipelines and reducing the risks associated with the use of machine learning technologies.

About the Authors

Dmitry Viktorovich Nagibin
Perm National Research Polytechnic University (PNRPU).
Russian Federation
Postgraduate student in the Department of Automation and Telemechanics at Perm National Research Polytechnic University (PNRPU)


Andrey Nikolaevich Kokoulin
Perm National Research Polytechnic University (PNRPU).
Russian Federation
PhD, Associate Professor of the Department of Automation and Telemechanics at Perm National Research Polytechnic University (PNRPU)


Alexander Anatolyevich Yuzhakov
Perm National Research Polytechnic University (PNRPU).
Russian Federation
Doctor of Engineering Sciences, Professor, Head of the Department of Automation and Telemechanics at Perm National Research Polytechnic University (PNRPU)


References

1. Kreuzberger D. Machine Learning Operations (MLOps): Overview, Definition, and Architecture / D. Kreuzberger, N. Kühl, S. Hirschl // IEEE Access. – 2023. – vol. 11. – Machine Learning Operations (MLOps). – P. 31866-31879.

2. Patel R. Towards Secure MLOps: Surveying Attacks, Mitigation Strategies, and Research Challenges. Towards Secure MLOps / R. Patel [et al] arXiv:2506.02032 [cs]. – arXiv, 2026.

3. Wilson S. The developer’s playbook for large Language model security: building secure AI applications. The developer’s playbook for large Language model security / S. Wilson. – First edition. – Beijing Boston Farnham Sebastopol Tokyo: O’Reilly, 2024. – 200 p.

4. Ukaz Prezidenta Rossiiskoi Federatsii ot 10.10.2019 g. no. 490. O razvitii iskusstvennogo intellekta v Rossiiskoi Federatsii. (V redaktsii Ukaza Prezidenta Rossiiskoi Federatsii ot 15.02.2024 no. 124).

5. Regulyatornye dokumenty RF po bezopasnosti II — s chem my vstupaem v 2026 god [Elektronnyi resurs] : Khabr. – URL: https://habr.com/ru/articles/986800/ (accessed: 07.02.2026).

6. Federal'naya sluzhba po tekhnicheskomu i eksportnomu kontrolyu. Trebovaniya o zashchite informatsii, soderzhashcheisya v gosudarstvennykh informatsionnykh sistemakh, inykh informatsionnykh sistemakh gosudarstvennykh organov, gosudarstvennykh unitarnykh predpriyatii, gosudarstvennykh uchrezhdenii: utverzhdeny prikazom FSTEK Rossii ot 11 aprelya 2025 g. no. 117.

7. Analiz klyuchevykh izmenenii v trebovaniyakh k zashchite informatsii soglasno Prikazu FSTEK no. 117, available at: https://sec.ussc.ru/fstec_117 (accessed: 08.02.2026).

8. Federal'naya sluzhba po tekhnicheskomu i eksportnomu kontrolyu. Metodicheskii dokument. Metodika analiza zashchishchennosti informatsionnykh sistem. Utverzhdena 25 noyabrya 2025 g.

9. GOST R 70462.1-2022/ISO/IEC TR 24029-1-2021. Informatsionnye tekhnologii. Intellekt iskusstvennyi. Otsenka robastnosti neironnykh setei.

10. Namiot D.E. Skhemy atak na modeli mashinnogo obucheniya / D.E. Namiot // International Journal of Open Information Technologies. – 2023. – vol. 11. – no. 5. – pp. 68-86.

11. Lavaur L. Investigating the Impact of Label-flipping Attacks against Federated Learning for Collaborative Intrusion Detection / L. Lavaur, Y. Busnel, F. Autrel // Computers & Security. – 2025. – vol. 156. – P. 104462.

12. Hall P. Machine learning for high-risk applications: approaches to responsible AI. Machine learning for high-risk applications / P. Hall. – First Edition. – Québec: O’Reilly Media, Incorporated, 2023. – 466 p.

13. Sotiropoulos J. Adversarial AI Attacks, mitigations, and defense strategies: a cybersecurity professional’s guide to AI attacks, threat modeling, and securing AI with MLSecOps. Adversarial AI Attacks, mitigations, and defense strategies / J. Sotiropoulos. – Place of publication not identified: Packt Publishing, 2024. – 602 p.

14. Namiot D.E. Ataki na sistemy mashinnogo obucheniya - obshchie problemy i metody / D.E. Namiot, E.A. Il'yushin, I.V. Chizhov // International Journal of Open Information Technologies. – 2022. – vol. 10. – no. 3. – pp. 17-22.

15. Kovacs E. “EchoLeak” AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot, available at: https://www.securityweek.com/echoleak-ai-attack-enabled-theft-of-sensitive-data-via-microsoft-365-copilot/ (accessed: 08.02.2026).

16. Gao Y. Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review. Backdoor Attacks and Countermeasures on Deep Learning / Y. Gao [et al.] arXiv:2007.10760 [cs]. – arXiv, 2020.

17. Sutton O.J. Staining and locking computer vision models without retraining / O.J. Sutton [et al] arXiv:2507.22000 [cs]. – arXiv, 2025.

18. MLOps Market Outlook from 2026 to 2033: Trends by Application, by Region, and 12.8% CAGR Forecast, available at: https://www.linkedin.com/pulse/mlops-market-outlook-from-2026-2033-trends-application-region-dswuf (accessed: 02.03.2026).

19. Giskard - LLM Agent Testing & Evaluation Platform, available at: https://docs.giskard.ai/index.html (accessed: 08.02.2026).

20. Center S.I.S. ModelScan - Protection Against Model Serialization Attacks, available at: https://isc.sans.edu/diary/31692 (accessed: 08.02.2026).

21. LLM Monitoring dlya GenAI-prilozhenii | AI Security Lab ITMO, available at: https://hivetrace.ru/ (accessed: 08.02.2026).

22. LLAMATOR, available at: https://llamator-core.github.io/llamator/ (accessed: 08.02.2026).

23. Garda DLP — sistema predotvrashcheniya utechek informatsii | Prodazha i vnedrenie ot Rossiiskogo razrabotchika «Garda», available at: https://garda.ai/products/data-protection/dlp (accessed: 08.02.2026).

24. PT Dephaze — avtopentest, kotoryi pokazhet, chto smozhet sdelat' khaker v infrastrukture, available at: https://ptsecurity.com/products/dephaze/ (accessed: 08.02.2026).

25. Kim J. Security for the scientific data services framework / J. Kim [et al.] // 2015 IEEE International Conference on Big Data (Big Data) 2015 IEEE International Conference on Big Data (Big Data). – 2015. – P. 1871-1875.

26. Spadari V. An MLOps Framework for Explainable Network Intrusion Detection with MLflow / V. Spadari [et al.] // 2024 IEEE Symposium on Computers and Communications (ISCC) 2024 IEEE Symposium on Computers and Communications (ISCC). – Paris, France: IEEE, 2024. – P. 1-6.

27. Tete S.B. Threat Modelling and Risk Analysis for Large Language Model (LLM)-Powered Applications / S.B. Tete arXiv:2406.11007 [cs]. – arXiv, 2024.

28. Hassija V. Interpreting Black-Box Models: A Review on Explainable Artificial Intelligence / V. Hassija [et al.] // Cognitive Computation. – 2024. – vol. 16. – Interpreting Black-Box Models. – no. 1. – P. 45-74.

29. Awesome MLSecOps, available at: https://github.com/RiccardoBiosas/awesome-MLSecOps (accessed: 04.02.2026).

30. Namiot D.E. O rabote AI Red Team / D.E. Namiot, E.V. Zubareva // International Journal of Open Information Technologies. – 2023. – vol. 11. – no. 10. – pp. 130-139.


Review

For citations:


Nagibin D.V., Kokoulin A.N., Yuzhakov A.A. Key principles for building an MLOps information security subsystem. The Herald of the Siberian State University of Telecommunications and Information Science. 2026;20(2):77-92. (In Russ.) https://doi.org/10.55648/1998-6920-2026-20-2-77-92

Views: 59

JATS XML


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.


ISSN 1998-6920 (Print)