P.N. Devyanin, V.G. Proskurin

This article represents approaches to development of two new DP-models on the basis of existing models of access control and information flows in computer systems (DP-models): discretionary DP-model for protected operating systems (ZОS DP-models) and role-based DP-model for Linux operating systems (ROSL DP-models). Discretionary ZOS DP-model includes following basic elements: user accounts, subjects, entities, accesses, access rights, information flows, hierarchy of entities, mandatory levels of integrity, shared access options, etc., allowing considering essential parameters of functioning of the modern or future releases of Linux operating systems (OS). By model development it is planned to set values of its elements according to access control mechanism options of the Linux OS. Then will be made the theoretical analysis of conditions of unapproved access rights cession or forbidden information flows implementation, so that the approaches fulfilled thus could be used for developing of mandatory ZOS DP-models and further developing on its basis the mandatory access control mechanisms for a secure OS. The main new elements of ROSL DP-model in comparison with existing DP-models are: entities parametric associated with roles, restrictions on authorized role sets of user accounts, access rights of roles, current roles of subjects-sessions, functions of integrity levels of user accounts, entities, roles and subjects-sessions. Besides, at the definition of entities hierarchy the presence of hard links in the Linux file system is considered. The mechanism of restrictions is included in ROSL DP-models for implementation in the long term of mandatory access control on the basis of role-based access control. Within the ZOS and ROSL DP-models are resulted detailed descriptions of conditions and results of system state transformation rules which can be used by developers of secure OS for the description of access control and information flows mechanism specifications and the formal substantiation of a correctness of its software implementation. Further development of DP-models is planned for the purpose of introducing in them new elements for more precisely representation parameters of functioning of the Linux OS, a formulation and a substantiation within the models conditions of a cession of access right and an implementation of forbidden information flows by time, and also developing of the scientifically-justified technical decisions directed on perfection of security enforcement mechanisms for OS