350 rub
Journal Highly available systems №3 for 2013 г.
Article in number:
Adaptation of MAC and RBAC security DP-model (with realization roles as entities) to conditions functioning of operating systems of Linux sets
Authors:
P.N. Devyanin - Dr. Sc. (Eng.), Associate Professor, ULV IB
Abstract:
MAC and RBAC security DP-model (with realization roles as entities) of operating systems (OS) of Linux sets (MROSL DP-model) design for argumentation of security access control of Russian secure OS Astra Linux Special Edition. This article represents results of adaptation MROSL DP-model to conditions of functioning this secure OS and sequence to realization of its mechanism access control in concordance rules of model.
Basic attention of this article focuses on most important examples of such relative «approximation» theory and practice of production secure OS. Including, realization roles and administrative roles as analogues entities or containers, separation all elements of model on de-jure elements (demanding realizations in OS) and de-facto elements (security OS used only for theoretical research, for example, for description conditions of creation of illegal information flows), inclusion in model typical elements of OS of Linux sets, realization special MAC and MIC attributes of containers such as Container Clearance Required (CCR), tasks for each accounting record user of individual roles and individual administrative roles are discussed.
All elements of MROSL DP-model are considered with two points of view. At first, they analyze with point of view of their program realization in OS Astra Linux Special Edition. At secondly, they considered, taking into account prospects of further mathematical substantiation within the limits of model of properties modeled by OS (for example, formulations of algorithmically checked security conditions with use for this purpose only monotonous rules of transformation systems states).
Experience of practical working out and realization of MROSL DP-model may be useful at creation of other secure OS with high level of trust to their security.
Pages: 98-102
References
- Operaczionny'e sistemy' Astra Linux. URL: http://www.astra-linux.ru/
- Devyanin P.N. Modeli bezopasnosti komp'yuterny'x sistem. Upravlenie dostupom i informaczionny'mi potokami. Uchebnoe posobie dlya vuzov. 2-e izd., ispr. i dop. M.: Goryachaya liniya - Telekom. 2013. 338 s.
- Devyanin P.N. O razrabotke mandatnoj sushhnostno-rolevoj DP-modeli upravleniya dostupom i informaczionny'mi potokami v operaczionny'x sistemax semejstva Linux // Metody' i texnicheskie sredstva obespecheniya bezopasnosti informaczii: Materialy' 21-j nauchno-texnicheskoj konferenczii 24 - 29 iyunya 2012 g. SPb.: Politexnicheskij universitet. 2012. S. 91-94.
- Sandhu R. Role-Based Access Control // Advanced in Computers. Academic Press. 1998. V. 46.
- Devyanin P.N. O zapreshhenny'x informaczionny'x potokax po vremeni cherez parametry' sushhnostej v operaczionny'x sistemax semejstva Linux s mandatny'm upravleniem dostupom // Metody' i texnicheskie sredstva obespecheniya bezopasnosti informaczii: Materialy' 21-j nauchno-texnicheskoj konferenczii 24 - 29 iyunya 2012 g. SPb.: Politexnicheskij universitet. 2012. S. 88-90.
- Bishop M. Computer Security: art and science. ISBN 0-201-44099-7. 2002. 1084 p.
- Lanawehrm E., Heitmeyer L., McLean J. A Security Model for Military Message Systems. ACM Trans. On Computer Systems. 1984. V. 9. № 3. P. 198-222.