Москва
+7-929-527-81-33
Вологда
+7-921-234-45-78
Вопрос юристу онлайн Юридическая компания ЛЕГАС Вконтакте

Subject-object models of access control

Обновлено 09.02.2024 05:27

 

The basics of modeling information protection processes are considered, for example, in the works of V. A. Gerasimenko, one of the most famous domestic researchers of theoretical and practical aspects of information protection in automated systems, the author of a system-conceptual approach to information security. V. A. Gerasimenko presented a general model of information protection processes, structuring it into interrelated components and separating it into a separate block models of resource access control systems.

Differentiation of access to information is the division of information circulating in an information system into parts, elements, components, objects, etc. and the organization of a system for working with information, involving users' access to that part (to those components) of information that they need to perform functional duties.

Access control directly ensures the confidentiality of information, as well as reduces the likelihood of threats to integrity and accessibility. Access control can be considered among other methods of ensuring information security as a comprehensive software and technical method of information protection. Access control is also a necessary condition for ensuring information security.

Most access control models are based on the representation of the system as a set of subjects and objects of access.

Let's consider the main provisions of the most common security policies based on the control of access of subjects to objects and modeling the behavior of the system using the state space, some of which are secure, while others are not. All considered security models are based on the following basic concepts:

1. The system has a discrete time.

2. At each fixed point in time, the system is a finite set of elements divided into two subsets:

a subset of access subjects S;

a subset of access objects O.

An access subject is an active entity that can change the state of the system through the generation of processes on objects, including generating new objects and initializing the generation of new subjects.

The access object is a passive entity, the processes on which can in certain cases be a source of generation of new subjects.

With this representation of the system, the security of information processing is ensured by solving the problem of controlling access of subjects to objects in accordance with a given set of rules and restrictions that form a security policy. A common approach for all models is precisely the division of the set of entities that make up the system into sets of subjects and objects, although the definitions of the concepts "object" and "subject" may differ in different models.

The model assumes the existence of a mechanism for distinguishing subjects and objects by the property of activity. In addition, it is also assumed that at any given time tk, including the initial one, the set of access subjects is not empty.

3. Users are represented by one or some set of access subjects acting on behalf of a particular user.

A user is a person, an external factor, authenticated by some information and controlling one or more subjects, perceiving objects and receiving information about the state of the system through the subjects he controls.

Thus, in the subject-object model, the concepts of access subjects and users are not identical. It is assumed that user control actions cannot change the properties of the access subjects themselves, which does not correspond to real systems in which users can change the properties of subjects through changing programs. However, such idealization allows you to build a clear diagram of the processes and access mechanisms.

4. Subjects can be generated from objects only by an active entity (another subject).

The object oi is called a source for the subject sm if there is a subject sj, as a result of which the subject sm arises on the object oi. The subject sj is activating for the subject sm.

To describe the processes of generating access subjects, the following command is entered: Create (sj, oi) sm — the subject sm is generated from the object oi, with the activating effect of the subject sj.

Create is called the operation of generating subjects. Due to the fact that discrete time operates in the system, under the influence of the activating subject at time tk, a new subject is generated at time tk+1.

The result of the Create operation depends on both the properties of the activating subject and the properties of the source object.

The active essence of access subjects lies in their ability to perform certain actions on objects, which leads to the emergence of information flows.

5. All interactions in the system are modeled by establishing a certain type of relationship between subjects and objects. Many types of relationships are defined as a set of operations that subjects can perform on objects.

6. All processes in the system are described by the access of subjects to objects that cause information flows.

The flow of information between the object oi and the object oj is an arbitrary operation on the object oj, implemented in the subject sm and depending on the object oi.

The flow can be performed in the form of various operations on objects: reading, changing, deleting, creating, etc.

Objects participating in the stream can be both sources and receivers of information, both associated with the subject and unassociated, and can also be empty objects (for example, when creating or deleting files). Information flows can only be between objects, not between a subject and an object.

The access of the sm subject to the oj object is called the generation by the sm subject of the flow of information between the oj object and some oi object.

The formal definition of the concept of access makes it possible by means of the subject-object model to proceed directly to the description of information security processes in protected systems. For this purpose, a set of flows P is introduced for the entire set of fixed decompositions of the system into subjects and objects at all points in time (the set P is the union of flows at all points in the system's functioning).

The rules for delimiting the access of subjects to objects are formally described flows belonging to the set of R.

7. The security policy is set in the form of rules, according to which all interactions between subjects and objects must be carried out. Interactions that lead to violations of these rules are prevented by access controls and cannot be carried out.

8. All operations are monitored by a security monitor and are either prohibited or allowed in accordance with the rules of the security policy.

9. The totality of sets of subjects, objects and relations between them (established interactions) determines the state of the system. Each state of the system is either safe or unsafe according to the safety criterion proposed in the model.

10. The main element of the security model is the proof of the statement (theorem) that a system in a safe state cannot go into an unsafe state if all established rules and restrictions are observed.