A Systems Approach to Ensuring Security in a Special-Purpose Automated Information System

• Published in: Automatic documentation and mathematical linguistics Vol. 59; no. 1; pp. 33 - 40
• Main Authors: Dubrovin, A. S., Sumin, V. I., Gromov, Yu. Yu, Tyutyunnik, V. M.
• Format: Journal Article
• Language: English
• Published: Moscow Pleiades Publishing 01.02.2025; Springer Nature B.V
• Subjects: Access control; Access to information; Automation; Computer Science; Control methods; Information Storage and Retrieval; Information Systems; Lattices; Security; Subsystems; special purpose automated information system; mandate security policy; access delimitation rules; discretionary security policy; grid; information security subsystem; system approach; security level
• ISSN: 0005-1055; 1934-8371
• DOI: 10.3103/S0005105525700049

A mathematical model of the subsystem of security in an automated information system with a special purpose, hierarchically decomposed by security levels, is considered, on the basis of which it is possible to develop and analyze relatively flexible rules of differentiation of access to information with high guarantee of their fulfillment with the help of the apparatus of finite nonlinear lattices. Two finite nonlinear lattices suitable for this purpose are proposed. For each, carrier, partial ordering, and algebraic operations are defined. Interpretations of these lattices are given as vector security levels, in contrast to the well-known interpretation of finite linear lattices as numerical security levels. For vector security levels, the “no read up” and “no write down” rules of the mandated security policy are defined. The equivalence of the modeling capabilities of these lattices is justified. The developed model integrates the principles of mandating and discretionary access control methods, taking subjects in the role of intermediaries between users and objects. The Bell-LaPadula model, as adapted to the formalization of security levels by finite nonlinear lattices is presented.