System state transformation rules in DP-model of access control in computer networks based on operating systems of Linux | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2016. № 1(31).

When modern computer systems (CS) are created, a big attention is paid to theoretical explanation of their access control security mechanisms. For this aim, some formal models are built and mandatory MROSL DP-model is the most developed of them. However, it is important to consider peculiarities of logical access control organization in computer networks and the existence of different security policies of network stations. MROSL DP-model and other models known to the author do not take this into account. Besides, it is necessary to provide flexible specification of access control to network resources in the context of theoretical models of logical access control in computer systems including hundreds and thousands users. The simple mechanism of access control administration is also needed. The author is building new mandatory object-role access control DP-model for the computer systems based on OS of Linux family (MROCS DP-model) relying on MROSL DP-model in order to consider mentioned peculiarities. Existing de-jure rules of system state transformation are refined and new ones are specified in the context of this model for the purpose of taking into account peculiarities of functioning CS under consideration. These changes allow to describe in details specifications of access control mechanisms. Besides, the correctness of these rules with respect to mandatory and role-based access control requirements is shown, so it makes possible to construct theory-based network security subsystem of CS. De-jure rules of state transformation in MROCS DP-model connected with the organization of logical access control in the context of CS are directed to realization in special operating system Astra Linux Special Edition.