Access control in computer systems is based on the combination of confidence-mandatory and thematic principles. Composite security labels (tags) containing a security level (classification grade for objects and access level for subjects) and a thematic index (object themes and thematic permissions for subjects) are assigned to the access objects and subjects. In contrast to the known MLS-model that uses so called non-hierarchical (i.e. unordered) thematic categories in the form of thematic rubrics, our model (MLTS-system) uses thematic object indexes and thematic subject permissions which appear as hierarchical thematic classifier elements widely used in document storage technologies. Mathematically, the security labels are elements of the product of the security level algebraic lattice used in Bell - LaPadula model and of a special multirubric lattice based on hierarchical classifiers. Special dominance relations (wider - narrower) and binary operations (greatest lower and least upper multirubric bounds) that cannot be expressed by using ordinary set-theoretic inclusion relation and union and intersection operations are introduced. In MLTHS-system, for assigning security tags to users and to user-initiated subjects, some specific procedures are defined. Authorization rules to subject-to-object read, write and execute access are defined for security monitor as well as security tag assignment procedures for newly created objects. Multiple access (a single subject to many objects and many subjects to a single object) authorization rules are established. It is proven that MLTHS-system is secure by criteria of flow absence between security tag-incomparable entities (objects or subjects) and of top down flow absence. MLTHS-system allows combining access control and document storage text search technologies to create secure search engines with no functional limitations.
Download file
Counter downloads: 310
- Title Multilevel thematic-hierarchical access control (MLTHS-system)
- Headline Multilevel thematic-hierarchical access control (MLTHS-system)
- Publesher
Tomsk State University - Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 39
- Date:
- DOI 10.17223/20710410/39/4
Keywords
управление доступом, модель безопасности, иерархический тематический классификатор, мультирубрика, решётка мультирубрик, документальные информационно-поисковые системы, тематическое индексирование, MLS-модель, access control (management), security model, hierarchical thematic classifier, multirubric, multirubric lattice, documentary information retrieval systems, thematic indexing, MLS-modelAuthors
References
Грушо А. А., Применко Е. А., Тимонина Е. Е. Теоретические основы компьютерной безопасности. М.: Издательский центр «Академия», 2009. 272 с.
Девянин П. Н. Модели безопасности компьютерных систем. Управление доступом и информационными потоками: учеб. пособие для вузов. М.: Горячая линия - Телеком, 2011. 320 с.
Гайдамакин Н. А. Разграничение доступа к информации в компьютерных системах. Екатеринбург: Изд-во Урал. ун-та, 2003. 328с.
Bell D. E. and LaPadula L. J. Secure Computers Systems: Unified Exposition and Multics Interpretation. Bedford, Mass.: MITRE Corp., 1976.
Крюков К. В., Панкова Л. А., Пронина В. А. и др. Меры семантической близости в онтологии // Пробл. управл. 2010. №5. С. 2-14.
Гайдамакин Н. А. Модель тематического разграничения доступа к информации при иерархической структуре классификатора в автоматизированных системах управления // Автоматика и телемеханика. 2003. №3. С. 177-189.
Щербаков А. Ю. Современная компьютерная безопасность. Теоретические основы. Практические аспекты. М.: Книжный мир, 2009. 352 с.
Multilevel thematic-hierarchical access control (MLTHS-system) | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2018. № 39. DOI: 10.17223/20710410/39/4
Download full-text version
Counter downloads: 597