Результаты переработки уровней ролевого управления доступом и мандатного контроля целостности формальной модели управления доступом ОС Astra Linux

Abstract

The access control mechanism is the basis for ensuring the security of system software (OS or DBMS). In accordance with the requirements of regulatory documents of domestic regulators for certified information security tools, as a scientific basis for the implementation of such a mechanism, a formal access control model that meets the GOST R 59453.1-2021 criteria should be developed. Such a formal model for the Astra Linux operating system certified for the highest protection classes and assurance levels is the mandatory entity-role model of access and information flows security control in OS of Linux family (MROSL DP-model). Taking into account the introduction of new elements into the access control mechanism of the Astra Linux and in order to ensure a more accurate correspondence of the model description to this mechanism, the development of scientifically based technologies and practices for the development and verification of formal models, the MROSL DP-model is regularly revised. Another such revision of the model now has been completed for two levels of its hierarchical representation, corresponding to role-based access control (representing discretionary access control, traditional for the OS of Linux family) and mandatory integrity control, reflecting the most significant changes in the Astra Linux release 2023. The article analyzes the main results of this revision, within which: functions that define new entity labels are introduced, the composition and descriptions of the de-jure rules for transforming system states, administrative and negative roles are changed, the wording is corrected and several statements are re-proved, and other changes are made in the model description.