Introduction: the complexity of the information systems (IS) being developed increases the requirements for the error-free design of the access control system and increases the likelihood of the presence and impact of vulnerabilities on the state of information security. Formal verification of the IS project at the development stage allows minimizing the appearance of architectural vulnerabilities. Changes carried out by regulators in the field of certification of information security means actualizing issues related to the development and analysis of formal models. Purpose: development of an approach to the construction and formal verification of models that has an intuitively, completeness presentation and effective analysis. Methods: construction of models by the mathematical apparatus of colored Petri nets in the CPN Tools modeling environment with the subsequent study of the properties of the net. Results: an approach has been developed that has structural, logical and dynamic completeness. The clarity of the models developed using the presented approach reduces the time for detecting incorrect functioning and developing compensatory measures with the subsequent confirmation of their effectiveness. The analyze of the state space showed the need to supplement the modeling environment for the complete construction of the state space in the case of complex models and a large number of markers during the initial marking of the Petri net. Practical relevance: the developed approach is proposed to be used for formal verification of access control models and filtering information flows in the certification procedure for information security tools. The versatility and simplicity of the approach allows you to implement the formal verification procedure in the development stages of various kinds of systems. Development prospects: development of additional software that allows building a complete state space for com" plex models, as well as complementing the method with approaches using ASK-CTL logic.
Read full abstract