Methods for restricting access to information

The definitions of the object and subject of access have been introduced into information security. Each access subject can perform some operations on the object, which can be allowed or prohibited for a given subject or set of subjects. Therefore, there are methods for restricting access to information of the subject. Accessibility is usually determined at the operating system level and is determined by the operating system architecture and current security policy. For the convenience of describing methods and means of restricting access of subjects to objects, some concepts have been introduced.

Therefore, there are methods for restricting access to information of the subject

An object accessor is an operation defined for this object. Restricting access to information is associated precisely with limiting possible access methods.

Object owner - a subject who owns (created by him) the object and who is responsible for the confidentiality of the information contained in the object, as well as for access to the object.

Access right to an object - the right to access an object by one or a group of access methods.

Access control is a set of rules that determine for each triple subject - object - method the presence or absence of access rights for the specified method.

There are several models for restricting access to information. The most common are:

  • discretionary model of access restriction;
  • the authorized (mandatory) model of access restriction. The discretionary model, or selective restriction of access, is characterized by the following set of rules:
  • there is an owner for any object;
  • the owner can arbitrarily restrict access of subjects to this object;
  • for each triple subject - object - method, the accessibility is uniquely defined;
  • there is at least one privileged user (administrator) who can access any object using any method of accessing information.

In this model, an access matrix is used to define access rights, the rows of which are subjects, and the columns are objects. Each cell stores a set of access rights of a given subject to a given object. The typical size of the access matrix for a modern operating system is tens of megabytes.

The authoritative (mandatory) model is characterized by the following set of rules:

  • each object is classified as classified. The higher its numerical value, the more secret the object;
  • each access subject has a security clearance.

The subject's admission to an object in this model is allowed only if the subject has a clearance level value not less than the object's security stamp value. The advantage of this model is that there is no need to store large amounts of information about access restriction. Each subject stores only the value of its level of access to information, and each object stores the value of its secrecy stamp.