Informatics and Applications
2019, Volume 13, Issue 4, pp 85-89
USING METADATA TO IMPLEMENT MULTILEVEL SECURITY POLICY REQUIREMENTS
- A. A. Grusho
- N. A. Grusho
- E. E. Timonina
Abstract
A distributed information computing system which objects contain both valuable information (or are themselves valuable) and open (non-valuable) information is considered. To protect valuable information, multilevel security (MLS) policy is used that prohibits information flows from objects with valuable information to objects with open information. Objects with valuable information form a class of high-level objects, and objects with open information form a class of low-level objects. Metadata is created to manage network connections. Metadata is a simplification of mathematical models of business processes and is the basis of a permission system for host connections in a distributed information computing system. The paper constructs MLS security policy rules, and based on metadata-related infrastructure, shows the ability to implement this security policy in the distributed information computing system. The only trusted process required to implement the MLS security policy is at the connection management level. This layer is unrelated to the data plane and can be isolated to ensure its information security.
[+] References (10)
- U.S. National Institute of Standards and Technology, Department of Defence. 1985. Department of Defense trusted computer system evaluation criteria. Available at: http://csrc.nist.gov/publications/history/dod85.pdf (accessed October 6, 2019).
- Grusho, A., N. Grusho, M. Zabezhailo, A. Zatsarinny, and E. Timonina. 2017. Information security of SDN on the basis of meta data. Computer network security. Eds. J. Rak, J. Bay, I. Kotenko, etal. Lecture notes in computer science ser. Springer. 10446:339-347. doi: 10.1007/9783-319-65127-9-27.
- Grusho, A. A., N. A. Grusho, M. V. Levykin, and E. E. Timonina. 2018. Metody identifikatsii zakhvata khosta v raspredelennoy informatsionno-vychislitel'noy sisteme, zashchishchennoy s pomoshch'yu metadannykh [Methods of identification of host capture in the distributed information system which is protected on the base of meta data]. Informatika i ee Primeneniya - Inform. Appl. 12(4):41-45.
- Grusho, A. A., N. A. Grusho, and E. E. Timonina. 2019. Information flow control on the basis of meta data. Distributed computer and communication networks. Eds. V. M. Vishnevskiy, K. E. Samouylov, and D. V. Kozyrev. Lecture notes in computer science ser. Springer. 11965:548-562.
- Grusho, A. A., E. E. Timonina, and S.Ya. Shorgin.
2018. Ierarkhicheskiy metod porozhdeniya metadannykh dlya upravleniya setevymi soedineniyami [Hierarchical method of meta data generation for control of network connections]. Informatika i ee Primeneniya - Inform. Appl. 12(2):44-49.
- Grusho, A. A., A. A. Zatsarinny, andE. E. Timonina. 2019. Elektronnaya bukhgalterskaya kniga na baze situatsion- nykh tsentrov dlya tsifrovoy ekonomiki [The electronic ledger on the basis of the situational centers for digital economy]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 29(2):4-11.
- Grusho, A. A., E. E. Timonina, and S.Ya. Shorgin.
2017. Modelling for ensuring information security of the distributed information systems. 31th European Conference on Modelling and Simulation Proceedings. Dud- weiler, Germany: Digitaldruck Pirrot GmbH. 656-660. Available at: http://www.scs-europe.net/dlib/2017/ ecms2017acceptedpapers/0656-probstat_ECMS2017_
26. pdf (accessed October 6, 2019).
- Timonina, E. E. 2004. Analiz ugroz skrytykh kanalov i metody postroeniya garantirovanno zashchishchennykh raspredelennykh avtomatizirovannykh sistem [The analysis of threats of covert channels and methods of creation of guaranteed protected distributed automated systems]. Moscow. D.Sc. Diss. 204 p.
- Grusho, A., E. Primenko, and E. Timonina. 2009. Teo- reticheskie osnovy komp'yuternoy bezopasnosti [Theoretical bases of computer security]. Moscow: Academy. 272 ð.
- Grusho, A.A., N.A. Grusho, M.I. Zabezhailo, and E. E. Timonina. 2019. Protection of valuable information in public information space. Communications of the ECMS: 33th European Conference on Modelling and Simulation Proceedings. Dudweiler, Germany: Digitaldruck Pirrot GmbH. 33(1):451-455. Available at: http://www.scs- europe.net/dlib/2019/ecms2019acceptedpapers/0451_ pstat_ecms2019_0018.pdf (accessed October 6, 2019).
[+] About this article
Title
USING METADATA TO IMPLEMENT MULTILEVEL SECURITY POLICY REQUIREMENTS
Journal
Informatics and Applications
2019, Volume 13, Issue 4, pp 85-89
Cover Date
2019-12-30
DOI
10.14357/19922264190414
Print ISSN
1992-2264
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
MLS security policy; information flows; metadata
Authors
A. A. Grusho  , N. A. Grusho , and E. E. Timonina
Author Affiliations
Institute of Informatics Problems, Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
|