Using metadata to implement multilevel security policy requirements

A. A. Grusho, N. A. Grusho, E. E. Timonina

Institute of Informatics Problems, Federal Research Center “Computer Sciences and Control” of the Russian Academy of Sciences; 44-2 Vavilov Str., Moscow 119133, Russian Federation

Abstract: A distributed information computing system which objects contain both valuable information (or are themselves valuable) and open (non-valuable) information is considered. To protect valuable information, multilevel security (MLS) policy is used that prohibits information flows from objects with valuable information to objects with open information. Objects with valuable information form a class of high-level objects, and objects with open information form a class of low-level objects. Metadata is created to manage network connections. Metadata is a simplification of mathematical models of business processes and is the basis of a permission system for host connections in a distributed information computing system. The paper constructs MLS security policy rules, and based on metadata-related infrastructure, shows the ability to implement this security policy in the distributed information computing system. The only trusted process required to implement the MLS security policy is at the connection management level. This layer is unrelated to the data plane and can be isolated to ensure its information security.

Keywords: MLS security policy, information flows, metadata.

Received: 13.10.2019

DOI: 10.14357/19922264190414