Abstract:
This article presents a theorem about the security violation necessary conditions for time information flows in Linux family operating systems. The conditions are easily to implement. According to these conditions, to prevent prohibited time information flows it is necessary: 1) to eliminate containers where both the Boolean mandatory attribute CCR (Container Clearance Required) and the integrity attribute CCRI (CCR for integrity) are true; 2) to eliminate containers which include entities with less level of confidentiality; 3) to completely prohibit using entities-“holes” not saving data or use their implementation not creating time information flows. After this, for the access control security in OS Astra Linux Special Edition, it is sufficient to ensure the memory information flows security in the sense of Bell–LaPadula model and the mandatory integrity control.
Keywords:computer security, formal model, information flow.
Fulltext:
PDF file (559 kB)