Methods of identification of host capture in a distributed information system which is protected on the basis of meta data

The model of a distributed information system in which permissions on network connections are based on meta data is considered. Meta data are simplification of business process models. It is proved that the adversary of information security who captured a host and accurately attacked a system by means of changes of output data of tasks solved on this host cannot be detected at the level of meta data. The problem is connected with the fact that a business process model and, therefore, meta data operate with variables for which changes of specific values are not reflected in their description. Exceptions are output cases on forbidden values, for example, out of limits of definition ranges and a set of values of functions of which information technologies are constructed. Additional variants of information security measures which consider “invisibility” of similar violations of information security at the level of meta data are suggested.