Abstract:
As part of the subject-object formalization of computer systems, the concepts of potential and actual user awareness of confidential information are introduced. Potential awareness is considered as a value determined by the user's access rights to objects containing confidential information and the volume of confidential information of the corresponding objects. The volume of confidential information of the object is proposed to be determined on the basis of the number of words contained in the text of the object and the amount of information content of the object, which is determined by an external factor, for example, the author and/or a dedicated user (analyst). For the main access control models (discretionary, mandatory, thematic-hierarchical and role-based), analytical relations are presented that determine, on a quantitative scale of the range $[0,1]$, the amount of potential awareness of users in confidential information contained (processed) in a computer system. The satisfaction of the corresponding values to the metric requirements is proved.