RUS  ENG
Full version
JOURNALS // Proceedings of the Institute for System Programming of the RAS // Archive

Proceedings of ISP RAS, 2020 Volume 32, Issue 1, Pages 7–26 (Mi tisp483)

This article is cited in 4 papers

Integrating RBAC, MIC, and MLS in verified hierarchical security model for operating system

P. N. Devyanina, V. V. Kuliaminbcd, A. K. Petrenkodcb, A. V. Khoroshilovedbc, I. V. Shchepetkovd

a RusBITech
b National Research University, Higher School of Economics
c Lomonosov Moscow State University
d Ivannikov Institute for System Programming of the Russian Academy of Sciences
e Moscow Institute of Physics and Technology (State University)

Abstract: Designing a trusted access control mechanism of an operating system (OS) is a complex task if the goal is to achieve high level of security assurance and guarantees of unwanted information flows absence. Even more complex it becomes when the integration of several heterogeneous mechanisms, like role-based access control (RBAC), mandatory integrity control (MIC), and multi-level security (MLS) is considered. This paper presents results of developement of a hierarchical integrated model of access control and information flows (HIMACF), which provides a holistic integration of RBAC, MIC, and MLS preserving key security properties of all those mechanisms. Previous version of this model is called MROSL DP-model. Now the model is formalized using Event-B formal method and its correctness is formally verified. In the hierarchical representation of the model, each hierarchy level (module) corresponds to a separate security control mechanism, so the model can be verified with less effort reusing the results of verification of lower level modules. The model is implemented in a Linux-based operating system using the Linux Security Modules infrastructure.

Keywords: Formal access control model, role-based access control, mandatory integrity control, multi-level security, formal verification, Event-B, Astra Linux.

DOI: 10.15514/ISPRAS-2020-32(1)-1



© Steklov Math. Inst. of RAS, 2024