Tytuł artykułu
Treść / Zawartość
Pełne teksty:
Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
Modern integrated information and telecommunication systems are upgraded on a continuous basis. Such systems contain both new and old components. The approaches to developing individual components of access control systems are different in the majority of cases. As a rule, modernization of outdated but efficient systems that have been operating without any failures for long periods of time is economically unfeasible. Such an approach requires that different subsystems function based on shared data. This necessitates the coordination of various access control systems in order to ensure proper information security levels. This article examines how joint functioning of various versions of access control systems deployed in IT and telecommunication spheres may be achieved at the stage of their modernization. Potential ways in which information flows may bypass the security policies of one of the access control systems concerned are determined. The authors discuss traditional access control models. For role-based and thematic access control models, specific hypotheses are formulated to comply with security policies when different versions of access control systems work together. The structure of the model assuming that different versions of access control systems operate jointly has been developed. Based on the model, the necessary and sufficient conditions are determined under which unauthorized information flows are prevented. The security theorem for the joint functioning of different versions of access control systems is presented and proved. The results of the study showed that the methodological basis for coordinating access control models applicable to information and telecommunication systems undergoing modernization consists in observing, separately, the equality of information flows between shared objects in each of the versions of the access control systems. The approaches developed in this article can be extended to combined access control systems.
Rocznik
Tom
Strony
30--36
Opis fizyczny
Bibliogr. 17 poz., rys.
Twórcy
autor
- Bohdan Khmelnytskyi National Academy of the State Border Guard Service of Ukraine, Khmelnytskyi, Ukraine
autor
- Bohdan Khmelnytskyi National Academy of the State Border Guard Service of Ukraine, Khmelnytskyi, Ukraine
autor
- Bohdan Khmelnytskyi National Academy of the State Border Guard Service of Ukraine, Khmelnytskyi, Ukraine
autor
- Bohdan Khmelnytskyi National Academy of the State Border Guard Service of Ukraine, Khmelnytskyi, Ukraine
autor
- Bohdan Khmelnytskyi National Academy of the State Border Guard Service of Ukraine, Khmelnytskyi, Ukraine
Bibliografia
- [1] H. Huang, F. Shang, J. Liu, and H. Du, “Handling least privilege problem and role mining in RBAC”, Journal of Combinatorial Optimization, vol. 30, no. 1, pp. 63–86, 2015 (https://doi.org/10.1007/s10878-013-9633-9).
- [2] J. Hassan et al., “A lightweight proxy re-encryption approach with certificate-based and incremental cryptography for fog-enabled e-healthcare”, Security and Communication Networks, vol. 2021 , Article ID 936824, 2021 (https://downloads.hindawi.com/journals/scn/2021/9363824.pdf).
- [3] H. Zhang, J. Wang, and J. Chang, “An access control model for multilevel security in multi-domain networking environments”, Proceedings of the 9th International Conf. on Modelling, Identification and Control (ICMIC), pp. 809 –814, Kunming, China, 2017 (https://doi.org/10.1109/ICMIC.2017.8321566).
- [4] M.U. Aftab, A. Hamza, A. Oluwasanmi, X. Nie, M.S. Sarfraz, D. Shehzad, Z. Qin, and A. Rafiq, “Traditional and hybrid access control models: A detailed survey”, Security and Communication Networks, vol. 2022, Article ID 1560885, 2022 (https://doi.org/10.1155/2022/1560885).
- [5] S. Pierangela and S. de Capitani di Vimercati, “Access control: Policies, models, and mechanisms”, in International School on Foundations of Security Analysis and Design, R. Focardi and R. Gorrieri, Eds. LNCS, vol. 2171 , pp. 137– 196. Berlin, Heidelberg: Springer, 2000 (https://doi.org/10.1007/3-540-45608-2_3).
- [6] D.J. Bokefode, A.S. Ubale, S.S. Apte and G.D. Modani, “Analysis of DAC MAC RBAC access control based models for security”, International Journal of Computer Applications, vol. 104, no. 5, pp. 6–13, 2014 (https://doi.org/10.5120/18196-9115).
- [7] A.K. Malik, N. Emmanuel, S. Zafar, H.A. Khattak, B. Raza, S. Khan, A.H. Al-Bayatti, M. O. Alassafi, A. S. Alfakeeh, and M. A. Alqarni, “From conventional to state-of-the-art IoT access control models”, Electronics, vol. 9, no. 10, 1693 (https://doi.org/10.3390/electronics9101693).
- [8] O.K. Yudin and M. A. Strelbitskyi, “Content and hierarchy of the register of information resources of the state border guard service of Ukraine”, Problems of Informatization and Management, vol. 4, no. 56, pp. 85–91, 2016 (https://doi.org/10.18372/2073-4751.4.13148) [in Ukrainian].
- [9] M.A. Strelbitskyi, “Analysis of joint functioning of access differentiation models at the stage of modernization of information and telecommunication systems”, Collection of Scientific Works of Bohdan Khmelnytskyi National Academy of the State Border Guard Service of Ukraine, vol. 4, no. 70, pp. 276– 287, 2016 [in Ukrainian].
- [10] V.V. Kuzavkov, M.A. Strelbitskyi, and V.O. Danko, “Method for harmonizing the privacy level grids of mandatory access control systems for information and telecommunication systems at the modernization stage”, Collection of Scientific Works of the Military Institute of Telecommunication and Informatization, no. 1, pp. 56– 60, 2017 (http://nbuv.gov.ua/j-pdf/Znpviti_ 2017_ 1_9.pdf) [in Ukrainian].
- [11] M.A. Strelbitskyi, “Method of coordination of access matrices of discretionary access control systems of information and telecommunication systems at the stage of modernization”, Modern Information Technologies in the Field of Security and Defense, vol. 1, pp. 58–62, 2017 [in Ukrainian].
- [12] Y. Deng, J. Wang. J.J.P. Tsai, and K. Beznosov, “An approach for modeling and analysis of security system architectures”, IEEE Transactions on Knowledge and Data Engineering, vol. 15, no. 5, pp. 1099– 1119, 2003 (https://doi.org/10.1109/TKDE.2003.1232267).
- [13] J.E. Kobza and S.H. Jacobson, “Probability models for access security system architectures”, J. of the Operational Research Society, vol. 48, no. 3, pp. 255– 263, 1997 (https://doi.org/10.2307/3010424).
- [14] Ș. Bahtiyar and M.U. Ça ˇglayan, “Extracting trust information from security system of a service”, Journal of Network and Computer Applications, vol. 35, no. 1, pp. 480– 490 (https://doi.org/10.1016/j.jnca.2011.10.002).
- [15] M. Fugini and G. Martella, “Acten: A conceptual model for security systems design”, Computers and Security, vol. 3, no. 3, pp. 196–214, 1984 (https://doi.org/10.1016/0167-4048(84)90041-5).
- [16] A. Boukerche and Y. Ren, “A trust-based security system for ubiquitous and pervasive computing environments”, Computer Communications, vol. 31, no. 18, pp. 4343–4351, 2008 (https://doi.org/10.1016/j.comcom.2008.05.007).
- [17] T. Carlson, “Information Security Management: Understanding ISO 17799 ”, International Network Services Inc. (INS), White-paper, 2001 (http://www.secureict.co.za/wp-content/uploads/2018/06/03_ins_info_security_iso_17799_1101- 1.pdf).
Uwagi
Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-6c561150-7534-4aee-8fae-f8f6eae76d0e