| 摘要 |
FIELD: physics, computer engineering.SUBSTANCE: invention relates to computer engineering. A method of securing information flow in secure information systems with mandatory and role-based access control, which includes presenting a secure information system within a formal security model of logic mandatory and role-based control of access and information flow in which roles are realised by substance-containers to which system subjects are granted access for ownership, reading or writing; each role is assigned a confidentiality level which does not exceed the confidentiality level of roles to which said role is subordinate in a hierarchy; a subject is granted access to a role only if the subject has the respective effective access right to said role; the subject is allowed to alter access rights to substances possessed by the role only when the subject has a write access to the role; a subject is allowed to alter the access rights to a role only when the subject has an ownership access to said role.EFFECT: preventing secure information system violator subjects from using role parameters.3 cl, 2 tbl |
