2021: Approval of GOST R 59453.1-202 and GOST R 59453.2-2021
The Federal Agency for Technical Regulation and Metrology (Rosstandart) approved the national standards GOST R 59453.1-2021 "Information Protection. Formal access control model. Part 1. General provisions "and GOST R 59453.2-2021" Information protection. Formal access control model. Part 2. Recommendations for verifying the formal access control model. " Their main author is Astra Linux GC, which announced this on May 14, 2021, while specialists from the V.P. Ivannikova Institute of System Programming of the Russian Academy of Sciences (ISP RAS) took part in the creation of the second standard.
The development of a formal access control model and its verification using tools are part of the requirements of levels 4 and 3 of trust, according to the second edition of the FSTEC of Russia approved by Order No. 76 of June 2, 2020 "Information Security Requirements Establishing Levels of Trust in Information Security Tools and Information Technology Security Tools." National standards are aimed at regulatory support for the fulfillment of these requirements.
Obtaining a certificate of the FSTEC of Russia on the 4th level of trust is mandatory for software products that are used on significant objects of the critical information infrastructure up to the first class inclusive and in automated process control systems, and starting from the 3rd level of trust - in state information systems of the first class, including processing personal data and state secrets.
Standard P 59453.1-2021 establishes the criteria that the formal access control model described in a mathematical or formalized (machine-readable) language should meet. In addition, in the document you can find definitions of those key terms that the developers of information protection tools use: discretionary, mandate and role access control policies, as well as mandatory integrity control.
The second GOST contains recommendations regarding translation of the formal model description into a formalized language and its verification using tools.
During the development and discussion of national standards with TK 362, they were tested in Astra Linux GC. To do this, the experts checked how much the formal access control model (MCDP model) corresponds to them, on the basis of which the PARSEC protection mechanism is implemented in the Astra Linux Special Edition special-purpose operating system. In addition, technologies for translating this model from a mathematical language into a formalized language of the Event-B method were developed in accordance with the standards, followed by its verification by the Rodin and ProB tools.
In the course of testing national standards, using the example of our operating system certified in the highest, first, protection class, it was possible, firstly, in practice, to fulfill the relevant trust requirements during its development, and secondly, to improve the quality of the standards themselves, to make the necessary adjustments to them. The new standards will have a positive effect on the development of scientifically based approaches used in creating and ensuring confidence in information protection tools, and on further standardization in this area. They will be in demand by many domestic developers of such funds, - sums up Pyotr Devyanin, supervisor of Astra Linux GC, professor, doctor of technical sciences, corresponding member of the Academy of Cryptography of the Russian Federation. |
See also