Journal of Telecommunications and Information Technology (Mar 2023)
Concept of Joint Functioning of Access Control Systems
Abstract
Modern integrated information and telecommunication systems are upgraded on a continuous basis. Such systems contain both new and old components. The approaches to developing individual components of access control systems are different in the majority of cases. As a rule, modernization of outdated but efficient systems that have been operating without any failures for long periods of time is economically unfeasible. Such an approach requires that different subsystems function based on shared data. This necessitates the coordination of various access control systems in order to ensure proper information security levels. This article examines how joint functioning of various versions of access control systems deployed in IT and telecommunication spheres may be achieved at the stage of their modernization. Potential ways in which information flows may bypass the security policies of one of the access control systems concerned are determined. The authors discuss traditional access control models. For role-based and thematic access control models, specific hypotheses are formulated to comply with security policies when different versions of access control systems work together. The structure of the model assuming that different versions of access control systems operate jointly has been developed. Based on the model, the necessary and sufficient conditions are determined under which unauthorized information flows are prevented. The security theorem for the joint functioning of different versions of access control systems is presented and proved. The results of the study showed that the methodological basis for coordinating access control models applicable to information and telecommunication systems undergoing modernization consists in observing, separately, the equality of information flows between shared objects in each of the versions of the access control systems. The approaches developed in this article can be extended to combined access control systems.
Keywords