MODEL OF INDIVIDUALLY GROUP ASSIGNMENT OF ACCESS TO HIERARCHICALLY ORGANIZED OBJECTS OF CRITICAL INFORMATION SYSTEMS USING MOBILE TECHNOLOGIES
Abstract and keywords
Abstract (English):
The analysis of access control models currently used in information security systems (SPI) is carried out. Based on the analysis of the advantages and disadvantages of discretionary, authoritative and role models in the implementation of access of mobile systems of subjects with different needs and roles to hierarchically organized information objects of medical information systems (MIS), it is proposed to use access control based on a thematic - hierarchical policy. The methods of forming thematic grids that provide security control of information flows are proposed. The article offers methods for setting the reachability matrix for reading, writing, and executing different access subjects to access objects with monorubricated and multi-rubricated hierarchical thematic classification.

Keywords:
mobile station, hierarchical thematic classification, security gateway, mobile device manager, medical information system, unauthorized access, security grid
References

1. Obschestvennoe zdorov'e i zdravoohranenie. Nacional'noe rukovodstvo / pod red. V.I. Starodubova, O.P. Schepina. - M. : GEOTAR - Media, 2013. - 624 s.

2. Metody i sredstva povysheniya zaschischennosti avtomatizirovannyh sistem : monografiya / V.A. Hvostov [i dr.]. - Voronezh : Voronezhskiy institut MVD Rossii, 2013. - 108 s.

3. Analiz ugroz bezopasnosti informacii pri obrabotke personal'nyh dannyh v mobil'noy medicine / V.P. Gulov, V.A. Hvostov, A.V. Skrypnikov, V.P. Kosolapov, G.V. Sych // Sistemnyy analiz i upravlenie v biomedicinskih sistemah. - 2020. - T. 20, № 2. - S. 129-138.

4. Analiz osobennostey zaschity personal'nyh dannyh v mobil'noy medicine / V.P. Gulov, V.A. Hvostov, V.P. Kosolapov, G.V. Sych // Sistemnyy analiz i upravlenie v biomedicinskih sistemah. - 2020. - T. 19, № 3. -S. 171-176.

5. Federal'nyy zakon Rossiyskoy Federacii ot 27 iyulya 2006 g. N 152-FZ. «O personal'nyh dannyh». - «Rossiyskaya gazeta» ot 29 iyulya 2006 g. N 165. - URL: https://rg.ru/2006/07/29/personaljnye-dannye-dok.html (data obrascheniya: 02.02.2021).

6. Postanovlenie Pravitel'stva RF ot 01.11.2012 N 1119 «Ob utverzhdenii trebovaniy k zaschite personal'nyh dannyh pri ih obrabotke v informacionnyh sistemah personal'nyh dannyh» - «Rossiyskaya gazeta» ot 07 noyabrya 2012 g. N 256. - URL: https://rg.ru/2012/11/07/pers-dannye-dok.html (data obrascheniya: 02.02.2021).

7. Ob utverzhdenii sostava i soderzhaniya organizacionnyh i tehnicheskih mer po obespecheniyu bezopasnosti personal'nyh dannyh pri ih obrabotke v informacionnyh sistemah personal'nyh dannyh Prikaz direktora FSTEK Rossii ot 18 fevralya 2013 g. № 21. - URL: https://fstec.ru/normotvorcheskaya/akty/53-prikazy/691 (data obrascheniya: 26.09.2019).

8. Zaschita informacii v medicinskih uchrezhdeniyah : monografiya / V.P. Gulov, V.P. Kosolapov, G.V. Sych, V.A. Hvostov. - Voronezh, 2020. - 430 s.

9. Scherbakov, A.Yu. Sovremennaya komp'yuternaya bezopasnost'. Teoreticheskie osnovy. Prakticheskie aspekty : uchebnoe posobie / A.Yu. Scherbakov. - M. : Knizhnyy mir, 2009. - 352 s.

10. Primernaya instrukciya po deloproizvodstvu v medicinskih organizaciyah. - URL: http://upravlenie-zdravoohraneniem.rf/load/dokumenty/dokumenty/ primernaja_instrukcija_po_deloproizvodstvu_v_medicinskikh_organizacijakh/1-1-0-78 (data obrascheniya: 31.03.2020).

11. NIST Special Publication 800-162. Guide to Attribute Based Access Control (ABAC). Dentition and Considerations / V.C. Hu, D. Ferraiolo, R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, K. Scarfone // NIST National Institute of Standards and Technology, 2014. - 47 p. - DOI: http://dx.doi.org/10.6028/NIST.SP.800-162.

12. Avtomatizaciya medicinskih uchrezhdeniy. - URL: http://www.mlsit.ru/products/archimed (data obrascheniya: 02.02.2021).

13. MedWork - professional'naya medicinskaya informacionnaya sistema. - URL: https://www.medwork.ru (data obrascheniya: 02.02.2021).

14. Medicinskaya informacionnaya sistema qMS. - URL: https://sparm.com/products/qms/mis (data obrascheniya: 02.02.2021).

15. Medicinskaya informacionnaya sistema VS Clinic. - URL: http://www.vita-soft.ru/solves/54/(data obrascheniya: 02.02.2021).

Login or Create
* Forgot password?