The level of negative roles of the hierarchical representation of MROSL DP-model

MROSL DP-model is widely used as a mandatory entity-role model of access and information flows security control in Linux-type OS. To make the model to be more adequate for a number of special security features of the Russian OS Astra Linux Special Edition, it has been decided to extend MROSL DP-model by adding to it so called negative roles. In contrast to the ordinary roles, these ones contain access rights which prohibit entities or subject-sessions from getting some access. In this paper, an order of using negative roles in MROSL DP-model is defined, the corresponding changes of conditions and application results for state transformation de-jure rules in MROSL DP-model with negative roles are described, and the correctness of these modified rules are stated, namely: let $G$ and $G'$ be some states of MROSL DP-model with negative roles, $G'$ be a result of transformation de-jure rules application to $G$, and $G$ be satisfying all the conditions for mandatory role access control; then $G'$ also satisfies all these conditions.