Systematic analysis of access limitation process under discretionary policy of control

The paper describes one of the key problems of access limitation to information resources under the discrete control policy of access – a problem of obtaining the guarantee that there will never take place any violation of the requirements of access limitation policy under the selected strategy of providing information security and strict compliance with its requirements. To solve this problem is possible only using formalized methods. There has been suggested a formalized access limitation model comprising 5 components: multitude of agents having access to data processing software and hardware; multiple facilities of data processing system (information resources and data, software, hardware), which can become the object of activities of at least one agent; mul-titude of rights of access (a set of types of access); multitude of access limitations for an agent to a facility; multitude of requirements for the agent access; multitude of activities. The paper closely studies the component of multitude of activities, which includes all possible methods, means and techniques to deter threats and attacks, which can be used in the security system in order to provide and change ways of access of an agent to a facility. To arrange all the possible activities there have been singled out the four key criteria in terms of access limitation: the category to which the activity refers; affecting environment; the order of impact; the focus of activities. The individual characteristics of each of the four criteria have been described. Systematization criteria could lay the base of rules covering all possible situations and corresponding mechanisms of action. Creating such a base and its regular renewal and improvement are necessary for developing conditions for mass use of standard clarified protective means of information security.