PROTECTION MODELS AND METHODS AGAINST THREATED PROGRAMS INFORMATION SYSTEMS

The article proposes an approach to the development of protection methods against threatening programs in modern information systems, which consists in the development of security methods based on the implementation of access control to files by their types, which can be identified by file extensions that significantly exceed the known methods of antivirus protection, such as on the effectiveness of protection, as well as the impact on the load of computing resources of the information system. It is shown that the most important for protection are executable binary and script files, and that these classes of malware require mandatory storage of the threatening file on the hard disk before its execution (read). This led to the conclusion that protection against threatening programs can be built by implementing control (delineation) of access to files. A general approach to the implementation of protection against threatening programs is proposed, based on the implementation of control of access to files by their types, which can be identified by file extensions. The possibility of using such an approach is substantiated by a study of remedies. Methods of protection against threatening programs allow to protect the information system, both from loading, and from execution of binary and scripted threat files, differing in the possibility of taking into account the location of executable files, the possibility of administration with a working security system, the ability to control the modification of access objects, renaming access features, the ability to protect against scripted threat programs, including the ability to give threatening properties to interpreters (virtual x machines). Models of access control have been developed, which allowed the built-in access matrices to formulate requirements for building a secure system, the implementation of which prevents the leakage of given access rights of subjects to objects.