Operating system of Linux class provides data protection that contains state secret information with security classification up to "top secret" inclusively.
Special software components are developed and included in the operating system structure in order to increase system functionality and improve its security level and operability.www.astralinux.ru
Operating system has mandatory access control application. In such a case decision making about access prohibition or permission from subject-to-object is based on type of operation (read / write / execute), mandatory security context connected with each subject and mandatory check mark connected with object.
Operating system kernel provides custom isolated address space for each system process.
Operating system performs clearance of unusable file system blocks directly while deleting them.
This subsystem reduces speed of operations flow on deleting and file size clipping, but at the same time it is possible to configure this subsystem so that file systems will operate with various productivity indicators.
Print server (CUPS) inserts necessary account data in the printed documents using developed marking procedure. Mandatory attributes are automatically connected with printout assignment on the basis of mandatory context of received net connection.
Original logging subsystem is developed. It is integrated in all operating system components and ensures reliable events recording with employment of special service.
Graphics subsystem includes Xorg X-server, Fly user desktop as well as a range of software tools designed for both users and system administrators. Some efforts have been taken on developing and embedding necessary information protection tools in the graphics subsystem which provide mandatory access control in the graphics applications.
Developed Fly user desktop is closely integrated with information protection procedures. The following capabilities are implemented therein:
graphic display of mandatory mark for each window;
capability to run applications with different mandatory marks.
Level of these restrictions is specified by kiosk mask, which impacts on the access rights to file during each user attempt to gain access.
There is a templates system for access rights assignment – files with specified access rights are used in order to start any programs. There are special design tools for template development for any user tasks.
Operating system uses special format for executable files. It enables to set access mode to segments in the addressing space of process.
Centralized software compilation system ensures installation of light mode which is necessary for software operation. There is also capability of NOT EXECUTE BIT technology employment supported by modern processors.
There are some arrangements for verification of loading executable files on invariableness and identity in ELF cialis online format. Test is performed on the basis of authenticity vectors calculated accordingly to the GOST34.10-2001 standard and embedded into executable files during compilation process.
It is possible to provide third-party software developers with authenticity vectors implementation tools.
Hashing service is applied accordingly to the GOST 34.11-94 standard for integrity control. Basic utility for integrity control is open-source software "Another File Integrity Checker".
Subsystem Astra Linux Directory (ALD) is developed on the basis of open-source standard LDAP for domain structure organization. This subsystem provides tools for domain configuration and joint user space organization which ensure:
network pass-through authentication;
centralized data storage of user environment;
centralized data storage on the server concerning information protection subsystem settings;
centralized control of DNS and DHCP servers;
integration into the domain of secured servers such servers as DBMS servers, print servers, email and web-servers, etc.;
centralized auditing of security events within the framework of domain.
Operating system structure includes object-relational DBMS PostgreSQL which instrumented discretionary and mandatory procedures of access control to the secured DB resources.
Basis of mandatory access control is partition of access to the secured DB resources in terms of hierarchic and non-hierarchic access marks. It enables to realize multi-level protection with user access separation to the secured DB resources and control of information flows.
Structure of secured software package of hypertext data processing includes Mozilla Firefox browser and Apache web-server both integrated with embedded information protection tools for user mandatory access control during configuring of remote access to information resources.
Structure of secured software package includes email server consisting from Exim email transmission agent and Dovecot email delivery agent as well as Mozilla Thunderbird email client ensuring the following functional capabilities:
Email transmission agent uses SMTP protocol and provides solution of the following tasks: