First, it seems appropriate to pay attention to the fact that the object of the research is a network of situational centers, which combines several structures—mainly equal partners, the purpose of which cooperation in the information field is the formation of balanced management decisions regarding the adoption of adequate measures in specific crises [1]. At the same time, system users, in contrast to the methods of ensuring integrity or availability, may have their unique requirements for ensuring the confidentiality of the information resources created by them due to the specifics of the methods of obtaining preliminary information and/or methods of their further processing, their own “know-how” and/or copyright for some products, etc. [2–4].

Many scientific studies have been devoted to the problems of building access demarcation systems (ADS). In particular, [5–7] provides a systematic review and analysis of the construction of existing and prospective models. However, their effectiveness in ensuring the confidentiality of information resources is not defined.

In [8], partial indicators of effectiveness are proposed to implement the procedure for evaluating the effectiveness of the system of information protection and cyber security of objects of critical information infrastructure.

In [9], the expansion of access control mechanisms in a specific class of sensitive information systems is investigated.

It should be noted that these studies are mainly based on the centralized principle of information security management, when the owner of the system or its manager, by the requirements of regulatory acts and standards [10–12], the procedure for accessing information and the requirements for the architecture of the ADS.

In contrast to the mentioned approach to the construction of a centralized access management system (CAMS), another approach is developing—decentralized [13, 14], which provides the opportunity to delegate part of the powers from the central level of security management to other components of the security system. Namely, in these works, the issue of building a system of access demarcation and a new approach to their architecture will be considered.

This approach consists of placing the element responsible for making decisions about allowing or denying subjects access to objects outside the workstation at which access is restricted. This item resides on another workstation and can be used to restrict access across multiple machines. This approach is called “decentralization of the access delimitation system,” considering that the system is divided into several components installed on different workstations.

The proposed article provides a concrete solution to the partial decentralization of the access demarcation system based on an evidence-based approach to information security guarantees [15, 16].

As mentioned above, the cyber protection complexes of modern information systems (IS) are mainly built according to the principle of centralized security management, which provides for the presence of single management in the system, directed by the owner or manager of the information system. In the future, referring to the system's owner, we will understand that the relevant provisions also apply to its administrator. The corresponding security model is shown in Fig. 1.

This model includes a conditionally single administrator A, who forms and implements the information security policy (ISP), which is approved by the management of the organization - the owner of the system, and also configures the components of the cyber protection system and monitors the implementation of measures that are provided by the ISP and regulatory documents [10] . Information system users 1, 2, … , following the rules defined by the ISP, interact with IS to gain access to information resources 1, 2, … , that are necessary for solving certain problems. As a rule, users do not participate in forming ISP and configuring security measures, including the access control system.

The advantages of this approach to building an information security management system are:  Unification of protection requirements for all system components.  Reducing the risk of formation of relatively weak links or vulnerabilities.  A single vertical of management and control of delimitation of access to information system resources.

At the same time, this approach is not free from some disadvantages, namely:  Potentially, a security system administrator, thanks to too much authority, can personally gain access to the contents of confidential information resources or, without sufficient grounds, grant access to a particular user of the system.  In the case of overcoming protective barriers, for example, in case of abnormal functioning of the protection system, the attacking party may attempt unauthorized access to an insufficiently protected resource.  There is a potential danger of copying and unauthorized distribution by insiders of open resources that were created at the expense of the owner and users of the system or are subject to copyright.

It should also be noted that in information systems that combine several different corporate subsystems, in general, a user can act in one or two guises: as the owner of an information resource and as a consumer of the resource (client/utilizer).

At the same time, taking into account the potentially sensitive nature of the method or method of obtaining or collecting (receiving) the original information that forms the information resource, its owner may have legal grounds for approval or restriction of access to consumers (clients) to it, and can also provide suggestions regarding ISP to the system as a whole and perform security administration of its segment and control its status.

A similar situation, in particular, can be observed in the network of situational centers of state bodies.

The model of a partially decentralized security system in a protected IS, which considers the corresponding shortcomings of a centralized system, is shown in Fig. 2.

In this model, the management of the central segment of the network still plays a crucial role in organizing and ensuring security. However, unlike in the previous case, the owner set of information resources Ω = { 1, 2, … , } acquire the authority to coordinate access to them by other users of the information system and to provide proposals for the formation of ISP.

Obviously, we have ⋃Ω = { 1, 2, … , }, ℎ Ω ⋂Ω = ∅ для ≠ .

Let us call a two-row table the descriptor of data belonging to their owners, the upper row of which is the user number of the IS, and the lower row is the set of information resources corresponding to it = ( 1 Ω1 2 Ω 2 … … Ω ).

Based on the ownership descriptor, security management should form access matrices and markers of the owners of folders and data files for the combined matrix—mandate access demarcation system— MADS. MADS must contain the Resource’s Owner Unique Number (RWUN) and the resource's confidentiality code—CC. For example, CC = 0 may indicate that the resource can be available to any identified and authenticated user of the system, CC = 1 may indicate certain restrictions on the use of the resource, etc. mode [17] using a key file generated by the owner k.

Building a mechanism for delimiting access is based on applying cryptographic transformations of information. For this purpose, each file transferred to the single database of the information system is encrypted using an approved block cryptographic algorithm ( ) in ECB (Electronic Codebook)

The secret distribution procedure [17, 18] between interested parties of the information system is used to decrypt files. The file owner securely stores the key and never circulates it publicly on the network. Next, we will consider the mathematical foundations of the proposed secret distribution mechanism.

, ̅1 ⨁ … ⨁ ̅ = 0̅, ̅ 1 ⨁ … ⨁ ̅ ≠ 0̅, where are binary vectorsαi, ̅ , ̅, ̅ ∈ 2 , = ̅1̅,̅̅, 2 is vector space of dimension n over a field of two elements. Here and further, the operation ⨁ means coordinate-by-coordinate addition of vectors modulo 2 (exclusive OR). If there is equality where 0̅ is a vector, all coordinates of which are equal to zero, and the condition is fulfilled of an odd vector ̅ is uniquely calculated by expression where < and the elements of the index set { 1, … , } pairwise do not coincide, then in the case ̅ = 1̅⨁ … ⨁ ̅.

In the case of a doubles, the result of the addition in ( 4 ) is equal to 0.

The conclusion of the statement is easy to prove by adding equations in the system ( 3 ).

Vectors from the set { ̅1, ̅2, … , ̅ } will be called masks of the secret parameter (key) ̅. ̅1̅,̅̅ have a random uniform distribution, i.e.

Statement 2. If in the system of equations ( 3 ), the components of vectors ̅ = ( 1, … , ), = ( = 1) = ( = 0) = 0.5, ∀ , random uniform distribution and do not depend on ̅, then the components of the vectors ̅= ( 1, … , ), = ̅1̅,̅̅ also have a

Let us formulate some necessary mathematical propositions to substantiate the proposed remote distribution procedure.

Statement 1. Let the system of linear equations be given ( 3 ) ( 4 ) ( 5 ) ( 6 ) ( 7 ) ( 8 ) ( 9 ) ( 10 ) ( 11 ) ( 12 ) ( = 1) = ( = 0) = 0.5, ∀ , .

Indeed, the probability that some component = 1 is equal to ( ( = 1) = 1 − (

= 0) = ( ⨁ ) = 1 = = 0) ⋅ ( = 1) + (

= 1) ⋅ ( = 0) =

0.5 ⋅ ( = 1) + 0.5 ⋅ ( = 0) = 0.5 ⋅ ( ( = 1) + ( = 0)) = 0.5. then each equation with equal probability at random from the vector space 2 , i.e.

Statement 3. If, under the conditions of statements 1 and 2, binary vectors { ̅1, ̅2, … , ̅ } are chosen ( ̅ = ̅) = 2−

∀ ̅∈ 2 , = ̅1̅,̅̅, ̅= ̅ ⨁ ̅ , ∀ = ̅1̅,̅̅ specifies a perfect cipher, and ( 3 ) determines the distribution of the secret key ̅ ↔ { 1̅, 2̅, … ̅} among the community of users, and ( 6 ) establishes the secret key recovery rule.

Recall that according to [16] , when random variables , , take the value from 2 , and the perfect cipher if the equality holds: reflection ( , ) = : 2 × 2 → 2 is bijective for any fixed value , then it ( , ) is called a ( ) = (

⁄ ) для ∀ .

This means that guessing the value of the secret K does not depend on whether we know the corresponding value of B or not.

Note that according to the definition of conditional probability [19] holds ( , ) = ( ) ∙ ( ⁄ ) = ( ) ∙ (

⁄ ).

Proceeding from ( 11 ) and (13) based on the approach [20], we have From the last expression and based on (13) ( , ) = ( ) ∙ ( ⁄ ) = ( ) ∙ ( ⨁ ) = ( ) ∙ ( ) = ( ) ∙ 2− . ( ⁄ ) = ( , ) ⁄ ( ) = 2− .

Bayes’ theorem [19] we have ( ⁄ ) = ( ) ∙ ( ⁄ ) ( ) =

( ) ∙ ( ⁄ ) ∑ ( ̅) ∙ ( ⁄ ) ̅ =

( ) ∙ 2− 2− ∙ ∑ ( ̅) = ( ). for a perfect cipher holds. selection of mask values from the general population, since

In the last expression, the sum is calculated over all possible values of the secret parameter ̅. Thus, regardless of the probability distribution of the random variable K, Shannon’s condition [16] At the same time, it should be noted that condition ( 4 ) contradicts the requirement of independent ̅1 ⨁ … ⨁ ̅ −1 = ̅ .

But this situation should be compensated by reliable and safe storage of a full set of masks { ̅1, ̅2, … , ̅ }.

In addition, condition ( 5 ) slightly narrows the set of different admissible sets of masks { ̅1, ̅2, … , ̅ }, which is of minor importance from the point of view of security in the case of sufficiently large n. It is easy to see that the number of checks condition ( 5 ) is evaluated as = −1 ∑ =2 =

∑ =0 − 0 − 1 − = 2 − − 2.

In particular, Table 1 shows the calculated values for really applicable values. Number of checks conditions ( 5 )

As part of the study of the project of building a network of situational centers as a block algorithm for data encryption in the access demarcation system, the use of reliable cryptographic algorithms defined by the national standard D STU 7624:2014 [23] and the international standard AES [24] in the software implementation of cryptographic modules was tested key lengths of 256 bits. Both implementations had sufficient speed. Further research is planned to be directed to develop methods for reducing data processing delay time associated with the implementation of key and key mask generation procedures, as well as data encryption.

The authors thank Anatoliy Morozov, Academician of the National Academy of Sciences of Ukraine, for helpful advice and research support. [13] A. Y. Chadov, Development of requirements for a decentralized access control system. Issues of information protection, no. 3, 13–16, 2018. [14] A. Y. Chadov, Description of the formal model of the decentralized access control system, Complex information protection: materials of the XXV scientific and practical conference, Sept. 15–17, 115– 121, 2020. https://www.okbsapr.ru/library/publications/opisanie-formalnoy-modelidetsentralizovannoy-sistemy-razgranicheniya-dostupa1/ [15] A. A. Hrusho, E. E. Tymonina, Theoretical bases of information protection, Yachtsman, 1996. [16] K. Shannon, The theory of communication in secret systems, Works on the theory of information and cybernetics, ed. by R.L. Dobrushyna and O.B. Lupanova, 1963. [17] B. Schneier . Applied cryptography: protocols, algorithms and source code in C, 2nd edition .

Dialectic-Williams, 2017. ISBN: 978-5-9908462-4-1 [18] L. Harna, et al., Realizing secret sharing with general access structure, Information Sciences, vol.

367–368, 209–220, 2016. [19] H. Cramér. Mathematical Methods of Statistics, Princeton University Press, 1999. ISBN 9780691005478 [20] V. M.. Fomichev Methods of discrete mathematics in cryptology, Dialog-MYFI, 2010. [21] H. Hulak, L. Kovalchuk, Different approaches to determining random sequences, Scientific and technical collection “Legal, regulatory and metrological support of the information protection system in Ukraine,” vol. 3, 2001, 127–133. [22] I. D. Horbenko, Y. I. Horbenko, Applied cryptology: Theory. Practice. Application. Monograph.

FORT, 2012. [23] R. Oliynykov, et al., A New Encryption Standard of Ukraine: The Kalyna Block Cipher. IACR

Cryptol, 2015. [24] A. Biryukov, D. Khovratovich, Related-key Cryptanalysis of the Full AES-192 and AES-256.

Advances in Cryptology, ASIACRYPT, vol. 5912, 2009. https://doi.org/10.1007/978-3-64210366-7_1.