Sharing information in the digital environment is an integral part of most people's daily lives. The spread of information is so rapid that it is often impossible to trace the source, who and from where started some gossip. Today, unfortunately, there is an unintentional dissemination of restricted information on the network due to ignorance of citizens about the limited access to it [ 1 ].

Especially now, in times of war, when any information can be key in certain issues, people just so need to know what information can be put on the network, and which in any case should not fall into the wrong hands. Unfortunately, this is another important problem in our world: people are so used to sharing their lives and emotions on social networks that they do not even think that some information can cause real harm to the state or even to themselves. Yes, the lists of information that are classified as restricted are publicly available, but there are so many that a person probably does not want to spend a lot of time analyzing all the documents. Therefore, it is important to automate the process of identifying restricted information to prevent its further dissemination [ 2 ].

The purpose of the work is to develop a model for identifying restricted information.

The first thing we need to do in this work is to determine what information is in general and what information relates to restricted information, and also why information should be restricted at all. Also in this section, need to be studied the methods of classifying information as restricted and analyze their advantages and disadvantages. 2.1.

First of all, lets define what is information itself. But it could be not so easy, because the concept of information is one of the most controversial in science and everyone understands this concept on an intuitive level. In general, information—is any messages from the world around us that we can see, hear, taste, smell or feel and our brain identifies it as useful on a conscious or subconscious level [ 3 ].

An example of the perception of information on a conscious level can be anything that makes you think and draw some conclusions: by sight, smell and taste, you can determine whether an object is edible or not spoiled; hearing certain signals, you can identify them whether dangerous or not, even while reading this text you perceive information on a conscious level. An example of subconscious perception of information is the reaction of the body to stimuli, as your brain sends signals, that you may not be even aware of, to any part of the body.

Based on this, information can be defining as a designation of the content received from the outside world in the process of our adaptation to it and the adaptation of our feelings to it. However, we are accustomed to perceive the concept of information as a message in text form as data. Usually we hear it from someone or read it from somewhere. It can be concluded that information can be stored and transmitted. The Law of Ukraine “On Information” states [ 4 ]: information—any information and/or data that can be stored on physical media or displayed in electronic form.

In order for information to facilitate the adoption of the right decisions based on it, it must meet such criteria as [ 3 ]:  Reliability is means that information corresponds to reality. Inaccurate information can lead to misunderstandings or wrong decisions. Because reliable information has the property of becoming obsolete, or failing to reflect the current state of circumstances, it may become unreliable in the future.  Completeness – information is complete if it is enough to understand the situation and make a decision. Both incomplete and superfluous information hinder decision-making or can lead to mistakes.  Timeliness is means that information is exactly what is needed at the moment, relevant, important at this time. This property of information is also called actuality.  Usefulness is the tasks that can be solved with the use of information determine its usefulness.  Clarity is the consumer who received the message might restore the meaning that the broadcaster of information invested in the message due to the clarity of the information.

According to the order of access, the information shall be divided into publicly available information and restricted information (confidential information, secret information and official (service) information) [ 4 ]. Structure of information distribution by access mode on the Fig. 1. All of that kinds of information also divided into different types that may be divided.

According to Law of Ukraine “On Personal Data Protection,” personal data is information or a set of information about an individual who is identified or can be specifically identified [ 5 ]. Understanding which person is identifiable is key. As a rule, there are no questions about such information as name, address, individual tax number. This data, individually or in combination, allows the owner of this data to clearly identify a particular person.

The situation is a bit more complicated with indirectly identifying data. For example, you buy certain products in a store and use a discount card. Information about purchased products is not in itself personal data, although it relates to an individual. After all, anyone could buy the same products in this or that store. But if you bought and used a discount card, it allows the seller to identify a specific person, so your purchase history combined with card information becomes personal data. Yes, we can say that personal data will be information about the card number, the name of its holder, the date and time of purchase, its value, as well as information about the purchased items. And this data will be protected in accordance with the law and must be collected for lawful purposes. That is, if certain information allows the owner to identify a specific person from a group of people, it can be considered personal data. Therefore, data that are not in themselves personal data become certain in certain circumstances (when they make it possible to identify a person) [ 6 ].

An interesting detail is that the law equates the concepts of confidential information and personal data. After all, according to the Law [ 4 ]: confidential information shall include information about an individual, as well as information restricted by an individual or legal entity, except for public authorities. Confidential information may be disseminated at the request (consent) of the person concerned in the manner prescribed by him in accordance with the conditions provided by him/her, as well as in other cases specified by law [ 4 ]. It should also be noted that not all information can be classified as confidential. There are many cases when different laws provide for the disclosure of certain information, such as information about positions and work contacts, disposal of budget funds, information from open registers, and so on. Therefore, the law may prohibit anyone from restricting access to certain information. In fact, the person to whom the information relates has no right to determine the mode of access to such information [ 6 ].

Experts stressed that the legislator probably assumed that in most cases an individual would not take active steps to restrict access to information about himself (as required by the definition contained in the Law “On Access to Public Information”): access to which is restricted to a natural or legal person [ 7 ]).

Thus, the state provided protection against the disclosure of certain, mostly sensitive, information even to the restriction of access to it by a natural or legal person, thus assuming the person's desire to restrict access to such information because of its “sensitivity.” At the same time, the person retains the right to decide on the disclosure of this information and not to further restrict access to it [ 8 ].

According to the Law of Ukraine “On Access to Public Information,” official (service) information may information contained [ 7 ]:  In documents of public authorities, which constitute the interagency official correspondence, in particular, reports, recommendations, if they are related to the development the direction of the institution or the implementation of control, supervisory functions of public authorities, the decision making process, and precede public discussion and/or decision-making.  Information collected in the course of operational and investigative, counterintelligence activities in the field of national defense, which is not classified as a state secret.

Article 9 of the Law [ 7 ] provides that such information may be classified as official (service). That is, the information contained in any memorandum should not automatically have the status “for official (service) use.” This is possible if the use of the “three-part test” showed that there are grounds for restricting access to it [ 7 ]. Let’s show on Fig. 2 to understand what is official (service) information more clearly.

According to the Law [ 7 ]: secret information—information to which access is restricted in accordance with the second part of Article 6 of this Law, the disclosure of which may harm the person, society and the state. Information that contains state, professional, banking, pretrial investigation secrets and other secrets provided by law shall be considered secret [ 7 ].

Let’s create a figure to visually see what main types of secret information there are (see Fig. 3.) Now let’s look on these types of secret information more closely:

1. State secrets are information in the field of defense, economics, science and technology, foreign relations, state security and law enforcement, the disclosure of which may harm the national security of Ukraine and which are recognized in accordance with the Law of Ukraine “On State Secrets,” state secrets and subject to state protection (Law of Ukraine “On State Secrets”) [ 9 ];

2. Banking secret is information on the activities and financial condition of the client, which became known to the bank in the process of customer service and relationships with him or third parties in providing bank services and disclosure of which may cause material or moral damages to the client, including [ 10 ]:  Information on the client’s bank accounts, including correspondent accounts of banks with the National Bank of Ukraine, on transactions that were carried out for the benefit or on behalf of the client, transactions carried out by him.  About the financial and economic condition of the client.  About bank and customer protection systems.  Information on the organizational and legal structure of the legal entity—the client, its leaders, activities.  Information on the client’s business or trade secret, any project, inventions, product samples and other commercial information.  Information on reporting by individual bank, except for the one to be published.  Codes used by banks to protect information, as well as information about banks or customers collected during banking supervision (Law of Ukraine “On Banks and Banking”) [ 10 ]. 3. The secrecy of the investigation is the data of the pretrial investigation [11, p. 12].

4. A lawyer’s secret is a set of information from which a citizen or legal entity has applied to a lawyer, the essence of consultations, advice, clarifications and other information obtained by a lawyer in the performance of his professional duties (Law of Ukraine “On Advocacy”) [ 12 ].

5. Notarial secrecy is a set of information obtained during a notarial act or appeal to the notary of the person concerned, including the person, his property, personal property and nonproperty rights and obligations, etc. (Law of Ukraine “On Notaries”) [ 13 ].

Consider the criteria by which information is classified as personal data, official (service) information and state secrets.

Criteria for assigning information to personal data [ 3, 5, 6 ]:  To be sent to confidential information about a person by law or by a corresponding person.  To be accurate, reliable and updated as needed, as determined by the purpose of their processing.  To be appropriate in terms of composition and content, adequate and unreliable with regard to the defined purpose of their processing.  To be processed in a form that allows identification of the individual concerned, no longer than necessary for legitimate purposes for which they were going to or were further processed.  to be processed without the consent of the subject of personal data until the receipt of the consent becomes possible to protect vital interests of the person.  The primary sources of information about an individual are: the documents issued on its name; the documents signed by it; the information which the individual provides about himself.

Criteria for assigning information to official (service) information [ 3, 7, 8 ]:  To be in lists of official (service) information, which consist of abstract categories of information that can be classified as official (service), regardless of the specific information (specific document).  To use the “three-part test” in each case where specific information is given the status “for official (service) use.”  Lists of official (service) information should be approved among all possible central authorities, ministries, services, etc.

Criteria for assigning information to state secret [ 9, 14–17 ]:  To be in the field of defense, economics, science and technology, foreign relations, state security and law enforcement.  To be in the List of Information Constituting a

State Secret (LISS) [ 14 ].  Assignment of information to a state secret is carried out by motivated decisions of the state expert on secrets.  Determination of the level and description of the threat and damage to national security (national interests) in case of nonclassification of information as a state secret.  Determining the date or event of declassification of information.  The degree of secrecy of this information.  The amount of funding for measures necessary to protect such information.  State body, local self-government body, enterprise, institution, organization or citizen who has submitted a proposal to classify this information as a state secret, and state body (bodies), which has the right to determine the range of entities that will have access to this information.  The period during which the decision to classify the information as a state secret is valid.

In this section analyze few methods of classification and assigning data to restricted information. There will be considered the following methods and models:

1. Fuzzy modeling of the linguistic variable “information” [ 18 ]. The formalization of “information” as a component of the general information security system is carried out. The theory of fuzzy sets is used for expert assessment of the definition of the rules of legal delimitation and the establishment of the appropriate category of protection of information on the content of information. The linguistic variable “information” is determined by the content of its information as: open; confidential private property; confidential state property; other secret information; state secret. For the linguistic variable, the basic scale is a hierarchical scale of authority, which is introduced on the basis of the category of information security and access rights of users. The hierarchical scale of authority is a scale of basic operations on a linguistic variable depending on the rights to access it, namely: entering or editing, viewing, modifying or saving and deleting data. Depending on the fuzzy set (consisting of the distribution described above), basic operations on a linguistic variable are performed, and the membership function determines how confident it is that an operation can be classified in this category of information security [ 18 ].

2. Method of fuzzy classification of information with limited access [ 17 ]. Proposes a method for fuzzy classification of information according to established criteria based on the theory of fuzzy sets and complex oriented information network “List of Information Constituting a State Secret” during the examination of material media for the presence of such information [ 19 ].

3. Methods of constructing an ontological hierarchy for determining the value of information [ 20 ] and Model of complex oriented information network LISS [ 21 ]. Decision-making is based on the use of specific hierarchical structures is ontologies, it is an attempt to comprehensively and in detail formalize some area of knowledge with the help of a conceptual scheme. Typically, such a scheme consists of a data structure that contains all relevant classes of objects, their exact specifications for a particular subject area, relationships and rules (theorems, constraints) adopted in this area. The level of detail in the areas of the ontological hierarchy is individual for each level and is closely related to the ability to calculate the value of information at the lowest level of the hierarchy. Yes, if the value of the lowest “atomic” cells of the hierarchy is calculated by the loss from blocking or modifying this information. In general, the value of information is determined by assessing the impact of the negative consequences of the implementation of threats to the integrity or availability of this information [ 20, 21 ].

4. Method of expert assessments [ 15, 22 ]. Expert commissions to calculates the level of potential harm to the state in areas defined by law economic damage, which means the level of reduced efficiency of the allocated funds to ensure the operation of the object due to disclosure of information about this object and an indicator that characterizes the damage to the state from other serious consequences that cannot be calculated in economic terms or value. The calculation of funds for the definition of indicators is carried out in units “specific weight” of individual important objects [ 15, 22 ].

Compare of existing models and methods for assigning data to restricted information by some characteristics in a Table 1.

–\+ + –\+ + –\+ –\+ –\+ – – –\+ + +\–

To solve this problem, a mathematical model of value formation (or basic model) is proposed, the basis of which is a tuple consisting of an identifier (ICD) of the type of restricted information (RI), as well as components such as subsets: possible parameters; possible fuzzy (linguistic) standards; current values of fuzzy parameters; basic detection rules.

To formalize the process of formation of these components, we introduce many possible types of restricted information RI, the leak (loss or disclosure) of which may harm national security in a certain period of time interval f (f is the number of the time interval = ̅1̅,̅̅̅̅̅̅̅̅ ), that is: n = {⋃ } =

i=1 (1) = { 1, 2, … , }, ( = ̅1̅̅,̅n̅) where n determines the number of possible types of restricted information, each of which is displayed by a generalized tuple: = 〈 , , , , 〉, (2) in which: RIi is ICD of the ith type restricted information; Pi is a subset of possible parameters used to determine the ith type of restricted information; Tie is a subset of possible fuzzy (linguistic) standards, reflecting the expert's judgment on the availability of basic parameters of possible damage (by type of procedure for assigning information to the restricted information) from the subset Pi to restrict access; is a subset of the current values of fuzzy parameters formed on the basis of Tie at time f ( = 1̅̅,̅̅m̅̅a̅̅x̅̅τ ) for the time interval h = f - f-1; DRi - a subset of basic detection rules (causal and spatio-temporal characteristics and features of information I), which became the basis for building a generalized scheme for classifying information according to a certain order and degree of restriction of access to species restricted information: by access order (DR1); by legal regime (DR2); by right of access (DR3); by type of secret (DR4); on the stamp of restriction of access to the material information carrier (DR5); by degrees of secrecy (DR6); by type of activity (DR7) and others (DRn).

Thus, the proposed tuple model of formation of a set of basic components (or basic tuple model), which by formalizing the procedure of restricting access to information, allows to form a set of private tuples that reflect the classification of ICD and identify basic parameters given time interval.

In the work was defined what is information and what are main characteristics of information. There are two types of information: open and restricted information. In turn, these types can also be divided into groups and subgroups, in particular restricted information can be confidential, official (service) or secret. Which are also divided into many different groups. From them it is possible to allocate some more narrowly directed kinds which have been considered in more detail, and also used for creation and testing of the model: state secrets, official (service) information and personal data.

Several models and methods of classification of restricted information were considered and analyzed, in particular fuzzy modeling of the linguistic variable, methods of building an ontological hierarchy and Method of expert assessments for State Experts on Secrets. After analyzing these methods, it was concluded that they are imperfect in the form of bias and difficulty for understanding non-professionals. Therefore, based on this, was developed a model to identify restricted information.