The proposed and realized protection circuits of information in SODAS are very diverse, which is caused in essence by the selection of the most convenient and easily attained method of the control of access, i.e., by a change in the functional properties of system. As the classification sign for the protection circuits it is possible to select their functional properties. On the basis of this sign for the protection circuits it is possible to select their functional properties. On the basis of the sign are separated the systems: without the protection circuits, with the overall protection, with the united protection circuit, from programmed by protection circuit and system with the classifying. In some systems there is no mechanism, which impedes user in the access to any information, which is stored in the system. It is characteristic that the majority of the most common and widely used abroad SODAS with batch processing do not have a mechanism of protection. However, such systems contain the usually developed apparatus for detection and averting of errors, which guarantees the exception of the destruction of the regime of functioning. In the systems with the overall protection the mutual isolation of users, disrupted only for the information of general use is ensured (for example, the library of general use). In the separate systems of the means of work with the libraries of general use they make it possible to include the information of users, which also becomes general property in them. In the systems with the united protection circuit for each file the list of the authorized users is created. Furthermore, in connection with each file are indicated the resolved regimes of its use: reading, record or fulfillment, if this file is program. The basic concepts of protection here are sufficiently simple; however, their realization sufficiently complex. In the systems from programmed by protection circuit is provided for the mechanism of the protection of data taking into account the specific requirements of user, for example, the limitation of the calendar time of the work of the work of system, access only to the average values of the file of data, the local protection of the separate elements of the massif of data, etc. In such systems the user must have a possibility to isolate the protected objects and subsystems. The protected subsystem is covokupnost6 programs and data, the right of access to which allotted only the entering the subsystem programs. Turning to these programs is possible, in turn, only at the previously limited points. Thus, the programs of subsystem check access to the protected objects. A similar mechanism of protection with different modifications is realized only in the most perfect SODAS. In the systems with the classifying are solved not questions of the limitation of the access of programs to the information, but control over further use of the obtained information is achieved for example, in the system of the use of secrecy classifications on the documents heading serves as information about the measure of control. V OF SODAS this protection circuit it is used rarely. Distinctive special feature of the protection circuits - their dynamicity examined, i.e., the possibility of introduction and changing the rules of access to the data in the process of the work of system. However, the guarantee of dynamicity of protection circuits considerably complicates their realization. Questions of the organization of the protection of information must be solved already at the predesign stage of the development OF SODAS. One should consider that the infiltration into the system would grow with an increase in the value of access to information of that limited access. At this point necessary to clearly present the possibility of potential disturber so that it is superfluous not "to make heavier" system. Experience of designing the protective systems is still insufficient. However, already it is possible to make some generalizations. Errors in the protection can be to a considerable extent lowered, if we with the design consider the following basic principles of the construction of the protective system.
1. Simplicity of the mechanism of protection. This principle is well known, but it is not always deeply realized. Actually, some errors, not revealed in the course of design and realization, they make it possible to find the disregarded ways of access. Therefore the thorough testing of the program or circuit device for protection is necessary, but in practice this checking is possible only for the simple and compact diagrams.
2. in the mechanism of the protection of permission they must predominate above the prohibitions. But this means that under normal conditions the access must be absent and for the work of protection circuit the conditions are necessary, when the access becomes possible. Furthermore it is considered that the prohibition of access in the absence of special indications ensures the high degree of reliability of the mechanism of protection the error in protection circuit, based on the use of permissions, it leads to the expansion of the sphere of influence of prohibitions. This error to more easily reveal, and it will not destroy overall status of protection.
3. Control must be universal. This principle assumes the need of checking the authority of any turning to any object and it is the basis of the protective system. The task of control of access taking into account this principle must be solved at the system-wide level and for such operating modes as starting, restoration after failure, disconnection and preventive maintenance. In this case it is necessary to ensure the reliable determination of the source of any turning to data.
4. Mechanism of protection cannot make secret, i.e. it does not have sense to make secret the details of the realization of the protective system, intended for the wide use. The effectiveness of protection must not depend on how potential disturbers are experimental, since too much more simply ensure the protection of the list of passwords (keys). No connection between the mechanism of protection and the passwords makes it possible to make if necessary for protection circuit by an object of wide discussion among the specialists, without affecting in this case the interests of users.
5. Separation of authorities, i.e., the application of several keys of protection. In SODAS the presence of several keys of protection is convenient when right to the access is determined by fulfilling of a number of conditions.
6. Minimum authorities for any program and any user must be determined the minimum circle of the authorities, necessary for fulfilling the assigned work. Because of these actions the damage, caused with the failures and the random disturbances, to a considerable extent decreases. Furthermore, the reduction of the number of exchanges of the data between the privileged programs to the necessary minimum decreases the probability of the unpremeditated, undesirable or erroneous application of authorities. Thus, if protection circuit makes it possible to arrange "barriers" in the system, then the principle of minimum authorities ensures the most rational arrangement of these "barriers".
7. Maximum isolation of the mechanism of protection. For purposes of the exception of the exchanges of information between the users with the design of protection circuit one should reduce the number of parameters general for several users and characteristics of the mechanism of protection to the minimum. Despite the fact that the functions of the operating system of the permission of access overlap, the system of the permission of access must be constructed as the isolated program module, i.e. protection must be isolated from the control functions of data. The fulfillment of this principle makes it possible to program the system of the permission of access as the autonomous batch of programs with the subsequent independent fixing and the checking. The batch of programs must be placed for the work in the protected field of memory in order to ensure system localization of attempts at the penetration from without. Even attempt at the penetration from the side of the programs of operating system must automatically be fixed, be documented and reject, if call is executed incorrectly. It is natural that as a result of the realization of the self-contained mechanism of protection can grow the scopes of program and periods to its development, arise duplicating controlling and auxiliary program, and also need for the development of the independent caused functions.
8. Psychological attractiveness. Protection circuit must be in the realization of simple. Naturally, the more precisely coincides the idea of user about the protection circuit with its actual possibilities, the less the errors appear in the process of application. The use of some artificial languages with the turning to protection circuit usually serves as the source of addition.