FIELD: computer engineering.
SUBSTANCE: technical result is achieved through steps of generating a secure file containing a label which determines file access policies, wherein the label is a set of metadata; receiving a request to perform an action with a protected file in the file system from a user application using an OS I/O manager; intercepting said request sent to OS I/O manager using filtering driver and performing its processing, during which the label data set is recognized and obtained, and the label access policies are compared with the user application data, wherein if the action with the file is allowed during said check, then control is transferred from the filtering driver to the file system driver; processing the request using the file system driver and performing the action contained in said request; returning control to the filtering driver from the file system driver and informing it about the completion of the request processing by the file system driver; returning control to the OS I/O manager from the filtering driver; if action with the file is prohibited during said check, then access to the file is blocked and control is returned to the OS I/O manager from the filtering driver.
EFFECT: higher security of access to confidential information in OS.
5 cl, 7 dwg
