Modeling contextual security policies

被引:0
|
作者
Frédéric Cuppens
Nora Cuppens-Boulahia
机构
[1] GET/ENST Bretagne,
来源
International Journal of Information Security | 2008年 / 7卷
关键词
Security policy; Context awareness; Access control; OrBAC;
D O I
暂无
中图分类号
学科分类号
摘要
As computer infrastructures become more complex, security models must provide means to handle more flexible and dynamic requirements. In the Organization Based Access Control (OrBAC) model, it is possible to express such requirements using the notion of context. In OrBAC, each security rule (permission, prohibition, obligation or dispensation) only applies in a given context. A context is viewed as an extra condition that must be satisfied to activate a given security rule. In this paper, we present a taxonomy of different types of context and investigate the data the information system must manage in order to deal with these different contexts. We then explain how to model and evaluate them in the OrBAC model.
引用
收藏
页码:285 / 305
页数:20
相关论文
共 50 条
  • [21] Security Aspects: A Framework for Enforcement of Security Policies using AOP
    Ayed, Samiha
    Idrees, Muhammad Sabir
    Cuppens-Boulahia, Nora
    Cuppens, Frederic
    Pinto, Monica
    Fuentes, Lidia
    2013 INTERNATIONAL CONFERENCE ON SIGNAL-IMAGE TECHNOLOGY & INTERNET-BASED SYSTEMS (SITIS), 2013, : 301 - 308
  • [22] On the implementation of security policies with adaptative encryption
    Manzanares, Antonio Izquierdo
    Camara, Jose M. Sierra
    Marquez, Joaquin Torres
    COMPUTER COMMUNICATIONS, 2006, 29 (15) : 2750 - 2758
  • [23] Dynamic Management of Security Policies in PrivOrBAC
    El Mokhtari, Jihane
    Kalam, Anas Abou El
    Benhaddou, Siham
    Leroy, Jean-Philippe
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2021, 12 (06) : 693 - 701
  • [24] A process algebraic approach to security policies
    Ryan, P
    Arnesen, RR
    RESEARCH DIRECTIONS IN DATA AND APPLICATIONS SECURITY, 2003, 128 : 301 - 312
  • [25] Formal Verification and Visualization of Security Policies
    Wahsheh, Luay A.
    de Leon, Daniel Conte
    Alves-Foss, Jim
    JOURNAL OF COMPUTERS, 2008, 3 (06) : 22 - 31
  • [26] Formal and efficient enforcement of security policies
    Langar, A
    Mejri, M
    FCS '05: Proceedings of the 2005 International Conference on Foundations of Computer Science, 2005, : 143 - 149
  • [27] Research on security policies integration model
    Liu Xin
    Li Hongwei
    Han Zhen
    2006 8TH INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING, VOLS 1-4, 2006, : 2579 - +
  • [28] Formal Policies for Flexible EHR Security
    Blobel, Bernd
    Pharow, Peter
    MEDICAL AND CARE COMPUNETICS 3, 2006, 121 : 307 - +
  • [29] MANAGEMENT OF SECURITY POLICIES IN VIRTUAL ORGANISATIONS
    Aziz, Benjamin
    Arenas, Alvaro
    Johnson, Ian
    Artac, Matej
    Cernivec, Ales
    Robinson, Philip
    SECRYPT 2010: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2010, : 467 - 477
  • [30] Specification and verification of security policies in firewalls
    Jalili, R
    Rezvani, M
    EURASIA-ICT 2002: INFORMATION AND COMMUNICATION TECHNOLOGY, PROCEEDINGS, 2002, 2510 : 154 - 163
12345