Modeling contextual security policies

被引:0
作者
Frédéric Cuppens
Nora Cuppens-Boulahia
机构
[1] GET/ENST Bretagne,
来源
International Journal of Information Security | 2008年 / 7卷
关键词
Security policy; Context awareness; Access control; OrBAC;
D O I
暂无
中图分类号
学科分类号
摘要
As computer infrastructures become more complex, security models must provide means to handle more flexible and dynamic requirements. In the Organization Based Access Control (OrBAC) model, it is possible to express such requirements using the notion of context. In OrBAC, each security rule (permission, prohibition, obligation or dispensation) only applies in a given context. A context is viewed as an extra condition that must be satisfied to activate a given security rule. In this paper, we present a taxonomy of different types of context and investigate the data the information system must manage in order to deal with these different contexts. We then explain how to model and evaluate them in the OrBAC model.
引用
收藏
页码:285 / 305
页数:20
相关论文
共 50 条
  • [31] Specification and verification of security policies in firewalls
    Jalili, R
    Rezvani, M
    EURASIA-ICT 2002: INFORMATION AND COMMUNICATION TECHNOLOGY, PROCEEDINGS, 2002, 2510 : 154 - 163
  • [32] A Generic Model for Delegation in Security Policies
    Abbassi, Ryma
    El Fatmi, Sihem Guemara
    2009 FIRST INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND NETWORKING (COMNET 2009), 2009, : 125 - 132
  • [33] Runtime Enforcement of Dynamic Security Policies
    Horcas, Jose-Miguel
    Pinto, Monica
    Fuentes, Lidia
    SOFTWARE ARCHITECTURE, ECSA 2014, 2014, 8627 : 340 - 356
  • [34] Probabilistic Cost Enforcement of Security Policies
    Mallios, Yannis
    Bauer, Lujo
    Kaynar, Dilsun
    Martinelli, Fabio
    Morisset, Charles
    SECURITY AND TRUST MANAGEMENT, STM 2013, 2013, 8203 : 144 - 159
  • [35] Formal Specification and Validation of Security Policies
    Bourdier, Tony
    Cirstea, Horatiu
    Jaume, Mathieu
    Kirchner, Helene
    FOUNDATIONS AND PRACTICE OF SECURITY, 2011, 6888 : 148 - +
  • [36] Security Mapping to Enhance Matching Fine-Grained Security Policies
    Ben Brahim, Monia
    Ben Jemaa, Maher
    Jmaiel, Mohamed
    NETWORKED DIGITAL TECHNOLOGIES, PT 1, 2010, 87 : 183 - 196
  • [37] Security policies in OSI-management experiences from the DeTeBerkom project BMSec
    Grimm, R
    Hetschold, T
    COMPUTER NETWORKS AND ISDN SYSTEMS, 1996, 28 (04): : 499 - 511
  • [38] ASPIRE: An Intermediate Representation for Abstract Security Policies
    Bhamidipati, Padmaja
    Vemuri, Ranga
    2023 36TH INTERNATIONAL CONFERENCE ON VLSI DESIGN AND 2023 22ND INTERNATIONAL CONFERENCE ON EMBEDDED SYSTEMS, VLSID, 2023, : 175 - 180
  • [39] The Impact of Corporate Culture in Security Policies - A Methodology
    Filho, Edmo L.
    Hashimoto, Gilberto T.
    Rosa, Pedro F.
    de Souza, Joao H. P.
    Chaves, Albene Teixeira
    PROCEEDINGS OF ICNS 2011: THE SEVENTH INTERNATIONAL CONFERENCE ON NETWORKING AND SERVICES, 2011, : 98 - 103
  • [40] Validation of IS Security Policies Featuring Authorisation Constraints
    Ledru, Yves
    Idani, Akram
    Milhau, Jeremy
    Qamar, Nafees
    Laleau, Regine
    Richier, Jean-Luc
    Labiadh, Mohamed Amine
    INTERNATIONAL JOURNAL OF INFORMATION SYSTEM MODELING AND DESIGN, 2015, 6 (01) : 24 - 46
12345