PolyOrBAC: A security framework for Critical Infrastructures

International Journal of Critical Infrastructure Protection

Volumn 2, Issue 4, 2009, Pages 154-169

  Abou El Kalam, A ^a   Deswarte, Y ^b,c   Baina A ^b,c   Kaaniche M ^b,c  

^a UNIVERSITÉ DE TOULOUSE   (France)

^b LAAS CNRS   (France)

^c INSA   (France)

Author keywords

Access control policies and models; Collaboration; Critical Infrastructure; Interoperability; Security

Indexed keywords

ACCESS CONTROL POLICIES; ACCESS CONTROL POLICIES AND MODELS; CRITICAL INFORMATION; CRITICAL INFRASTRUCTURE; ELECTRIC POWER GRIDS; INFORMATION AND COMMUNICATION; INTERNAL SECURITY; RUNTIMES; SECURITY CHALLENGES; SECURITY FRAMEWORKS; SECURITY ISSUES; SECURITY RULES; SIMULATION TESTS;

COMMUNICATION SYSTEMS; EQUIPMENT TESTING; INTEROPERABILITY; NETWORK SECURITY; POWER GENERATION; PUBLIC WORKS; SECURITY SYSTEMS; SIMULATORS;

ACCESS CONTROL;

EID: 71949097552     PISSN: 18745482     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijcip.2009.08.005     Document Type: Article

References (44)

1. Rinaldi S.M., Peerenboom J.P., and Kelly T.K. Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems, Control of Complex Networks 21 6 (2001) 11-64
2. Laprie J.C., Kanoun K., and Kaâniche M. Modelling interdependencies between the electricity and information infrastructures. SAFECOMP. LNCS vol. 4680/2008 (2007), Springer, Nuremburg, Germany 57-67
3. Massoud A. North America's electricity infrastructure: Are we ready for more perfect storms?. IEEE Security and Privacy 1 5 (2003) 19-25
4. A. Abou El Kalam, Y. Deswarte, A. Baina, M. Kaâniche, Access control for collaborative systems: A web services based approach, in: IEEE Intl Conf. on Web Services, ICWS, Salt Lake City (Utah, USA), July 2007, pp. 11-64, 9-13
5. Baina A., Abou El Kalam A., and Deswarte Y. A collaborative access control framework for critical infrastructures. In: Papa M., and Shenoi S. (Eds). Proc. of the Critical Infrastructure Protection II (2008), Springer 189-201
6. Abou El Kalam A., and Deswarte Y. Critical infrastructures security modeling, enforcement and runtime checking. 3rd International Workshop on Critical Information Infrastructures Security (CRITIS'08). October 13-15. LNCS vol. 5508/2009 (2008), Springer, Rome, Italy 95-108. http://dx.doi.10.1007/978-3-642-03552-4%5F9 doi:10.1007/978-3-642-03552-4_9
7. Abou El Kalam A., and Deswarte Y. Poly-OrBAC: An access control model fior inter-organizational web services. Handbook of Research on Semantic Technologies and Web Services (2009), IGI-Global. 978-1-60566-650-1
8. Alturi V., Bertino E., and Ferrari E. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security (1999)
9. Atluri V., Adam N.R., and Huang W.-K. Modeling and analysis of workflows using petri nets. Workflow and Process Management. Journal of Intelligent Information Systems (1998) (special issue)
10. D. Lin, P. Rao, E. Bertino, N. Li, J. Lobo, Policy decomposition for collaborative access control, in: 13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, ACM Digital Library, 2008, pp. 103-112
11. OASIS, XACML profile for Role Based Access Control, Committee Draft 01, 13 February 2004
12. E. Bertino, S. Jajodia, P. Samarati, Flexible support for multiple access control policies, ACM Transaction on Database Systems, 26 (2) 214-260
13. Demeanor N., Delay N., Lupus E., and Sloan M. The ponder policy specification language. International Workshop on Policies for Distributed Systems and Networks (2001), IEE Computer Society Press, Bristol, UK 18-38
14. M. Lorch, S. Proctor, R. Lepro, M. Field, S. Shah, First experiences using XACML for access control in distributed systems, in: ACM Workshop on XML Security, Fairfax, VA 2003
15. C. Sturm, K.R. Dittrich, P. Ziegler, An access control mechanism for P2P collaborations, in: International Workshop on Data Management in Peer to Peer Systems, Nantes, France. ACM, pp. 51-58
16. M. Shehab, E. Bertino, A. Ghafoor, Secure collaboration in mediator-free environments, in: 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, ACM Digital Library, 2005, pp. 58-67
17. Pearlman L., Welch V., Foster I., and Kesselman C. A community authorization service for group collaboration. Third International Workshop on Policies for Distributed Systems and Networks (2002), IEEE computer society 50-59
18. A. Abou El Kalam, Y. Deswarte, Multi-OrBAC: A new access control model for distributed, heterogeneous and collaborative systems, in: IEEE Symp. on Systems and Information Security, Sao Paulo, Brazil, 2006
19. F. Cuppens, N. Cuppens-Boulahia, C. Coma, O2O: Virtual private organizations to manage security policy interoperability, in: Second International Conference on Information Systems Security, ICISS 2006, India, December 17-21, 2006
20. A. Abou El Kalam, R. El Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miege, C. Saurel, G. Trouessin, Organization based access control, in: Proc. of IEEE 4th Intl Workshop on Policies for Distributed Systems and Networks, POLICY, Lake Come, Italy, (Utah, USA), June 2003, pp. 120-134
21. Sandhu R.S., Coyne E.J., Feinstein H.L., and Youman C.E. Role-based access control models. IEEE Computer 29 2 (1996) 38-47
22. Ferraiolo D., Sandhu R.S., Gavrila S., Kuhn D., and Chandramouli R. A proposed standard for role-based access control. ACM Transactions on Information and System Security 4 3 (2001)
23. W3C, XML, W3C Recommendation, February 2004
24. W3C, SOAP, W3C Recommendation, June 2003
25. W3C, WSDL, W3C Candidate Recommendation, March 2006
26. OASIS, UDDI, UDDI Specifications TC, February 2005
27. K. Beznosov, Y. Deng, A framework for implementing role-based access control using CORBA security service, in: 4th ACM Workshop on Role-Based Access Control, October 28-29, 1999, Fairfax, VA, USA, pp. 19-30
28. N. Vuong, G. Smith, Y. Deng, Managing security policies in a distributed environment using eXtensible markup language, in: ACM Symposium on Applied Computing, Las Vegas, Nevada, United States, 2001, pp. 405-411
29. X. Feng, L. Guoyuan, X. Xuzhou, Role-based access control system for web services, in: 4th International Conference on Computer and Information Technology, CIT'04, Wuhan, China, 14-16 September 2004, pp. 357-362
30. Leune K., Van W., and Heuvel H. A methodology for developing role-based access control to web-services. Infolab Technical Report Series vol. 11 (2002)
31. Alur R., and Dill D.L. A theory of timed automata. Theoretical Computer Science 126 2 (1994) 183-235
32. Bettini C., Jajodia S., Wang X.S., and Wijesekera D. Obligation monitoring in policy management. International Workshop on Policies for Distributed Systems and Networks. (Policy), Monterey, CA, 5-7 June (2002), IEEE Computer Society Press 2-12
33. Q. Ni, E. Bertino, J. Lobo, An Obligation model bridging access control policies and privacy policies, in: 13th ACM SACMAT, Estes Park, CO, USA, June 11-13, 2008
34. M. Hilty, A. Pretschner, D. Basin, C. Schaefer, T. Walter, A policy language for distributed usage control, in: 12th European Symposium On Research In Computer Security, ESORICS, Dresden, Germany, September 24-26, 2007
35. OASIS, eXtensible Access Control Markup Language TC v2.0, Normative XACML 2.0 documents
36. Verissimo, Neves N.F., Correia M., Deswarte Y., Abou El Kalam A., Bondavalli A., and Daidone A. The CRUTIAL architecture for critical information infrastructures. Architecting Dependable Systems V. LNCS vol. 5135 (2008), Springer 1-27
37. F. Garrone, C. Brasca, D. Cerotti, D. Codetta Raiteri, A. Daidone, G. Deconinck, S. Donatelli, G. Dondossola, F. Grandoni, M. Kaaniche, T. Rigole, Analysis of new control applications, in: CRUTIAL project, Deliverable D2, January 2007
38. Organization for the advancement of structured information standards (2006), in: OASIS Web Services Security TC, Web Services Security v1.1 (WS-Security), February 2006
39. UPPAAL, Tool available at: http://www.uppaal.com
40. Larsen K.G., Pettersson P., and Yi W. UPPAAL in a nutshell. Journal of Software Tools for Technology Transfer 1 1-2 (1997) 134-152
41. Berard B., Bidiot M., Finkel A., Larousinie F., Petit A., Petrucci L., Schnoebelen Ph., and McKenzie P. Systems and software verification, model checking techniques and tools (2001), Springer. 3-540-41523-8
42. E. Totel, J.P. Blanquart, Y. Deswarte, D. Powell, Supporting multiple levels of criticality, in: 28th IEEE Fault Tolerant Computing Symposium, FTCS-28, Munich, Germany, June 1998, pp. 70-79
43. M. Ben Ghorbel, F. Cuppens, N. Cuppens-Boulahia, A. Bouhoula, Managing delegation in access control models. in: 15th International Conference on Advanced Computing and Communication, ADCOM'07, Guwahati, India, December 18-21, 2007
44. Abou El Kalam A., and Balbiani P. A policy language for modelling recommendations. IFIP TC-11 International Information Security Conference. IFIP SEC 2009, Cyprus, May 18-20 (2009), Springer