Dynamic deployment of context-aware access control policies for constrained security devices

Journal of Systems and Software

Volumn 84, Issue 7, 2011, Pages 1144-1159

  Preda, Stere ^a   Cuppens, Frédéric ^a   Cuppens Boulahia, Nora ^a   Garcia Alfaro, Joaquin ^a   Toutain, Laurent ^a  

^a ECOLE DES MINES DE NANTES   (France)

Author keywords

Authorization; IT security; Network security; OrBAC

Indexed keywords

AUTHORIZATION; CENTRAL-ENTITY; CONTEXT-AWARE ACCESS CONTROL; COUNTER MEASURES; DYNAMIC DEPLOYMENT; ENCRYPTED COMMUNICATION; IT SECURITY; ORBAC; POLICY EVALUATION; RESOURCE ACCESS; SECURITY COMPONENTS; SECURITY DEVICES; SECURITY POLICY; SECURITY REQUIREMENTS; STATE EVOLUTIONS; SYSTEM BEHAVIORS; SYSTEM VULNERABILITY;

ACCESS CONTROL; INFORMATION SYSTEMS; SECURITY SYSTEMS; SPECIFICATION LANGUAGES;

NETWORK SECURITY;

EID: 79956194649     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2011.02.005     Document Type: Article

References (45)

1. A. Abou el Kalam, R.E. Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Mige, C. Saurel, and G. Trouessin Organization based access control Proceedings of the IEEE 4th International Workshop on Policies for Distributed Systems and Networks Como, Italy, IEEE 2003 120 131
2. A. Abou el Kalam, Y. Deswarte, A. Baïna, and M. Kaâniche PolyOrBAC: a security framework for critical infrastructures International Journal on Critical Infrastructure Protection, Springer 2 4 2009 154 169
3. F. Autrel, F. Cuppens, N. Cuppens-Boulahia, and C. Coma MotOrBAC 2: a security policy tool Proceedings of the 3rd Joint Conference on Security in Network Architectures (SAR) and Security of Information Systems(SSI) Loctudy, France, Editions Publibook 2008 273 288
4. F. Autrel, N. Cuppens-Boulahia, and F. Cuppens Reaction policy model based on dynamic organizations and threat context Proceedings of the 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2009), vol. 5645 Canada, Lecture Notes inComputer Science, Springer 2009 49 64
5. C. Baral, and J. Lobo Formal characterization of active databases Proceedings of the International Workshop on Logic in Databases (LID'96), vol. 1154 Italy, Lecture Notes inComputer Science, Springer 1996 175 195
6. C. Baral, J. Lobo, and G. Trajcevski Formal characterization of active databases: Part II Proceedings of the 5th International Conference on Deductive and Object-Oriented Databases, vol. 1341 Montreux, Switzerland, Lecture Notes in Computer Science, Springer 1997 247 264 (Pubitemid 127157144)
7. E. Bertino, P.A. Bonatti, and E. Ferrari TRBAC: a temporal role-based access control model Proceedings of the ACM Transactions on Information and System Security (TISSEC) ACM, 4(3) 2001 191 233
8. E. Bertino, B. Catania, M.L. Damiani, and P. Perlasca Geo-RBAC: a spatially aware RBAC Proceedings of the 10th ACM Symposium on Access control Models and Technologies Stockholm, Sweden, ACM 2005 29 37 (Pubitemid 43087458)
9. D.G. Cholewka, R.A. Botha, and J.H.P. Eloff A context-sensitive access control model and prototype implementation Proceedings of the IFIP TC 11 16th Annual Working Conference on Information Security, vol. 175 Beijing, China, IFIP Conference Proceedings 2000 341 350
10. C. Coma, N. Cuppens-Boulahia, F. Cuppens, and A. Cavalli Context ontology for secure interoperability Proceedings of the 3rd International Conference on Availability, Reliability and Security (ARES 2008) Barcelona, Spain, IEEE 2008 473 486
11. M. Convington, W. Long, S. Srinivasan, A.K. Dev, M. Ahamad, and G.D. Abowd Securing context aware applications using environment roles Proceedings of the 6th ACM Symposium on Access Control Models and Technologies Chantilly, Virginia, ACM 2001 10 20
12. F. Cuppens, and N. Cuppens-Boulahia Modeling contextual security policies International Journal of Information Security (Springer) 7 4 2008 285 305
13. F. Cuppens, N. Cuppens-Boulahia, and B. Ben-Ghorbel High-level conflict management strategies in advanced access control models Proceedings of the Electronic Notes in Theoretical Computer Science (ENTCS 2007), vol. 186 Elsevier 2007 3 26 (Pubitemid 47001803)
14. F. Cuppens, and A. Mige Administration model for OrBac Proceedings of the Workshops of OTM 2003, On The Move to Meaningful Internet Systems, vol. 2889 Italy, Lecture Notes in Computer Science, Springer 2003 754 768
15. F. Cuppens, N. Cuppens-Boulahia, T. Sans, and A. Mige A formal approach to specify and deploy a network security policy Proceedings of the 2nd Workshop on Formal Aspects in Security and Trust, vol. 173 Toulouse, France, IFIP Conference Proceedings 2004 203 218
16. N. Cuppens-Boulahia, F. Cuppens, D. Abi Haidar, and H. Debar Negotiation of prohibition: an approach based on policy rewriting Proceedings of the 23rd International Information Security Conference (SEC 2008), vol. 278 Italy, IFIP Conference Proceedings 2008 173 187
17. H. Debar, Y. Thomas, F. Cuppens, and N. Cuppens-Boulahia Enabling automated threat response through the use of a dynamic security policy Journal in Computer Virology (JCV), Springer 3 3 2007 195 210 (Pubitemid 47167359)
18. H. Debar, Y. Thomas, F. Cuppens, and N. Cuppens-Boulahia Using contextual security policies for threat response Proceedings of the Third GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), vol. 4064 Berlin, Germany, Lecture Notes in Computer Science, Springer 2006 109 128 (Pubitemid 44124005)
19. R. Dewri, N. Poolsappasit, I. Ray, and D. Whitley Optimal security hardening using multi-objective optimization on attack tree models of networks Proceedings of the 14th ACM conference on Computer and communications security (CCS'07) ACM 2007 204 213
20. Ensuite framework, 2010. http://ensuite.sourceforge.net/ (accessed 27.12.10).
21. T. Franco, W. Lima, G. Silvestrin, R.C. Pereira, M.J. Almeida, B. Tarouco, L.M.R. Granville, L.Z. Beller, A. Jamhour, and E.M. Fonseca Substituting COPS-PR: an evaluation of NETCONF and SOAP for policy provisioning Proceedings of the 7th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) IEEE 2006 195 204 (Pubitemid 44888903)
22. Freeradius project, 2010. http://freeradius.org/ (accessed 27.12.10).
23. J. Garcia-Alfaro, F. Cuppens, and N. Cuppens-Boulahia Analysis of policy anomalies on distributed network security setups Proceedings of the European Symposium On Research In Computer Security (Esorics), vol. 4189 Hamburg, Germany, Lecture Notes in Computer Science, Springer 2006 496 511 (Pubitemid 44609874)
24. J. Garcia-Alfaro, N. Boulahia-Cuppens, and F. Cuppens Complete analysis of configuration rules to guarantee reliable network security policies International Journal of Information Security, Springer 7 2 2008 103 122 (Pubitemid 351493917)
25. F.J. Garcia-Clemente, G. Lopez, G. Martinez, and A.F. Gomez-Skarmeta Deployment of a policy-based management system for the dynamic provision of IPsec-based VPNs in IPv6 networks Proceedings of the 2005 Symposium on Applications and the Internet Workshops 2005 10 13
26. F.J. Garcia-Clemente, G.M. Perez, J.A. Botia-Blaya, and A.F. Gomez-Skarmeta Representing security policies in web information systems Proceedings of the 14th International WWW Conference Policy Management for the Web (PM4W) Chiba, Japan, IEEE 2005 10 16
27. M. Gupta, J. Rees, A. Chaturvedi, and J. Ch Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach. In Decision Support Systems 41 2006 592 603 (Pubitemid 43233889)
28. R. He, M. Lacoste, J. Pulou, and J. Leneutre A DSL for specifying autonomic security management strategies Proceedings of the 3rd International Workshop on Autonomous and Spontaneous Security (SETOP 2010), vol. 6514 Athens, Greece, Lecture Notes in Computer Science, Springer 2010 216 230
29. J. Homer, and X. Ou SAT-solving approaches to contextaware enterprise network security management IEEE Journal on Selected Areas in Communications 27 3 2009 315 322
30. K. Hwang, and M. Gangadhran Micro-firewalls for dynamic network security with distributed intrusion detection Proceedings of the IEEE International Symposium on Network Computing and Applications IEEE 2001 68 79
31. Jena Java Library, 2010. http://jena.sourceforge.net/ (accessed 27.12.10).
32. L. Kagal, R. Montanari, O. Lassila, and A. Toninelli A semantic context-aware access control framework for secure collaborations in pervasive computing environments Proceedings of the 5th International Semantic Web Conference (ISWC 2006), vol. 4273 Athens, GA, USA, Lecture Notes in Computer Science, Springer 2006 473 486 (Pubitemid 44892050)
33. K. Li, L. Mounier, and R. Groz Test generation from security policies specified in Or-BAC Proceedings of the 31st Annual International Computer Software and Applications Conference (COMPSAC 2007) IEEE, Beijing, China 2007 255 260 (Pubitemid 350301802)
34. Y.S. Mahajan, Z. Fu, and S. Malik Zchaff2004: an efficient SAT solver Proceedings of the 7th International Conference on Theory and Applications of Satisfiability Testing (SAT 2004) Springer 2004 360 375 (Pubitemid 41422894)
35. P. McDaniel On context in authorization policy Proceedings of the 8th ACM Symposium On Access Control Models and Technologies (SACMAT 2003) Como, Italy, ACM 2003 80 89
36. MotOrBAC website, 2010. http://motorbac.sourceforge.net/ (accessed 27.12.10).
37. X. Ou, S. Govindavajhala, and A.W. Appel MulVAL: a logic based network security analyzer. proceedings of the 14th USENIX Security Symposium, vol. 14 2005 8 23
38. S. Preda, F. Cuppens, N. Cuppens-Boulahia, J. Garcia-Alfaro, and L. Toutain Reliable process for security policy deployment Proceedings of the International Conference on Security and Cryptography Spain 2007 5 15
39. S. Preda, F. Cuppens, N. Cuppens-Boulahia, J. Garcia-Alfaro, L. Toutain, and Y. Elrakaiby A semantic context aware security policy deployment Proceedings of the ACM Symposium on Information, Computer and Communications Security Sydney, Australia, March 2009
40. Resource Description Framework, 2010. http://www.w3.org/RDF/ (accessed 27.12.10).
41. R. Sandhu, V. Bhamidipati, and Q. Munawer The ARBAC97 model for role-based administration of roles ACM Transactions on Information and System Security 2 1 1999 105 135
42. R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman Role-based access control models IEEE Computer 29 2 1996 38 47
43. Strassner, C.J., 2003. Policy-based Network Management, Solutions for the Next Generation. Morgan Kaufmann Publishers, 1st edition.
44. F. Xian, H. Jin, K. Liu, and Z. Han A mobile-agent based distributed dynamic μ Firewall architecture Proceedings of the 9th International Conference on Parallel and Distributed Systems IEEE 2002 431 436
45. Xiao, Y.L., 2004. Optimization algorithms for the minimum-cost satisfiability problem. Ph.D. Thesis. North Carolina State University.