An approach based on model-driven engineering to define security policies using OrBAC

Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Volumn , Issue , 2013, Pages 324-332

  Muñante, Denisse ^a   Gallon, Laurent ^a   Aniorté, Philippe ^a  

^a UNIVERSITÉ DE PAU ET DES PAYS DE L'ADOUR   (France)

Author keywords

Assessment of access control policies; Model driven security; OrBAC; UMLsec

Indexed keywords

ACCESS CONTROL POLICIES; MODEL-DRIVEN ENGINEERING; MODEL-DRIVEN SECURITIES; ORBAC; POTENTIAL CONFLICT; SECURITY BREACHES; SECURITY POLICY; UMLSEC;

SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 84892399582     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2013.44     Document Type: Conference Paper

References (16)

1. L. Me and Y. Deswarte: Securite des systemes d'information, LAVOISIER, ISBNN 2-7462-1259-5, Paris, France, 2006.
2. A. Miege: Definition of a formal framework for specifying security policies. The Or-BAC model and extensions, PhD Thesis to Ecole Nationale Superieure des Telecommunications, 2005
3. J. Jurjens: UMLsec: extending UML for secure systems development. The Unified Modeling Language, Model Engineering, Languages Concepts and Tools, Fifth International Conference, 2002
4. T. Lodderstedt and D. Basin and J. Doser: SecureUML: A UML-Based Modeling Language for Model-Driven Security. The Unified Modeling Language, Model Engineering, Languages Concepts and Tools, Fifth International Conference, 2002
5. N. Slimani and H. Khambhammettu and K. Adi and L. Logrippo: UACML: Unified Access Control Modeling Language. NTMS, 4th IFIP International Conference, February 2011
6. F. Cuppens and A. Miege: Modelling contexts in the Or-BAC model. 19th Annual Computer Security Applications Conference, December 2003
7. F. Cuppens and N. Cuppens-Boulahia and A. Miege: Inheritance hierarchies in the Or-BAC model and application in a network environment. Second Foundations of Computer Security Workshop (FCS'04), 2004
8. F. Cuppens and N. Cuppens-Boulahia and M. Ben Ghorbel: High level conflict management strategies in advanced access control models. Electronic Notes in Theoretical Computer Science (ENTCS), vol 186, pages 3-26, June 2007
9. M. Ben Ghorbel and F. Cuppens and N. Cuppens-Boulahia and A. Bouhoula: Managing Delegation in Access Control Models. Managing Delegation in Access Control Models CoRR, 2010
10. D. Abi Haidar and N. Cuppens-Boulahia and F. Cuppens and H. Debar: An Extended RBAC Profile of XACML. Proceedings of the 3rd ACM workshop on Secure web services (SWS'06), 2006
11. D. Munante and P. Aniorte: A Proposal for Handling Non-Functional Aspects with a Model-Driven Engineering Approach. Journal of School Mines of the University National of Colombia, DYNA , vol 79, nb 173-I, pages 43-52, 2012
12. M. Graa and N. Cuppens-Boulahia and F. Autrel and H. Azkia and F. Cuppens and G. Coatrieux and A. Cavalli and A. Mammar: Using Requirements Engineering in an Automatic Security Policy Derivation Process. 4th SETOP International Workshop on Autonomous and Spontaneous Security, 2011
13. T. Mouelhi and F. Fleurey and B. Baudry and Y. Le Traon: A Model-Based Framework for Security Policy Specification, Deployment and Testing. 10th MODELS International Conference on MDE Languages and Systems, 2008
14. F. Autrel, F. Cuppens, N. Cuppens-Boulahia, C. Coma: MotOrBAC 2: a security policy tool. Third Joint Conference on Security in Networks Architectures and Security of Information Systems (SARSSI'08), 2008
15. JR. Sandhu and EJ. Coyne and HJ. Feinstein and CE. Youman: Role-Based Access Control Models. IEEE Computer, vol 29, nb 2, pages 38-47, 1996
16. R. Anderson: Security Engineering: a Guide to Building Dependable Distributed Systems. John Wiley and Sons, 2001