Evaluation of a Security Policy Based on OrBAC Model Using MotOrBAC: Application E-learning

  • Asmaa KassidEmail author
  • Najib El Kamoun
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 366)


E-learning is a new method of learning which depends on the Internet in its execution. Nowday’s e-learning’s popularity is increasing as more and more people are taking online courses. It becomes the need of the hour, since it is being used as a big platform for enhancing and upgrading knowledge by increasing flexibility in various fields and providing ways to make learning easier. However E-learning has several challenges, one of these major challenges is Information Security. The security aspect is even more important for controlling access to information resources intended to specific users depending on several predefined contexts. Defining such access control is directly related to the appliance of a control access policy, responsible of securing learning sessions in an e-learning platform.

The purpose of this paper is to propose how to adapt ORBAC (organization role based access control) model which is considered as one of the most developed access control security models, to improve the highest degree of security in a concrete e-learning scenario for educational purpose, and to prove how the expressive power and flexibility of this model work. The proposed approach is implemented and evaluated by simulation using “MotOrbac” tool in order to define its validity context and limitations for a large and extended deployment.


Access control OrBAC model Security policies E-learning platform Spatial metaphor 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    El-Khatib, K., Korba, L., Xu, Y., Yee, G.: Privacy and Security in E-Learning. International Journal of Distance Education, Institute for Information Technology, National Research Council Canada, vol. 1, Number 4 (2003)Google Scholar
  2. 2.
    Kumar, S., Kamlesh, D.: Investigation on Security in LMS Moodle. Proceedings of International Journal of Information Technology and Knowledge Management, 233–238 (2011). Kurukshetra University, Kurukshetra, IndiaGoogle Scholar
  3. 3.
    Lampson, B.: Protection. In: 5th Princeton Symposium on Information Sciences and Systems, Mars, pp. 437–443 (1971)Google Scholar
  4. 4.
    Bell, D., La Padula, L., et al.: Secure computer systems: Unified exposition and multics interpretation. Technical Report ESD TR73-306, The MITRE Corporation, Mars (1976)Google Scholar
  5. 5.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  6. 6.
    Thomas, R.: TMAC: a primitive for applying RBAC in collaborative environment. In: 2nd ACM, Workshop on RBAC, Fairfax, Virginia, USA, pp. 13–19, November 1997Google Scholar
  7. 7.
    Thomas, R., Sandhu, R., et al.: Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: 11th IFIP Working Conference on Database Security, Lake Tahoe, California, USA, pp. 166–181 (1997)Google Scholar
  8. 8.
    Bousmah, M., Elkamoun, N., Berraissoul, A.: Conception et réalisation d’un environnement virtuel d’apprentissage collaboratif, orienté métaphore spatiale, couplé avec un système observateur d’usage. In: Proceedings of the 6th IEEE International Conference on Advanced Learning Technologies, July 2006. IEEE Computer Society, Kerkrade (2006)Google Scholar
  9. 9.
    Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy, June 2003Google Scholar
  10. 10.
  11. 11.
    Cuppens, F., Cuppens-Boulahia, N.: Modeling Contextual Security Policies. International Journal of Information Security 7(4), 285–305 (2007)CrossRefGoogle Scholar
  12. 12.
    Autrel, F., Cuppens, F., Cuppens-Boulahia, N., Coma, C.: MotOrBAC 2: a security policytool. In: 3rd Conference on Security in Network Architectures and Information Systems (SAR-SSI 2008), Loctudy, France, pp. 273–288 (2008)Google Scholar
  13. 13.
  14. 14.
    El Kalam, A., Deswarte, Y., Baina, A., Kaaniche, M., et al.: Access control for collaborative systems: a web services based approach. In: IEEE International Conference on Web Services (ICWS 2007), pp. 1064–1071 (2007)Google Scholar
  15. 15.
    Baina, A.: Contrôle d’Accès pour les Grandes Infrastructures Critiques: Application au réseau d’énergie électrique. Thèse de doctorat, Université de Toulouse, Septembre 29, 2009Google Scholar
  16. 16.
    Madani, M.A., Erradi, M.: Network Security and Systems (JNS2), 2012 Networking and Distributed Systems Research Group, SIME Lab University Mohammed V-Souissi, ENSIAGoogle Scholar

Copyright information

© Springer Science+Business Media Singapore 2016

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  1. 1.STIC LaboratoryChouaib Doukkali UniversityEl JadidaMorocco

Personalised recommendations