Evaluation of a Security Policy Based on OrBAC Model Using MotOrBAC: Application E-learning
E-learning is a new method of learning which depends on the Internet in its execution. Nowday’s e-learning’s popularity is increasing as more and more people are taking online courses. It becomes the need of the hour, since it is being used as a big platform for enhancing and upgrading knowledge by increasing flexibility in various fields and providing ways to make learning easier. However E-learning has several challenges, one of these major challenges is Information Security. The security aspect is even more important for controlling access to information resources intended to specific users depending on several predefined contexts. Defining such access control is directly related to the appliance of a control access policy, responsible of securing learning sessions in an e-learning platform.
The purpose of this paper is to propose how to adapt ORBAC (organization role based access control) model which is considered as one of the most developed access control security models, to improve the highest degree of security in a concrete e-learning scenario for educational purpose, and to prove how the expressive power and flexibility of this model work. The proposed approach is implemented and evaluated by simulation using “MotOrbac” tool in order to define its validity context and limitations for a large and extended deployment.
KeywordsAccess control OrBAC model Security policies E-learning platform Spatial metaphor
Unable to display preview. Download preview PDF.
- 1.El-Khatib, K., Korba, L., Xu, Y., Yee, G.: Privacy and Security in E-Learning. International Journal of Distance Education, Institute for Information Technology, National Research Council Canada, vol. 1, Number 4 (2003)Google Scholar
- 2.Kumar, S., Kamlesh, D.: Investigation on Security in LMS Moodle. Proceedings of International Journal of Information Technology and Knowledge Management, 233–238 (2011). Kurukshetra University, Kurukshetra, IndiaGoogle Scholar
- 3.Lampson, B.: Protection. In: 5th Princeton Symposium on Information Sciences and Systems, Mars, pp. 437–443 (1971)Google Scholar
- 4.Bell, D., La Padula, L., et al.: Secure computer systems: Unified exposition and multics interpretation. Technical Report ESD TR73-306, The MITRE Corporation, Mars (1976)Google Scholar
- 6.Thomas, R.: TMAC: a primitive for applying RBAC in collaborative environment. In: 2nd ACM, Workshop on RBAC, Fairfax, Virginia, USA, pp. 13–19, November 1997Google Scholar
- 7.Thomas, R., Sandhu, R., et al.: Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: 11th IFIP Working Conference on Database Security, Lake Tahoe, California, USA, pp. 166–181 (1997)Google Scholar
- 8.Bousmah, M., Elkamoun, N., Berraissoul, A.: Conception et réalisation d’un environnement virtuel d’apprentissage collaboratif, orienté métaphore spatiale, couplé avec un système observateur d’usage. In: Proceedings of the 6th IEEE International Conference on Advanced Learning Technologies, July 2006. IEEE Computer Society, Kerkrade (2006)Google Scholar
- 9.Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy, June 2003Google Scholar
- 12.Autrel, F., Cuppens, F., Cuppens-Boulahia, N., Coma, C.: MotOrBAC 2: a security policytool. In: 3rd Conference on Security in Network Architectures and Information Systems (SAR-SSI 2008), Loctudy, France, pp. 273–288 (2008)Google Scholar
- 14.El Kalam, A., Deswarte, Y., Baina, A., Kaaniche, M., et al.: Access control for collaborative systems: a web services based approach. In: IEEE International Conference on Web Services (ICWS 2007), pp. 1064–1071 (2007)Google Scholar
- 15.Baina, A.: Contrôle d’Accès pour les Grandes Infrastructures Critiques: Application au réseau d’énergie électrique. Thèse de doctorat, Université de Toulouse, Septembre 29, 2009Google Scholar
- 16.Madani, M.A., Erradi, M.: Network Security and Systems (JNS2), 2012 Networking and Distributed Systems Research Group, SIME Lab University Mohammed V-Souissi, ENSIAGoogle Scholar
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (http://creativecommons.org/licenses/by-nc/2.5/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.