Abstract
Access control models are important tools for modelling security policies. They allow to limit the access to sensitive data to only authorized users. This paper focuses on organization-based access control (OrBAC) model which represents a generic framework for compactly representing general security policies rules. More precisely, we propose to add to OrBAC model a new entity, called priority, that encodes different forms of uncertainty that may be encountered in security rules. These priorities will be modelled in possibility theory which represents a natural framework for handling uncertain information. We propose different combination rules that allow to derive concrete permissions from prioritized abstract permissions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Harrison MA, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19(8):461–471
Lampson BW Protection. In: Proceedings of fifth annual Princeton conference on information sciences and systems, Princeton University, pp 437–443 March 1971
Sutherland D (1986) A model of information. In: processing of the 9th national computer security conference. National bureau of standards and national computer security center, pp 175–183 Sept 1986
Ferraiolo DF, Ravi S, Serban G, Richard KD, Ramaswamy C (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4(3):224–274
Gavrila SI Barkley JF (1996) Formal specification for role based access control user/role and role/role relationship management. Third ACM workshop on role-based, pp 81–90, 22–23 Oct 1996
Ravi S, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47
Kalam AEL, Baida REL, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miège A, Saurel C, Trouessin G (2003) Organization based access control. 4th IEEE international workshop on policies for distributed systems and networks (Policy’03), 4–6 June 2003
Dubois D, Lang J, Prade H (1994) Possibilistic logic. Handbook of Logic in artificial intelligence and logic programming, vol 3. Oxford University Press, Oxford, pp 439–513
Thomas R, Sandhu R (1997) Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. 11th IFIP working conference on database security, Lake Tahoe
Bell DE, LaPadula LJ (1976) Secure computer systems: unified exposition and multics interpretation. Technical Report ESD-TR-73-306. The MITRE Corporation, Technical Report, March 1976
Biba KJ (1975) Integrity considerations for secure computer systems. Technical Report TR-3153, The Mitre Corporation, Bedford, June 1975
Thomas R (1997) Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proceedings of the second ACM workshop on Role-based access control, no. RBAC ‘97, pp 13–19
Cuppens F, Miège A (2003) Modelling contexts in the Or-BAC Model. 19th annual computer security applications conference (ACSAC ‘03), Dec 2003
Cuppens F, Cuppens-Boulahia N, Coma C (2006) MotOrBAC: an administration and simulation tool of security policies. Security in network architectures (SAR) and Security of information systems (SSI), first joint conference, 6–9 June 2006
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Benferhat, S., Bouriche, K., Ouzarf, M. (2014). On the Possibilistic Handling of Priorities in Access Control Models. In: Sun, F., Li, T., Li, H. (eds) Foundations and Applications of Intelligent Systems. Advances in Intelligent Systems and Computing, vol 213. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37829-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-37829-4_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37828-7
Online ISBN: 978-3-642-37829-4
eBook Packages: EngineeringEngineering (R0)