On the Possibilistic Handling of Priorities in Access Control Models

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 213)


Access control models are important tools for modelling security policies. They allow to limit the access to sensitive data to only authorized users. This paper focuses on organization-based access control (OrBAC) model which represents a generic framework for compactly representing general security policies rules. More precisely, we propose to add to OrBAC model a new entity, called priority, that encodes different forms of uncertainty that may be encountered in security rules. These priorities will be modelled in possibility theory which represents a natural framework for handling uncertain information. We propose different combination rules that allow to derive concrete permissions from prioritized abstract permissions.


Possibility theory Possibilistic logic OrBAC 


  1. 1.
    Harrison MA, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19(8):461–471Google Scholar
  2. 2.
    Lampson BW Protection. In: Proceedings of fifth annual Princeton conference on information sciences and systems, Princeton University, pp 437–443 March 1971Google Scholar
  3. 3.
    Sutherland D (1986) A model of information. In: processing of the 9th national computer security conference. National bureau of standards and national computer security center, pp 175–183 Sept 1986Google Scholar
  4. 4.
    Ferraiolo DF, Ravi S, Serban G, Richard KD, Ramaswamy C (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4(3):224–274CrossRefGoogle Scholar
  5. 5.
    Gavrila SI Barkley JF (1996) Formal specification for role based access control user/role and role/role relationship management. Third ACM workshop on role-based, pp 81–90, 22–23 Oct 1996Google Scholar
  6. 6.
    Ravi S, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47CrossRefGoogle Scholar
  7. 7.
    Kalam AEL, Baida REL, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miège A, Saurel C, Trouessin G (2003) Organization based access control. 4th IEEE international workshop on policies for distributed systems and networks (Policy’03), 4–6 June 2003Google Scholar
  8. 8.
    Dubois D, Lang J, Prade H (1994) Possibilistic logic. Handbook of Logic in artificial intelligence and logic programming, vol 3. Oxford University Press, Oxford, pp 439–513Google Scholar
  9. 9.
    Thomas R, Sandhu R (1997) Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. 11th IFIP working conference on database security, Lake TahoeGoogle Scholar
  10. 10.
    Bell DE, LaPadula LJ (1976) Secure computer systems: unified exposition and multics interpretation. Technical Report ESD-TR-73-306. The MITRE Corporation, Technical Report, March 1976Google Scholar
  11. 11.
    Biba KJ (1975) Integrity considerations for secure computer systems. Technical Report TR-3153, The Mitre Corporation, Bedford, June 1975Google Scholar
  12. 12.
    Thomas R (1997) Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proceedings of the second ACM workshop on Role-based access control, no. RBAC ‘97, pp 13–19Google Scholar
  13. 13.
    Cuppens F, Miège A (2003) Modelling contexts in the Or-BAC Model. 19th annual computer security applications conference (ACSAC ‘03), Dec 2003Google Scholar
  14. 14.
    Cuppens F, Cuppens-Boulahia N, Coma C (2006) MotOrBAC: an administration and simulation tool of security policies. Security in network architectures (SAR) and Security of information systems (SSI), first joint conference, 6–9 June 2006Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Salem Benferhat
    • 1
  • Khalid Bouriche
    • 1
    • 2
  • Mohamed Ouzarf
    • 2
  1. 1.CRIL-CNRS, Centre de recherche en informatique de LensUniversité d’ArtoisLens CedexFrance
  2. 2.Département de l’informatique FST de FezUniversity Sidi Mohamed Ben Abdellah (USMBA)FèsMaroc

Personalised recommendations