Michael Drouineaud

Learn More
Today more and more security-relevant data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to various domains such as health care industry, digital government, and financial service institutes requiring that different security requirements must be fulfilled. Authorisation(More)
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the(More)
Security policies play an important role in today’s computer systems. We show some severe limitations of the widespread standard role-based access control (RBAC) model, namely that object-based dynamic separation of duty as introduced by Nash and Poland cannot be expressed with it. We suggest to overcome these limitations by extending the RBAC model with an(More)
Considering the current expansion of IT-infrastructure the security of the data inside this infrastructure becomes increasingly important. Therefore assuring certain security properties of IT-systems by formal methods is desirable. So far in security formal methods have mostly been used to prove properties of security protocols. However, access control is(More)
Many healthcare organizations have transited from their old and disparate business models based on ink and paper to a new, consolidated ones based on electronic patient records. There are significant demands on secure mechanisms for collaboration and data sharing among clinicians, patients and researchers through clinical information systems. In order to(More)
Demonstrating the safety of a system (ie. avoiding the undesired propagation of access rights or indirect access through some other granted resource) is one of the goals of access control research, e.g. [1-4]. However, the flexibility required from enterprise resource management (ERP) systems may require the implementation of seemingly contradictory(More)
The spreading of Ethernet TCP/IP protocol suite based communication in automation systems has raised new questions concerning data consistency and security. This paper introduces temporal-logic RBAC as a method to formalise the security relevant access constraints for an agent based control system. It also offers some examples of such formalised constraints(More)
Since its emergence in the early 1990s, role-based access control (RBAC) has gained more and more popularity. Its flexibility has been leading to a multitude of proposed access control models and mechanisms based on the role paradigm. They adapt RBAC according to the specific needs of specific settings, for example, by providing support for delegation of(More)
Employing flexible access control mechanisms, formally specifying and correctly implementing relevant security properties, and ensuring that the implementation satisfies its formal specification, are some of the important aspects towards achieving higher-level organization-wide access control that maintains the characteristics of software quality. In the(More)
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the(More)