Organization based access control

@article{Kalam2003OrganizationBA,
  title={Organization based access control},
  author={Anas Abou El Kalam and Salem Benferhat and Alexandre Mi{\`e}ge and Rania El Baida and Fr{\'e}d{\'e}ric Cuppens and Claire Saurel and Philippe Balbiani and Yves Deswarte and Gilles Trouessin},
  journal={Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks},
  year={2003},
  pages={120-131}
}
  • A. A. E. Kalam, S. Benferhat, G. Trouessin
  • Published 4 June 2003
  • Computer Science
  • Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks
None of the classical access control models such as DAC, MAC, RBAC, TBAC or TMAC is fully satisfactory to model security policies that are not restricted to static permissions but also include contextual rules related to permissions, prohibitions, obligations and recommendations. This is typically the case of security policies that apply to the health care domain. We suggest a new model that provides solutions to specify such contextual security policies. This model, called organization based… 

Figures from this paper

An access control framework for hybrid policies
TLDR
The method is based on a generic UML meta-model of access control called CatBAC (Category Based Access Control), together with a refinement process for the extraction of security requirements from high level policies.
Toward a generic access control model
TLDR
A generic model of access control is proposed that allows defining each authorization rule in an abstract manner (high level language) and these abstract policies can be mapped into low level concrete policies written according to the model adopted by the organization.
Automatic Conformance Checking of Role-Based Access Control Policies via Alloy
TLDR
A tool for constructing role-based access control (RBAC) policies, which are automatically checked for conformance with constraints described using predicate logic, is described.
Expressing Access Control Policies with an Event-Based Approach
TLDR
EB 3 SEC is presented, a language used to formally model and interpret access control policies in information systems and includes a process algebra, so dynamic access control constraints such as obligations and dynamic separation of duty can be easily expressed.
Modeling contextual security policies
TLDR
This paper presents a taxonomy of different types of context and investigates the data the information system must manage in order to deal with these different contexts and explains how to model and evaluate them in the OrBAC model.
Integrating non elementary actions in access control models
TLDR
An analysis of security policies that involves actions with different levels of granularity is proposed and it is shown how to integrate complex actions in access control models.
A prioritized-based approach to handling conflicts in access control
  • S. Benferhat, R. Baida
  • Computer Science
    16th IEEE International Conference on Tools with Artificial Intelligence
  • 2004
TLDR
This work deals with the problem of handling conflicts in the OrBAC system, modeled by first order logic knowledge bases, and shows that the "blind" application of propositional approaches to inconsistent first order knowledge bases can lead to undesirable conclusions.
Specification and Verification of Access Control Policies in EB3SEC: Work in Progress
TLDR
This paper presents how to use eb3sec to express two kinds of access control constraints : permissions and prohibitions, and provides algorithms to verify that the model of the policy do not lead to deadlock.
A dynamic access control model
TLDR
The proposed dynamic access control model is based on description logic augmented with a default and an exception (ε) operator to capture context features to allow of composed context, the addition of new context and the deduction of new authorization depending on context.
On the Possibilistic Handling of Priorities in Access Control Models
TLDR
This paper proposes to add to OrBAC model a new entity, called priority, that encodes different forms of uncertainty that may be encountered in security rules, and proposes different combination rules that allow to derive concrete permissions from prioritized abstract permissions.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 28 REFERENCES
Supporting multiple access control policies in database systems
TLDR
A flexible authorization mechanism that can support different security policies is proposed that permits negative and positive authorizations, authorizations that must be strongly obeyed andAuthorizations that allow for exceptions, and enforces ownership together with delegation of administrative privileges.
Role-Based Access Control Models
TLDR
Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management
TLDR
By taking a task-oriented view of access control and authorizations, TBAC lays the foundation for research into a new breed of “active” security models that are required for agent-based distributed computing and workflow management.
Supporting relationships in access control using role based access control
TLDR
This paper furthers the concept of relationships for use in access control, and it shows how relationships can be supported in role based access decisions by using the Object Management Group’s (OMG) Resource Access Decision facility (RAD).
The Ponder Policy Specification Language
The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It
TRBAC: a temporal role-based access control model
TLDR
Temporal-RBAC (TRBAC), an extensions of the RBAC model, supports both periodic activations and deactivations of roles, and temporal dependencies among such actions, expressed by means of role triggers.
Formal specification for role based access control user/role and role/role relationship management
TLDR
The paper defines the semantics of Admin Tool operations, and shows that, given a consistent RBAC Database and an operation which meets specified conditions, theRBAC Database remains consistent after the operation is performed.
Models for coalition-based access control (CBAC)
TLDR
The protection state of a system is defined, which provides the semantics of CBAC-based access policies, and some of the issues for coalition access policy development and administration are briefly examined.
Proposed NIST standard for role-based access control
TLDR
Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers.
A Type/Domain Security Policy for Internet Transmission, Sharing, and Archiving of Medical and Biological Data
TLDR
A security model to regulate the exchange and pooling of medical information over a wide-area distributed system and is designed to supplement other security policies regulating access to information at a finer granularity within each of the organizations taking part in the exchange.
...
1
2
3
...