Abstract
Security of information systems is an increasingly critical issue. Access control is a crucial technique ensuring security. It should be based on an effective model. Even if some approaches have already been proposed, a comprehensive model, flexible enough to cope with real organizations, is still missing. This paper proposes a new access control model, FORBAC, which deals with the following issues: The first one is the adaptability to various kinds of organization. The second one concerns increasing flexibility and reducing errors and management cost, this is done by introducing a set of components which allow fine-grained and multi-level permission assignment. The paper introduces a framework for evaluating the proposed approach with respect to other related research through views, facets and criteria.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahn, G.J., Sandhu, R.: Role-based Authorization Constraints Specification. ACM Trans. Inf. and Sys. Sec. 3(4) (2000)
Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: NISSC (2000); ACM Trans. Inf. and Sys. Sec., 4(3), 191–233 (2001)
Barrios, J.: Une méthode pour la définition de l’impact organizationnel du changement, Thèse de Doctorat de l’Université Paris1 (2001)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Unified exposition and multics interpretation. Technical Report ESD-TR-73-306, The MITRE Corporation (1976)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC:A Temporal Role-Based Access Control Model
Biba, K.J.: Integrity for secure computer systems. Technical report MTR-3153, The MITRE Corporation. ACM Trans. Inf. and Sys. Sec. 4(3), 191–233 (2001)
Cuppens, F., Miège, A.: Administration model for Or-bac. In: International Federated Conferences (OTM 2003), Workshop on Metadata for Security, Italy, November, vol. 3(7), pp. 754–768 (2003)
Ferraiolo, D., Kuhn, R.: Role-Based Access Control. In: Proceedings of 15th NIST-NCSC National Computer Security Conference, Baltimore, MD, pp. 554–563 (1992)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Trans. Inf. and Sys. Sec. 4(3), 222–274 (2001)
Frederick, G., Daniel, M., Sandra, S., Carol, G.: Information Technology Control and Audit. Auerbach publications (2004)
Georgiadis, C.K., Mavridis, I., Pangalos, G., Thomas, R.K.: Flexible Team-based Access Control Using Contexts. In: ACM RBAC Workshop, Chantilly, VA, USA (2001)
Goncalves, G., Hémery, F.: Des cas d’utilisation en UML la gestion de rôles dans un système d’information. Actes du Congrès INFORSID, France (2000)
Harisson, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communication of the ACM 19(8), 461–471 (1976)
Jarke, M., Mylopoulos, J., Smith, J.W., Vassilio, Y.: DAIDA - An environment for evolving information systems. ACM Trans. on Inf. Sys. 10(1) (1992)
Jarke, M., Pohl, K.: Requirement engineering: an integrated view of representation, process and domain. In: Proc. of the 4th European Soft. Conf. Springer, Heidelberg (1993)
Jarke, M., Rolland, C., Sutcliffe, A., Dömges, R.: The NATURE Requirements Engineering. Shaker Verlag, Aachen (1999)
Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1) (2005)
Kalam, A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: POLICY 2003, Italie (2003)
Nurcan, S., Barrios, J., Rolland, C.: Une méthode pour la définition de l’impact organisationnel du changement. ISI, N spécial, INFORSID (2002)
Oh, S., Sandhu, R.: A Model for Role administration using Organization Structure. In: Proc. of the 7th ACM SACMAT, California, pp. 155–162 (2002)
Prieto-Diaz, R., Freeman, F.: Classifying software reusability. IEEE Software (1987)
Sandhu, R.: Future Directions in Role-Based Access Control Models. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052. Springer, Heidelberg (2001)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.E.: Role Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Si-Said Cherfi, S.: Proposition pour la modélisation et le guidage des processus d’analyse des systèmes d’information. Thèse de Doctorat Université Paris 1 (1999)
Smith, R.E.: Authentication From Passwords to Public Keys. Addison-Wesley, Reading (2002)
Thomas, R., Sandhu, R.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In: 11th IFIP Working Conference on Database Security, Lake Tahoe, USA (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Saidani, O., Nurcan, S. (2006). FORBAC: A Flexible Organisation and Role-Based Access Control Model for Secure Information Systems. In: Yakhno, T., Neuhold, E.J. (eds) Advances in Information Systems. ADVIS 2006. Lecture Notes in Computer Science, vol 4243. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11890393_38
Download citation
DOI: https://doi.org/10.1007/11890393_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46291-0
Online ISBN: 978-3-540-46292-7
eBook Packages: Computer ScienceComputer Science (R0)