Collaborative Access Control For Critical Infrastructures

  • Amine Baina
  • Anas Abou El Kalam
  • Yves Deswarte
  • Mohamed Kaaniche
Conference paper
Part of the The International Federation for Information Processing book series (IFIPAICT, volume 290)

A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.


Access control policies models collaboration interoperability 


  1. 1.
    A. Abou El Kalam, S. Benferhat, A, Miege, R. El Baida, F. Cuppens, C. Saurel, P. Balbiani, Y. Deswarte and G. Trouessin, Organization based access control, Proceedings of the Fourth IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 120–134, 2003.Google Scholar
  2. 2.
    A. Abou El Kalam, Y. Deswarte, A. Baina and M. Kaaniche, Access control for collaborative systems: A web services based approach, Proceedings of the IEEE International Conference on Web Services, pp. 1064–1071, 2007.Google Scholar
  3. 3.
    W. Adams and N. Davis, Toward a decentralized trust-based access control system for dynamic collaboration, Proceedings of the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 317–324, 2005.Google Scholar
  4. 4.
    M. Amin, North America's electricity infrastructure: Are we ready for more perfect storms? IEEE Security and Privacy, vol. 1(5), pp. 19–25, 2003.CrossRefGoogle Scholar
  5. 5.
    D. Bell and L. LaPadula, Secure Computer Systems: Unified Exposition and MULTICS Interpretation, Technical Report ESD-TR-75-306, MTR-2997 Rev. 1, MITRE Corporation, Bedford, Massachusetts, 1976.Google Scholar
  6. 6.
    T. Bray, J. Paoli, C. Sperberg-McQueen, E. Maler, F. Yergeau and J. Cowan (Eds.), Extensible Markup Language (XML) 1.1, Recommendation, World Wide Web Consortium, Cambridge, Massachusetts (, 2004.Google Scholar
  7. 7.
    G. Brose, A view-based access control model for CORBA, in Secure Internet Programming: Security Issues for Mobile and Distributed Objects (LNCS 1603), J. Vitek and C. Jensen, Springer-Verlag, London, United Kingdom, pp. 237–252, 2001.Google Scholar
  8. 8.
    L. Clement, A. Hately, C. von Riegen and T. Rogers (Eds.), UDDI Version 3.0.2, Organization for the Advancement of Structured Information Standards, Billerica, Massachusetts (, 2005.Google Scholar
  9. 9.
    F. Cuppens, N. Cuppens-Boulahia, T. Sans and A. Miege, A formal approach to specify and deploy a network security policy, in Formal Aspects in Security and Trust, T. Dimitrakos and F. Martinelli (Eds.), Springer, Berlin-Heidelberg, Germany, pp. 203–218, 2004.Google Scholar
  10. 10.
    G. Dondossola, G. Deconinck, F. Di Giandomenico, S. Donatelli, M. Kaaniche and P. Verissimo, Critical utility infrastructural resilience, Proceedings of the Workshop on Security and Networking in Critical Real-Time and Embedded Systems, 2006.Google Scholar
  11. 11.
    D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn and R. Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security, vol. 4(3), pp. 224–274, 2001.CrossRefGoogle Scholar
  12. 12.
    T. Fink, M. Koch and C. Oancea, Specification and enforcement of access control in heterogeneous distributed applications, Proceedings of the International Conference on Web Services, pp. 88–100, 2003.Google Scholar
  13. 13.
    F. Garrone, C. Brasca, D. Cerotti, D. Codetta Raiteri, A. Daidone, G. Deconinck, S. Donatelli, G. Dondossola, F. Grandoni, M. Kaaniche and T. Rigole, Analysis of New Control Applications, Deliverable D2, The CRU-TIAL Project, CESI Ricerca, Milan, Italy ( /files/Documents/Deliverables%20P1/WP1-D2-final.pdf), 2007.Google Scholar
  14. 14.
    M. Harrison, W. Ruzzo and J. Ullman, Protection in operating systems, Communications of the ACM, vol. 19(8), pp. 461–471, 1976.MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    J. Laprie, K. Kanoun and M. Kaaniche, Modeling interdependencies between the electricity and information infrastructures, Proceedings of the Twenty-Sixth International Conference on Computer Safety, Reliability and Security, pp. 54–67, 2007.Google Scholar
  16. 16.
    M. Lorch, S. Proctor, R. Lepro, D. Kafura and S. Shah, First experiences using XACML for access control in distributed systems, Proceedings of the ACM Workshop on XML Security, pp. 25–37, 2003.Google Scholar
  17. 17.
    N. Kavantzas, D. Burdett, G. Ritzinger, T. Fletcher, Y. Lafon, and C. Bar-reto (Eds.), Web Services Choreography Description Language Version 1.0, Candidate Recommendation, World Wide Web Consortium, Cambridge, Massachusetts (, 2006.Google Scholar
  18. 18.
    A. Miege, Definition of a Formal Framework for Specifying Security Policies: The OrBAC Model and Extensions, Ph.D. Thesis, Department of Computer Science, Ecole Nationale Superieure des Telecommunications (TELECOM ParisTech), Paris, France, 2005.Google Scholar
  19. 19.
    N. Mitra (Ed.), SOAP Version 1.2, Recommendation, World Wide Web Consortium, Cambridge, Massachusetts (, 2003.Google Scholar
  20. 20.
    S. Oh and S. Park, Task-role-based access control model, Information Systems, vol. 28(6), pp 533–562, 2003.CrossRefzbMATHGoogle Scholar
  21. 21.
    S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol. 21(6), pp. 11–25, 2001.CrossRefGoogle Scholar
  22. 22.
    R. Sandhu, E. Coyne, H. Feinstein and C. Youman, Role-based access control models, IEEE Computer, vol. 29(2), pp. 38–47, 1996.CrossRefGoogle Scholar
  23. 23.
    K. Seamons, T. Chan, E. Child, M. Halcrow, A. Hess, J. Holt, J. Jacobson, R. Jarvis, A. Patty, B. Smith, T. Sundelin and L. Yu, TrustBuilder: Negotiating trust in dynamic coalitions, Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 2, pp. 49–51, 2003.Google Scholar
  24. 24.
    E. Totel, J. Blanquart, Y. Deswarte and D. Powell, Supporting multiple levels of criticality, Proceedings of the Twenty-Eighth Annual Symposium on Fault Tolerant Computing, pp. 70–79, 1998.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Amine Baina
    • 1
  • Anas Abou El Kalam
    • 1
  • Yves Deswarte
    • 1
  • Mohamed Kaaniche
    • 1
  1. 1.France

Personalised recommendations