Abstract
The organization-based access control (OrBAC) model is an access control model that helps evaluate the security policies of organizations. OrBAC affords a high degree of expressiveness and scalability. The model, however, does not readily express integrity constraints. Integrity is one of the most important properties for critical infrastructure systems, mainly due to their criticality and low tolerance of corruption and alterations. This paper describes an extension of OrBAC, called Integrity-OrBAC (I-OrBAC), which models integrity attributes associated with critical infrastructure systems. I-OrBAC facilitates the modeling of multiple integrity levels to express the requirements of different critical infrastructure organizations. An example security policy is presented to demonstrate the expressiveness of the model.
Chapter PDF
Similar content being viewed by others
References
A. Abou El Kalam, S. Benferhat, A. Miege, R. El Baida, F. Cuppens, C. Saurel, P. Balbiani, Y. Deswarte and G. Trouessin, Organization based access control, Proceedings of the Fourth International Workshop on Policies for Distributed Systems and Networks, pp. 120–131, 2003.
A. Abou El Kalam, Y. Deswarte, A. Baina and M. Kaaniche, PolyOrBAC: A security framework for critical infrastructures, International Journal of Critical Infrastructure Protection, vol. 2(4), pp. 154–169, 2009.
A. Baina, A. Abou El Kalam, Y. Deswarte and M. Kaaniche, Collaborative access control framework for critical infrastructures, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 189–201, 2008.
D. Bell and L. LaPadula, Secure Computer Systems: Unified Exposition and Multics Interpretation, Technical Report ESD-TR-75-306, MITRE Corporation, Bedford, Massachusetts, 1975.
S. Benferhat, R. El Baida and F. Cuppens, A stratification-based approach for handling conflicts in access control, Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 189–195, 2003.
K. Biba, Integrity Considerations for Secure Computer Systems, Technical Report ESD-TR-76-372, MITRE Corporation, Bedford, Massachusetts, 1977.
M. Bishop, Computer Security: Art and Science, Addison-Wesley, Boston, Massachusetts, 2003.
D. Brewer and M. Nash, The Chinese Wall security policy, Proceedings of the IEEE Symposium on Security and Privacy, pp. 206–214, 1988.
D. Clark and D. Wilson, A comparison of commercial and military computer security policies, Proceedings of the IEEE Symposium on Security and Privacy, pp. 184–195, 1987.
N. Essaouini, A. Abou El Kalam and A. Ait Ouahman, Access control policy: A framework to enforce recommendations, International Journal of Computer Science and Information Technologies, vol. 2(5), pp. 2452–2463, 2011.
D. Ferraiolo and D. Kuhn, Role based access control, Proceedings of the Fifteenth National Computer Security Conference, pp. 554–563, 1992.
D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn and R. Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security, vol. 4(3), pp. 224–274, 2001.
J. Goguen and J. Meseguer, Security policies and security models, Proceedings of the IEEE Symposium on Security and Privacy, pp. 11–20, 1982.
M. Krause and H. Tipton, Handbook of Information Security Management, Auerbach Publications, Boca Raton, Florida, 1998.
B. Lampson, Protection, Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems, pp. 437–443, 1971.
R. Sandhu and J. Park, Usage control: A vision for next generation access control, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, pp. 17–31, 2003.
E. Totel, J. Blanquart, Y. Deswarte and D. Powell, Supporting multiple levels of criticality, Proceedings of the Twenty-Eighth IEEE Fault Tolerant Computing Symposium, pp. 70–79, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ameziane El Hassani, A., Abou El Kalam, A., Ait Ouahman, A. (2012). Integrity-Organization Based Access Control for Critical Infrastructure Systems. In: Butts, J., Shenoi, S. (eds) Critical Infrastructure Protection VI. ICCIP 2012. IFIP Advances in Information and Communication Technology, vol 390. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35764-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-35764-0_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35763-3
Online ISBN: 978-3-642-35764-0
eBook Packages: Computer ScienceComputer Science (R0)