Towards a Model Driven Security for critical infrastructures using OrBAC

In this paper, we use Model Driven Security (MDS) in order to build secure systems. MDS is based on Model Driven Architecture (MDA). In fact, designers are required to only specify system models along with their security requirements; the system architecture is automatically generated from the model. First, we propose a MDS model of the Organization-Based Access Control (OrBAC) model using the MDA modeling framework Eclipse Modeling Framework (EMF). Then, we present a case study in which we choose the Electrical Grid as Critical Infrastructure (CI) to illustrate our approach.

[1]  F. Cleveland Enhancing the Reliability and Security of the Information Infrastructure Used to Manage the Power System , 2007, 2007 IEEE Power Engineering Society General Meeting.

[2]  Frank Budinsky,et al.  Eclipse Modeling Framework , 2003 .

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  James E. Rumbaugh,et al.  Unified Modeling Language (UML) , 2010, Encyclopedia of Software Engineering.

[5]  Yashwant Singh,et al.  Model Driven Architecture: A Perspective , 2009, 2009 IEEE International Advance Computing Conference.

[6]  Anas Abou El Kalam,et al.  Access Control for Collaborative Systems: A Web Services Based Approach , 2007, IEEE International Conference on Web Services (ICWS 2007).

[7]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[8]  David A. Basin Model driven security , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[9]  Dejan Simic,et al.  A Novel Approach to Building Secure Systems , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[10]  David A. Basin,et al.  A decade of model-driven security , 2011, SACMAT '11.

[11]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[12]  Anas Abou El Kalam,et al.  PolyOrBAC: A security framework for Critical Infrastructures , 2009, Int. J. Crit. Infrastructure Prot..

[13]  A. Ait Ouahman,et al.  Integrity-OrBAC: An OrBAC enhancement that takes into account integrity , 2013, 2013 8th International Conference on Intelligent Systems: Theories and Applications (SITA).

[14]  Michael Weiss XML Metadata Interchange , 2009, Encyclopedia of Database Systems.

[15]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[16]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[17]  F. Autrel,et al.  MotOrBAC 2 : a security policy tool , 2008 .

[18]  Denisse Muñante Arzapalo,et al.  An Approach Based on Model-Driven Engineering to Define Security Policies Using OrBAC , 2013, 2013 International Conference on Availability, Reliability and Security.

[19]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[20]  Djamel Khadraoui,et al.  Critical infrastructure security modelling and RESCI-MONITOR: A risk based critical infrastructure model , 2011, 2011 IST-Africa Conference Proceedings.