MDAOrBAC: An MDA Security Framework Based OrBAC Access Control Policies

Securing Critical Infrastructures form unauthorized access to information and system resources became one of the important areas of research last years. In this paper, we present a new approach using the MDA approach to design and generate OrBAC access control policies. The aim of our work is to provide a complete package, a visual model to define a security policy based on OrBAC model, to generate access control rules based XMI files, to use MotOrBAC engine to validate the policy and generate concrete security rules.

[1]  Ying Zheng,et al.  Study on the access control model , 2011, Proceedings of 2011 Cross Strait Quad-Regional Radio Science and Wireless Technology Conference.

[2]  Amine Baina,et al.  Towards a Model Driven Security for critical infrastructures using OrBAC , 2014, 2014 International Conference on Multimedia Computing and Systems (ICMCS).

[3]  Ching-Ting Lin,et al.  A GIS-based simulator for CIIP interdependency analysis , 2010, 2010 International Computer Symposium (ICS2010).

[4]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Yashwant Singh,et al.  Model Driven Architecture: A Perspective , 2009, 2009 IEEE International Advance Computing Conference.

[7]  Anas Abou El Kalam,et al.  Access Control for Collaborative Systems: A Web Services Based Approach , 2007, IEEE International Conference on Web Services (ICWS 2007).

[8]  Youssef Laarouchi,et al.  MultiLevel-OrBAC: Multi-Level Integrity management in organization based access control framework , 2012, 2012 International Conference on Multimedia Computing and Systems.

[9]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[10]  A. Ait Ouahman,et al.  Integrity-OrBAC: An OrBAC enhancement that takes into account integrity , 2013, 2013 8th International Conference on Intelligent Systems: Theories and Applications (SITA).

[11]  Bai Qing-hai Study on the Access Control Model in Information Security , 2011 .

[12]  Djamel Khadraoui,et al.  Critical infrastructure security modelling and RESCI-MONITOR: A risk based critical infrastructure model , 2011, 2011 IST-Africa Conference Proceedings.

[13]  Denisse Muñante Arzapalo,et al.  An Approach Based on Model-Driven Engineering to Define Security Policies Using OrBAC , 2013, 2013 International Conference on Availability, Reliability and Security.

[14]  Anas Abou El Kalam,et al.  PolyOrBAC: A security framework for Critical Infrastructures , 2009, Int. J. Crit. Infrastructure Prot..