Reaction Policy Model Based on Dynamic Organizations and Threat Context

Authors:
Fabien Autrel;Nora Cuppens-Boulahia;Frédéric Cuppens
Affiliations:
Telecom-Bretagne, Cesson Sévigné, (France) 35576;Telecom-Bretagne, Cesson Sévigné, (France) 35576;Telecom-Bretagne, Cesson Sévigné, (France) 35576
Venue:
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Year:
2009

Citing 10
Cited 1

Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Organization based access control

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Cyber-Intrusion Response

SRDS '98 Proceedings of the The 17th IEEE Symposium on Reliable Distributed Systems
Intrusion damage control and assessment: a taxonomy and implementation of automated responses to intrusive behavior

Intrusion damage control and assessment: a taxonomy and implementation of automated responses to intrusive behavior
Obligation Policies: An Enforcement Platform

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
High Level Conflict Management Strategies in Advanced Access Control Models

Electronic Notes in Theoretical Computer Science (ENTCS)
A taxonomy of intrusion response systems

International Journal of Information and Computer Security
Modeling contextual security policies

International Journal of Information Security
Expression and Deployment of Reaction Policies

SITIS '08 Proceedings of the 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems
A contextual role-based access control authorization model for electronic patient record

IEEE Transactions on Information Technology in Biomedicine

Dynamic deployment of context-aware access control policies for constrained security devices

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

The tasks a system administrator must fulfill become more and more complex as information systems increase in complexity and connectivity. More specifically, the problem of the expression and update of security requirements is central. Formal models designed to express security policies have proved to be necessary since they provide non ambiguous semantics to analyze them. However, such models as RBAC or OrBAC are not used to express reaction requirements which specify the reaction policy to enforce when intrusions are detected. We present in this article an extension of the OrBAC model by defining dynamic organizations and threat contexts to enable the expression and enforcement of reaction requirements.