Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
SRDS '98 Proceedings of the The 17th IEEE Symposium on Reliable Distributed Systems
Intrusion damage control and assessment: a taxonomy and implementation of automated responses to intrusive behavior
Obligation Policies: An Enforcement Platform
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
High Level Conflict Management Strategies in Advanced Access Control Models
Electronic Notes in Theoretical Computer Science (ENTCS)
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
Modeling contextual security policies
International Journal of Information Security
Expression and Deployment of Reaction Policies
SITIS '08 Proceedings of the 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems
A contextual role-based access control authorization model for electronic patient record
IEEE Transactions on Information Technology in Biomedicine
Dynamic deployment of context-aware access control policies for constrained security devices
Journal of Systems and Software
Hi-index | 0.00 |
The tasks a system administrator must fulfill become more and more complex as information systems increase in complexity and connectivity. More specifically, the problem of the expression and update of security requirements is central. Formal models designed to express security policies have proved to be necessary since they provide non ambiguous semantics to analyze them. However, such models as RBAC or OrBAC are not used to express reaction requirements which specify the reaction policy to enforce when intrusions are detected. We present in this article an extension of the OrBAC model by defining dynamic organizations and threat contexts to enable the expression and enforcement of reaction requirements.