Theoretical Computer Science
Role-Based Access Control Models
Computer
Modeling and Analysis of Workflows Using Petri Nets
Journal of Intelligent Information Systems - Special issue on workflow management systems
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A framework for implementing role-based access control using CORBA security service
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Managing security policies in a distributed environment using eXtensible markup language (XML)
Proceedings of the 2001 ACM symposium on Applied computing
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
First experiences using XACML for access control in distributed systems
Proceedings of the 2003 ACM workshop on XML security
Role-Based Access Control System for Web Services
CIT '04 Proceedings of the The Fourth International Conference on Computer and Information Technology
Secure collaboration in mediator-free environments
Proceedings of the 12th ACM conference on Computer and communications security
Policy decomposition for collaborative access control
Proceedings of the 13th ACM symposium on Access control models and technologies
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
An access control mechanism for P2P collaborations
DaMaP '08 Proceedings of the 2008 international workshop on Data management in peer-to-peer systems
The CRUTIAL Architecture for Critical Information Infrastructures
Architecting Dependable Systems V
North America's Electricity Infrastructure: Are We Ready for More Perfect Storms?
IEEE Security and Privacy
Critical Infrastructures Security Modeling, Enforcement and Runtime Checking
Critical Information Infrastructure Security
O2O: virtual private organizations to manage security policy interoperability
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Modelling interdependencies between the electricity and information infrastructures
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
A policy language for distributed usage control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
In critical infrastructures (CIs), different organizations must cooperate, while being mutually suspicious since they have different interests and can be in competition on some markets. Moreover, in most cases, there is no recognized authority that can impose global security rules to all participating organizations. In such a context, it is difficult to apply good security practices to the interconnected information systems that control the critical infrastructure. In this paper, we present the PolyOrBAC security framework, aimed at securing global infrastructures while preserving each participating organization's autonomy. In this framework, each organization is able to protect its assets by defining its own security policy and enforcing it by its own security mechanisms, and the global infrastructure is protected by controlling and auditing all interactions between participating organizations. PolyOrBAC helps to satisfy the CII security requirements related to secure cooperation, autonomy and confidentiality, monitoring and audit, and scalability.