The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Formal Characterizations of Active Databases: Part II
DOOD '97 Proceedings of the 5th International Conference on Deductive and Object-Oriented Databases
A Context-Sensitive Access Control Model and Prototype Implementation
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Formal Characterization of Active Databases
LID '96 Proceedings of the International Workshop on Logic in Databases
On context in authorization policy
Proceedings of the eighth ACM symposium on Access control models and technologies
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
A Mobile-Agent based Distributed Dynamic µFirewall Architecture
ICPADS '02 Proceedings of the 9th International Conference on Parallel and Distributed Systems
Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection
NCA '01 Proceedings of the IEEE International Symposium on Network Computing and Applications (NCA'01)
GEO-RBAC: a spatially aware RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
SAINT-W '05 Proceedings of the 2005 Symposium on Applications and the Internet Workshops
Substituting COPS-PR: An Evaluation of NETCONF and SOAP for Policy Provisioning
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Policy-Based Network Management: Solutions for the Next Generation (The Morgan Kaufmann Series in Networking)
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
High Level Conflict Management Strategies in Advanced Access Control Models
Electronic Notes in Theoretical Computer Science (ENTCS)
Test Generation from Security Policies Specified in Or-BAC
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Optimal security hardening using multi-objective optimization on attack tree models of networks
Proceedings of the 14th ACM conference on Computer and communications security
Complete analysis of configuration rules to guarantee reliable network security policies
International Journal of Information Security
Context Ontology for Secure Interoperability
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Modeling contextual security policies
International Journal of Information Security
Semantic context aware security policy deployment
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Reaction Policy Model Based on Dynamic Organizations and Threat Context
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Sat-solving approaches to context-aware enterprise network security management
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Decision Support Systems - Special issue: Intelligence and security informatics
A DSL for specifying autonomic security management strategies
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Using contextual security policies for threat response
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Zchaff2004: an efficient SAT solver
SAT'04 Proceedings of the 7th international conference on Theory and Applications of Satisfiability Testing
ISWC'06 Proceedings of the 5th international conference on The Semantic Web
Analysis of policy anomalies on distributed network security setups
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A contextual privacy-aware access control model for network monitoring workflows: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
A workflow checking approach for inherent privacy awareness in network monitoring
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
QoS aware adaptive security scheme for video streaming in MANETs
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
| Hi-index | 0.00 |
Abstract: Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identified based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., configuring, those security components and mechanisms so that the system behavior be finally the one specified by the policy. The deployment issue becomes more difficult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modifications introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action specification languages.