Yehia ElRakaiby, Frederic Cuppens, Nora Cuppens-Boulahia


Technological advances enhanced the computing and communication capabilities of electronic devices bringing us new pervasive environments where information is present everywhere and can be accessed from anywhere. These environments made way to new intelligent and context-aware applications which have more sophisticated access control requirements. So far, there have been two main categories of access control systems: passive security systems which evaluate access requests according to static predefined permissions; and dynamic security systems which integrate the context in the evaluation of access requests. These models can thus be justly classified as anticipative models since all security rules have to be completely defined before an access request is made. In this paper, we present a formal access control model that extends context-based models to allow just-in-time specification of access control policies. The model relies on interactivity to support active participation of users in the evaluation of the security policy, thus enabling them to participate in the definition of the access policy at the time of the request.


  1. Abou El Kalam, A., Baida, R. E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., and Trouessin, G. (2003). Organization Based Access Control. In Policy'03.
  2. Adaikkalavan, R. and Chakravarthy, S. (2005). Active authorization rules for enforcing role-based access control and its extensions. In Proc. of The 21st IEEE International Conference on Data Engineering (ICDE).
  3. Becker, M. and Sewell, P. (2004). Cassandra: distributed access control policies with tunable expressiveness. In POLICY 2004, pages 159-168.
  4. Ben Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., and Bouhoula, A. (2007). Managing delegation in access control models. ADCOM 2007, pages 744- 751.
  5. Cuppens, F., Cuppens-Boulahia, N., and Ghorbel, M. B. (2007). High level conflict management strategies in advanced access control models. Electron. Notes Theor. Comput. Sci., 186:3-26.
  6. Cuppens, F. and Miège, A. (2003). Modelling contexts in the or-bac model. In 19th Annual Computer Security Applications Conference (ACSAC 7803).
  7. Cuppens, F. and Miège, A. (2004). Administration Model for Or-BAC. In Computer Systems Science and Engineering (CSSE'04).
  8. Damianou, N., Dulay, N., Lupu, E., and Sloman, M. (2001). The ponder policy specification language. In POLICY 7801, pages 18-38, London, UK. Springer-Verlag.
  9. Goffee, N., Kim, S., Smith, S., Taylor, P., Zhao, M., and Marchesini, J. (2004). Greenpass: Decentralized, pkibased authorization for wireless lans. 3rd Annual PKI Research and Development Workshop Proceedings.
  10. Haidar, D. A., Cuppens-Boulahia, N., Cuppens, F., and Debar, H. (2007). Access negotiation within xacml architecture. SARSSI. Annecy, France.
  11. Lobo, J., Bhatia, R., and Naqvi, S. (1999). A policy description language. In Sixteenth national conference on Artificial intelligence, pages 291-298, Orlando, Florida, United States.
  12. Moyer, M. J. (2001). Generalized role-based access control. In 21st International Conference on Distributed Computing Systems.
  13. Park, J. and Sandhu, R. (2004). The uconabc usage control model. ACM Trans. Inf. Syst. Secur, pages 128-174.
  14. R.S., S., Coyne E.J., F. H., and C.E., Y. (1996). Role-based access control models. IEEE Computer.
  15. Sloman, M. and Twidle, K. (1994). Domains: a framework for structuring management policy. pages 433-453.
  16. Stiemerling, O. and Wulf, V. (2004). Beyond ”yes or no” - extending access control in groupware with awareness and negotiation. Group Decision and Negotiation, pages 221-235.
  17. Zhang, G. and Parashar, M. (2004). Context-aware dynamic access control for pervasive computing. In Communication Networks and Distributed Systems Modeling and Simulation Conference.

Paper Citation

in Harvard Style

ElRakaiby Y., Cuppens F. and Cuppens-Boulahia N. (2008). INTERACTIVITY FOR REACTIVE ACCESS CONTROL . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 57-64. DOI: 10.5220/0001924900570064

in Bibtex Style

author={Yehia ElRakaiby and Frederic Cuppens and Nora Cuppens-Boulahia},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},

in EndNote Style

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
SN - 978-989-8111-59-3
AU - ElRakaiby Y.
AU - Cuppens F.
AU - Cuppens-Boulahia N.
PY - 2008
SP - 57
EP - 64
DO - 10.5220/0001924900570064