Semi-automatic Generation of OrBAC Security Rules for Cooperative Organizations using Model-Driven Engineering

Irvin Dongo, Vanea Chiprianov

2016

Abstract

In an environment of increasing cooperation and interoperability, organizations share resources and services between them to increase their return on investment. But to control the use of shared resources, it is necessary to apply access control policies which are related to how organizations control and secure their scenarios of cooperation. In this paper, we perform a Systematic Literature Review on the current solutions to define access control policies for cooperative organizations. As a result, we identify limitations such as manual negotiation for establishing policies. To address these limitations, we introduce the Semi-Automatic Generation of Access Rules Based on OrBAC (SAGARBO) component which allows semi-automatic generation of security rules based on Model-driven engineering. This reduces negotiation time and the work of the security administrator.

References

  1. Abi Haidar, D., Cuppens-Boulahia, N., Cuppens, F., and Debar, H. (2009). Xena: an access negotiation framework using xacml. Annales des télécommunicationsAnnals of telecommunications, 64(1-2):155 - 169.
  2. Ameziane El Hassani, A., Abou El Kalam, A., Bouhoula, A., Abassi, R., and Ait Ouahman, A. (2015). Integrityorbac: A new model to preserve critical infrastructures integrity. Int. J. Inf. Secur., 14(4):367-385.
  3. Baina, A., Kalam, A., Deswarte, Y., and Kaaniche, M. (2008). Collaborative access control for critical infrastructures. In Papa, M. and Shenoi, S., editors, Critical Infrastructure Protection II, volume 290 of The International Federation for Information Processing, pages 189-201. Springer US.
  4. Baina, A. and Laarouchi, Y. (2012). Multilevel-orbac: Multi-level integrity management in organization based access control framework. In Multimedia Computing and Systems (ICMCS), 2012 International Conference on, pages 933-938.
  5. Chandrasekaran, B., Josephson, J. R., and Benjamins, V. R. (1999). What are ontologies, and why do we need them? IEEE Intelligent Systems, 14(1):20-26.
  6. Choi, N., Song, I.-Y., and Han, H. (2006). A survey on ontology mapping.
  7. Coma, C., Cuppens-Boulahia, N., and Cuppens, F. (2010). Secure interoperability with o2o contracts. In WebBased Information Technologies and Distributed Systems, volume 2 of Atlantis Ambient and Pervasive Intelligence, pages 257-292.
  8. Coma, C., Cuppens-Boulahia, N., Cuppens, F., and Cavalli, A. R. (2008). Interoperability of context based system policies using o2o contract. In Chbeir, R., Dipanda, A., and Yétongnon, K., editors, SITIS, pages 137-144. IEEE Computer Society.
  9. Coma-Brebel, C., Cuppens-Boulahia, N., Cuppens, F., and Cavalli, A. R. (2008). Context ontology for secure interoperability. In ARES 2008 : Third international conference on availability, reliability and security.
  10. Cuppens, F., Cuppens-Boulahia, N., and Coma, C. (2006). O2o: Virtual private organizations to manage security policy interoperability. In Bagchi, A. and Atluri, V., editors, Information Systems Security, volume 4332 of LNCS, pages 101-115.
  11. Deswarte, Y. (2011). Protecting critical infrastructures while preserving each organization's autonomy. In Natarajan, R. and Ojo, A., editors, Distributed Computing and Internet Technology, volume 6536 of LNCS, pages 15-34.
  12. El Kalam, A., Deswarte, Y., Baina, A., and Kaaniche, M. (2007). Access control for collaborative systems: A web services based approach. In Web Services, 2007. ICWS 2007. IEEE International Conference on, pages 1064-1071.
  13. El Kalam, A. A. and Deswarte, Y. (2006). Multi-orbac: A new access control model for distributed, heterogeneous and collaborative systems. In 8th IEEE International Symposium on Systems and Information Security.
  14. El Maarabani, M., Cavalli, A., Hwang, I., and Zaidi, F. (2011). Verification of interoperability security policies by model checking. In High-Assurance Systems Engineering (HASE), 2011 IEEE 13th International Symposium on, pages 376-381.
  15. Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., and Trouessin, G. (2003). Organization based access control. In Policies for Distributed Systems and Networks, IEEE 4th Intl Wksh on, pages 120-131.
  16. Kalam, A. A. E., Deswarte, Y., Baina, A., and Kaaˆniche, M. (2009). Polyorbac: A security framework for critical infrastructures. International Journal of Critical Infrastructure Protection, 2(4):154 - 169.
  17. Muante-Arzapalo, D. Y. (2014). Une approche base sur l'Ingénierie Dirigée par les modèles pour identifier, concevoir et évaluer des aspects sécurité. PhD thesis, Université de Pau et des Pays de L'Adour.
  18. Nasser, B., Laborde, R., Benzekri, A., Barrère, F., and Kamel, M. (2005a). Access control model for interorganizational grid virtual organizations. In Meersman, R., Tari, Z., and Herrero, P., editors, On the Move to Meaningful Internet Systems 2005: OTM 2005 Workshops, volume 3762 of LNCS, pages 537- 551.
  19. Nasser, B., Laborde, R., Benzekri, A., Barrere, F., and Kamel, M. (2005b). Dynamic creation of interorganizational grid virtual organizations. In e-Science and Grid Computing, 2005. First International Conference on, pages 8 pp.-412.
  20. Pavel, S. and Euzenat, J. (2013). Ontology matching: State of the art and future challenges. IEEE Trans. on Knowl. and Data Eng., 25(1):158-176.
  21. Preda, S., Cuppens, F., Cuppens-Boulahia, N., GarciaAlfaro, J., and Toutain, L. (2011). Dynamic deployment of context-aware access control policies for constrained security devices. Journal of Systems and Software, 84(7):1144 - 1159.
  22. Toumi, K., Andrés, C., and Cavalli, A. R. (2013). Trust ontology based on access control parameters in multiorganization environments. In SITIS, pages 285-292.
  23. Toumi, K., Cavalli, A., and El Maarabani, M. (2012). Role based interoperability security policies in collaborative systems. In Collaboration Technologies and Systems (CTS), 2012 International Conference on, pages 471-477.
Download


Paper Citation


in Harvard Style

Dongo I. and Chiprianov V. (2016). Semi-automatic Generation of OrBAC Security Rules for Cooperative Organizations using Model-Driven Engineering . In Proceedings of the 11th International Conference on Evaluation of Novel Software Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-189-2, pages 43-50. DOI: 10.5220/0005764700430050


in Bibtex Style

@conference{enase16,
author={Irvin Dongo and Vanea Chiprianov},
title={Semi-automatic Generation of OrBAC Security Rules for Cooperative Organizations using Model-Driven Engineering},
booktitle={Proceedings of the 11th International Conference on Evaluation of Novel Software Approaches to Software Engineering - Volume 1: ENASE,},
year={2016},
pages={43-50},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005764700430050},
isbn={978-989-758-189-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Evaluation of Novel Software Approaches to Software Engineering - Volume 1: ENASE,
TI - Semi-automatic Generation of OrBAC Security Rules for Cooperative Organizations using Model-Driven Engineering
SN - 978-989-758-189-2
AU - Dongo I.
AU - Chiprianov V.
PY - 2016
SP - 43
EP - 50
DO - 10.5220/0005764700430050