An approach based on model-driven engineering to define security policies using OrBAC

MUÑANTE ARZAPALO, DENISSE YESSICA; Gallon L.; Aniorté P.

Title

Date Issued

01 December 2013

Access level

metadata only access

Resource Type

conference paper

Author(s)

MUÑANTE ARZAPALO, DENISSE YESSICA

Gallon L.

Aniorté P.

LIUPPA, University of Pau

Abstract

In the field of access control, many security breaches occur because of a lack of early means to evaluate if access control policies are adequate to satisfy privileges requested by subjects which try to perform actions on objects. This paper proposes an approach based on UMLsec, to tackle this problem. We propose to extend UMLsec, and to add OrBAC elements. In particular, we add the notions of context, inheritance and separation. We also propose a methodology for modeling a security policy and assessing the security policy modeled, based on the use of MotOrBAC. This assessment is proposed in order to guarantee security policies are well-formed, to analyse potential conflicts, and to simulate a real situation. © 2013 IEEE.

Start page

324

End page

332

Language

English

OCDE Knowledge area

Ingeniería, Tecnología

Subjects

DOI

10.1109/ARES.2013.44

Scopus EID

2-s2.0-84892399582

Resource of which it is part

Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

ISBN of the container

9780769550084

Conference

th International Conference on Availability, Reliability and Security, ARES 2013

Sources of information: Directorio de Producción Científica Scopus

Options