Skip to Main content Skip to Navigation
Conference papers

Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems

Abstract : Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed of a number of heterogeneous subsystems, each must participate in their achievement. Therefore, security integration mechanisms are needed in order to 1) achieve the global security goal and 2) facilitate the analysis of the security status of the whole system. For the specific case of access-control, access-control policies may be found in several components (databases, networks and applications) all, supposedly, working together in order to meet the high level security property. In this work we propose an integration mechanism for access-control policies to enable the analysis of the system security. We rely on model-driven technologies and the XACML standard to achieve this goal.
Document type :
Conference papers
Complete list of metadatas

Cited literature [16 references]  Display  Hide  Download

https://hal.inria.fr/hal-01152528
Contributor : Salvador Martínez <>
Submitted on : Monday, May 18, 2015 - 10:17:42 AM
Last modification on : Wednesday, June 24, 2020 - 4:19:29 PM
Long-term archiving on: : Thursday, April 20, 2017 - 12:40:16 AM

File

SEC2015.pdf
Files produced by the author(s)

Identifiers

Citation

Salvador Martínez, Joaquin Garcia-Alfaro, Frédéric Cuppens, Nora Cuppens-Bouhlahia, Jordi Cabot. Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.218-233, ⟨10.1007/978-3-319-18467-8_15⟩. ⟨hal-01152528⟩

Share

Metrics

Record views

1237

Files downloads

506