Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems

Abstract : Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed of a number of heterogeneous subsystems, each must participate in their achievement. Therefore, security integration mechanisms are needed in order to 1) achieve the global security goal and 2) facilitate the analysis of the security status of the whole system. For the specific case of access-control, access-control policies may be found in several components (databases, networks and applications) all, supposedly, working together in order to meet the high level security property. In this work we propose an integration mechanism for access-control policies to enable the analysis of the system security. We rely on model-driven technologies and the XACML standard to achieve this goal.
Type de document :
Communication dans un congrès
Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. Springer, IFIP Advances in Information and Communication Technology, AICT-455, pp.218-233, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_15〉
Liste complète des métadonnées

Littérature citée [16 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01152528
Contributeur : Salvador Martínez Pérez <>
Soumis le : lundi 18 mai 2015 - 10:17:42
Dernière modification le : mardi 16 janvier 2018 - 15:54:26
Document(s) archivé(s) le : jeudi 20 avril 2017 - 00:40:16

Fichier

SEC2015.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Salvador Martínez, Joaquin Garcia-Alfaro, Frédéric Cuppens, Nora Cuppens-Boulahia, Jordi Cabot. Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems. Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. Springer, IFIP Advances in Information and Communication Technology, AICT-455, pp.218-233, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_15〉. 〈hal-01152528〉

Partager

Métriques

Consultations de la notice

606

Téléchargements de fichiers

165