Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems - ICT Systems Security and Privacy Protection
Conference Papers Year : 2015

Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems

Abstract

Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed of a number of heterogeneous subsystems, each must participate in their achievement. Therefore, security integration mechanisms are needed in order to 1) achieve the global security goal and 2) facilitate the analysis of the security status of the whole system. For the specific case of access-control, access-control policies may be found in several components (databases, networks and applications) all, supposedly, working together in order to meet the high level security property. In this work we propose an integration mechanism for access-control policies to enable the analysis of the system security. We rely on model-driven technologies and the XACML standard to achieve this goal.
Fichier principal
Vignette du fichier
SEC2015.pdf (311.64 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01152528 , version 1 (18-05-2015)

Identifiers

Cite

Salvador Martínez, Joaquin Garcia-Alfaro, Frédéric Cuppens, Nora Cuppens-Bouhlahia, Jordi Cabot. Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.218-233, ⟨10.1007/978-3-319-18467-8_15⟩. ⟨hal-01152528⟩
411 View
280 Download

Altmetric

Share

More