Skip to Main content Skip to Navigation
Journal articles

Modeling contextual security policies

Abstract : As computer infrastructures become more complex, security models must provide means to handle more flexible and dynamic requirements. In the Organization Based Access Control (OrBAC) model, it is possible to express such requirements using the notion of context. InOrBAC, each security rule (permission, prohibition, obligation or dispensation) only applies in a given context.Acontext is viewed as an extra condition that must be satisfied to activate a given security rule. In this paper, we present a taxonomy of different types of context and investigate the data the information system must manage in order to deal with these different contexts. We then explain how to model and evaluate them in the OrBAC model.
Document type :
Journal articles
Complete list of metadata
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Thursday, October 1, 2015 - 12:09:03 PM
Last modification on : Wednesday, June 24, 2020 - 4:18:40 PM

Links full text



Frédéric Cuppens, Nora Cuppens-Bouhlahia. Modeling contextual security policies. International Journal of Information Security, Springer Verlag, 2008, 7 (4), pp.285 - 305. ⟨10.1007/s10207-007-0051-9⟩. ⟨hal-01207773⟩



Record views