, <xacml3:Rule Effect="Permit" RuleId="account_attacked"> <xacml3:Description/> <xacml3:Target> <xacml3:AnyOf><xacml3:AllOf> <xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <xacml3:AttributeValue DataType=

, > start </xacml3:AttributeValue> <xacml3:AttributeDesignator AttributeId="urn:siera:situation_account:state" Category="urn:siera:name:attribute-category:situation" DataType=

, </xacml3:Match> </xacml3:AllOf></xacml3:AnyOf> </xacml3:Target> <xacml3:ObligationExpressions> <xacml3:ObligationExpression FulfillOn="Permit" ObligationId="block_account"> <xacml3:AttributeAssignmentExpression AttributeId="urn:siera:name:attribute:block_account:account-id" Category="urn:siera:name:attribute-category:attributes"> <xacml3:AttributeDesignator AttributeId="urn:siera:situation_account:account-name" Category="urn:siera:name:attribute-category:situation" DataType=

, Category="urn:siera:name:attribute-category:attributes"> <xacml3:AttributeDesignator AttributeId="urn:siera:situation_account:situation-reason" Category="urn:siera:name:attribute-category:situation, AttributeAssignmentExpression> <xacml3:AttributeAssignmentExpression AttributeId="urn:siera:name:attribute:block_account:reason

, </xacml3:AttributeAssignmentExpression> </xacml3:ObligationExpression> </xacml3:ObligationExpressions> </xacml3:Rule> 2019 3rd Cyber Security in Networking Conference

, Cybercrime, 2015.

K. Scarfone and P. Mell, Intrusion Detection and Prevention Systems, Handbook of Information and Communication Security, P. Stavroulakis and M. Stamp, pp.177-192, 2010.

. Aptnotes, , 2019.

. Openioc, , 2019.

. Mitre-att&amp;ck, , 2019.

, CybOX? Cyber Observable eXpression, 2019.

, OASIS STIX? Structured Threat Information eXpression version 2.0, Part 1: STIX Core Concepts, OASIS standard, 2017.

, OASIS TAXII? Trusted Automated Exchange of Intelligence Information Version 2.0, Working Draft 02, OASIS, 2017.

C. Mitre, Common Attack Pattern Enumeration and Classification, 2019.

C. Jeffrey, Credentials to an airport's security systems sold on the dark web for $10, Top 10 Countries Where Cyber Attacks Originate, 2013.

R. Laborde, A. Oglaza, A. S. Wazan, F. Barrère, and A. Benzekri, A situation-driven framework for dynamic security management, Annals of Telecommunications, vol.74, issue.3-4, pp.185-196, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02548013

B. Kabbani, R. Laborde, F. Barrere, and A. Benzekri, Specification and enforcement of dynamic authorization policies oriented by situations, 6th International Conference on New Technologies, Mobility and Security (NTMS), pp.1-6, 2014.

B. Kabbani, R. Laborde, F. Barrère, and A. Benzekri, Managing Break-The-Glass using Situation-oriented authorizations, 9ème Conférence sur la Sécurité des Architectures Réseaux et Systèmes d'Information-SAR-SSI 2014, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01120112

A. Adi and O. Etzion, Amit -the situation manager, The VLDB Journal-The International Journal on Very Large Data Bases, vol.13, issue.2, pp.177-203, 2004.

D. Luckham, The power of events: An introduction to complex event processing in distributed enterprise systems, Workshop on Rules and Rule Markup Languages for the Semantic Web, p.3, 2008.

, eXtensible Access Control Markup Language (XACML) Version 3.0, 2013.

V. C. Hu, D. Ferraiolo, R. Kuhn, A. Schnitzer, K. Sandlin et al., Guide to Attribute Based Access COntrol (ABAC) Definition and Considerations, NIST, Tech. Rep. SP, pp.800-162, 2016.

, 3rd Cyber Security in Networking Conference (CSNet)