Reaction Policy Model Based on Dynamic Organizations and Threat Context [chapter]

Fabien Autrel, Nora Cuppens-Boulahia, Frédéric Cuppens
2009 Lecture Notes in Computer Science  
The tasks a system administrator must fulfill become more and more complex as information systems increase in complexity and connectivity. More specifically, the problem of the expression and update of security requirements is central. Formal models designed to express security policies have proved to be necessary since they provide non ambiguous semantics to analyze them. However, such models as RBAC or OrBAC are not used to express reaction requirements which specify the reaction policy to
more » ... orce when intrusions are detected. We present in this article an extension of the OrBAC model by defining dynamic organizations and threat contexts to enable the expression and enforcement of reaction requirements.
doi:10.1007/978-3-642-03007-9_4 fatcat:6k566liylngcjj6gkghu7wcyxu