A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.
Chapter PDF
Similar content being viewed by others
References
A. Abou El Kalam, S. Benferhat, A, Miege, R. El Baida, F. Cuppens, C. Saurel, P. Balbiani, Y. Deswarte and G. Trouessin, Organization based access control, Proceedings of the Fourth IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 120–134, 2003.
A. Abou El Kalam, Y. Deswarte, A. Baina and M. Kaaniche, Access control for collaborative systems: A web services based approach, Proceedings of the IEEE International Conference on Web Services, pp. 1064–1071, 2007.
W. Adams and N. Davis, Toward a decentralized trust-based access control system for dynamic collaboration, Proceedings of the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 317–324, 2005.
M. Amin, North America's electricity infrastructure: Are we ready for more perfect storms? IEEE Security and Privacy, vol. 1(5), pp. 19–25, 2003.
D. Bell and L. LaPadula, Secure Computer Systems: Unified Exposition and MULTICS Interpretation, Technical Report ESD-TR-75-306, MTR-2997 Rev. 1, MITRE Corporation, Bedford, Massachusetts, 1976.
T. Bray, J. Paoli, C. Sperberg-McQueen, E. Maler, F. Yergeau and J. Cowan (Eds.), Extensible Markup Language (XML) 1.1, Recommendation, World Wide Web Consortium, Cambridge, Massachusetts (www.w3.org/TR/2004/REC-xml11-20040204), 2004.
G. Brose, A view-based access control model for CORBA, in Secure Internet Programming: Security Issues for Mobile and Distributed Objects (LNCS 1603), J. Vitek and C. Jensen, Springer-Verlag, London, United Kingdom, pp. 237–252, 2001.
L. Clement, A. Hately, C. von Riegen and T. Rogers (Eds.), UDDI Version 3.0.2, Organization for the Advancement of Structured Information Standards, Billerica, Massachusetts (uddi.org/pubs/uddi.v3.htm), 2005.
F. Cuppens, N. Cuppens-Boulahia, T. Sans and A. Miege, A formal approach to specify and deploy a network security policy, in Formal Aspects in Security and Trust, T. Dimitrakos and F. Martinelli (Eds.), Springer, Berlin-Heidelberg, Germany, pp. 203–218, 2004.
G. Dondossola, G. Deconinck, F. Di Giandomenico, S. Donatelli, M. Kaaniche and P. Verissimo, Critical utility infrastructural resilience, Proceedings of the Workshop on Security and Networking in Critical Real-Time and Embedded Systems, 2006.
D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn and R. Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security, vol. 4(3), pp. 224–274, 2001.
T. Fink, M. Koch and C. Oancea, Specification and enforcement of access control in heterogeneous distributed applications, Proceedings of the International Conference on Web Services, pp. 88–100, 2003.
F. Garrone, C. Brasca, D. Cerotti, D. Codetta Raiteri, A. Daidone, G. Deconinck, S. Donatelli, G. Dondossola, F. Grandoni, M. Kaaniche and T. Rigole, Analysis of New Control Applications, Deliverable D2, The CRU-TIAL Project, CESI Ricerca, Milan, Italy (crutial.cesiricerca.it/content /files/Documents/Deliverables%20P1/WP1-D2-final.pdf), 2007.
M. Harrison, W. Ruzzo and J. Ullman, Protection in operating systems, Communications of the ACM, vol. 19(8), pp. 461–471, 1976.
J. Laprie, K. Kanoun and M. Kaaniche, Modeling interdependencies between the electricity and information infrastructures, Proceedings of the Twenty-Sixth International Conference on Computer Safety, Reliability and Security, pp. 54–67, 2007.
M. Lorch, S. Proctor, R. Lepro, D. Kafura and S. Shah, First experiences using XACML for access control in distributed systems, Proceedings of the ACM Workshop on XML Security, pp. 25–37, 2003.
N. Kavantzas, D. Burdett, G. Ritzinger, T. Fletcher, Y. Lafon, and C. Bar-reto (Eds.), Web Services Choreography Description Language Version 1.0, Candidate Recommendation, World Wide Web Consortium, Cambridge, Massachusetts (www.w3.org/TR/2005/CR-ws-cdl-10-20051109), 2006.
A. Miege, Definition of a Formal Framework for Specifying Security Policies: The OrBAC Model and Extensions, Ph.D. Thesis, Department of Computer Science, Ecole Nationale Superieure des Telecommunications (TELECOM ParisTech), Paris, France, 2005.
N. Mitra (Ed.), SOAP Version 1.2, Recommendation, World Wide Web Consortium, Cambridge, Massachusetts (www.w3.org/TR/2003/REC-soap12-part0-20030624), 2003.
S. Oh and S. Park, Task-role-based access control model, Information Systems, vol. 28(6), pp 533–562, 2003.
S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol. 21(6), pp. 11–25, 2001.
R. Sandhu, E. Coyne, H. Feinstein and C. Youman, Role-based access control models, IEEE Computer, vol. 29(2), pp. 38–47, 1996.
K. Seamons, T. Chan, E. Child, M. Halcrow, A. Hess, J. Holt, J. Jacobson, R. Jarvis, A. Patty, B. Smith, T. Sundelin and L. Yu, TrustBuilder: Negotiating trust in dynamic coalitions, Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 2, pp. 49–51, 2003.
E. Totel, J. Blanquart, Y. Deswarte and D. Powell, Supporting multiple levels of criticality, Proceedings of the Twenty-Eighth Annual Symposium on Fault Tolerant Computing, pp. 70–79, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Baina, A., Kalam, A.A.E., Deswarte, Y., Kaaniche, M. (2008). Collaborative Access Control For Critical Infrastructures. In: Papa, M., Shenoi, S. (eds) Critical Infrastructure Protection II. ICCIP 2008. The International Federation for Information Processing, vol 290. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88523-0_14
Download citation
DOI: https://doi.org/10.1007/978-0-387-88523-0_14
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88522-3
Online ISBN: 978-0-387-88523-0
eBook Packages: Computer ScienceComputer Science (R0)