Bibtex de la publication

@Article{ AbDeBaKa2009.1,
author = {Abou El Kalam, Anas and Deswarte, Yves and Baïna, Amine and Kaaniche, Mohamed},
title = "{PolyOrBAC: A Security Framework for Critical Infrastructures}",
journal = {International Journal on Critical Infrastructure Protection},
publisher = {Elsevier},
address = {},
year = {2009},
month = {décembre},
volume = {2},
number = {4},
pages = {(on line)},
language = {anglais},
URL = {},
keywords = { Critical Infrastructure, Security, Access Control Policies and Models, Collaboration, Interoperability},
abstract = {Due to physical and logical vulnerabilities, a critical infrastructure (CI) can encounter failures of various degrees of severity, and since there are many in- terdependencies between CIs, simple failures can have dramatic consequences on the users. In this paper, we mainly focus on malicious threats that might affect the information and communciation system that controls the Critical Infrastructure, i.e., the Critical Information Infrastructure (CII). To address the security challenges that are specific of CIIs, we propose a collaborative access control framework called PolyOrBAC. This approach offers each orga- nization taking part in the CII the capacity of collaborating with the other ones, while maintaining a control on its resources and on its internal secu- rity policy. The interactions between organizations participating in the CII are implemented through web services (WS), and for each WS a contract is signed between the service-provider organization and the service-user organi- zation. The contract describes the WS functions and parameters, the liability of each party and the security rules controlling the interactions. At runtime, the compliance of all interactions with these security rules is checked. Every deviation from the signed contracts triggers an alarm, the concerned parties are notified and audits can be used as evidence for sanctioning the party responsible for the deviation. Our approach is illustrated by a practical scenario, based on real emergency actions in an electric power grid infras- tructure, and a simulation test bed has been implemented to animate this scenario and experiment its security issues. }