Modelling contexts in the Or-BAC model

Frederic Cuppens, Alexandre Miege

As computer infrastructures become more complex, security models must provide means to handle more exible and dynamic requirements. In the Organization Based Access Control (Or-BAC) model, it is possible to express such requirements using the notion of context. In Or-BAC, each privilege (permission or obligation or prohibition) only applies in a given context. A context is viewed as an extra condition that must be satisfied to activate a given privilege. In this paper, we present a taxonomy of different types of context and investigate the data the information system must manage in order to deal with these different contexts. We then explain how to model them in the Or-BAC model.

Keywords: access control, context, Or-BAC

Read Paper Read Paper (in PDF)