Organisation-based access control

In computer security, organization-based access control (OrBAC) is an access control model first presented in 2003. The current approaches of the access control rest on the three entities (subject, action, object) to control the access the policy specifies that some subject has the permission to realize some action on some object. OrBAC allows the policy designer to define a security policy independently of the implementation. The chosen method to fulfill this goal is the introduction of an abstract level. Subjects are abstracted into roles. A role is a set of subjects to which the same security rule apply. Similarly, an activity is a set of actions to which the same security rule apply. And, a view is a set of objects to which the same security rule apply. Each security policy is defined for and by an organization. Thus, the specification of the security policy is completely parameterized by the organization so that it is possible to handle simultaneously several security policies associated with different organizations. The model is not restricted to permissions, but also includes the possibility to specify prohibitions and obligations. From the three abstract entities (roles, activities, views), abstract privileges are defined. And from these abstract privileges, concrete privileges are derived. OrBAC is context sensitive, so the policy could be expressed dynamically. Furthermore, OrBAC owns concepts of hierarchy (organization, role, activity, view, context) and separation constraints.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (37)

Related people (8)

Related units (8)

Related concepts (7)

Related courses (8)

Related lectures (32)

Context-based access control

Context-based access control (CBAC) is a feature of firewall software, which intelligently filters TCP and UDP packets based on application layer protocol session information. It can be used for intranets, extranets and internets. CBAC can be configured to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network needing protection. (In other words, CBAC can inspect traffic for sessions that originate from the external network.

Lattice-based access control

In computer security, lattice-based access control (LBAC) is a complex access control model based on the interaction between any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations). In this type of label-based mandatory access control model, a lattice is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object.

Role-based access control

In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control (DAC). Role-based access control is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments.

When Your AI Becomes a Target: AI Security Incidents and Best Practices

Alexandre Massoud Alahi, Kathrin Grosse

In contrast to vast academic efforts to study AI security, few real-world reports of AI security incidents exist. Released incidents prevent a thorough investigation of the attackers' motives, as crucial information about the company and AI application is ...

AAAI Press2024

Performing and Detecting Backdoor Attacks on Face Recognition Algorithms

Alexander Carl Unnervik

The field of biometrics, and especially face recognition, has seen a wide-spread adoption the last few years, from access control on personal devices such as phones and laptops, to automated border controls such as in airports. The stakes are increasingly ...

EPFL2024

DIET Controller: Dynamic Indoor Environment using Deep Reinforcement Learning

Arnab Chatterjee

Heating, Ventilation, and Air Conditioning (HVAC) Systems utilize much energy, accounting for 40% of total building energy use. The temperatures in buildings are commonly held within narrow limits, leading to higher energy use. Measurements from office bui ...

EPFL2023

Password Security

Emphasizes the importance of safeguarding passwords and avoiding sharing them.

Security Design Principles: Preliminaries COM-301: Computer security and privacy

Covers basic security concepts, adversarial thinking, security mechanisms, and responsible conduct in security design principles.

Access Control: Password-based Cryptography COM-401: Cryptography and security

Explores access control and password-based cryptography, including challenges, biometrics, and the biometric passport case study.

MGT-493: Information security & digital trust

Technology and information play a crucial role in today's societies and economies. The security and privacy aspects of information technologies are paramount to build digital trust. In this course, we

EE-552: Media security

This course provides attendees with theoretical and practical issues in media security. In addition to lectures by the professor, the course includes laboratory sessions, a mini-project, and a mid-ter

COM-402: Information security and privacy

This course provides an overview of information security and privacy topics. It introduces students to the knowledge and tools they will need to deal with the security/privacy challenges they are like