Integrity-OrBAC: An OrBAC enhancement that takes into account integrity

Abstract

OrBAC is becoming more successful thanks to the various benefits it offers. However, it does not enable expressing the different facets of integrity, an essential property for critical infrastructures (CIs). In this paper, we propose "IntegrityOrBAC", an OrBAC enhancement that takes into account integrity while expressing local security policies. We start, first, by focusing on the CIs integrity need and then we recall briefly the OrBAC model concepts. After that, we detail the I-OrBAC model by defining a lexicon related to the different integrity variations to better appreciate the importance of this property in the case of CIs. Next, we justify why we opt for multi integrity levels approach, we present the I-OrBAC components and then show an example of a policy expressed thanks to the proposed model. We also emphasize the flexibility offered by I-OrBAC.