Welcome

Welcome!

The main goal of this site is to introduce access control model OrBAC.

This model was developed inside the RNRT MP6 project (communication and information system models and security policies of healthcare and social matters). The purpose of this project is to define a conceptual and industrial framework to meet the needs of information security and sensitive healthcare communications. We decide to give a solution that permits to implement protection mechanisms for access or exchange in information system. This solution has to respect information sensitivity, integrity, confidentiality and audit.

To be familiar with ORBAC this site contains a summary of main security models: access control models, workflow control models and use control models.

MotOrBAC

MotOrBAC site has information on MotOrBAC, an open source implementation of the OrBAC model.

Link of the MotOrBAC website: http://motorbac.sourceforge.net/ .

Futhermore, you could download source code of MotOrBAC from this site.
MotOrBAC project administrators:
autrel at users.sourceforge.net
swid at users.sourceforge.net

NEWS

April 21 2009

Version 1.1 of the MotOrBAC 2 tool is available on MotOrBAC's website, as well as version 1.1 of the API.

January 2009

Demonstration of MotOrBAC and poster presentation, GDR GPL,
Toulouse, France,
28-30 january 2009

October 2008

"MotOrBAC 2: a security policy tool",
Fabien Autrel, Fredéric Cuppens, Nora Cuppens-Boulahia and Céline Coma
Third Joint Conference on Security in Networks Architectures and Security of Information Systems (SARSSI'08),
Loctudy, France,
13-17 October 2008

September 2008

"Negotiation of Prohibition: An Approach Based on Policy Rewriting",
Nora Cuppens-Boulahia, Fredéric Cuppens, Diala Abi Haidar and Hervé Debar
23rd International Information Security Conference (SEC'08),
Milan, Italia,
September 2008

May 2008

The new version of MotOrBAC can be download on sourcefourge site.

March 2008

"Managing access and flow control requirements in distributed workflows",
Samiha Ayed, Nora Cuppens-Boulahia and Fredéric Cuppens
6th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA'08),
Doha, Qatar,
March 2008

"Context Ontology for Secure Interoperability",
Céline Coma, Nora Cuppens-Boulahia, Fredéric Cuppens and Ana Rosa Cavalli
3rd International Conference on Availability, Reliability and Security (ARES'08),
Barcelona, Spain,
March 2008

December 2007

"Managing Delegation in Access Control Models",
Meriam Ben Ghorbel, Fredéric Cuppens, Nora Cuppens-Boulahia and A. Bouhoula
15th International Conference on Advanced Computing and Communication (ADCOM'07),
Guwahati, India,
18-21 December 2007

"An integrated model for access control and information flow requirements",
Samiha Ayed, Nora Cuppens-Boulahia and Fredéric Cuppens
12th Annual Asian Computing Science Conference Focusing on Secure Software and Related Issues (ASIAN'07),
Doha, Qatar,
December, 2007

November 2007

"Multi-Granular Licences to Decentralize Security Administration",
Nora Cuppens-Boulahia, Fredéric Cuppens and Céline Coma
First International Workshop on Reliability, Availability, and Security (WRAS'07),
Paris, France,
November 2007

August 2007

"Resource Classification Based Negotiation in Web Services",
Diala Abi Haidar, Nora Cuppens-Boulahia, Fredéric Cuppens et Herve Debar
The Third International Symposium on Information Assurance and Security (IAS'07),
Manchester, United Kingdom,
August 29-31, 2007

June 2007

"Access Negotiation within XACML Architecture",
Diala Abi Haidar, Nora Cuppens-Boulahia, Fredéric Cuppens et Herve Debar
Second Joint Conference on Security in Networks Architectures and Security of Information Systems (SARSSI'07),
Annecy, France,
12-15 June 2007

Februrary 2007

Due to new spamming method, we do not received all mails on this address:

All is get back to normal

So you could send us a mail

January 2007

MotOrBAC website is online since 15th January 2007.

Link of the MotOrBAC website: http://motorbac.sourceforge.net/ .
Futhermore, you could download source code of MotOrBAC from this site.

December 2006

"O2O: Virtual Private Organizations to Manage Security Policy Interoperability.",
Fredéric Cuppens, Nora Cuppens-Boulahia and Céline Coma
Second International Conference on Information Systems Security (ICISS'06),
Kolkata, India,
december 2006

November 2006

"An Extended RBAC Profile of XACML",
Diala Abi Haidar, Nora Cuppens-Boulahia, Fredéric Cuppens and Herve Debar
Proceedings of 2006 ACM Secure Web Services Workshop (SWS),
Fairfax, VA, USA,
November 2006

September 2006

"High-level conflict management strategies in advanced access control models",
Fredéric Cuppens, Nora Cuppens-Boulahia et Meriam Ben Ghorbel
Workshop on Information and Computer Security (ICS'06),
Timisoara, Roumania,
September 2006

June 2006

"MotOrBAC : un outil d’administration et de simulation de politiques de sécurité",
Fredéric Cuppens, Nora Cuppens-Boulahia et Céline Coma
Security in Network Architectures (SAR) and Security of Information Systems (SSI), First Joint Conference,
Seignosse - Landes, France,
6-9 June 2006

Fredéric Cuppens et Nora Cuppens-Boulahia
Les modèles de sécurité,
Chapitre 1 du livre "Sécurité des systèmes d'information (Traité IC2, série Réseaux et télécoms)
MÉ Ludovic - DESWARTE Yves 06-2006

May 2006

"O2O: Managing Security Policy Interoperability with Virtual Private Organizations",
Fredéric Cuppens, Nora Cuppens-Boulahia et Céline Coma
13th Annual Workshop of HP OpenView University Association,
Côte d'Azur, France,
21-24 may 2006

3rd Februrary 2006

OrBAC.org site is on-line