Skip to Main content Skip to Navigation


Anas Abou El Kalam 1
1 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : While information technology is essential in complex, cooperative and largely distributed applications like telemedicine or social declarations, it becomes more and more necessary to have a high confidence in the processing and the distribution of data and services. This thesis proposes an approach based on a security policy, for healthcare and social information and communication systems (HSICS). These systems cover the whole of the needs generally found in other fields: interworking of systems, complexity of organizations, sensitivity of information, and diversity of security requirements (confidentiality, integrity, availability and auditability).
The aim of the approach is to achieve a good trade-off between respect of the least privilege principle and flexibility of the access control. The first step consists in describing the system, identifying sensitive information and characterizing the threats. Then, the security policy specifies security properties that must be satisfied, and the rules expressing how the protection state of the system may evolve. The identified security policy is original in the way that it takes the context into account, and is flexible enough to manage any improvement, change or update in the system.
Besides, a new access control model is presented: the Organization-Based Access Control (Or-BAC). In Or-BAC, the specification of the security policy is completely parameterized by the organization so that it is possible to handle simultaneously several security policies associated with different organizations. The model is not restricted to permissions, but it also includes the possibility to define prohibitions, obligations and recommendations. In this respect, Or-BAC is able to specify policies developed for HSICS, as it can be applied to a large range of complex and distributed applications.
Or-BAC is represented by UML diagrams, and by a new logical language based on deontic logic. It is also integrated in a system security UML model. A prototype has been developed to illustrate the application of the security policy in the case of a dental center.
Complete list of metadata

Cited literature [90 references]  Display  Hide  Download
Contributor : Anas Abou El Kalam <>
Submitted on : Wednesday, April 19, 2006 - 3:59:07 PM
Last modification on : Monday, October 19, 2020 - 11:12:58 AM
Long-term archiving on: : Monday, September 17, 2012 - 1:40:17 PM


  • HAL Id : tel-00012162, version 1


Anas Abou El Kalam. MODÈLES ET POLITIQUES DE SECURITE POUR LES DOMAINES DE LA SANTE ET DES AFFAIRES SOCIALES. Réseaux et télécommunications [cs.NI]. Institut National Polytechnique de Toulouse - INPT, 2003. Français. ⟨tel-00012162⟩



Record views


Files downloads