Confidentiality and consistency are two aspects of security for information systems, but mechanisms used to ensure them often support one with the detriment of the other, in particular when data are not independent from each other. Our approach of access control for IS consists in preserving several versions of the data and performing user’s actions on its own view. Doing that, we can ensure that the view behaves as expected with regard to invoked actions (confidentiality) while maintaining properties on data and relationships in the repository (consistency). The paper presents our model and its implementation within our prototype SeVeRe.
access control, confidentiality, consistency, version management, user view