@(TLATools, author = {Microsoft Corporation}, title = {{TLA+} Tools}, url = {http://research.microsoft.com/en-us/um/people/lamport/tla/tools.html}, note = {(visited on February 2018)}, ) @article(gouglidis2014security, author = {Antonios Gouglidis and Ioannis Mavridis and Vincent C. Hu}, year = {2014}, title = {Security policy verification for multi-domains in cloud systems}, journal = {Int. J. Inf. Sec.}, volume = {13}, number = {2}, pages = {97--111}, doi = {10.1007/s10207-013-0205-x}, ) @inproceedings(grompanopoulos2012use, author = {Christos Grompanopoulos and Antonios Gouglidis and Ioannis Mavridis}, year = {2012}, title = {A Use-Based Approach for Enhancing {UCON}}, booktitle = {Security and Trust Management - 8th International Workshop, {STM} 2012, Pisa, Italy, September 13-14, 2012, Revised Selected Papers}, pages = {81--96}, doi = {10.1007/978-3-642-38004-4_6}, ) @article(hu2017verification, author = {Vincent C Hu and Rick Kuhn and Dylan Yaga}, year = {2017}, title = {Verification and Test Methods for Access Control Policies/Models}, journal = {NIST Special Publication}, volume = {800-192}, doi = {10.6028/NIST.SP.800-192}, ) @book(Lamport2002, author = {Leslie Lamport}, year = {2002}, title = {Specifying Systems, The {TLA+} Language and Tools for Hardware and Software Engineers}, publisher = {Addison-Wesley}, ) @article(lazouski2010usage, author = {Aliaksandr Lazouski and Fabio Martinelli and Paolo Mori}, year = {2010}, title = {Usage control in computer security: {A} survey}, journal = {Computer Science Review}, volume = {4}, number = {2}, pages = {81--99}, doi = {10.1016/j.cosrev.2010.02.002}, ) @inproceedings(mavridou2016architecture, author = {Anastasia Mavridou and Emmanouela Stachtiari and Simon Bliudze and Anton Ivanov and Panagiotis Katsaros and Joseph Sifakis}, year = {2016}, title = {Architecture-Based Design: {A} Satellite On-Board Software Case Study}, booktitle = {Formal Aspects of Component Software - 13th International Conference, {FACS} 2016, Besan{\c{c}}on, France, October 19-21, 2016, Revised Selected Papers}, pages = {260--279}, doi = {10.1007/978-3-319-57666-4_16}, ) @article(Park2004, author = {Jaehong Park and Ravi S. Sandhu}, year = {2004}, title = {The UCON${}_{\unhbox\voidb@x \hbox{ABC}}$ usage control model}, journal = {{ACM} Trans. Inf. Syst. Secur.}, volume = {7}, number = {1}, pages = {128--174}, doi = {10.1145/984334.984339}, ) @incollection(said2014model, author = {Najah Ben Said and Takoua Abdellatif and Saddek Bensalem and Marius Bozga}, year = {2014}, title = {Model-Driven Information Flow Security for Component-Based Systems}, booktitle = {From Programs to Systems. The Systems perspective in Computing - {ETAPS} Workshop, {FPS} 2014, in Honor of Joseph Sifakis, Grenoble, France, April 6, 2014. Proceedings}, pages = {1--20}, doi = {10.1007/978-3-642-54848-2_1}, ) @article(zhang2008toward, author = {Xinwen Zhang and Masayuki Nakae and Michael J. Covington and Ravi S. Sandhu}, year = {2008}, title = {Toward a Usage-Based Security Framework for Collaborative Computing Systems}, journal = {{ACM} Trans. Inf. Syst. Secur.}, volume = {11}, number = {1}, pages = {3:1--3:36}, doi = {10.1145/1330295.1330298}, ) @inproceedings(Zhang2004, author = {Xinwen Zhang and Jaehong Park and Parisi{-}Presicce, Francesco and Ravi S. Sandhu}, year = {2004}, title = {A logical specification for usage control}, booktitle = {9th {ACM} Symposium on Access Control Models and Technologies, {SACMAT} 2004, Yorktown Heights, New York, USA, June 2-4, 2004, Proceedings}, pages = {1--10}, doi = {10.1145/990036.990038}, )