David Basin, Jürgen Doser & Torsten Lodderstedt (2006):
Model Driven Security: From UML Models to Access Control Infrastructures.
ACM Trans. Softw. Eng. Methodol. 15(1),
pp. 39–91,
doi:10.1145/1125808.1125810.
Clara Bertolissi & Maribel Fernández (2008):
A Rewriting Framework for the Composition of Access Control Policies.
In: Proceedings of the 10th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming,
PPDP '08.
ACM,
New York, NY, USA,
pp. 217–225,
doi:10.1145/1389449.1389476.
Eric Bodden, Patrick Lam & Laurie Hendren (2012):
Partially Evaluating Finite-State Runtime Monitors Ahead of Time.
ACM Trans. Program. Lang. Syst. 34(2),
pp. 7:1–7:52,
doi:10.1145/2220365.2220366.
Piero A. Bonatti & Pierangela Samarati (2004):
Logics for Authorizations and Security.
In: Jan Chomicki, Ron van der Meyden & Gunter Saake: Logics for Emerging Applications of Databases.
Springer Berlin Heidelberg,
pp. 277–323,
doi:10.1007/978-3-642-18690-5\@uscore .8.
Jean Bovet & Terence Parr (2008):
ANTLRWorks: An ANTLR Grammar Development Environment.
Softw. Pract. Exper. 38(12),
pp. 1305–1332,
doi:10.1002/spe.v38:12.
Frank Buschmann, Regine Meunier, Hans Rohnert, Peter Sommerlad & Michael Stal (1996):
Pattern-oriented Software Architecture: A System of Patterns.
John Wiley & Sons, Inc.,
New York, NY, USA.
David Ferraiolo & Richard Kuhn (1992):
Role-Based Access Control.
In: In 15th NIST-NCSC National Computer Security Conference,
pp. 554–563.
David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn & Ramaswamy Chandramouli (2001):
Proposed NIST Standard for Role-based Access Control.
ACM Trans. Inf. Syst. Secur. 4(3),
pp. 224–274,
doi:10.1145/501978.501980.
James Gosling, Bill Joy, Guy Steele & Gilad Bracha (2005):
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley)).
Addison-Wesley Professional.
Arun Gupta (2013):
Java EE 7 Essentials.
O'Reilly Media.
Kevin W. Hamlen, Greg Morrisett & Fred B. Schneider (2006):
Computability Classes for Enforcement Mechanisms.
ACM Trans. Program. Lang. Syst. 28(1),
pp. 175–205,
doi:10.1145/1111596.1111601.
Glenn E. Krasner & Stephen T. Pope (1988):
A Cookbook for Using the Model-view Controller User Interface Paradigm in Smalltalk-80.
J. Object Oriented Program. 1(3),
pp. 26–49.
Available at http://dl.acm.org/citation.cfm?id=50757.50759.
Torsten Priebe, Eduardo B. Fernandez, Jens I. Mehlau & Günther Pernul (2004):
A pattern system for access control.
In: Research Directions In Data and Applications Security XVIII.
Kluwer,
pp. 25–28,
doi:10.1007/1-4020-8126-6\@uscore .16.
A. Santana de Oliveira (2008):
Réécriture et Modularité pour les Politiques de Sécurité.
Université Henri Poincare,
Nancy, France.
Karsten Sohr, Michael Drouineaud, Gail-Joon Ahn & Martin Gogolla (2008):
Analyzing and Managing Role-Based Access Control Policies.
IEEE Transactions on Knowledge and Data Engineering 20(7),
pp. 924–939,
doi:10.1109/TKDE.2008.28.
Christopher Steel, Ramesh Nagappan & Ray Lai (2006):
Core security patterns: Best practices and strategies for J2EE, Web services, and identity management.
Prentice Hall Core Series.
Prentice-Hall.
Available at http://www.coresecuritypatterns.com/.
Jeff Zarnett, Mahesh Tripunitara & Patrick Lam (2010):
Role-based Access Control (RBAC) in Java via Proxy Objects Using Annotations.
In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies,
SACMAT '10.
ACM,
New York, NY, USA,
pp. 79–88,
doi:10.1145/1809842.1809858.