@article(ArkoudasCC14, author = {Konstantine Arkoudas and Ritu Chadha and Cho{-}Yu Jason Chiang}, year = {2014}, title = {Sophisticated Access Control via {SMT} and Logical Frameworks}, journal = {{ACM} Trans. Inf. Syst. Secur.}, volume = {16}, number = {4}, pages = {17}, doi = {10.1145/2595222}, ) @inproceedings(BandaraLR03, author = {Arosha K. Bandara and Emil Lupu and Alessandra Russo}, year = {2003}, title = {Using Event Calculus to Formalise Policy Specification and Analysis}, booktitle = {POLICY}, publisher = {IEEE Computer Society}, pages = {26}, doi = {10.1109/POLICY.2003.1206955}, ) @techreport(Bell76, author = {David E. Bell and Leonard J. LaPadula}, year = {1976}, title = {{Secure Computer System: Unified Exposition and MULTICS Interpretation}}, type = {Technical Report}, institution = {The MITRE Corporation}, ) @article(BertinoBCCKK09, author = {Elisa Bertino and Carolyn Brodie and Seraphin B. Calo and Lorrie Faith Cranor and Clare-Marie Karat and John Karat and Ninghui Li and Dan Lin and Jorge Lobo and Qun Ni and Prathima Rao and Xiping Wang}, year = {2009}, title = {Analysis of privacy and security policies.}, journal = {IBM Journal of Research and Development}, volume = {53}, number = {2}, doi = {10.1147/JRD.2009.5429045}, ) @techreport(Biba, author = {Kenneth J. Biba}, year = {1977}, title = {Integrity Considerations for Secure Computer Systems}, type = {Technical Report}, institution = {The MITRE Corporation}, ) @book(Bishop, author = {Matthew A. Bishop}, year = {2002}, title = {The Art and Science of Computer Security}, publisher = {Addison-Wesley}, ) @inproceedings(BrewerN89, author = {D. F. C. Brewer and Michael J. Nash}, year = {1989}, title = {The Chinese Wall Security Policy}, booktitle = {Security and Privacy}, publisher = {IEEE Computer Society}, pages = {206--214}, doi = {10.1109/SECPRI.1989.36295}, ) @inproceedings(ClarkW87, author = {D. D. Clark and D. R. Wilson}, year = {1987}, title = {A Comparison of Commercial and Military Computer Security Policies}, booktitle = {Security and Privacy}, publisher = {IEEE Computer Society}, pages = {184--195}, doi = {10.1109/SP.1987.10001}, ) @inproceedings(DamianouDLS01, author = {Nicodemos Damianou and Naranker Dulay and Emil Lupu and Morris Sloman}, year = {2001}, title = {{The Ponder Policy Specification Language}}, booktitle = {POLICY}, series = {LNCS 1995}, publisher = {Springer}, pages = {18--38}, doi = {10.1007/3-540-44569-2\_2}, ) @inproceedings(rbac, author = {David Ferraiolo and Richard Kuhn}, year = {1992}, title = {Role-Based Access Control}, booktitle = {NIST-NCSC}, pages = {554--563}, ) @inproceedings(FislerKMT05, author = {Kathi Fisler and Shriram Krishnamurthi and Leo A. Meyerovich and Michael C. Tschantz}, year = {2005}, title = {Verification and change-impact analysis of access-control policies}, booktitle = {ICSE}, publisher = {ACM}, pages = {196--205}, doi = {10.1145/1062455.1062502}, ) @book(Gollmann0025849, author = {Dieter Gollmann}, year = {2011}, title = {Computer Security {(3.} ed.)}, publisher = {Wiley}, ) @inproceedings(GD72, author = {G. Scott Graham and Peter J. Denning}, year = {1972}, title = {Protection: Principles and Practice}, booktitle = {AFIPS}, publisher = {ACM}, pages = {417--429}, doi = {10.1145/1478873.1478928}, ) @inproceedings(GuarnieriNMM13, author = {Marco Guarnieri and Mario Arrigoni Neri and Eros Magri and Simone Mutti}, year = {2013}, title = {On the notion of redundancy in access control policies}, booktitle = {{SACMAT}}, publisher = {ACM}, pages = {161--172}, doi = {10.1145/2462410.2462426}, ) @inproceedings(Jajodia97alogical, author = {Sushil Jajodia and Pierangela Samarati and V. S. Subrahmanian}, year = {1997}, title = {A Logical Language for Expressing Authorizations}, booktitle = {Security and Privacy}, publisher = {{IEEE} Computer Society}, pages = {31--42}, doi = {10.1109/SECPRI.1997.601312}, ) @inproceedings(JinKS12, author = {Xin Jin and Ram Krishnan and Ravi S. Sandhu}, year = {2012}, title = {A Unified Attribute-Based Access Control Model Covering DAC, {MAC} and {RBAC}}, booktitle = {DBSec}, publisher = {Springer}, pages = {41--55}, doi = {10.1007/978-3-642-31540-4\_4}, ) @inproceedings(KolovskiHP07, author = {Vladimir Kolovski and James A. Hendler and Bijan Parsia}, year = {2007}, title = {Analyzing web access control policies}, booktitle = {WWW}, publisher = {ACM}, pages = {677--686}, doi = {10.1145/1242572.1242664}, ) @article(Lampson74, author = {Butler W. Lampson}, year = {1974}, title = {Protection}, journal = {Operating Systems Review}, volume = {8}, number = {1}, pages = {18--24}, doi = {10.1145/775265.775268}, ) @article(LazouskiMM10, author = {Aliaksandr Lazouski and Fabio Martinelli and Paolo Mori}, year = {2010}, title = {Usage control in computer security: {A} survey}, journal = {Computer Science Review}, volume = {4}, number = {2}, pages = {81--99}, doi = {10.1016/j.cosrev.2010.02.002}, ) @techreport(FACPLTR, author = {Andrea Margheri and Rosario Pugliese and Francesco Tiezzi}, year = {2015}, title = {{A Light Version of the FACPL Policy Language}}, type = {Technical Report}, note = {Available at \url{http://facpl.sourceforge.net/research/lightFACPLTR.pdf}}, ) @inproceedings(MouraB08, author = {Leonardo Mendon{\c{c}}a de Moura and Bj{\o}rner, Nikolaj}, year = {2008}, title = {{Z3:} An Efficient {SMT} Solver}, booktitle = {{TACAS} 2008}, publisher = {Springer}, pages = {337--340}, doi = {10.1007/978-3-540-78800-3\_24}, ) @article(MouraB11, author = {Leonardo Mendon{\c{c}}a de Moura and Bj{\o}rner, Nikolaj}, year = {2011}, title = {Satisfiability modulo theories: introduction and applications}, journal = {Commun. {ACM}}, volume = {54}, number = {9}, pages = {69--77}, doi = {10.1145/1995376.1995394}, ) @misc(nistsurvey, author = {NIST}, year = {2009}, title = {A survey of access control models}, note = {\url{http://csrc.nist.gov/news_events/privilege-management-workshop/PvM-Model-Survey-Aug26-2009.pdf}}, ) @misc(XACML3, author = {{OASIS XACML TC}}, year = {2013}, title = {{eXtensible Access Control Markup Language (XACML) version 3.0 }}, note = {\url{https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml}}, ) @article(Sandhu93, author = {Ravi S. Sandhu}, year = {1993}, title = {Lattice-Based Access Control Models}, journal = {{IEEE} Computer}, volume = {26}, number = {11}, pages = {9--19}, doi = {10.1109/2.241422}, ) @article(SandhuCFY96, author = {Ravi S. Sandhu and Edward J. Coyne and Hal L. Feinstein and Charles E. Youman}, year = {1996}, title = {Role-Based Access Control Models}, journal = {{IEEE} Computer}, volume = {29}, number = {2}, pages = {38--47}, doi = {10.1109/2.485845}, ) @incollection(VimercatiFS08, author = {Sabrina De Capitani di Vimercati and Sara Foresti and Pierangela Samarati}, year = {2008}, title = {Recent Advances in Access Control}, editor = {Michael Gertz and Sushil Jajodia}, booktitle = {Handbook of Database Security}, publisher = {Springer}, pages = {1--26}, doi = {10.1007/978-0-387-48533-1\_1}, )