References

  1. Konstantine Arkoudas, Ritu Chadha & Cho-Yu Jason Chiang (2014): Sophisticated Access Control via SMT and Logical Frameworks. ACM Trans. Inf. Syst. Secur. 16(4), pp. 17, doi:10.1145/2595222.
  2. Arosha K. Bandara, Emil Lupu & Alessandra Russo (2003): Using Event Calculus to Formalise Policy Specification and Analysis. In: POLICY. IEEE Computer Society, pp. 26, doi:10.1109/POLICY.2003.1206955.
  3. David E. Bell & Leonard J. LaPadula (1976): Secure Computer System: Unified Exposition and MULTICS Interpretation. Technical Report. The MITRE Corporation.
  4. Elisa Bertino, Carolyn Brodie, Seraphin B. Calo, Lorrie Faith Cranor, Clare-Marie Karat, John Karat, Ninghui Li, Dan Lin, Jorge Lobo, Qun Ni, Prathima Rao & Xiping Wang (2009): Analysis of privacy and security policies.. IBM Journal of Research and Development 53(2), doi:10.1147/JRD.2009.5429045.
  5. Kenneth J. Biba (1977): Integrity Considerations for Secure Computer Systems. Technical Report. The MITRE Corporation.
  6. Matthew A. Bishop (2002): The Art and Science of Computer Security. Addison-Wesley.
  7. D. F. C. Brewer & Michael J. Nash (1989): The Chinese Wall Security Policy. In: Security and Privacy. IEEE Computer Society, pp. 206–214, doi:10.1109/SECPRI.1989.36295.
  8. D. D. Clark & D. R. Wilson (1987): A Comparison of Commercial and Military Computer Security Policies. In: Security and Privacy. IEEE Computer Society, pp. 184–195, doi:10.1109/SP.1987.10001.
  9. Nicodemos Damianou, Naranker Dulay, Emil Lupu & Morris Sloman (2001): The Ponder Policy Specification Language. In: POLICY, LNCS 1995. Springer, pp. 18–38, doi:10.1007/3-540-44569-2_2.
  10. David Ferraiolo & Richard Kuhn (1992): Role-Based Access Control. In: NIST-NCSC, pp. 554–563.
  11. Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich & Michael C. Tschantz (2005): Verification and change-impact analysis of access-control policies. In: ICSE. ACM, pp. 196–205, doi:10.1145/1062455.1062502.
  12. Dieter Gollmann (2011): Computer Security (3. ed.). Wiley.
  13. G. Scott Graham & Peter J. Denning (1972): Protection: Principles and Practice. In: AFIPS. ACM, pp. 417–429, doi:10.1145/1478873.1478928.
  14. Marco Guarnieri, Mario Arrigoni Neri, Eros Magri & Simone Mutti (2013): On the notion of redundancy in access control policies. In: SACMAT. ACM, pp. 161–172, doi:10.1145/2462410.2462426.
  15. Sushil Jajodia, Pierangela Samarati & V. S. Subrahmanian (1997): A Logical Language for Expressing Authorizations. In: Security and Privacy. IEEE Computer Society, pp. 31–42, doi:10.1109/SECPRI.1997.601312.
  16. Xin Jin, Ram Krishnan & Ravi S. Sandhu (2012): A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. In: DBSec. Springer, pp. 41–55, doi:10.1007/978-3-642-31540-4_4.
  17. Vladimir Kolovski, James A. Hendler & Bijan Parsia (2007): Analyzing web access control policies. In: WWW. ACM, pp. 677–686, doi:10.1145/1242572.1242664.
  18. Butler W. Lampson (1974): Protection. Operating Systems Review 8(1), pp. 18–24, doi:10.1145/775265.775268.
  19. Aliaksandr Lazouski, Fabio Martinelli & Paolo Mori (2010): Usage control in computer security: A survey. Computer Science Review 4(2), pp. 81–99, doi:10.1016/j.cosrev.2010.02.002.
  20. Andrea Margheri, Rosario Pugliese & Francesco Tiezzi (2015): A Light Version of the FACPL Policy Language. Technical Report. Available at http://facpl.sourceforge.net/research/lightFACPLTR.pdf.
  21. Leonardo Mendonça de Moura & Nikolaj Bjørner (2008): Z3: An Efficient SMT Solver. In: TACAS 2008. Springer, pp. 337–340, doi:10.1007/978-3-540-78800-3_24.
  22. Leonardo Mendonça de Moura & Nikolaj Bjørner (2011): Satisfiability modulo theories: introduction and applications. Commun. ACM 54(9), pp. 69–77, doi:10.1145/1995376.1995394.
  23. NIST (2009): A survey of access control models. http://csrc.nist.gov/news_events/privilege-management-workshop/PvM-Model-Survey-Aug26-2009.pdf.
  24. OASIS XACML TC (2013): eXtensible Access Control Markup Language (XACML) version 3.0. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.
  25. Ravi S. Sandhu (1993): Lattice-Based Access Control Models. IEEE Computer 26(11), pp. 9–19, doi:10.1109/2.241422.
  26. Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein & Charles E. Youman (1996): Role-Based Access Control Models. IEEE Computer 29(2), pp. 38–47, doi:10.1109/2.485845.
  27. Sabrina De Capitani di Vimercati, Sara Foresti & Pierangela Samarati (2008): Recent Advances in Access Control. In: Michael Gertz & Sushil Jajodia: Handbook of Database Security. Springer, pp. 1–26, doi:10.1007/978-0-387-48533-1_1.
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org