Context Navigation

RbacResources

Timestamp:: Sep 14, 2006, 6:56:52 PM (18 years ago)
Author:: hedinger
Comment:: —

Legend:

: Unmodified
: Added
: Removed
: Modified

Internal/Rbac/RbacResources

-              v37
+              v38
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p126-bertino.pdf BBS94]] Elisa Bertino, Claudio Bettini, and Pierangela Samarati. A Temporal Authorization Model. In ''CCS '94: Proceedings of the 2nd ACM Conference on Computer and communications security'', pages 126--135, New York, NY, USA, 1994. ACM Press.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p29-bertino.pdf BCDP05]] Elisa Bertino, Barbara Catania, Maria Luisa Damiani, and Paolo Perlasca. GEO-RBAC: A Spatially Aware RBAC. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 29--37, New York, NY, USA, 2005. ACM Press.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/barkley-et-al-rbac-web-97.pdf BCFE97]] John F. Barkley, Anthony V. Cincotta, David F. Ferraiolo, Serban Gavrila, and D. Richard Kuhn. Role Based Access Control for the World Wide Web. In ''Proceedings of the 20th National Information System Security Conference'', pages 1--7, 1997. barkley-et-al-rbac-web-97.ps.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p71-bertino.pdf BCFP03]] Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. A Logical Framework for Reasoning about Access Control Models. ''ACM Trans. Inf. Syst. Secur.'', 6(1):71--127, 2003.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-04.pdf BDBE06]] Rafae Bhatti, Maria Damiani, David W. Bettis, Elisa Bertino, and Arif Ghafoor. A Modular Framework for Administering Spatial Constraints in Context-Aware RBAC. Technical Report TR 2006-04, Purdue University CERIAS, 2006.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p100-lodderstedt.pdf BDL03]] David Basin, Jürgen Doser, and Torsten Lodderstedt. Model Driven Security for Process-Oriented Systems. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 100--109, New York, NY, USA, 2003. ACM Press.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-27.pdf Bha03]] Rafae Bhatti. X-GTRBAC: an XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. Master's thesis, Purdue University, May 2003.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-13.pdf Bha06]] Rafae Bhatti. ''A Policy Engineering Framework for Federated Access Management''. PhD thesis, Purdue University, 2006.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ICWS_2003.pdf BJBG03]] Rafae Bhatti, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. Access Control in Dynamic XML-Based Web Services Using X-RBAC. In ''Proceedings of the First International Conference on Web Services (ICWS)'', June 2003.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p388-bhatti.pdf BSBE05]] Rafae Bhatti, Basit Shafiq, Elisa Bertino, Arif Ghafoor, and James B. D. Joshi. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. ''ACM Trans. Inf. Syst. Secur.'', 8(4):388--423, 2005.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-03.pdf BSBG06]] Rafae Bhatti, Daniel Sanz, Elisa Bertino, and Arif Ghafoor. A Policy-Based Authorization System for Web Services: Integrating X-GTRBAC and WS-Policy. Technical Report TR 2006-03, Purdue University CERIAS, 2006.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rwhat.pdf BSCE05]] Sacha Brostoff, M. Angela Sasse, David Chadwick, James Cunningham, Uche Mbanaso, and Sassa Otenko. R-What? Development of a Role-Based Access Control (RBAC) Policy-Writing Tool for e-Scientists. ''Software: Practice and Experience'', 35(9):835--856, July 2005.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p141-fraser.pdf FFME01]] Timothy Fraser, David Ferraiolo, Mikel L. Matthews, Casey Schaufler, Stephen Smalley, and Robert Watson. Panel: Which Access Control Technique Will Provide the Greatest Overall benefit? In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 141--149, New York, NY, USA, 2001. ACM Press.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p11-ferraiolo.pdf FGHK05]] David F. Ferraiolo, Serban Gavrila, Vincent Hu, and D. Richard Kuhn. Composing and Combining Policies under the Policy Machine. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 11--20, New York, NY, USA, 2005. ACM Press.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fernandez97determining.pdf FH97]] Eduardo B. Fernandez and J. C. Hawkins. Determining Role Rights from Use Cases. In ''Proceedings of the 2nd ACM Workshop on Role Based Access Control (RBAC'97)'', pages 121--126, 1997.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p196-fisler.pdf FKMT05]] Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, and Michael Carl Tschantz. Verification and Change-Impact Analysis of Access-Control Policies. In ''ICSE '05: Proceedings of the 27th international conference on Software engineering'', pages 196--205, New York, NY, USA, 2005. ACM Press.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/FKStoappear.pdf FKS06]] David F. Ferraiolo, D. Richard Kuhn, and Ravi S. Sandhu. Comments on 'A Critique of the ANSI Standard on Role Based Access Control'. ''IEEE Security and Privacy'', 2006. to appear 2006, see http://csrc.nist.gov/staff/kuhn/rkhome.html.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/drbac-icdcs02.pdf FPPE02]] Eric Freudenthal, Tracy Pesin, Lawrence Port, Edward Keenan, and Vijay Karamcheti. dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments. In ''Proceedings of the 22nd International Conference on Distributed Computing Systems'', pages 411--420, 2002.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01355921.pdf JBBG04]] James B. D. Joshi, Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. Access-Control Language for Multidomain Environments. ''IEEE Internet Computing'', 8(6):40--50, 2004.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2004-46.pdf JBBG05]] James Joshi, Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. X- RBAC: An Access Control Language for Multi-domain Environments. Technical Report TR 2004-46, Purdue University CERIAS, 2005.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p74-joshi.pdf JBG02]] James B D Joshi, Elisa Bertino, and Arif Ghafoor. Temporal Hierarchies and Inheritance Semantics for GTRBAC. In ''SACMAT '02: Proceedings of the Seventh ACM symposium on Access Control Models and Technologies'', pages 74--83, New York, NY, USA, 2002. ACM Press.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01453534.pdf JBG05]] James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model. ''IEEE Transactions on Dependable and Secure Computing'', 2(2):157--175, 2005.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-25.pdf JBJ06]] E. Bertino. A. Ghafoor James B. Joshi. Formal Foundations for Hybrid Hierarchies in GTRBAC. Technical Report TR 2006-25, Purdue University CERIAS, 2006.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2001-47.pdf JBLG01]] James B. D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. Generalized Temporal Role Based Access Control Model (GTRBAC) (Part I) - Specification and Modeling. Technical Report TR 2001-47, Purdue University CERIAS, 2001.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-01.pdf JBLG03]] James B. D. Joshi, Elisa Bertin, Usman Latif, and Arif Ghafoor. Generalized Temporal Role Based Access Control Model (GTRBAC) (Part II) - Expressiveness and Design Issues. Technical Report TR 2003-01, Purdue University CERIAS, 2003.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01363762.pdf JBLG05]] James B. D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A Generalized Temporal Role-Based Access Control Model. ''IEEE Transactions on Knowledge and Data Engineering'', 17(1):4--23, 2005.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-23.pdf Jos03]] James B. D. Joshi. ''A Generalized Temporal Role Based Access Control Model for Developing Secure Systems''. PhD thesis, Purdue University, August 2003.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p51-joshi.pdf JSGB03]] James B. D. Joshi, Basit Shafiq, Arif Ghafoor, and Elisa Bertino. Dependencies and Separation of Duty Constraints in GTRBAC. In ''SACMAT '03: Proceedings of the Eighth ACM symposium on Access Control Models and Technologies'', pages 51--64, New York, NY, USA, 2003. ACM Press.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/waveset_WP_HIPAA_Compliance.pdf Lan03]] Doug Landoll. Achieving HIPAA Compliance with Indentity Management from Waveset. Technical report, Waveset Technologies, Inc., 2003.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/aboutRBACStandard.pdf LBB06]] Ninghui Li, Ji-Won Byun, and Elisa Bertino. A Critique of the ANSI Standard on Role Based Access Control. ''IEEE Security and Privacy'', 2006. Revision under review.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p42-li.pdf LBT04]] Ninghui Li, Ziad Bizri, and Mahesh V. Tripunitara. On Mutually-Exclusive Roles and Separation of Duty. In ''CCS '04: Proceedings of the 11th ACM conference on Computer and communications security'', pages 42--51, New York, NY, USA, 2004. ACM Press.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p126-li.pdf LT04]] Ninghui Li and Mahesh V. Tripunitara. Security Analysis in Role-Based Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 126--135, New York, NY, USA, 2004. ACM Press.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2005-02.pdf LT05]] Ninghui Li and Mahesh V. Tripunitara. Security Analysis in Role-Based Access Control. Technical Report TR 2005-02, Purdue University CERIAS, 2005.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbac_analysis_tissec.pdf LT06]] Ninghui Li and Mahesh V. Tripunitara. Security Analysis in Role-Based Access Control. ''ACM Transactions on Information and System Security (TISSEC)'', 2006. to appear.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/algebra_ccs06.pdf LW06]] Ninghui Li and Qihua Wang. Beyond Separation of Duty: An Algebra for Specifying High-level Security Policies. In ''Proceedings of the ACM Conference in Computer and Communications Security (CCS)'', November 2006.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p112-liu.pdf LWGE06]] Yanhong A. Liu, Chen Wang, Michael Gorbovitski, Tom Rothamel, Yongxi Cheng, Yingchao Zhao, and Jing Zhang. Core Role-Based Access Control: Efficient Implementations by Transformations. In ''PEPM '06: Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation'', pages 112--120, New York, NY, USA, 2006. ACM Press.
 …
   [[http://www.tonymarston.net/php-mysql/role-based-access-control.html Mar04]] Tony Marston. A Role-Based Access Control (RBAC) System for PHP, May 2004.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2005-62.pdf MBGM05]] Ammar Masood, Rafae Bhatti, Arif Gahfoor, and Aditya P. Mathur. Model-based Testing of Access Control Systems that Employ RBAC Policies. Technical Report TR 2005-62, Purdue University CERIAS, 2005.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01214883.pdf MDS03]] Till Mossakowski, Michael Drouineaud, and Karsten Sohr. A Temporal-Logic Extension of Role-Based Access Control Covering Dynamic Separation of Duties. In ''Proceedings of the Fourth International Conference on Temporal Logic and 10th International Symposium on Temporal Representation and Reasoning'', pages 83--90, Washington, DC, USA, July 2003. IEEE Computer Society.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01229859.pdf MF03]] Gustavo H. M. B. Motta and Sergio S. Furuie. A Contextual Role-Based Access Control Authorization Model for Electronic Patient Record. ''IEEE Transactions on Information Technology in Biomedicine'', 7(3):202--207, September 2003.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-24.pdf MGM06]] Ammar Masood, Arif Ghafoor, and Aditya Mathur. Scalable and Effective Test Generation for Access Control Systems that Employ RBAC Policies. Technical Report TR 2006-24, Purdue University CERIAS, 2006.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/moffett99uses.pdf ML99]] Jonathan D. Moffett and Emil Lupu. The Uses of Role Hierarchies in Access Control. In ''ACM Workshop on Role-Based Access Control'', pages 153--160, 1999.
 …
   [[http://dream.sims.berkeley.edu/doc-eng/projects/ROLES/roles-final-report.html SGGE02]] Calvin Smith, Patrick Garvey, Marc Gratacos, E. Liggett, and Charis Kaskiris. ROLES Project Final Report. Technical report, University of California, Berkeley, The Center for Document Engineering, December 2002.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-19.pdf Sha06]] Basit Shafiq. ''Access Control Management and Security in Multi-Domain Collaborative Environments''. PhD thesis, Purdue University, 2006.
   [[http://idsynch.com/docs/beyond-roles-google.html Sho06]] Idan Shoham. Beyond Roles: A Practical Approach to Enterprise User Provisioning. Technical report, M-Tech, 2006.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p154-tidswell.pdf TJ00]] Jonathon E. Tidswell and Trent Jaeger. An Access Control Model for Simplifying Constraint Expression. In ''CCS '00: Proceedings of the 7th ACM Conference on Computer and Communications Security'', pages 154--163, New York, NY, USA, 2000. ACM Press.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2004-10.pdf TL04]] Mahesh V. Tripunitara and Ninghui Li. Comparing the Expressive Power of Access Control Models. Technical Report TR 2004-10, Purdue University CERIAS, August 2004.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/CRPITV21ATaylor.pdf TM03]] Kerry Taylor and James Murty. Implementing Role Based Access Control for Federated Information Systems on the Web. In ''ACSW Frontiers '03: Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003'', pages 87--95, Darlinghurst, Australia, Australia, 2003. Australian Computer Society, Inc.
+  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2005-83.pdf Tri05]] Mahesh V. Tripunitara. ''A Theory Based on Security Analysis for Comparing the Expressive Power of Access Control Models''. PhD thesis, Purdue University, 2005.
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i97tbac.pdf TS98]] Roshan K. Thomas and Ravi S. Sandhu. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management. In ''Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI'', pages 166--181, London, UK, 1998. Chapman & Hall, Ltd.
 …
   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00933700.pdf ZY01b]] Chang N. Zhang and Cungang Yang. Specification and Enforcement of Object-Oriented RBAC Model. In ''Proceedings of the Canadian Conference on Electrical and Computer Engineering, 2001'', volume 1, pages 301--305, 2001.