Formal Models of Capability-Based Protection Systems
IEEE Transactions on Computers
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Towards formal security analysis of GTRBAC using timed automata
Proceedings of the 14th ACM symposium on Access control models and technologies
Multi-layer audit of access rights
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
SEAL: a logic programming framework for specifying and verifying access control models
Proceedings of the 16th ACM symposium on Access control models and technologies
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
User-managed access control for health care systems
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
XML access control with policy matching tree
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Network vulnerability analysis through vulnerability take-grant model (VTG)
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Hi-index | 0.00 |
The Folklore is replete with stories of "secure" protection systems being compromised in a matter of hours. This is quite astounding since one is not likely to claim that a system is secure without some sort of proof to support the claim. In practice, proof is not provided and one reason for this is clear: although the protection primitives are apparently quite simple, they may potentially interact in extremely complex ways. Vague and informal arguments, therefore, often overlook subtleties that an adversary can exploit. Precision is not merely desirable for protection systems, it is mandatory.