Role-Based Access Control Models
Computer
Proceedings of the 4th ACM conference on Computer and communications security
Proceedings of the 1998 workshop on New security paradigms
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
ACM Transactions on Information and System Security (TISSEC)
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Later Developments at Cambridge: Titan, Cap, and the Cambridge Ring
IEEE Annals of the History of Computing
Hazard Analysis for Security Protocol Requirements
Proceedings of the IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security
An Authorization Model and Its Formal Semantics
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
A HOL extension of GNY for automatically analyzing cryptographic protocols
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Intensional specifications of security protocols
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A Simple Logic for Authentication Protocol Design
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Process Algebra and Non-interference
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Analysis of Integrity Policies using Soft Constraints
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
On Unifying Some Cryptographic Protocol Logics
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fast automatic synthesis of security protocols using backward search
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
A nonfunctional approach to system integrity
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
An integrity policy defines the situations when modification of information is authorised and is enforced by the protection mechanisms of a system. Traditional models of protection tend to define integrity in terms of ad-hoc authorisation techniques whose effectiveness are justified more on the basis of experience and ''best practice'' rather than on any theoretical foundation. In a complex application system it is possible that an integrity policy may have been incorrectly configured, or that the protection mechanisms are inadequate, resulting in an unexpected system compromise. This paper examines the meaning of integrity and and describes a simple belief logic approach for analysing the integrity of a system configuration.