Role-Based Access Control Models
Computer
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Eliciting security requirements with misuse cases
Requirements Engineering
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certified In-lined Reference Monitoring on .NET
Proceedings of the 2006 workshop on Programming languages and analysis for security
Communications of the ACM - Privacy and security in highly dynamic systems
Requirements engineering for trust management: model, methodology, and reasoning
International Journal of Information Security
GEO-RBAC: A spatially aware RBAC
ACM Transactions on Information and System Security (TISSEC)
Security-by-contract on the .NET platform
Information Security Tech. Report
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
On the Challenge of Engineering Socio-technical Systems
Software-Intensive Systems and New Computing Paradigms
Real life challenges in access-control management
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Testing in the Wild: The Social and Organisational Dimensions of Real World Practice
Computer Supported Cooperative Work
Towards Practical Enforcement Theories
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Folk models of home computer security
Proceedings of the Sixth Symposium on Usable Privacy and Security
Usage control enforcement - a survey
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Hi-index | 0.00 |
Once upon a time a professor of computing and a father was complaining at a radiology ward. A CD with the X-rays of his son's chest had garbled images. Unfortunately, the CD burning process has been outsourced and, in compliance with e-health security policies, technicians could not see the images on the system. Only doctors could. The nurse had a decision to make: sidestep the father (send him away with empty hands to the pneumology ward) or sidestep the system (give the technician the doctor's password and thus the ability to access all images and not just this one). As a father he was happy of her decision. As a professor, this knowledge was of meager and unsatisfactory kind. Any human decision maker who experienced the need of a local IT infringement in order to achieve her business goals knows that she is offered only the choice between strict compliance (and failure of business goals) or global violation (and failure of security goals). Software engineers do not simply know how to deal with infringements. I believe that a different alternative should be possible. The goal of this paper is to sketch the challenges of such unexplored scientific alternative.