ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
Coinductive axiomatization of recursive type equality and subtyping
Fundamenta Informaticae - Special issue: typed lambda-calculi and applications, selected papers
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Programming language methods in computer security
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
An access control language for web services
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A Language-Based Approach to Security
Informatics - 10 Years Back. 10 Years Ahead.
Role-Based Access Control
Implementing RBAC on a type enforced system
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
Enforcing Robust Declassification
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A Distributed Calculus for Rôle-Based Access Control
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Journal of Functional Programming
Confining root programs with domain and type enforcement (DTE)
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
We study mechanisms that permit program components to express role constraints on clients, focusing on programmatic security mechanisms, which permit access controls to be expressed, in situ, as part of the code realizing basic functionality. In this setting, two questions immediately arise:The user of a component faces the issue of safety: is a particular role sufficient to use the component? The component designer faces the dual issue of protection: is a particular role demanded in all execution paths of the component? We provide a formal calculus and static analysis to answer both questions