Role-Based Access Control Models
Computer
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
The expressive power of multi-parent creation in monotonic access control models
Journal of Computer Security
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Protection in operating systems
Communications of the ACM
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
A State-Transition Model of Trust Management and Access Control
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
SWORD: scalable and flexible workload generator for distributed data processing systems
Proceedings of the 38th conference on Winter simulation
A theory for comparing the expressive power of access control models
Journal of Computer Security
On the Security of Delegation in Access Control Systems
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
TBA: a hybrid of logic and extensional access control systems
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
| Hi-index | 0.00 |
Access control is an area where one size does not fit all. However, previous work in access control has focused solely on expressiveness as an absolute measure. Thus, we discuss and justify the need for a new type of evaluation framework for access control, one that is application-aware. To this end, we apply previous work in access control evaluation, as well as lessons learned from evaluation frameworks used in other domains. We describe the analysis components required by such a framework, the challenges involved in building it, and our preliminary work in realizing this ambitious goal. We then theorize about other areas within the security domain that display a similar absence of such evaluation tools, and consider ways in which we can adapt our framework to analyze these broader types of security workloads.