IEEE Transactions on Software Engineering
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Toward a multilevel secure relational data model
SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
CACL: efficient fine-grained protection for objects
OOPSLA '92 conference proceedings on Object-oriented programming systems, languages, and applications
Access control for collaborative environments
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Computers and Security
Database security
Formal query languages for secure relational databases
ACM Transactions on Database Systems (TODS)
Role-Based Access Control Models
Computer
Secure computing: threats and safeguards
Secure computing: threats and safeguards
IEEE ADL '97 Proceedings of the IEEE international forum on Research and technology advances in digital libraries
Requirements of role-based access control for collaborative systems
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
IEEE Transactions on Software Engineering
REFEREE: trust management for Web applications
Selected papers from the sixth international conference on World Wide Web
Exception-based information flow control in object-oriented systems
ACM Transactions on Information and System Security (TISSEC)
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
Minimal data upgrading to prevent inference and association attacks
PODS '99 Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Design and implementation of an access control processor for XML documents
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet
Proceedings of the 7th ACM conference on Computer and communications security
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Shared resource matrix methodology: an approach to identifying storage and timing channels
ACM Transactions on Computer Systems (TOCS)
A lattice model of secure information flow
Communications of the ACM
Protection in operating systems
Communications of the ACM
Fine grained access control for SOAP E-services
Proceedings of the 10th international conference on World Wide Web
The role of trust management in distributed systems security
Secure Internet programming
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Multilevel secure transaction processing
Journal of Computer Security
Introduction to Database Systems
Introduction to Database Systems
The Design and Analysis of Computer Algorithms
The Design and Analysis of Computer Algorithms
A Model for Evaluation and Administration of Security in Object-Oriented Databases
IEEE Transactions on Knowledge and Data Engineering
A MAC Policy Framework for Multilevel Relational Databases
IEEE Transactions on Knowledge and Data Engineering
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
Supporting Access Control in an Object-Oriented Database Language
EDBT '92 Proceedings of the 3rd International Conference on Extending Database Technology: Advances in Database Technology
Polyinstantation for Cover Stories
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Cover Stories for Database Security
Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
On Five Definitions of Data Integrity
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
ACM SIGOPS Operating Systems Review
The ARBAC99 Model for Administration of Roles
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Communication Agreement Framework for Access/Action Control
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Practically Implementable and Tractable Delegation Logic
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Protection: principles and practice
AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
An authorization model for a public key management service
ACM Transactions on Information and System Security (TISSEC)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Information sharing and security in dynamic coalitions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
XrML -- eXtensible rights Markup Language
Proceedings of the 2002 ACM workshop on XML security
Access control: principles and solutions
Software—Practice & Experience - Special issue: Security software
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Virtual enterprise access control requirements
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
Certificate-based access control policies description language
Artificial intelligence and security in computing systems
Towards a credential-based implementation of compound access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
Data & Knowledge Engineering - Special jubilee issue: DKE 50
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Modeling and Analyzing of Workflow Authorization Management
Journal of Network and Systems Management
Policy framings for access control
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Applying Semantic Knowledge to Real-Time Update of Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
Maintaining privacy on derived objects
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Modality conflicts in semantics aware access control
ICWE '06 Proceedings of the 6th international conference on Web engineering
A framework for decentralized access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Trust management services in relational databases
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Access control and audit model for the multidimensional modeling of data warehouses
Decision Support Systems
A lattice-based approach for updating access control policies in real-time
Information Systems
Developing secure data warehouses with a UML extension
Information Systems
Secured Information Flow for Asynchronous Sequential Processes
Electronic Notes in Theoretical Computer Science (ENTCS)
Implementation of a Formal Security Policy Refinement Process in WBEM Architecture
Journal of Network and Systems Management
A type discipline for authorization policies
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
Access control policies and languages
International Journal of Computational Science and Engineering
On the design, implementation and application of an authorisation architecture for web services
International Journal of Information and Computer Security
A privacy-aware access control system
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Towards Modal Logic Formalization of Role-Based Access Control with Object Classes
FORTE '07 Proceedings of the 27th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Validating Access Control Configurations in J2EE Applications
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
PuRBAC: Purpose-Aware Role-Based Access Control
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Security and privacy for geospatial data: concepts and research directions
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
An engineering process for developing Secure Data Warehouses
Information and Software Technology
Security architecture for virtual organizations of business web services
Journal of Systems Architecture: the EUROMICRO Journal
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools
Transactions on Computational Science IV
A trust degree based access control in grid environments
Information Sciences: an International Journal
A UML 2.0 profile to define security requirements for Data Warehouses
Computer Standards & Interfaces
Using user context for accessing IT resources
Proceedings of the first international workshop on Context-aware software technology and applications
A type system for discretionary access control†
Mathematical Structures in Computer Science
GoCoMM: a governance and compliance maturity model
Proceedings of the first ACM workshop on Information security governance
An XACML-based privacy-centered access control system
Proceedings of the first ACM workshop on Information security governance
Semantics-aware matching strategy (SAMS) for the Ontology meDiated Data Integration (ODDI)
International Journal of Knowledge Engineering and Soft Data Paradigms
Towards an Approach of Semantic Access Control for Cloud Computing
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
A Formal Approach for the Evaluation of Network Security Mechanisms Based on RBAC Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Information and Software Technology
XML-based access control languages
Information Security Tech. Report
Encryption policies for regulating access to outsourced data
ACM Transactions on Database Systems (TODS)
Access control management in open distributed virtual repositories and the grid
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Modeling location attributes using XACML-RBAC model
Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia
A language for provenance access control
Proceedings of the first ACM conference on Data and application security and privacy
Authorization enforcement usability case study
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Enabling access to web resources through SecPODE-based annotations
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems
Towards accuracy of role-based access control configurations in component-based systems
Journal of Systems Architecture: the EUROMICRO Journal
Exploiting modular access control for advanced policies
Proceedings of the tenth international conference on Aspect-oriented software development companion
Middleware non-repudiation service for the data warehouse
Annales UMCS, Informatica
From security protocols to systems security
Proceedings of the 11th international conference on Security Protocols
Enforcing trust in pervasive computing with trusted computing technology
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Creating objects in the flexible authorization framework
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Policy classes and query rewriting algorithm for XML security views
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Enhancing user privacy through data handling policies
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
From business process choreography to authorization policies
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
The architecture of a privacy-aware access control decision component
CASSIS'05 Proceedings of the Second international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
UCONLEGAL: a usage control model for HIPAA
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
SecDS: a secure EPC discovery service system in EPCglobal network
Proceedings of the second ACM conference on Data and Application Security and Privacy
Policies, models, and languages for access control
DNIS'05 Proceedings of the 4th international conference on Databases in Networked Information Systems
Security and trust requirements engineering
Foundations of Security Analysis and Design III
Towards privacy-enhanced authorization policies and languages
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Revocation of obligation and authorisation policy objects
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Towards an integrated formal analysis for security and trust
FMOODS'05 Proceedings of the 7th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Permission and authorization in policies for virtual communities of agents
AP2PC'04 Proceedings of the Third international conference on Agents and Peer-to-Peer Computing
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
ZB'05 Proceedings of the 4th international conference on Formal Specification and Development in Z and B
Semantic access control model: a formal specification
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A survey of security issue in multi-agent systems
Artificial Intelligence Review
Security policy enforcement through refinement process
B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
A security management information model derivation framework: from goals to configurations
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
A cloud-based RDF policy engine for assured information sharing
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Survey: Usage control in computer security: A survey
Computer Science Review
SecTTS: A secure track & trace system for RFID-enabled supply chains
Computers in Industry
Automated and efficient analysis of role-based access control with attributes
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Enforcing subscription-based authorization policies in cloud scenarios
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Challenging issues of UCON in modern computing environments
Proceedings of the Fifth Balkan Conference in Informatics
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Automated extraction of security policies from natural-language software documents
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Design and implementation of a cloud-based assured information sharing system
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Configuring private data management as access restrictions: from design to enforcement
ICSOC'12 Proceedings of the 10th international conference on Service-Oriented Computing
Engineering access control policies for provenance-aware systems
Proceedings of the third ACM conference on Data and application security and privacy
Secure and modular access control with aspects
Proceedings of the 12th annual international conference on Aspect-oriented software development
Formal definitions for usable access control rule sets from goals to metrics
Proceedings of the Ninth Symposium on Usable Privacy and Security
An access control framework for hybrid policies
Proceedings of the 6th International Conference on Security of Information and Networks
Science of Computer Programming
| Hi-index | 0.00 |
Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and, in some sense, to different definitions of what ensuring security means. In this chapter we investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration. We discuss several access control policies, and models formalizing them, that have been proposed in the literature or that are currently under investigation.