A lattice model of secure information flow
Communications of the ACM
Protection in operating systems
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Protection in programmed systems.
Protection in programmed systems.
A Model for Multilevel Security in Computer Networks
IEEE Transactions on Software Engineering
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Managing access control complexity using metrices
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Report on the computer security foundations workshop VI
ACM SIGSAC Review
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Hierarchical Take-Grant Protection systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
A function-based access control model for XML databases
Proceedings of the 14th ACM international conference on Information and knowledge management
Running the manual: an approach to high-assurance microkernel development
Proceedings of the 2006 ACM SIGPLAN workshop on Haskell
NETRA:: seeing through access control
Proceedings of the fourth ACM workshop on Formal methods in security
Formal Models of Capability-Based Protection Systems
IEEE Transactions on Computers
Verified Protection Model of the seL4 Microkernel
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
A Verified Shared Capability Model
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards Modelling Information Security with Key-Challenge Petri Nets
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Analyzing uncertainty in TG protection graphs with TG/MC
Journal of Computer Security
A practical formal model for safety analysis in capability-based systems
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
The structure of authority: why security is not a separable concern
MOZ'04 Proceedings of the Second international conference on Multiparadigm Programming in Mozart/Oz
XML access control with policy matching tree
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
| Hi-index | 0.00 |
In the context of a capability-based protection system, the term “transfer” is used (here) to refer to the situation where a user receives information when he does not initially have a direct “right” to it. Two transfer methods are identified: de jure transfer refers to the case when the user acquires the direct authority to read the information; de facto transfer refers to the case when the user acquires the information (usually in the form of a copy and with the assistance of others), without necessarily being able to get the direct authority to read the information. The Take-Grant Protection Model, which already models de jure transfers, is extended with four rewriting rules to model de facto transfer. The configurations under which de facto transfer can arise are characterized. Considerable motivational discussion is included.