ACM Transactions on Information Systems (TOIS)
Role-Based Access Control Models
Computer
DCWPL: a programming language for describing collaborative work
CSCW '96 Proceedings of the 1996 ACM conference on Computer supported cooperative work
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Reconciling role based management and role based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
COCA: collaborative objects coordination architecture
CSCW '98 Proceedings of the 1998 ACM conference on Computer supported cooperative work
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
A model for role administration using organization structure
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Information flow analysis of an RBAC system
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A graph-based formalism for RBAC
ACM Transactions on Information and System Security (TISSEC)
Requirements Engineering: Processes and Techniques
Requirements Engineering: Processes and Techniques
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Verification support for workflow design with UML activity graphs
Proceedings of the 24th International Conference on Software Engineering
Using SPIN to Verify Security Properties of Cryptographic Protocols
Proceedings of the 9th International SPIN Workshop on Model Checking of Software
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
The specification of process synchronization by path expressions
Operating Systems, Proceedings of an International Symposium
Administrative scope: A foundation for role-based administrative models
ACM Transactions on Information and System Security (TISSEC)
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Static verification of security requirements in role based CSCW systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Access Control for Active Spaces
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Design of a Policy-Driven Middleware for Secure Distributed Collaboration
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Specification of Secure Distributed Collaboration Systems
ISADS '03 Proceedings of the The Sixth International Symposium on Autonomous Decentralized Systems (ISADS'03)
A general theory of security properties
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
ACM Transactions on Information and System Security (TISSEC)
Policy-based design of secure distributed collaboration systems
Policy-based design of secure distributed collaboration systems
Spin model checker, the: primer and reference manual
Spin model checker, the: primer and reference manual
Conformance checking of RBAC policy and its implementation
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Context-aware role-based access control in pervasive computing systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Palantir: a framework for collaborative incident response and investigation
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Security policies in distributed CSCW and workflow systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Roles of users in interactive networked collaborative environment
CIT'11 Proceedings of the 5th WSEAS international conference on Communications and information technology
A Generative Programming Framework for Context-Aware CSCW Applications
ACM Transactions on Software Engineering and Methodology (TOSEM)
| Hi-index | 0.00 |
We present, in this paper, a role-based model for programming distributed CSCW systems. This model supports specification of dynamic security and coordination requirements in such systems. We also present here a model-checking methodology for verifying the security properties of a design expressed in this model. The verification methodology presented here is used to ensure correctness and consistency of a design specification. It is also used to ensure that sensitive security requirements cannot be violated when policy enforcement functions are distributed among the participants. Several aspect-specific verification models are developed to check security properties, such as task-flow constraints, information flow, confidentiality, and assignment of administrative privileges.