Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
ACM Transactions on Information and System Security (TISSEC)
Protection in operating systems
Communications of the ACM
A Symbiotic Relationship Between Formal Methods and Security
CSDA '98 Proceedings of the Conference on Computer Security, Dependability, and Assurance: From Needs to Solutions
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
The Effect of Trust Assumptions on the Elaboration of Security Requirements
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Reasoning about confidentiality at requirements engineering time
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
IEEE Security and Privacy
Apply Model Checking to Security Analysis in Trust Management
ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
Credential chain discovery in RTTtrust management language
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Trust management languages and complexity
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part II
| Hi-index | 0.00 |
Security in software is often considered a nonfunctional requirement because it is often interpreted as an emergent feature of the system. Too often it is introduced as a last-minute requirement over an otherwise completed product rather than properly integrated during the early stages of software design and development. One significant aspect of security involves access control. This paper proposes a multi-layer model detailing the integration of trust management access control with an application's model behavior. Our previous work focused on modeling the dynamic changes of a trust management policy for the purpose of verifying security properties using model checking. We are working toward integrating both the trust management policy and the mechanisms that enforce that policy for the purpose of verifying security properties. We focus on the Rolebased Trust Management (RT) language and suggest concerns specific to it.