Managing access control complexity using metrics

Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)

Volumn , Issue , 2001, Pages 131-139

  Jaeger, Trent ^a  

^a IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL COMPLEXITY; COMPUTER PROGRAMMING LANGUAGES; CONSTRAINT THEORY; GRAPH THEORY;

ACCESS CONTROL;

SECURITY OF DATA;

EID: 0035790630     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (19)

1. G. Ahn and R. Sandhu. Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC), 3(4), November 2000.
2. th IEEE Computer Security Foundations Workshop, pages 138-149, 1994.
3. P. E. Ammann and R. S. Sandhu. The extended schematic protection model. Journal of Computer Security, vol. 1, pages 335-383, 1992.
4. D. Bell and L. La Padula. Secure computer systems: Mathematical foundations (Volume 1). Technical Report ESD-TR-73-278, Mitre Corporation, 1973.
5. E. Bertino, E. Ferrari, and V. Atluri. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information System Security, 1(2), Feb. 1999.
6. th ACM Symposium on Operating System Principles, pages 45-54, 1979.
7. th National Computer Security Conference, Gaithersburg, Maryland, 1985.
8. M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8), August 1976.
9. T. Jaeger, A. Prakash, J. Liedtke, N. Islam. Flexible control of downloaded executable content. ACM Transactions on Information and System Security (TISSEC), 2(2), May 1999.
10. T. Jaeger and J. Tidswell. Practical safety for flexible access control models. Submitted for publication.
11. S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proceedings of the IEEE Symposium on Security and Privacy, 1997.
12. B. W. Lampson. Protection. In Proceedings Fifth Princeton Symposium on Information Sciences and Systems, March 1971. reprinted in Operating Systems Review, 8, 1, January 1974, pages 18 - 24.
13. G. Miller. The magical number seven, plus or minus two: Some limits on our capacity for processing information. Psychological Review, 63(2), March 1956.
14. M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security (TISSEC), 2(1), Feb 1999.
15. th ACM Role-Based Access Control Workshop, July 2000.
16. R. S. Sandhu, E. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, February 1996.
17. th IEEE Computer Security Foundations Workshop, June 1997.
18. th ACM Conference on Computer and Communication Security, November 2000.
19. J. Tidswell and J. Potter. A dynamically typed access control model. In Proceedings of the Third Australasian Conference on Information Security and Privacy, July 1998.