Security policy conceptual modeling and formalization for networked information systems

Computer Communications

Volumn 23, Issue 17, 2000, Pages 1716-1723

  Trcek D ^a  

^a JO EF STEFAN INSTITUTE   (Slovenia)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; DATA PRIVACY; DATA STRUCTURES; LAWS AND LEGISLATION; MATHEMATICAL MODELS; NETWORK PROTOCOLS;

CONCEPTUAL MODELING; NETWORKED INFORMATION SYSTEMS;

SECURITY OF DATA;

EID: 0343408120     PISSN: 01403664     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0140-3664(00)00257-7     Document Type: Article

References (26)

1. Parker D.B. Managers Guide to Computer Security. 1981;Prentice-Hall, London.
2. ISO, Information Security Guidelines, TC68/SC2/WG4, TR 13569, CD N481, Geneva, 1997.
3. ISO, Guidelines for the management of IT Security, part 1-4 - Selection of Safeguards, ISO/IEC JTC1/SC27, TR 13335, WD N 1659, Geneva, 1998.
4. ISO, Common Criteria for Information Technology Security Evaluation, version 2.0, part 1-3, ISO/IEC 15408, Geneva, May 1998.
5. Amoroso E. Fundamentals of Computer Security Technology. 1994;Prentice-Hall, New Jersey.
6. Stallings W. Network and Internetwork Security. 1995;Prentice-Hall, London.
7. National Institute of Standards and Technology, Computer Security Handbook, Computer Systems Laboratory, Gaithersburg, MD 20899-0001.
8. Anderson R.J. Whither Cryptography. Information Management and Computer Security. vol. 2, no. 5:1994;MCB University Press.
9. Anderson R.J. Why Cryptosystems Fail. Communications of the ACM. 1994;32-40.
10. Collins B.S., Matthews S. Securing Your Business Process. Computers and Security. 12:(7):1993;629-633.
11. J. Leiwo et al., Harmonizer - A Tool for Dealing with Information Security Requirements, Proceedings of the 3rd NWSCS, Trondheim, November 1998.
12. ISO, Z - version 1.2, CD 13568, JTC1 SC22, September 1995, Geneva.
13. Trček D., et al. Security Policy Space Definition and Structuring. Computer Standards and Interfaces. 18:1996;191-196.
14. ISO, Information Processing Systems, OSI RM - Security Architecture, ISO 7498-2, July 1988.
15. ISO/IEC, Information technology - OSI - Security frameworks for open systems, 10181, parts 1-8, Geneva, 1996.
16. ITU-T, Authentication Framework, X.509(E), Geneva, 1993.
17. Burrows M., et al. Logic of authentication. ACM Transactions on Computer Systems. 8:(1):1990;18-36.
18. Boyd C. Security architectures using formal methods. IEEE Journal on Selected Areas in Communications. 11:(5):1993;694-701.
19. DeMarco T. Structured Analysis and System Specification. 1978;Prentice-Hall, New York.
20. Denning D.E.R. Cryptography and Data Security. 1982;Addison Wesley, Reading.
21. D. Bell, L. La Padula, Secure Computer Systems: Mathematical Foundations, ESD-TR-73-278, MITRE Corporation, 1973.
22. Gordon M., Melham T. Introduction to HOL. 1993;Cambridge University Press, Cambridge.
23. Abadi M., et al. Calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems. 15:(4):1993;706-734.
24. Ferraiolo D., Cugini J., Richard K. Role-based access control: Features and motivations. Proceedings Of the Annual Computer Security Applications Conference. 1995;IEEE Press.
25. Hosmer H.H. Applying fuzzy logic to the multipolicy paradigm. Computer Security Journal. 10:(11):2000;34-45.
26. Anderson R. A security policy for clinical information systems. Proceedings Of the 15th IEEE Symposium on Security and Privacy. 1996;IEEE Press.