Recent advances in access control

Handbook of Database Security: Applications and Trends

Volumn , Issue , 2008, Pages 1-26

  Vimercati, S De Capitani Di ^a   Foresti, S ^a   Samarati, P ^a  

^a UNIVERSITY OF MILAN   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84886308792     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-0-387-48533-1_1     Document Type: Chapter

References (57)

1. Hacigumus, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of the ACM SIGMOD 2002, Madison, Wisconsin, USA (2002)
2. Hacigumus, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proc. of 18th International Conference on Data Engineering, San Jose, California, USA (2002)
3. Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proc. of the 10th ACM Conference on Computer and Communications Security (CCS03), Washington, DC, USA (2003)
4. Graham, G., Denning, P.: Protection-principles and practice. In: Proc. of the Spring Jt. Computer Conference. Volume 40., Montvale, NJ, USA (1972) 417-429
5. Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Communications of the SCM 19(8) (August 1976) 461-471
6. Lampson, B.W.: Protection. ACM Operating Systems Review 8(1) (January 1974) 18-24
7. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transaction on Database Systems 26(2) (June 2001) 214-260
8. Lunt, T.: Access control policies: Some unanswered questions. In: Proc. of IEEE Computer Security FoundationsWorkshop II, Franconia, New Hampshire (1988)
9. Sandhu, R.: Lattice-based access control models. IEEE Computer 26(11) (1993) 9-19
10. Bell, D., La Padula, L.: Secure computer systems: A mathematical model. Technical Report MTR-2547, Vol 2, MITRE Corp., Bedford, MA (November 1973)
11. Bell, D., La Padula, L.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, Vol 1, MITRE Corp., Bedford, MA (November 1973)
12. Bell, D., La Padula, L.: Secure computer systems: A refinement of the mathematical model. Technical Report MTR-2547, Vol 3, MITRE Corp., Bedford, MA (April 1974)
13. Bell, D., La Padula, L.: Secure computer systems: Unified exposition and multics interpretation. Technical Report MTR-2997, Vol 4, MITRE Corp., Bedford, MA (July 1975)
14. Biba, K.J.: Integrity considerations for secure computer systems. MTR-3153 rev., MITRE Corp., Vol 1, Bedford, MA (April 1977)
15. Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In Focardi, R., Gorrieri, R., eds.: Foundations of Security Analysis and Design. LNCS 2171. Springer-Verlag (2001)
16. McLean, J.: Security models. In Marciniak, J., ed.: Encyclopedia of Software Engineering. John Wiley & Sons (1994)
17. Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proc. of the 15th National Computer Security Conference. (1992)
18. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2) (1996) 38-47
19. Security and trust management (2005) http://www.ercim.org/publication/ Ercim News/enw63/.
20. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. of the 17th Symposium on Security and Privacy, Oakland, California, USA (May 1996)
21. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote Trust Management System (Version 2). Internet RFC 2704 edn. (1999)
22. Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3)(2002) 241-272
23. Irwin, K., Yu, T.: Preventing attribute information leakage in automated trust negotiation. In: Proc. of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA (2005)
24. Li, N., Mitchell, J., Winsborough, W.: Beyond proof-of-compliance: Security analysis in trust management. Journal of the ACM 52 (2005) 474-514
25. Ni, J., Li, N., Winsborough, W.: Automated trust negotiation using cryptographic credentials. In: Proc. of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA (2005)
26. Yu, T., Winslett, M., Seamons, K.: Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust. ACM Transactions on Information and System Security (TISSEC) 6(1) (February 2003) 1-42
27. Seamons, K.E., Winsborough, W., Winslett, M.: Internet credential acceptance policies. In: Proc. of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium (July 1997)
28. Seamons, K.E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., Yu, L.: Requirements for policy languages for trust negotiation. In: Proc. of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA (June 2002)
29. Winslett, M., Ching, N., Jones, V., Slepchin, I.: Assuring security and privacy for digital library transactions on the web: Client and server security policies. In: Proc. of the ADL '97 -Forum on Research and Tech. Advances in Digital Libraries, Washington, DC (May 1997)
30. Yu, T., Ma, X., Winslett, M.: An efficient complete strategy for automated trust negotiation over the internet. In: Proc. of the 7th ACM Computer and Communication Security, Athens, Greece (November 2000)
31. Seamons, K., Winslett, M., Yu, T.: Limiting the disclosure of access control policies during automated trust negotiation. In: Proc. of the Symposium on Network and Distributed System Security, San Diego, CA (April 2001)
32. Yu, T., Winslett, M., Seamons, K.: Interoperable strategies in automated trust negotiation. In: Proc. of the 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania (November 2001)
33. Yu, T., Winslett, M.: A unified scheme for resource protection in automated trust negotiation. In: Proc. of the IEEE Symposium on Security and Privacy, Berkeley, California (May 2003)
34. Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.: Adaptive trust negotiation and access control. In: Proc. of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden (June 2005)
35. Gladman, B., Ellison, C., Bohm, N.: Digital signatures, certificates and electronic commerce. http://www.clark.net/pub/cme/html/spki.html.
36. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1) (February 2002) 1-35
37. Abadi, M., Lamport, L.: Composing specifications. ACM Transactions on Programming Languages 14(4) (October 1992) 1-60
38. Hosmer, H.: Metapolicies II. In: Proc. of the 15th National Computer Security Conference, Baltimore, MD (October 1992)
39. Jaeger, T.: Access control in configurable systems. Lecture Notes in Computer Science 1603 (2001) 289-316
40. McLean, J.: The algebra of security. In: Proc. of the 1988 IEEE Computer Society Symposium on Security and Privacy, Oakland, CA, USA (April 1988)
41. Bell, D.: Modeling the multipolicy machine. In: Proc. of the New Security Paradigm Workshop, Little Compton, Rhode Island, USA (August 1994)
42. Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems 17(2) (April 1999) 101-140
43. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2) (June 2001) 214-260
44. Jajodia, S., Samarati, P., Subrahmanian, V., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proc. of the 1997 ACM International SIGMOD Conference on Management of Data, Tucson, AZ (May 1997)
45. Li, N., Feigenbaum, J., Grosof, B.: A logic-based knowledge representation for authorization with delegation. In: Proc. of the 12th IEEE Computer Security Foundations Workshop, Washington, DC, USA (July 1999)
46. Woo, T., Lam, S.: Authorizations in distributed systems: A new approach. Journal of Computer Security 2(2,3) (1993) 107-136
47. Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Transactions on Information and System Security 6(2) (May 2003) 286-325
48. Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: An experimental evaluation of multi-key strategies for data outsourcing. In: Proc. of the 22nd IFIP TC-11 International Information Security Conference (SEC 2007), Sandton, South Africa (May 2007)
49. Zych, A., Petkovic, M.: Key management method for cryptographically enforced access control. In: Proc. of the 1st BeneluxWorkshop on Information and System Security, Antwerpen, Belgium (2006)
50. Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of the 29th VLDB Conference, Berlin, Germany (September 2003)
51. Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: In Proc. of the 19th IEEE Computer Security FoundationsWorkshop (CSFW'06), Los Alamitos, CA, USA (2006)
52. Sandhu, R.: On some cryptographic solutions for access control in a tree hierarchy. In: Proc. of the 1987 Fall Joint Computer Conference on Exploring Technology: Today and Tomorrow, Dallas, Texas, USA (1987)
53. Gudes, E.: The design of a cryptography based secure file system. IEEE Transactions on Software Engineering 6 (1980) 411-420
54. Sandhu, R.: Cryptographic implementation of a tree hierarchy for access control. Information Processing Letters 27 (1988) 95-98
55. Atallah, M., Frikken, K., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proc. of the 12th ACM conference on Computer and Communications Security (CCS05), Alexandria, VA, USA (2005)
56. Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. In: Proc. of the Second International Workshop on Views On Designing Complex Architectures (VODCA 2006). Electronic Notes in Theoretical Computer Science, Bertinoro, Italy, Elsevier (2006)
57. Wang, H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted XML databases. In: Proc. of the 32nd VLDB Conference, Seoul, Korea (September 2006)