Security in computing systems: Challenges, approaches and solutions

Security in Computing Systems: Challenges, Approaches and Solutions

Volumn , Issue , 2009, Pages 1-694

  Biskup, Joachim ^a  

^a TU DORTMUND UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84891390279     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-3-540-78442-5     Document Type: Book

References (509)

1. Abadi, M., Burrows, M. Lampson, B., Plotkin, G., A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems 15(4) (1993), pp. 706-734.
2. Abadi, M., Lamport, L., Composing specifications, ACM Transactions on Programming Languages and Systems 15(1993), pp. 73-132.
3. Abadi, M., Gordon, A. D, A calculus for cryptographic protocols: The spi calculus. In: Proc. 4th ACM Conference on Computer and Communications Security, CCS 97, ACM, 1997, pp. 36-47.
4. Abadi, M., On SDSI's linked local name spaces, Journal of Computer Security 6(1998), pp. 3-22.
5. Abadi, M., Security protocols: Principles and calculi. In: Proc. Foundations of Security Analysis and Design IV, FOSAD 2006/2007, Lecture Notes in Computer Science 4677, Springer, Berlin etc., Berlin etc., 2007, pp. 1-23.
6. Abiteboul, S., Hull, R., Vianu, V., Foundation of Databases, Addison-Wesley, Reading, MA, etc., 1995.
7. Adam, N. R., Atluri, V., Bertino, E., Ferrari, E., A content-based authorization model for digital libraries, IEEE Transactions on Knowledge and Data Engineering 14(2) (2002), pp. 296-314.
8. Adams, C., Farrell, S., Internet X.509 public key infrastructure certificate management protocols, 1999, IETF RFC 2510, http://www.ietf.org/rfc/ rfc2510.txt.
9. Adams, C., Cain, P., Pinkas, D., Zuccherato, R., Internet X.509 public key infrastructure time stamps protocols (TSP), 1999, IETF RFC 3161, http://www.ietf.org/rfc/rfc3161.txt.
10. Ahn, G. J., Sandhu, R., Role-based authorization constraints specification, ACM Transactions on Information and System Security 3(4) (2000), pp. 207-226.
11. Altenschmidt, C., Biskup, J., Flegel, U., Karabulut, Y., Secure mediation: Requirements, design and architecture, Journal of Computer Security 11(2003), pp. 365-398.
12. Alur, R., Grosu, R., Lee, I., Sokolsky, O., Composition modeling and refinement for hierarchical hybrid systems, Journal of Logic and Algebraic Programming 68(2006), pp. 105-128.
13. American National Standards Institute, American National Standard for Data Encryption Algorithm (DEA), ANSI X3.92, 1981.
14. Amoroso, E., Fundamentals of Computer Security Technology, Prentice-Hall, Englewood Cliffs etc., 1994.
15. Amoroso, E., Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response, Intrusion. Net Books, Sparta, NJ, 1999.
16. Anderson, R., Security Enginering: A Guide to Building Dependable Distributed Systems, Wiley, New York etc., 2001.
17. Andrews, G. R., Reitman, R. P., An axiomatic approach to information flows in programs, ACM Transactions in Programming Languages and Systems 2(1) (1980), pp. 56-76.
18. Arbaugh, W. A., Farber, D. J., Smith, J. M., A secure and reliable bootstrap architecture. In: Proc. IEEE Conference on Security and Privacy, IEEE, 1997, pp. 65-71.
19. Astrahan, M. M., Blasgen, M. W., Chamberlin, D. D., et al., System/R: A relational approach to data base management, ACM Transactions on Database Systems 1(1976), pp. 97-137.
20. Avizienis, A. (ed.), Fault-Tolerant Computing, Special Issue FTCS-25 Silver Jubilee, IEEE, Los Alamitos etc., 1995.
21. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C., Basic concepts and taxonomy of dependable and secure computing, IEEE Transactions on Dependable and Secure Computing 1(1) (2004), pp. 11-33.
22. Axelsson, S., Intrusion detection systems: A survey and taxonomy, Technical Report 99-15, Chalmers University of Technology, Göteborg, 2000.
23. Axelsson, S., The base-rate fallacy and the difficulty of intrusion detection, ACM Transactions on Information and System Security 3(3) (2000), pp. 186-205.
24. Bace, R. G.., Intrusion Detection, Macmillan Technical Publishing, Indianapolis, 2000.
25. Backes, M., Pfitzmann, B., Waidner, M., A general theorem for secure reactive systems. In: 1st Theory of Cryptography Conference, TCC 2004, Lecture Notes in Computer Science 2951, Springer, Berlin etc., 2004, pp. 336-354.
26. Backes, M., Pfitzmann, B., Waidner, M., Symmetric authentication in a simulatable Dolev-Yao-style cryptographic library, International Journal of Information Security 4(3) (2005), pp. 135-154.
27. Backes, M., Pfitzmann, B., Relating symbolic and cryptographic secrecy, IEEE Transactions on Dependable and Secure Computing 2(2) (2005), pp. 109-123.
28. Backes, M., Pfitzmann, B., Waidner, M., Limits of the BRSIM/UC soundness of Dolev-Yao models with hashes. In: Proc. 11th European Symposium on Research in Computer Security, ESORICS 2006, Lecture Notes in Computer Science 4189, Springer, Berlin etc., 2006, pp. 404-423.
29. Bacon, J., Moody, K., Yao, W., A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security 5(4) (2002), pp. 492-540.
30. Barker, S., Stuckey, P. J., Flexible access control policy specification with constraint logic programming, ACM Transactions on Information and System Security 6(4) (2003), pp. 501-546.
31. Bass, T., Intrusion detection systems and multisensor data fusion, Communications of the ACM 43(4) (2000), pp. 99-105..
32. Bauer, F. L., Decrypted Secrets: Methods and Maxims of Cryptology, 2nd edition, Springer, Berlin etc., 2000.
33. Bauer, F. L., Wössner, H., Algorithmische Sprache und Programmentwicklung, 2nd edition, Springer, Berlin etc., 1984.
34. Beauchemin, P., Brassard, G., A generalization of Hellman's extension to Shannon's approach to cryptrography, Journal of Cryptology 1(1988), pp. 129-131.
35. Beaver, D., Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority, Journal of Cryptology 4(2) (1991), pp. 75-122.
36. Bell, D. E., LaPadula, L. J., Secure Computer Systems: Mathematical Foundations and Model, MITRE Corporation, Bedford, MA, 1974.
37. Bell, D. E., LaPadula, L. J., Secure computer systems: A mathematical model, Volume II. Reprinted in: Journal of Computer Security 4 (2 /3) (1996), pp. 229-263.
38. Bellare, M., Micali, S., Non-interactive oblivious transfer and applications. In: Proc. Crypto 89, Lecture Notes in Computer Science 435, Springer, Berlin etc., 1989, pp. 547-557.
39. Bellare, M., Goldreich, O., On defining proofs of knowledge. In: Crypto 92, Lecture Notes in Computer Science 740, Springer, Berlin etc., pp. 390-420.
40. Bellare, M., Kilian, J., Rogaway, P., The security of the cipher block chaining message authentication code, Journal of Computer and System Sciences 61(3) (2000), pp. 362-399.
41. Ben-Natan, R., CORBA: A Guide to Common Object Request Broker Architecture, McGraw-Hill, New York etc., 1995.
42. Berlekamp, E. R., Algebraic Coding Theory, McGraw-Hill, New York, 1968.
43. Bertino, E., Samarati, P., Jajodia, S., An extended authorization model for relational databases, IEEE Transactions on Knowledge and Data Engineering 9(1) (1997), pp. 85-101.
44. Bertino, E., Buccafurri, F., Ferrari, E., Rullo, P., An authorization model and its formal semantics. In: Proc. 5th European Symposium on Research in Computer Security, ESORICS 1998, Sept.1998, Lecture Notes in Computer Science 1485, Springer, Berlin etc., 1998, pp. 127-142.
45. Bertino, E., Buccafurri, F., Ferrari, E., Rullo, P., A logic-based approach for enforcing access control, Journal of Computer Security 8(2000), pp. 109-139.
46. Bertino, E., Ferrari, E., Atluri, V., The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security 2(1) (1999), pp. 65-104.
47. Bertino, E., Catania, B., Ferrari, E., A nested transaction model for multilevel secure database management system, ACM Transactions on Information and System Security 4(4) (2001), pp. 321-370.
48. Bertino, E., Bonatti, PA., Ferrari, E., TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security 4(3) (2001), pp. 191-233.
49. Bertino, E., Catania, B., Ferrari, E., Perlasca, P., A logical framework for reasoning about access control models, ACM Transactions on Information and System Security 6(1) (2003), pp. 71-127.
50. Bertino, E., Ferrari, E., Squicciarini, A. C., Trust-χ: A peer-to-peer framework for trust establishment, IEEE Transactions on Knowledge and Data Management 16(7) (2004), pp. 827-842.
51. Bertino, E., Sandhu, R., Database security - concepts, approaches and challenges, IEEE Transactions on Dependable and Secure Computing 2(1) (2005), pp. 2-19.
52. Beth, T, Jungnickel, D., Lenz, H., Design Theory, Bibliographisches Institut, Mannheim etc., 1985.
53. Biba, K. J., Integrity considerations for secure computer systems, Technical Report ESDTR-76-372 (MTR-3153), MITRE Corporation, Bedford, MA, 1977.
54. Bieber, P., Cuppens, F., A logical view of secure dependencies, Journal of Computer Security 1(1) (1992), pp. 99-130.
55. Bishop, M., Snyder, L., The transfer of information and authority in a protection system. In: Proc. 7th Symposium on Operating Systems Principles, 1979, pp. 45-54.
56. Bishop, M., Conspiracy and information flow in the take-grant protection model, Journal of Computer Security 4(1996), pp. 331-359.
57. Bishop, M., Computer Security: Art and Science, Addison-Wesley, Boston etc., 2003.
58. Biskup, J., Some variants of the take-grant protection model, Information Processing Letters 19(1984), pp. 151-156.
59. Biskup, J., Brüggemann, H. H., The personal model of data, Computers & Security 7(6) (1988), pp. 575-597.
60. Biskup, J., Privacy respecting permissions and rights. In: Landwehr, C. E. (ed.), Database Security: Status and Prospects, Elsevier Science (North Holland), Amsterdam etc., 1988, pp. 173-185.
61. Biskup, J., A general framework for database security. In: Proc. 1st European Symposium on Research in Computer Security, Toulouse, Oct. 1990, pp. 35-41.
62. Biskup, J., Sicherheit von IT-Systemen als "sogar wenn - sonst nichts - Eigenschaft". In: Weck, G., Horster, P. (eds.), Proc. GI-Fachtagung Verläßliche Informationssysteme, VIS 93, DuD Fachbeiträge 16, Vieweg, Wiesbaden, 1993, pp. 239-254.
63. Biskup, J., Eckert, C., About the enforcement of state dependent security specifications. In: Proc. DBSec 1993, Database Security, VII: Status and Prospects, North-Holland, 1994, pp. 3-17.
64. Biskup, J., Bleumer, G., Reflections on security of database and datatransfer systems in health care. In: Brunnstein, K., Raubold, E. (eds.), Proc. 13th World Computer Congress 94, Volume 2, Elsevier Science (North Holland), Amsterdam etc., 1994, pp. 549-556.
65. Biskup, J., Technical enforcement of informational assurances. In: Jajodia, S. (ed.), Database Security XXII: Status and Prospects, Kluwer, Boston etc., 1999, pp. 17-40.
66. Biskup, J., For unknown secrecies refusal is better than lying, Data & Knowledge Engineering 33(2000), pp. 1-23.
67. Biskup, J., Flegel, U., Transaction-based pseudonyms in audit data for privacy respecting intrusion detection. In: Proc. 3rd International Symposium on Recent Advances in Intrusion Detection, RAID 2000, Lecture Notes in Computer Science 1907, Springer, Berlin etc., 2000, pp. 28-48.
68. Biskup, J., Flegel, U., On pseudonymization of audit data for intrusion detection. In: Proc. 1st International Symposium on Privacy Enhancing Technologies, PET 2000, Lecture Notes in Computer Science 2009, Springer, Berlin etc., 2000, pp. 161-180.
69. Biskup, J., Bonatti, P. A., Lying versus refusal for known potential secrets, Data & Knowledge Engineering 38(2001), pp. 199-222.
70. Biskup, J., Leineweber, T., State-dependent security decisions for distributed objectsystems. In: Proc. DBSec 2001, Database and Application Security XV, Kluwer, 2002, pp. 105-118.
71. Biskup, J., Leineweber, T., Parthe, J., Administration rights in the SDSD-System. In: Data and Applications Security XVII: Status and Prospects, Kluwer, 2004, pp. 149-162.
72. Biskup, J., Karabulut, Y., A hybrid PKI model: Application to secure mediation. In: Gudes, E., Shenoi, S. (eds.), Research Directions in Data and Applications Security, Kluwer, Boston etc., 2003, pp. 271-282.
73. Biskup, J., Karabulut, Y., Mediating between strangers: A trust management based approach. In: Proc. 2nd Annual PKI Research Workshop, Gaithersburg, MD, USA, April 2003, pp. 80-95.
74. Biskup, J., Bonatti, P. A., Controlled query evaluation for known policies by combining lying and refusal, Annals of Mathematics and Artificial Intelligence 40(2004), pp. 37-62.
75. Biskup, J., Bonatti, P. A., Controlled query evaluation for enforcing confidentiality in complete information systems, International Journal of Information Security 3(1) (2004), pp. 14-27.
76. Biskup, J., Wortmann, S., Towards a credential-based implementation of compound access control policies. In: Proc. 9th ACM Symposium on Access Control Models and Technologies, SACMAT 04, Yorktown Heights, 2004, pp. 31-40.
77. Biskup, J., Parthe, J., Optimistic anonymous participation in inter-organizational workflow instances. In: Proc. 2nd International Conference on Information Systems Security, ICISS 2006, Lecture Notes in Computer Science 4332, Springer, Berlin etc., 2006, pp. 86-100.
78. Biskup, J., Bonatti, P. A., Controlled query evaluation with open queries for a decidable relational submodel, Annals of Mathematics and Artificial Intelligence 50(2007), pp. 39-77.
79. Biskup, J., Embley, D. W., Lochner, J.-H., Reducing inference control to access control for normalized database schemas, Information Processing Letters 106(2008), pp. 8-12.
80. Biskup, J., Lochner, J.-H., Enforcing confidentiality in relational databases by reducing inference control to access control. In: Information Security Conference, ISC 07, Lecture Notes in Computer Science 4779, Springer, Berlin etc., 2007, pp. 407-422.
81. Biskup, J., Weibert. T., Keeping secrets in incomplete databases, International Journal of Information Security 7(3) (2008), pp. 199-217.
82. Biskup, J., Wiese, L., Preprocessing for controlled query evaluation with availability policy, Journal of Computer Security 16(4) (2008), pp. 477-494.
83. Bjorner, D., Software Engineering 1-3, Springer, Berlin etc. 2006.
84. Blackburn, P., Rijke, M., Venema, Y., Modal Logic, Cambridge University Press, Cambridge, 2001.
85. Blake I. F., Mullin, R., The Mathematical Theory of Coding, Academic Press, New York etc., 1975.
86. Blakley, G. R., Safeguardings cryptographic keys. In: AFIPS Conference Proceedings 48, 1979, pp. 313-317.
87. Blakley, B., CORBA Security: An Introduction to Safe Computing with Objects, Addison-Wesley, Reading, MA, etc., 2000.
88. Blaze, M., Feigenbaum, J., Ioannindis, J., Keromytis, A. D., Decentralized trust management. In: Proc. IEEE Symposium on Security and Privacy, IEEE Computer Society, 1996, pp. 164-173.
89. Blaze, M., Feigenbaum, J., Keromytis, A. D., The KeyNote trust management system version 2, RFC 2704, IETF, 1999.
90. Blum, M., Coin flipping by telephone. In: Proc. Crypto 81, University of California Santa Barbara, Dept. of Elec. and Computer Eng., ECE Report No 82-04, 1982, pp. 11-15.
91. Blum, M., Micali, S., How to generate cryptographically strong sequences of pseudorandom bits, SIAM Journal on Computing 13(1984), pp. 850-864.
92. Blum, M., De Santis, A., Micali, S., Persiano, G., Non-interactive zero-knowledge proof systems, SIAM Journal on Computing 20(6) (1991), pp. 1084-1118.
93. Bonatti, P. A., Kraus, S., Subrahmanian, V. S., Foundations of secure deductive databases, IEEE Transactions on Knowledge and Data Engineering 7(3) (1995), pp. 406-422.
94. Bonatti, P. A., De Capitani di Vimercati, S., Samarati, P., An algebra for composing access control policies, ACM Transactions on Information and System Security 5(1) (2002), pp. 1-35.
95. Bonatti, P. A., Samarati, P., A uniform framework for regulating service access and information release on the web, Journal of Computer Security 10(3) (2002), pp. 241-272.
96. Bonatti, P. A., Samarati, P., Logics for authorization and security. In: Logics for Emerging Applications of Databases [outcome of a Dagstuhl seminar], Springer, Berlin etc., 2003, pp. 277-323.
97. Bolle, R. M., Connell, J. H., Pankanti, Sh., Ratha, N. K., Senior, A. W., Guide to Biometrics, Springer, New York, 2003.
98. Börger, E., Grädel, E., Gurewich, Y., The Classical Decision Problem, Springer, Berlin etc., 1997.
99. Brachman, R. J., Leveques, H. J., Knowledge Representation and Reasoning, Elsevier, Amsterdam etc., 2004.
100. Brands, S. A., Untraceable off-line cash in wallets with observers (extended abstract). In: Proc. Crypto 93, Lecture Notes in Computer Science 773, Springer, Berlin etc., 1994, pp. 302-318.
101. Brands, S. A., Rethinking Public Key Infrastructures and Digital Certificates, MIT Press, Cambridge, MA, 2000.
102. Brewer, D. F. C., Nash, M. J., The Chinese Wall security policy. In: Proc. IEEE Symposium on Security and Privacy, 1989, Oakland, pp. 206-214.
103. Brickell, E., Some ideal secret sharing schemes, Journal of Combinatorial Mathematics and Combinatorial Computing 9(1989), pp. 105-113.
104. Brickell, E., Davenport, D., On the classification of ideal secret sharing schemes, Journal of Cryptology 4(1991), pp. 123-134.
105. Brickell, E., Camenisch, J., Chen, L. Direct anonymous attestation. In: Proc. 11th ACM Conference on Computer and Communications Security, CCS 04, pp. 132-145.
106. Brodsky, A., Farkas, C., Jajodia, S., Secure databases: Constraints, inference channels, and monitoring disclosures, IEEE Transactions on Knowledge and Data Engineering 12(6) (2000), pp. 900-919.
107. Bruss, D., Erdelyi, G., Meyer, T., Riege, T., Rothe, J., Quantum cryptography: A survey, ACM Computing Surveys 39(2) (2007), Article 6 (27 pages).
108. Buchmann, J., Introduction to Cryptography, Springer, Berlin etc., 2002.
109. Bull, H. P., Datenschutz oder Die Angst vor dem Computer, Piper, Munich, 1984.
110. Bundesverfassungsgericht, Urteil vom 15. Dezember 1983 zum Volkszählungsgesetz 1983, Bundesanzeiger 35, 241a, 1983 (see http://www.datenschutz-berlin. de/sonstige/volksz.html).
111. Burrows, M., Abadi, M., Needham, R. M., A logic of authentication, ACM Transactions on Computer Systems 8(1) (1990), pp. 18-36.
112. Büschges, R., Kesdogan, D., Privacy enhanced intrusion detection. In: Multilateral Security in Communications, Addison-Wesley, Munich etc., 1999, pp. 187-204.
113. Butler, M., Jones, C., Romanovsky, A., Troubitsyna, E. (eds.), Rigorous Development of Complex Fault-Tolerant Systems, Lecture Notes in Computer Science 4157, Springer, Berlin etc., 2006.
114. Camenisch, J., Better privacy for trusted computing platforms. In: Proc. 9th European Symposium on Research in Computer Security, ESORICS 04, Lecture Notes in Computer Science 3193, Springer, Berlin etc., 2004, pp. 73-88.
115. Canetti, R., Security and composition of multiparty cryptographic protocols, Journal of Cryptology 13(2000), pp. 143-202.
116. Canetti, R., Universally composable security: A new paradigm for cryptographic protocols. In: 42nd IEEE Symposium on Foundations of Computer Science, FOCS 2001, pp. 136-145.
117. Canetti, R., Dodis, Y., Pass, R., Walfish, S., Universally composable security with global setup. In: 4th Theory of Cryptography Conference, TCC 2007, Lecture Notes in Computer Science 4392, Springer, Berlin etc., 2007, pp. 61-85.
118. Castano, S., Fugini, M., Martella, G., Samarati, P., Database Security, Addison-Wesley, Wokingham etc., 1995.
119. Chaitin, G. J., Exploring Randomness, Springer, London etc., 2001.
120. Chaum, D., Blind signatures for untraceable payments. In: Proc. Crypto 82, Plenum, New York, 1983, pp. 199-203.
121. Chapman, D. B., Zwickey, E. D., Building Internet Firewalls, O'Reilly, Cambridge etc., 1995.
122. Chaum, D., Untraceable electronic mail, return adresses, and digital pseudonyms, Communications of the ACM 24(2) (1981), pp. 84-88.
123. Chaum, D., Security without identification: Transaction systems to make Big Brother obsolete, Communications of the ACM 28(10) (1985), pp. 1030-1044.
124. Chaum, D., The dining cryptographers problem: Unconditional sender and recipient untraceability, Journal of Cryptology 1(1) (1988), pp. 65-75.
125. Chaum, D., van Antwerpen, H., Undeniable signatures. In: Proc. Crypto 89, Lecture Notes in Computer Science 435, Springer, Berlin etc., 1990, pp. 212-216.
126. Chaum, D., Zero-knowledge undeniable signatures. In: Proc. Eurocrypt 90, Lecture Notes in Computer Science 473, Springer, Berlin etc., 1991, pp. 458-464.
127. Chaum, D., van Heijst, E., Pfitzmann. B., Cryptographically strong undeniable signatures unconditionally secure for the signer. In: Proc. Crypto 91, Lecture Notes in Computer Science 576, Springer, Berlin etc., 1992, pp. 470-484.
128. Chaum, D., van Heijst, E., Group signatures. In: Proc. Eurocrypt 91, Lecture Notes in Computer Science 547, Springer, Berlin etc., 1991, pp. 257-265.
129. Chaum, D., Pedersen, T. P., Wallet databases with observers. In: Proc. Crypto 92, Lecture Notes in Computer Science 740, Springer, Berlin etc., 1993, pp. 89-105.
130. Chen, L., Pedersen, T. P., New group signature schemes. In: Proc. Eurocrypt 94, Lecture Notes in Computer Science 950, Springer, Berlin etc., 1995, pp. 171-181.
131. Cheswick, W. R., Bellovin, S. M., Firewalls and Internet Security, Addison-Wesley, Reading, MA, etc., 1994.
132. Chin, F. Y., Security in statistical databases for queries with small counts, ACM Transactions on Database Systems 3(1) (1978), pp. 92-104.
133. Chin, F. Y., Özsoyoglu, G., Auditing and inference control in statistical databases, IEEE Transactions on Software Engineering 8(6) (1982), pp. 574-582.
134. Chor, B., Goldwasser, S., Micali, S., Awerbuch, B., Verifiable secret sharing and achieving simultaneity in the presence of faults. In: 26th IEEE Symposium on Foundations of Computer Science, 1985, pp. 383-395.
135. Clark, D. D., Wilson, D. R., A comparison of commercial and military computer security policies. In: Proc. IEEE Symposium on Security and Privacy, 1987, Oakland, pp. 184-194.
136. Clarke, D. E., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R. L., Certificate chain discovery in SPKI/SDSI, Journal of Computer Security 9(4) (2001), pp. 285-322.
137. Codd, E. F., A relational model of data for large shared data banks, Communications of the ACM 13(1970), pp. 377-387.
138. Coetzee, M., Eloff, J. H. P., Towards web service access control, Computers & Security 23(7) (2004), 559-570.
139. Cohen, E., Strong Dependency: A Formalism for Describing Information Transmission in Computational Systems, Dept. of Computer Science, Carnegie Mellon University, 1976.
140. Cohen, E., Information transmission in computational systems. In: Proc. 6th Symposium on Operating Systems Principles, 1977, pp. 133-139.
141. Common Criteria Editorial Board, Common Criteria for Information Technology Security Evaluation, Version 1.0, Jan. 1996; Version 2, May 1998 (see http://csrc.nist.gov/cc).
142. Coppersmith, D., The Data Encryption Standard (DES) and its strength against attacks, IBM Journal of Research and Development 38(3) (1994), pp. 243-250.
143. Coulouris, G., Dollimore, J., Kindberg, T., Distributed Systems: Concepts and Design, 4th edition, Addison-Wesley, Wokingham, 2004.
144. Cramer, R., Damgard, I., Schoenmakers, B., Proofs of partial knowledge and simplified design of witness hiding protocols. In: Proc. Crypto 94, Lecture Notes in Computer Science 839, Springer, Berlin etc., 1994, pp. 174-187.
145. Cramer, R., Damgard, I., Nielsen, J. B., Multiparty computation from threshold homomorphic encryption. In: Proc. Eurocrypt 01, Lecture Notes in Computer Science 2045, Springer, Berlin etc., 2001, pp. 280-300.
146. CRAMM, UK Government's Risk Analysis and Management Method, http://www.cramm.com.
147. Cuppens, F., Gabillon, A., Logical foundation of multilevel databases, Data & Knowledge Engineering 29(1999), pp. 259-291.
148. Cuppens, F., Gabillon, A., Cover story management, Data & Knowledge Engineering 37(2001), pp. 177-201.
149. Damgard, I., A design principle for hash functions. In: Proc. Crypto 89, Lecture Notes in Computer Science 435, Springer, Berlin etc., 1990, pp. 416-227.
150. Damgard, I., Pedersen, T. P., Pfitzmann, B., On the existence of statistically hiding bit commitment schemes and fail-stop signatures, Journal of Cryptology 10(3) (1997), pp. 163-194.
151. Damgard, I., Nielsen, J. B., Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Proc. Crypto 03, pp. 247-264.
152. Date, C. J., An Introduction to Database Systems, 8th edition, Addison-Wesley, Reading, MA, etc., 2004.
153. Davis, D. W., Price, W. L., Security for Computer Networks, 2nd edition, Wiley, Chichester etc., 1989.
154. Dawson, S., De Capitani di Vimercati, S., Lincoln, P., Samarati, P., Minimal data upgrading to prevent inference and association attacks. In: ACM Symposium on Principles of Database Systems, 1999, pp. 114-125.
155. Dawson, S., De Capitani di Vimercati, S., Samarati, P., Specification and enforcement of classification and inference constraints. In: Proc. IEEE Symposium on Security and Privacy 1999, pp. 181-195.
156. Daemen, J., Rijmen, V., The Design of Rijndael: AES - The Advanced Encryption Standard, Springer, Berlin etc., 2002.
157. Debar, H., Dacier, M., Wespi, A., Towards a taxonony of intrusion-detection systems, Computer Networks 31(1999), pp. 805-822.
158. De Capitani di Vimercati, S., Samarati, P., Jajodia, S., Policies, models, and languages for access control. In: Proc. 4th Workshop on Databases in Networked Information Systems, DNIS 2005, Aizu, Japan, Lecture Notes in Computer Science 3433, Springer, Berlin etc., 2005, pp. 225-237.
159. Delfs, H., Knebl, H., Introduction to Cryptography: Principles and Applications, Springer, Berlin etc., 2002.
160. Denning, D. E., A lattice model of secure information flow, Communications of the ACM 19(5) (1976), pp. 236-243.
161. Denning, D. E., Denning, P. J., Certification of programs for secure information flow, Communications of the ACM 20(7) (1977), pp. 504-513.
162. Denning, D. E., Denning, P. J., Schwartz, M. D., The tracker: A threat to statistical database security, ACM Transactions on Database Systems 4(1) (1979), pp. 76-96.
163. Denning, D. E., Cryptography and Data Security, Addison-Wesley, Reading, MA, etc., 1982.
164. Denning, D. E., Schlörer, J., Inference controls for statistical databases, IEEE Computer 16(7) (1983), pp. 69-82.
165. Denning, D. E., An intrusion-detection model, IEEE Transactions on Software Engineering 13(2) (1987), pp. 222-232.
166. Denning, D. E., Akl, S., Heckman, M., Lunt, T., Morgenstern, M., Neumann, P., Schell, R., Views for multilevel database security, IEEE Transactions on Software Engineering 13(2) (1987), pp. 129-140.
167. Department of Defense Computer Security Center, Trusted Computer Systems Evaluation Criteria ("Orange Book"), CSC-STD-011-83, Fort Meade, 1983.
168. Diaz, C., Claessens, J., Preneel, B., APES - Anonymity and privacy in electronic services, Datenschutz und Datensicherheit (DuD) 27(2003), pp. 143-145.
169. Diaz, C., Claessens, J., Preneel, B., et al., Anonymity and Privacy in Electronic Services (APES), Technical reports, K. U. Leuven, 2001-2002.
170. Dierstein, R., The concept of secure information processing systems and their basic functions. In: Proc. IFIP/SEC 90, Espoo (Helsinki), Finland.
171. Diffie, W., Hellman, M. E., New directions in cryptography, IEEE Transactions on Information Theory IT-22 (6) (1976), pp. 644-654.
172. Dittrich, K. R., Hug, K., Kammerer, P., Lienert, D., Mau, H., Wachsmuth, K., Protection in the OSKAR operating system - goals, concepts, consequences. In: Proc. IEEE Symposium on Security and Privacy, Oakland, 1982, pp. 46-56.
173. Dobbertin, H., Cryptanalysis of MD4, Journal of Cryptology 11(1998), pp. 253-271.
174. Dolev, D., Yao, A. C., On the security of public key protocols, IEEE Transactions on Information Theory 29(2) (1983), pp. 198-208.
175. Dolev, S., Ostrovsky, R., Xor-trees for efficient anonymous multicast and reception, ACM Transactions on Information and System Security 3(2) (2000), pp. 63-84.
176. Domingo-Ferrer, J., Advances in inference control in statistical databases: An overview. In: Proc. Inference Control in Statistical Databases, Lecture Notes in Computer Science 2316, Springer, Berlin etc., 2002, pp. 1-7.
177. Du, W., Atallah, M. J., Secure multiparty computation problems and their applications: A review and open problems. In: Proc. New Security Paradigms Workshop 2001, ACM, 2001, pp. 13-22.
178. Dworkin, M., Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, National Institute of Standards and Technology (NIST), PUB 800-38C, 2004.
179. Ebbinghaus, H.-D., Flum, J., Finite Model Theory, Springer, Berlin etc., 1995.
180. Eckert, C., IT-Sicherheit: Konzepte-Verfahren-Protokolle (4. Aufl.), Oldenbourg, Munich/Vienna, 2006.
181. Eckmann, S. T., Vigna, G.., Kemmerer, R. A., STATL: An attack language for statebased intrusion detection, Journal of Computer Security 10 (1-2) (2002), pp. 71-104.
182. ECRYPT - Network of Excellence in Cryptology, Information Societies Technology (IST) Programme of the European Commission's Sixth Framework Programme (FP6), contract number IST-2002-507932 (see http://www.ecrypt.eu.org).
183. ElGamal, T., A public key cryptosystem and a signature scheme based on discrete logarithm, IEEE Transactions on Information Theory 31(1985), pp. 469-472.
184. Ellison, C. M., Frantz, B., Lampson, B., Rivest, R. L., Thomas, B. M., Ylonen, T., Simple public key certificate, http://world.std.com/~cme/html/sdsi. html, July 1999.
185. Ellison, C. M., Frantz, B., Lampson, B., Rivest, R. L., Thomas, B. M., Ylonen, T., SPKI certificate theory, http://world.std.com/~cme/html/spki.html, Internet RFC 2693, September 1999.
186. Ellison, C. M., Schneier, B., Ten risks of PKI: What you're not being told about public key infrastructure, Journal of Computer Security 16(1) (2000), pp. 1-7.
187. Ellison, C. M., Dohrmann, D., Public-key support for group collaboration, ACM Transactions on Information and System Security 6(4) (2003), pp. 547-565.
188. Elmasri, R., Navathe, S. B., Fundamentals of Database Systems, 3rd edition, Addison-Wesley, Reading, MA, etc, 2000.
189. Eloff, J. H. P., Labuschagne, L., Badenhorst, K. P., A comparative framework for risk analysis methods, Computers & Security 12(6) (1993), pp. 597-603.
190. Escobar, S., Meadows, M., Meseguer, J., A rewriting-based inference system for the NRL Protocol Analyzer and its meta-logical properties, Theoretical Computer Science 367 (1-2) (2006), pp. 162-202.
191. European Commission, Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data, 1995 (see http://europa.eu.int/eur-lex/en/lif/dat/1995/en-395L0046.html).
192. European Commission, Towards a European framework for digital signatures and encryption, Communication COM (97) 503, Oct. 1997 (see http://www.ispo.cec. be/eif/policy).
193. European Commission, Directive on a framework for the use of electronic signatures, Proposal COM (98) 297, May 1998 (see http://www.ispo.cec.be/eif/ policy).
194. European Communities, Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, Luxembourg, 1991.
195. Even, S., Protocol for signing contracts. In: Proc. Crypto 81, University of California Santa Barbara, Dept. of Elec. and Computer Eng., ECE Report No 82-04, 1982, pp. 148-153.
196. Fabry, R. S., Capability-based addressing, Communications of the ACM 17(7) (1974), pp. 403-412.
197. Fagin, R., On an authorization mechanism, ACM Transactions on Database Systems 3(3) (1978), pp. 310-319.
198. Fagin, R., Halpern, J. Y., Moses, Y., Vardi, M. Y., Reasoning About Knowledge, MIT Press, Cambridge, MA, 1995.
199. Farkas, C., Jajodia, S., The inference problem: A survey, ACM SIGKDD Explorations Newsletter 4(2) (2002), pp. 6-11.
200. Feige, U., Fiat, A., Shamir, A., Zero-knowledge proofs of identity, Journal of Cryptology 1(1988), pp. 77-94.
201. Feistel, H., Cryptography and computer privacy, Scientific American 228(5) (1973), pp. 15-23.
202. Feller, W., An Introduction to Probability Theory and Its Applications, Volumes 1 and 2, Wiley, New York, 1968 and 1971.
203. Ferguson, N., Extensions of single-term coins. In: Proc. Crypto 93, Lecture Notes in Computer Science 773, Springer, Berlin etc., 1994, pp. 292-301.
204. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, R., Proposed NIST standard for rolebased access control, ACM Transactions on Information and System Security 4(3) (2001), pp. 224-274.
205. Ferrari, E., Adam, N. R., Atluri, V., Bertino, E., Capuozzo, U., An authorization system for digital libraries, The VLDB Journal 11(2002), pp. 58-67.
206. Feustel, E. A., On the advantages of tagged architecture, IEEE Transactions on Computers C-22 (7) (1973), pp. 644-656.
207. Fiedler, H., Informationelle Garantien für das Zeitalter der Informationstechnik. In: Tinnefeld, M.-T., Philipps, L., Weis, K. (eds.), Institutionen und der Einzelne im Zeitalter der Informationstechnik, Oldenbourg, Munich/Vienna, 1994, pp. 147-158.
208. Flegel, U., Pseudonymizing UNIX log files. In: Proc. Infrastructure Security Conference, InfraSec 2002, Lecture Notes in Computer Science 2437, Springer, Berlin etc., 2002, pp. 162-179.
209. Flegel, U., Biskup, J., Requirements of information reductions for cooperating intrusion detection agents. In: Proc. International Conference on Emerging Trends in Information and Communication Security, ETRIX 2006, Lecture Notes in Computer Science 3995, Springer, Berlin etc., 2006, pp. 466-480.
210. Flegel, U., Privacy-Respecting Intrusion Detection, Springer, New York etc., 2007.
211. Focardi, R., Gorrieri, R., A classification of security properties for process algebras, Journal of Computer Security 3(1) (1995), pp. 5-33.
212. Focardi, R., Gorrieri, R., Classification of security properties (Part I: information flow). In: Focardi, R., Gorrieri, R., (eds.), Foundations of Security Analysis and Design, Lecture Notes in Computer Science 2171, Springer, Berlin etc., 2001, pp. 331-396.
213. Foley, S. N., A universal theory of information flow. In: IEEE Sympsoum on Security and Privacy, Oakland, 1987, pp. 116-122.
214. Forrest, S., Hofmayr, S. A., Longstaff, T. A., A sense of self for Unix processes. In: Proc. IEEE Symposium on Security and Privacy, 1996, pp. 120-128.
215. Free Software Foundation, The GNU Privacy Guard, Version GnuPG 1.4.5, 2006, http://gnupg.org.
216. Garfinkel, S., Spafford, G., Practical UNIX and Internet Security, 2nd edition, O'Reilly, Sebastopol, CA, etc., 1996.
217. Gathen, J. von zur, Gerhard, J., Modern Computer Algebra, 2nd edition, Cambridge University Press, Cambridge, 2003.
218. Gerla, G., Fuzzy Logic: Mathematical Tools for Approximate Reasoning, Kluwer, Dordrecht etc., 2001.
219. Gilbert, E. N., MacWilliams, F. J., Sloane, N. J. A., Codes which detect deception, Bell System Technical Journal 53(3) (1974), pp. 405-424.
220. Goldreich, O., Goldwasser, S., Micali, S., On the cryptographic applications of random functions. In: Proc. Crypto 84, Lecture Notes in Computer Science 263, Springer, Berlin etc., pp. 276-288.
221. Goldreich, O., Goldwasser, S., Micali, S., How to construct random functions, Journal of the ACM 33(1986), pp. 792-807.
222. Goldreich, O., Micali, S., Wigderson, A., How to play any mental game - a completeness theorem for protocols with honest majority. In: Proc. 19th ACM Symposium on the Theory of Computing, 1987, pp. 218-229.
223. Goldreich, O., Micali, S., Wigderson, A., Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems, Journal of the ACM 38(3) (1991), pp. 691-729.
224. Goldreich, O., Krawcyzk, H., Luby, M., On the existence of pseudorandom generators, SIAM Journal on Computing 22(1993), pp. 1163-1175.
225. Goldreich, O., Oren, Y., Definitions and properties of zero-knowledge proof systems, Journal of Cryptography 7(1) (1994), pp. 1-32.
226. Goldreich, O., Modern Cryptography, Probabilistic Proofs and Pseudorandomness, Springer, Berlin etc., 1999.
227. Goldreich, O., Cryptography and cryptographic protocols, Distributed Computing 16(2003), pp. 177-199.
228. Goldreich, O., Foundations of Cryptography I: Basic Tools, Cambridge University Press, Cambridge, 2001.
229. Goldreich, O., Foundations of Cryptography II: Basic Applications, Cambridge University Press, Cambridge, 2004.
230. Goldschlag, D. M., Reed, M. G., Syverson, P. F., Onion routing, Communications of the ACM 42(2) (1999), pp. 39-41.
231. Goldwasser, S., Micali, S., Probabilistic encryption, Journal of Computer and System Science 28(1984), pp. 270-299.
232. Goldwasser, S., Micali, S. Rivest, R. L., A digital signature scheme secure against adaptive chosen-message attacks, SIAM Journal on Computing 17(2) (1988), pp. 281-308.
233. Goldwasser, S., Micali, S. Rackoff, C., The knowledge complexity of interactive proof systems, SIAM Journal on Computing 18(1) (1989), pp. 186-207.
234. Gollmann, D., Computer Security, 1st edition, Wiley, Chichester, 1999; 2nd edition, 2006.
235. Goloubeva, O., Rebaudengo, M., Rorda, M. S., Violante, M., Software-Implemented Hardware Fault Tolerance, Springer, New York, 2006.
236. Gong, L., Java2 platform security architecture, Chapter 4 of JDK 1.4.2, http://java.sun. com/j2se/1.4.2/docs/guide/security/spec/security-spec. doc4.html, 1997-2002.
237. Goguen, J. A., Mesequer, J., Security policies and security models. In: Proc. IEEE Symposium on Security and Privacy, 1982, Oakland, pp. 11-20.
238. Goguen, J. A., Mesequer, J., Unwinding and inference control. In: Proc. IEEE Symposium on Security and Privacy, 1984, Oakland, pp. 75-86.
239. Gray, J. W., III, Toward a mathematical foundation for information flow properties. In: Proc. IEEE Symposium on Security and Privacy, Oakland, 1991, pp. 21-34.
240. Gries, D., The Science of Computer Programming, Springer, Berlin etc. 1981.
241. Griffiths, P. P., Wade, B. W., An authorization mechanism for relational database systems, ACM Transactions on Database Systems 1(3) (1976), pp. 242-255.
242. Grimaldi, R. P., Discrete and Combinatorial Mathematics, 3rd edition, Addison-Wesley, Reading, MA, etc., 1994.
243. Groß, M., Vertrauenswürdiges Booten als Grundlage authentischer Basissysteme. In: Proc. GI-Fachtagung Verläßliche Informationssysteme, VIS 91, Informatik-Fachberichte 271, Springer, Berlin etc., pp. 190-207.
244. Haigh, J. T., Young, W. D., Extending the noninterference version of MLS for SAT, IEEE Transactions on Software Engineering 13(2) (1987), pp. 141-150.
245. Halevi, S., Micali, S., Practical and provably-secure commitment schemes from collision-free hashing. In: Proc. Crypto 96, Lecture Notes in Computer Science 1109, Springer, Berlin etc., 1996, pp. 201-215.
246. Halpern, J. Y., van der Meyden, R., A logic for SDSI's linked local name spaces, Journal of Computer Security 9(2001), pp. 105-142.
247. Handschuch, T., Solaris 7 - Systemadministration, 2nd edition, Springer, Berlin etc., 1999.
248. Hankerson, D., Menezes, A., Vanstone, S., Guide to Elliptic Curve Cryptography, Springer, New York etc., 2004.
249. Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A., On robust combiners for oblivious transfer and other primitives. In: Proc. Eurocrypt 05, Lecture Notes in Computer Science 3494, Springer; Berlin etc., 2005, pp. 96-113.
250. Harrison, M. A., Ruzzo, W. L., Ullman, J. D., Protection in operating systems, Communications of the ACM 19(8) (1976), pp. 461-471.
251. Harrison, M. A., Ruzzo, W. L., Monotonic protection systems. In: DeMillo, R. A., et al. (eds.), Foundations of Secure Computation, Academic Press, New York, 1978, pp. 337-365.
252. Härtig, H., Kühnhäuser, W. E., Kowalski, O. C., Lux, W., Reck, W., Streich, H., Goos, G.., Architecture of the BirliX operating system, German National Research Center for Computer Science (GMD), 1990.
253. Härtig, H., Kowalski, O. C., Kühnhauser, W. E., The BirliX security architecture, Journal of Computer Security 2(1993), pp. 5-22.
254. Hennessy, J. L., Patterson, D. A., Computer Architecture: A Quantitative Approach, 3rd edition, Morgan Kaufmann, San Francisco, 2003.
255. Hess, A., Holt, L., Jacobson, J., Seamons, K., Content-triggered trust negotation, ACM Transactions on Information and System Security 7(3) (2004), pp. 428-456.
256. Hoffman, D. G., Leonard, D. A., Lindner, C. C., Phelps, K. T., Rodger, C. A., Wall, J. R., Coding Theory: The Essentials, Marcel Dekker, New York, 1991.
257. Hoffman, L. J., Modern Methods for Computer Security and Privacy, Prentice-Hall, Englewood Cliffs, 1977.
258. Hopcroft, J. E., Motwani, R., Ullman, J. D., Introduction into Automata Theory, Languages, and Computation, 2nd edition, Addison-Wesley, Reading, MA, etc., 2001.
259. Howell, J., Kotz, D., A formal semantics for SPKI. In: Proc. 6th European Symposium on Research in Computer Security, ESORICS 2000, Lecture Notes in Computer Science 1895, Springer, Berlin etc., 2004, pp. 140-158.
260. Hsiao, D. K., Kerr, D. S., Madnick, S. E., Computer Security, Academic Press, New York etc., 1979.
261. Huang, M.-Y., Jasper, R. J., Wicks, T. M., A large scale distributed intrusion detection framework based on attack strategy analysis, Computer Networks 31 (23-24) (1999), pp. 2465-2475.
262. Hughes, D., Shmatikov, V., Information hiding, anonymity and privacy: A modular approach, Journal of Computer Security 12(2004), pp. 3-36.
263. Iheagwara, C., Blyth, A., Singhal, M., A comparative experimental evaluation study of intrusion detection system performance in a gigabit environment, Journal of Computer Security 11(2003), pp. 1-33.
264. Ilgun, K., USTAT: a real-time intrusion detection system for Unix. In: Proc. IEEE Symposium on Security and Privacy, 1993, pp. 16-29.
265. Ilgun, K., Kemmerer, R. A., Porras, P. A., State transition analysis: A rule-based intrusion detection approach, IEEE Transactions on Software Engineering 21(3) (1995), pp. 181-199.
266. ISHTAR Consortium, Implementing Secure Healthcare Telematics Applications in Europe, Studies in Health Technology and Informatics 66, IOS Press, Amsterdam etc., 2001.
267. ISO (International Organization for Standardization), IEC (International Electrotechnical Commission): Joint Technical Committee ISO/IEC JTC 1 on Information Technology, Database Language SQL (final committee draft for 4th edition), ISO/IEC FCD 9075, 1997.
268. ISO (International Organization for Standardization), IEC (International Electrotechnical Commission), Information Technology - Security Techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms Using a Block Cipher, ISO/IEC 9797-1, 1999.
269. ISO (International Organization for Standardization), IEC (International Electrotechnical Commission), Information Technology - Security Techniques - Message Authentication Codes (MACs) - Part 2: Mechanisms Using a Dedicated Hash-Function, ISO/IEC 9797-2, 2002.
270. Ito, M., Saito, A., Nishizeki, T., Multiple assignment schemes for secret sharing, Journal of Cryptology 6(1993), pp. 15-20.
271. Jacob, J., Categorising non-interference. In: Proc. Computer Security Foundations Workshop, Franconia, NH, 1990, pp. 44-50.
272. Jaeger, T., Tidswell, J. E., Practical safety in flexible access control models, ACM Transactions on Information and System Security 4(2) (2001), pp. 158-190.
273. Jajodia, S., Sandhu, R. S., Towards a multilevel secure relational data model. In: Proc. ACM SIGMOD Int. Conference on Management of Data, May 1991, pp. 50-59.
274. Jajodia, S., Samarati, P., Subrahmanian, V. S., Bertino, E., A unified framework for enforcing multiple access control policies. In: Proc. ACM SIGMOD Int. Conference on Management of Data, May 1997, pp. 474-485.
275. Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S., Flexible support for multiple access control policies, ACM Transactions on Database Systems 26(2) (2001), pp. 214-260.
276. Jajodia, S., Atluri, V., Keefe, T., McCollum, C. D., Mukkamala, R., Multilevel secure transaction processing, Journal of Computer Security 9(2001), pp. 165-195.
277. Jalote, P., Fault Tolerance in Distributed Systems, Prentice Hall, Englewood Cliffs, 1994.
278. Javitz, H. S., Valdes, A., The SRI IDES statistical anomaly detector. In: Proc. IEEE Symposium on Security and Privacy, 1991, pp. 316-326.
279. Jha, S., Reps, T., Model checking SPKI/SDSI, Journal of Computer Security 12(2004), pp. 317-353.
280. Johnson, D., Menezes, A., Vanstone, S., The elliptic curve digital signature algorithm (ECDSA), International Journal on Information Security 1(1) (2001), pp. 36-63.
281. Jones, A. K., Lipton, R. J., The enforcement of security policies for computation. In: Proc. 5th Symposium on Operating System Principles, Operating Systems Review 9(5) (1975), pp. 197-206.
282. Jones, A. K., Liskov, B. H., A language extension for controlling access to shared data, IEEE Transactions on Software Engineering 2(4) (1976), pp. 227-285.
283. Jones, A. K., Liskov, B. H., A language extension for expressing constraints on data access, Communications of the ACM 21(5) (1978), pp. 358-367.
284. Josang, A., A subjective metric of authentication. In: Proc. 5th European Symposium on Research in Computer Security, ESORICS 1998, Lecture Notes in Computer Science 1485, Springer, Berlin etc., 1998, pp. 329-344.
285. Josang, A., Ismail, R., Boyd, C., A survey of trust and reputation systems for online service provision, Decision Support Systems 43(2) (2007), pp. 618-644.
286. Joshi, J. B. D., Bertino, E., Shafiq, B., Ghafoor, A., Dependencies and separation of duty constraints in GTRBAC. In: Proc. 8th ACM Symposium on Access Control Models and Technologies, SACMAT 03, June 2003, Como, Italy, pp. 51-64.
287. Julisch, K., Clustering intrusion detection alarms to support rot cause analysis, ACM Transactions on Information and System Security 6(4) (2003), pp. 443-471.
288. Karger, P. A., Schell, R. R., Thirty years later: Lessons from the Multics security evaluation. In: Proc. 18th Annual Security Applications Conference, ACSAC 02, IEEE, 2002, pp. 119-126.
289. Kallenberg, O., Foundations of Modern Probability, Springer, New York etc., 2002.
290. Karnin, E. D., Greene, J. W., Hellman, M. E., On secret sharing schemes, IEEE Transactions on Information Theory 29(1) (1983), pp. 231-241.
291. Kilian, J., Basing cryptography on oblivious transfer. In: Proc. 20th ACM Symposium on Theory of Computing, STOC 88, ACM, 1988, pp. 20-31.
292. Knorr, K., Dynamic access control through Petri net workflows. In: Proc. 16th Annual Computer Security Applications Conference, ACSAC 00, New Orleans, Dec. 2000, pp. 159-167.
293. Knuth, D., The Art of Computer Programming - Volume 2: Seminumerical Algorithms, Addison-Wesley, Reading, MA, etc., 1981.
294. Ko, C., Ruschitzka, M., Levitt, K., Execution monitoring of security-critical programs in a distributed system. In: Proc. IEEE Symposium on Security and Privacy, 1997, pp. 175-187.
295. Koblitz, N., Elliptic curve cryptosystems, Mathematics of Computation 48(1987), pp. 203-209.
296. Koch, M., Mancini, L. V., Parisi-Presicce, F., Decidability of safety in graph-based models for access control. In: Proc. 7th European Symposium on Research in Computer Security, ESORICS 2002, Oct. 2002, Lecture Notes in Computer Science 2502, Springer, Berlin etc., 2002, pp. 229-243.
297. Koch, M., Mancini, L. V., Parisi-Presicce, F., A graph-based formalism for RBAC, ACM Transactions on Information and System Security 5(3) (2002), pp. 332-365.
298. Kohl, J. T., Neuman, B. C., Ts'o, T. Y., The evolution of the Kerberos authentification service. In: Brazier, F., Johansen, D. (eds.), Distributed Open Systems, IEEE Computer Society Press, 1994, pp. 78-94.
299. Kolmogorov, A. N., Three approaches to the concept of "the amount of information" [in Russian], Problems of Information Transmission 1(1965), 3-11.
300. Kowalski, O. C., Härtig, H., Protection in the BirliX operating system. In: Proc. 10th Int. Conf. on Distributed Computing Systems, IEEE, 1990, pp. 160-166.
301. Kruegel, C., Valeur, F., Vigna, G., Intrusion Detection and Correlation: Challenges and Solutions, Springer, New York, 2005.
302. Küsters, R., Simulation-based security with inexhaustible interactive Turing machines. In: 19th IEEE Computer Security Foundations Workshop, CSFW-2006, IEEE Computer Society Press, 2006, pp. 309-320.
303. Küsters, R., Truderung, T., On the automatic analysis of recursive security protocols with XOR. In: 24th Annual Symposium on Theoretical Aspects of Computer Science, STACS 2007, Lecture Notes in Computer Science 4393, Springer, Berlin etc., 2007, pp. 646-657.
304. Lai, X., On the Design and Security of Block Ciphers, ETH Series in Information Processing 1, Hartung-Gorre, Konstanz, 1992.
305. Lai, X., Massey, J. L., A proposal for a new block encryption standard. In: Proc. Advances in Cryptology, EUROCRYPT 90, Lecture Notes in Computer Science 473, Springer, Berlin etc., 1991, pp. 389-404.
306. Lamport, L., Time, clocks, and the ordering of events in a distributed system, Communications of the ACM 21(7) (1978), pp. 558-565.
307. Lamport, L., Concurrent reading and writing of clocks, Transactions on Computing Systems 8(4) (1990), pp. 305-310.
308. Lampson, B., A note on the confinement problem, Communications of the ACM 16(10) (1973), pp. 613-615.
309. Lampson, B., Abadi, M., Burrows, M., Wobber, E., Authentication in distributed systems: Theory and practice, ACM Transactions on Computer Systems 10, 4(1992), pp. 265-310.
310. Lane, T., Brodley, C. E., Temporal sequence learning and data reduction for anomaly detection, ACM Transactions on Information and System Security 2(3) (1999), pp. 295-331.
311. Laprie, J.-C. (ed.), Dependability: Basic Concepts and Terminology, Springer, Berlin etc., 1992.
312. Lee, W., Stolfo, S. L., A framework for constructing features and models for intrusion detection systems, ACM Transactions on Information and System Security, 3(4) (2000), pp. 227-261.
313. Leiss, E. J., Principles of Data Security, Plenum Press, New York, 1982.
314. Levin, L. A., Randomness and non-determinism, Journal of Symbolic Logic 58(1993), pp. 1102-1103.
315. Lewis, P. M., Bernstein, A., Kifer, M., Database and Transaction Processing: An Application-Oriented Approach, Addison-Wesley, Boston etc., 2002.
316. Li, N., Mitchell, J. C., Winsborough, W. H., Design of a role-based trust-management framework. In: Proc. IEEE Symposium on Security and Privacy, 2002, pp. 114-130.
317. Li, N., Winsborough, W. H., Mitchell, J. C., Distributed credential chain discovery in trust management, Journal of Computer Security 11(2003), pp. 35-86.
318. Li, N., Grosof, B. N., Feigenbaum, J., Delegation logic: A logic-based approach to distributed authorization, ACM Transactions on Information and System Security 6(1) (2003), pp. 128-171.
319. Li, N., Mitchell, J. C., Understanding SPKI/SDSI using first-order logic, International Journal of Information Security 5(2006), pp. 48-64.
320. Libkin, L., Elements of Finite Model Theory, Springer, Berlin etc., 2004.
321. Lidl, R., Niederreiter, H., Finite Fields, 2nd edition, Cambridge University Press, Cambridge, 1997.
322. Lindgreen, E. R., Herschberg, I. S., On the validity of the Bell-LaPadula model, Computers & Security 13(1994), pp. 317-333.
323. Lindquist, U., Porras, P. A., Detecting computer and network misuse through the production-based expert system toolset (P-BEST). In: Proc. IEEE Symposium on Security and Privacy, 1999, pp. 146-161.
324. Lipton, R. J., Snyder, L., A linear time algorithm for deciding subject security, Journal of the ACM 24(3) (1977), pp. 455-464.
325. Lipton, R. J., Budd, T. A., On classes of protection systems. In: DeMillo, R. A., et al., (eds.), Foundations of Secure Computation, Academic Press, New York, 1978, pp. 281-298.
326. Lochovsky, F. H., Woo, C. C., Role-based security in data base management systems. In: Landwehr, C. E., (ed.), Database Security: Status and Prospects, Elsevier Science (North Holland), Amsterdam etc., 1988, pp. 173-185.
327. Lockmann, A., Minsky, N., Unidirectional transport of rights and take-grant control, IEEE Transactions on Software Engineering SE-8 (6) (1982), pp. 597-604.
328. Lundin, E., Jonsson, E., Anomaly-based intrusion detection: Privacy concerns and other problems, Computer Networks 34(4) (2000), pp. 623-640.
329. Lunt, T. F., Denning, D. E., Schell, R. R., Heckman, M., Shockley, W. R., The SeaView security model, IEEE Transactions on Software Engineering 16(6) (1990), pp. 593-607.
330. Mantel, H., Preserving information flow properties under refinement. In: Proc. IEEE Symposium on Security and Privacy, 2001, Oakland, pp. 78-91.
331. Mantel, H., On the composition of secure systems. In: Proc. IEEE Symposium on Security and Privacy, 2002, Oakland, pp. 88-101.
332. Mantel, H., A Uniform Framework for the Formal Specification and Verification of Information Flow Security, Ph. D. thesis, Universität des Saarlandes, Saarbrücken, 2003.
333. Marchette, D. J., Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint, Springer, New York etc., 2001.
334. Martin-Löf, P., The definition of randomness, Information and Control 9(1966), pp. 602-619.
335. Massias, H., Serret Avila, X., Quisquater, J.-J., Timestamps: Main issues on their use and implementation. In: 8th Workshop on Enabling Technologies: Infrastructure for Collaboration, WETICE 99, IEEE, 1999, pp. 178-183.
336. Maurer, U., Modelling a public-key infrastructure. In: Proc. 4th European Symposium on Research in Computer Security, ESORICS 96, Lecture Notes in Computer Science 1146, Springer, Berlin etc., 1996, pp. 325-350.
337. McCullough, D., Noninterference and the compositionality of security properties. In: Proc. IEEE Symposium on Security and Privacy, 1988, pp. 177-186.
338. McCullough, D., A hookup theorem for multilevel security, IEEE Transactions on Software Engineering 16(6) (1990), pp. 563-568.
339. McGraw, G., Felton, E. W., Securing Java: Getting Down to Business with Mobile Code, Wiley, New York etc., 1999.
340. McHugh, J., Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluation as performed by Lincoln Laboratory, ACM Transactions on Information and System Security 3(4) (2000), pp. 262-294.
341. McKusick, M. K., Bostic, K., Karels, M. J., Quarterman, J. S., The Design and Implementation of the 4.4BSD Operating System, Addison-Wesley, Reading, MA, etc., 1996.
342. McLean, J., A comment on the "Basic Security Theorem" of Bell and LaPa-dula, Information Processing Letters 20(1985), pp. 67-70.
343. McLean, J., Reasoning about security models. In: Proc. IEEE Symposium on Security and Privacy, 1987, Oakland, pp. 123-131.
344. McLean, J., Proving noninterference and functional correctness using traces, Journal of Computer Security 1(1) (1992), pp. 37-57.
345. McLean, J., A general theory of composition for a class of "possibilistic" security properties, IEEE Transactions on Software Engineering 22(1) (1996), pp. 53-67.
346. Meadows, C., Ordering from Satan's menu: A survey of requirements specification for formal analysis of cryptographic protocols, Science of Computer Programming 50(2004), pp. 3-22.
347. Menezes, A. J., van Oorschot, P. C., Vanstone, S. A., Handbook of Applied Cryptography, CRC Press, Boca Raton etc., 1997.
348. Meier, W., On the security of the IDEA block cipher. In: Proc. Advances in Cryptology, Eurocrypt 93, Lecture Notes in Computer Science 765, Springer, Berlin etc., 1994, pp. 371-385.
349. Merkle, R. C., Protocols for public key cryptosystems. In: Proc. IEEE Sympsium on Security and Privacy, 1980, Oakland, pp. 122-134.
350. Merkle, R. C., A fast software one-way hash function, Journal of Cryptology 3(1990), pp. 43-58.
351. Michael, C., Ghosh, A., Simple state-based approaches to program-based anomaly detection, ACM Transactions on Information and System Security 5(3) (2002), pp. 203-237.
352. Millen, J. K., Security kernel validation in practice, Communications of the ACM 19(5) (1976), pp. 243-250.
353. Miller, S. P., Neuman, B. C., Schiller, J. I., Saltzer, J. H., Section E.2.1: Kerberos authentification and authorization system, M. I. T. Project Athena, Technical Report, Cambridge, MA, 1987.
354. Miller, V. S., Uses of elliptic curves in cryptography. In: Proc. Crypto 85, Lecture Notes in Computer Science 218, Springer, Berlin etc., 1986, pp. 417-426.
355. Mills, D., Improved algorithms for synchronizing computer network clocks, IEEE/ACM Transactions on Networks 3(1995), pp. 245-254.
356. Minsky, N., An operation-control scheme for authorization in computer systems, International Journal of Computer and Information Sciences 7(2) (1978), pp. 157-191.
357. Minsky, N., Ungureanu, V., Law-governed interaction: A coordination and control mechanism for heterogeneous distributed systems, ACM Transactions on Software Engineering and Methodology 9(3) (2000), pp. 273-305.
358. Mitchell, J. C., Concepts in Programming Languages, Cambridge University Press, Cambridge etc., 2002.
359. Mounji, A., Charlier, B. L., Zampunieris, D., Habra, N., Distributed audit trail analysis. In: Proc. ISOC 95 Symposium on Network and Distributed System Security, 1995, pp. 102-112.
360. Myers, A. C., Liskov, B., Protecting privacy using the decentralized label model, ACM Transactions on Software Engineering and Methodology 9(4) (2000), pp. 410-442.
361. Naor, M., Bit commitment using pseudorandomness, Journal of Cryptology 4(2) (1991), pp. 151-158.
362. Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M., Zero-knowledge arguments for NP can be based on general assumptions, Journal of Cryptology 11(1998), pp. 87-108.
363. National Bureau of Standards, Data Encryption Standard, NBS FIPS PUB 46, 1980.
364. National Bureau of Standards, DES Modes of Operation, NBS FIPS PUB 81, 1977.
365. National Institute of Standards and Technology, U. S. Department of Commerce, Advanced Encryption Standard, NIST Federal Information Processing Standards Publication 197, 2001.
366. National Institute of Standards and Technology, U. S. Department of Commerce, Secure Hash Standard, NIST Federal Information Processing Standards Publication 180-2, 2002.
367. National Institute of Standards and Technology, U. S. Department of Commerce, Digital Signature Standard, NIST Federal Information Processing Standards Publication 186-2, 2000.
368. Nerode, A., Shore, R. A., Logic for Applications, 2nd edition, Springer, New York etc., 1997.
369. Neuman, B., Ts'o, T., Kerberos: An authentication service for computer networks, IEEE Communications 32(9) (1994), pp. 33-38.
370. Neumann, P. G., Computer Related Risks, Addison-Wesley, Reading, MA, etc., 1995.
371. Neumann, P. G. (moderator), The Risks Digest: Forum on Risks to the Public in Computers and Related Systems, http://catless.ncl.ac.uk/risks.
372. Ning, P., Xu, D., Learning attack strategies from intrusion alerts. In: Proc. 10th ACM Conference on Computer and Communications Security, CCS 03, ACM, 2003, pp. 200-209.
373. Ning, P., Cui, Y., Reeves, D. S., Xu, D., Techniques and tools for analyzing intrusion alerts, ACM Transactions on Information and System Security 7(2) (2004), pp. 274-318.
374. Ning, P., Jajodia, S., Wang, X. S., Intrusion Detection in Distributed Systems: An Abstraction-Based Approach, Kluwer, Boston etc., 2004.
375. Oberschelp, W., Vossen, G., Rechneraufbau und Rechnerstrukturen, 9th edition, Oldenbourg, Munich/Vienna, 2003.
376. O'Halloran, C., A calculus of information flow. In: Proc. 1st European Symposium on Research in Computer Security, Toulouse, Oct. 1990, pp. 147-159.
377. Olivier, M., von Solms, S. H., A taxonomy for secure object-oriented databases, ACM Transactions on Database Systems 19(1) (1994), pp. 3-46.
378. OMG (Object Management Group), Common Secure Interoperability, OMG Document orbos/96-06-20, July 1996.
379. OMG (Object Management Group), CORBA Security, OMG Documents 96-08-03 through 96-08-06, July 1996.
380. Oracle Corporation, Oracle 9i - SQL Reference, Release 2 (9.2), March 2002.
381. Organick, E. I., The Multics System: An Examination of its Structure, MIT Press, Cambridge, MA, etc., 1972.
382. Osborne, S., Sandhu, R., Munawar, Q., Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security 3(2) (2000), pp. 85-106.
383. Park, J. S., Sandhu, R., Gail, J. A., Role-based access control on the Web, ACM Transactions on Information and System Security 4(1) (2001), pp. 37-71.
384. Parker, D. B., Restating the foundation of information security. In: Proc. IFIP/SEC 92, Singapore, pp. 159-171.
385. Patterson, D. A., Hennessy, J. L., Computer Organization and Design: The Hardware/Software Interface, 3rd edition, Morgan Kaufmann, San Francisco, 2004.
386. Pearson, S. (ed.), Balacheff, B., Chen, L., Plaquin, D., Proudler, G., Trusted Computing Platforms: TCPA Technology in Context, Prentice-Hall, Upper Saddle River etc., 2003.
387. Pedersen, T. P., Non-interactive and information-theoretic secure verifiable secret sharing. In: Proc. Crypto 91, Lecture Notes in Computer Science 576, Springer, Berlin etc., 1992, pp. 129-140.
388. Pedersen, T. P., Pfitzmann, B., Fail-stop signatures, SIAM Journal on Computing 26(2) (1997), pp. 291-330.
389. Pfitzmann, A., Diensteintegrierende Kommunikationsnetze mit teilnehmerüberprüfbarem Datenschutz, Informatik-Fachberichte 234, Springer, Berlin etc., 1990.
390. Pfitzmann, A., Pfitzmann, B., Schunter, M., Waidner, M., Trusting mobile user devices and security modules, IEEE Computer 30(2) (1997), pp. 61-68.
391. Pfitzmann, A., Hansen, M., Anonymity, unlinkability, unobservability, pseudonymity, and identity management - a consolidated proposal for terminology, http://dud.inf.tu-dresden. de/Anon-Terminology.shtml.
392. Pfitzmann, B., Digital Signature Schemes: General Framework and Fail-Stop Signatures, Lecture Notes in Computer Science 1100, Springer, Berlin etc., 1996.
393. Pfitzmann, B., Sadeghi, A.-R., Coin-based anonymous fingerprinting. In: Proc. Eurocrypt 99, Lecture Notes in Computer Science 1592, Springer, Berlin etc., 1999, pp. 150-164.
394. Pfleeger, C. P., Security in Computing, 2nd edition, Prentice-Hall, Englewood Cliffs etc., 1997.
395. Pieprzyk, J., Hardjono, T., Seberry, J., Fundamentals of Computer Security, Springer, Berlin etc., 2003.
396. Pless, V., Introduction to the Theory of Error-Correcting Codes, Wiley, New York etc., 1989.
397. Popek, G. J., Farber, D. A., A model for verification of data security in operating systems, Communications of the ACM 21(9) (1978), pp. 737-749.
398. Pottier, F., Skalka, C., Smith, S., A systematic approach to static access control, ACM Transactions on Programming Languages and Systems 27(2) (2005), pp. 344-382.
399. Preneel, B., van Oorschot, P. C., On the security of iterated message authentication codes, IEEE Transactions on Information Theory 45(1) (1999), pp. 188-199.
400. Rabin, M., How to exchange secrets by oblivious transfer, TR-81, Aiken Computation Laboratory, Harvard University, 1981.
401. Raghavarao, D., Constructions and Combinatorial Problems in Design of Experiments, Wiley, New York etc., 1971.
402. Ramanathan, P., Shin, K., Butler, R., Fault-tolerant clock synchronization in distributed systems, IEEE Computer 23(10) (1990), pp. 33-42.
403. Rannenberg, K., Zertifizierung mehrseitiger IT-Sicherheit: Kriterien und organisatorische Rahmenbedingungen, Vieweg, Braunschweig/Wiesbaden, 1998.
404. Ray, I., Ammann, P., Jajodia, S., A semantic-based transaction processing model for multilevel transactions, Journal of Computer Security 6(1998), pp. 181-217.
405. Ray, I., Chakraborty, S., A vector model of trust for developing trustworthy systems. In: Proc. 9th European Symposium on Research in Computer Security, ESORICS 04, Lecture Notes in Computer Science 3193, Springer, Berlin etc., 2004, pp. 260-275.
406. Reiter, M. K., Rubin, A. D., Crowds: Anonymity for web transactions, ACM Transactions on Information and System Security 1(1) (1998), pp. 66-92.
407. Ritchie, D. M., Thompson, K., The UNIX time-sharing system, Communications of the ACM 7(7) (1974), pp. 365-375.
408. Ritchie, D. M., The Evolution of the UNIX Time-Sharing System. In: Proc. Symposium on Language Design and Programming Methodology, Lecture Notes in Computer Science 79, Springer, Berlin etc., 1979, pp. 25-36.
409. Rivest, R. L., Shamir, A., Adleman, L. M., A method for obtaining digital signatures and public key cryptosystems, Communications of the ACM 21(2) (1978), pp. 120-126.
410. Rivest, R. L., The MD4 message digest algorithm. In: Proc. Crypto 90, Lecture Notes in Computer Science 537, Springer, Berlin etc., 1990, pp. 303-311.
411. Rivest, R. L., The MD5 message digest algorithm, Network Working Group RFC 1321, 1992.
412. Robinson, A., Voronkov, A. (eds.), Handbook of Automated Reasoning, Volume I + II, Elsevier Science, Amsterdam; MIT Press, Cambridge, 2001.
413. Rogers, H., Theory of Recursive Functions and Effective Computability, McGraw-Hill, New York etc., 1967.
414. Rueppel, R. A., Analysis and Design of Stream Ciphers, Springer, Berlin etc., 1986.
415. Rushby, J. Noninterference, transitivity, and channel-control security policies, Technical Report CSL-92-02, SRI International, 1992.
416. Ryan, P., Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.), Foundations of Security Analysis and Design, Lecture Notes in Computer Science 2171, Springer, Berlin etc., 2001, pp. 1-62.
417. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L., Design and implementation of a TCG-based measurement architecture. In: Proc. 13th USENIX Security Symposium, San Diego, The USENIX Association, 2004, pp. 223-238.
418. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L., Attestation-based policy enforcement for remote access. In: Proc. 11th ACM Computer and Communications Security Conference, CCS 04, ACM Press, New York, 2004, pp. 308-317.
419. Salomaa, A., Public-Key Cryptography, 2nd edition, Springer, Berlin etc., 1996.
420. Saltzer, J. H., Protection and the control of information sharing in Multics, Communications of the ACM 17(7) (1974), pp. 388-402.
421. Saltzer, J. H., Schroeder, M. D., The protection of information in computer systems, Proceedings of the IEEE 63(9) (1975), pp. 1278-1308.
422. Saltzer, J. H., Reed, D. P., Clark, D. D., End-to-end arguments in system design, ACM Transactions on Computer Systems 2(4) (1984), pp. 277-288.
423. Samarati, P., De Capitani di Vimercati, S., Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.), Foundations of Security Analysis and Design, Lecture Notes in Computer Science 2171, Springer, Berlin etc, 2001, pp. 137-196.
424. Sandhu, R. S., The schematic protection model: Its definition and analysis for acyclic attenuating schemes, Journal of the ACM 35(2) (1988), pp. 404-432.
425. Sandhu, R. S., The demand operation in the schematic protection model, Information Processing Letters 32(1989), pp. 213-219.
426. Sandhu, R. S., The typed access matrix model. In: Proc. IEEE Symposium on Security and Privacy, 1992, Oakland, pp. 122-136.
427. Sandhu, R. S., Jajodia, S., Polyinstantiation for cover stories. In: Proc. 2nd European Symposium on Research in Computer Security, ESORICS 92, Lecture Notes in Computer Science 648, Springer, Berlin etc., 1992, pp. 307-328.
428. Sandhu, R. S., Lattice-based access control, IEEE Computer 26(11) (1993), pp. 9-19.
429. Sandhu, R. S., Samarati, P., Access control: Principles and practice, IEEE Communications Magazine, Sept. 1994, pp. 40-48.
430. Sandhu, R. S., Workshop summary. In: Proc. 1st ACM Workshop on Role-Based Access Control, RBAC 95, 1995, pp. I1-I7.
431. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., Youman, C. E., Role-based access control models, IEEE Computer 29(2) (1996), pp. 38-47.
432. Sandhu, R. S., Bhamidipati, V., Role-based administration of user-role assignment: The URA97 model and its Oracle implementation, Journal of Computer Security 7(4) (1999), pp. 317-342.
433. Santen, T., A formal framework for confidentiality-preserving refinement. In: Proc. 11th European Symposium on Research in Computer Security, ESORICS 06, Lecture Notes in Computer Science 4189, Springer, Berlin etc., 2006, pp. 225-242.
434. Saunders, G., Hitchens, M., Varadharajan, V., Role-based access control and the access control matrix, Operating Systems Review 35(4) (2001), pp. 6-20.
435. Schnorr, C. P., A uniform approach to the definition of randomness, Mathematical System Theory 5(1971), pp. 9-28.
436. Schneier, B., E-Mail Security: How to Keep Your Electronic Messages Private, Wiley, New York etc., 1995.
437. Schneier, B., Applied Cryptography, 2nd edition, Wiley, New York etc., 1996.
438. SEISMED Consortium, Data Security for Health Care - Volume I: Management Guidelines; Volume II: Technical Guidelines; Volume III: User Guidelines, Studies in Health Care and Informatics 31-33, IOS Press, Amsterdam etc., 1996.
439. Sejong, O., Seog, P., Task-role-based access control model, Information Systems 28(6) (2003), pp. 533-562.
440. Sehti, R., Programming Languages: Concepts and Constructs, 2nd edition, Addison-Wesley, Reading, MA, etc., 1996.
441. Serjantov, A., Dingledine, R., Syverson, P. F., From a trickle to a flood: Active attacks on several mix types. In: Proc. 5th International Workshop on Information Hiding, 2002, Lecture Notes in Computer Science 2578, Springer, Berlin etc., 2003, pp. 36-52.
442. Shamir, A., How to share a secret, Communications of the ACM 22(1979), pp. 612-613.
443. Shannon, C. E., A mathematical theory of communications, Bell System Technical Journal 27(1948), pp. 379-423, 623-656.
444. Shannon, C. E., Communication theory of secrecy systems, Bell System Technical Journal 28(4) (1949), pp. 656-715.
445. Sicherman, G. L., de Jonge, W., van de Riet, R. P., Answering queries without revealing secrets, ACM Transactions on Database Systems 8(1) (1983), pp. 41-59.
446. Siewe, F., Cau, A., Zedan, H., A compositional framework for access control policies enforcement. In: FMSE 03, Oct. 30, Washington, DC, pp. 32-42.
447. Silberschatz, A., Galvin, P. B., Gagne, G., Operating System Concepts, 6th edition, Addison-Wesley, Reading, MA, etc., 2001.
448. Simmons, G. J., Authentication theory/coding theory. In: Advances in Cryptology, Crypto 84, Lecture Notes in Computer Science 196, Springer, Berlin etc., 1985, pp. 411-432.
449. Simmons, G. J., An introduction to shared secret and/or shared control schemes and their applications. In: Simmons, G. J. (ed.), Contemporary Cryptology: The Science of Information Integrity, IEEE Press, New York, 1992, pp. 441-497.
450. Simmons, G. J., A survey on information authentication. In: Simmons, G. J. (ed.), Contemporary Cryptology: The Science of Information Integrity, IEEE Press, New York, 1992, pp. 379-419.
451. Smid, M. E., Branstad, D. K., The Data Encryption Standard: Past and future. In: Simmons, G. J. (ed.), Contemporary Cryptology: The Science of Information Integrity, IEEE Press, New York, 1992, pp. 43-64.
452. Snyder, L., Theft and conspiracy in the take-grant model, Journal of Computer and System Sciences 23(3) (1981), pp. 333-347.
453. Snyder, L., Formal models of capability-based protection systems, IEEE Transactions on Computers C-30 (3) (1981), pp. 172-181.
454. Sobirey, M., Fischer-Hübner, S., Rannenberg, K., Pseudonymous audit for privacy enhanced intrusion detection. In: Proc. IFIP TC11 13th International Conference on Information Security, SEC 97, Chapman & Hall, London etc., 1997, pp. 151-163.
455. Solworth, J. A., Sloan, R. H., Security property based administrative controls. In: Proc. 9th European Symposium on Research in Computer Security, ESORICS 04, Lecture Notes in Computer Science 3193, Springer, Berlin etc., 2004, pp. 244-259.
456. Soshi, M., Safety analysis of the dynamic-typed access matrix model. In: Proc. 6th European Symposium on Research in Computer Security, ESORICS 2000, Lecture Notes in Computer Science 1895, Springer, Berlin etc., 2000, pp. 106-121.
457. Soshi, M., Maekawa, M., Okamoto, E., The dynamic-typed access matrix model and decidability of the safety problem, IEICE Transactions on Information and Systems 87-A (1) (2004), pp. 190-203.
458. Stadler, M., Piveteau, J.-M., Camenisch, J., Fair blind signatures. In: Proc. Eurocrypt 95, Lecture Notes in Computer Science 921, Springer, Berlin etc., 1995, pp. 209-219.
459. Stadler, M., Publicly verifiable secret sharing. In: Proc. Eurocrypt 96, Lecture Notes in Computer Science 1070, Springer, Berlin etc., 1996, pp. 190-199.
460. Stajano, F., Security for Ubiquitous Computing, Wiley, New York etc., 2002.
461. Stallings, W., Operating Systems, 5th edition, Prentice-Hall, Upper Saddle River etc., 2005.
462. Stallings, W., Network and Internetwork Security: Principles and Practice, Prentice-Hall, Upper Saddle River etc., 1995.
463. Stallings, W., Cryptography and Network Security, Prentice-Hall, Upper Saddle River etc., 2003.
464. Steiner, J. G., Neuman, B. C., Schiller, J. I., Kerberos: An authentication service for open network systems. In: Usenix Conference Proceedings, Dallas, Texas, 1988, pp. 191-202.
465. Stinson, D. R., Some constructions and bounds of authentication codes, Journal of Cryptology 1(1988), pp. 37-51.
466. Stinson, D. R., The combinatorics of authentication and secrecy codes, Journal of Cryptology 2(1990), pp. 23-49.
467. Stinson, D. R., Combinatorial characterizations of authentication codes, Designs, Codes, and Cryptography 2(1992), pp. 175-187.
468. Stinson, D. R., An explication of secret sharing schemes, Designs, Codes and Cryptography 2(1992), pp. 357-390.
469. Stinson, D. R., Decomposition structures for secret sharing schemes, IEEE Transactions on Information Theory 40(1994), pp. 118-125.
470. Stinson, D. R., Cryptography: Theory and Practice, 1st edition, Chapman & Hall/CRC Press, Boca Raton etc., 1995;3rd edition, 2006.
471. Sutherland, D., A model of information. In: Proc. 9th National Computer Science Conference, 1986, pp. 175-183.
472. Tanenbaum, A. S., Structured Computer Organization, 4th edition, Prentice-Hall, Englewood Cliffs, 1999.
473. Tanenbaum, A. S., Modern Operating Systems, 2nd edition, Prentice-Hall, Upper Saddle River, 2001.
474. Tanenbaum, A. S., Computer Networks, 4th edition, Prentice-Hall, Upper Saddle River, 2003.
475. Tanenbaum, A. S., Woodhull, A. S., Operating Systems: Design and Implementation, 3rd edition, Prentice-Hall, Upper Saddle River, 2006.
476. Tanenbaum, A. S., Mullender, S., van Renesse, R., Using sparse capabilities in a distributed operating system. In: Proc. 6th International Conference on Distributed Computing Systems, IEEE, 1986, pp. 558-563.
477. Tanenbaum, A. S., van Renesse, R., van Staveren, H., Sharp, G., Mullender, S., Jansen, J., van Rossum, G., Experiences with the Amoeba distributed operating system, Communiations of the ACM 33(12) (1990), pp. 46-63.
478. Tanenbaum, A. S., van Steen, M., Distributed Systems: Principles and Paradigms, Prentice-Hall, Upper Saddle River, 2002.
479. Theriault, M., Newman, A., Oracle Security Handbook, McGraw-Hill, New York etc., 2001.
480. Tilborg, H. C. A. van, Fundamentals of Cryptology: A Professional Reference and Interactive Tutorial, Kluwer, Boston etc., 2000.
481. Tilborg, H. C. A. van (Editor-in-chief), Encyclopedia of Cryptography and Security, Springer, New York, 2005.
482. Ting, T. C., A user-role based data security approach. In: Landwehr, C. E. (ed.), Database Security: Status and Prospects, Elsevier Science (North Holland), Amsterdam etc., 1988, pp. 187-208.
483. Traub, J. F., Yemini, Y., Wozniakowski, H., The statistical security of a statistical database, ACM Transactions on Database Systems 9(4) (1984), pp. 672-679.
484. Trusted Computing Group, TCG Specification Architecture Overview, Revision 1.2, 2004, https://www.trustedcomputinggroup.org.
485. Trusted Computing Group - Infrastructure Working Group, Reference Architecture for Interoperability (Part I), Version 1.0, Revision 1, 2005, https://www.trustedcomputinggroup.org.
486. Trusted Computing Group, TPM Main Part 1, Design Principles, Version 1.2, Revision 85, 2005, https://www.trustedcomputinggroup.org.
487. Trusted Computing Group, TPM Main Part 2, TPM Structures, Version 1.2, Revision 85, 2005, https://www.trustedcomputinggroup.org.
488. Trusted Computing Platform Alliance, Building a Foundation of Trust in the PC (White Paper) /TCPA Main Specification, 2000-2003, http://www. trustedcomputing.org.
489. Ullman, J. D., Widom, J., A First Course on Database Systems, Prentice-Hall, Upper Saddle River, 1997.
490. Viega, J., McGraw, G., Building Secure Software, Addison-Wesley, Boston etc., 2001.
491. Vigna, G., Kemmerer, R. A., NetSTAT: A network-based intrusion detection system, Journal of Computer Security 7(1) (1999), pp. 37-71.
492. Waidner, M., Unconditional sender and recipient untraceability in spite of active attacks. In: Proc. Eurocrypt 89, Lecture Notes in Computer Science 434, Springer, Berlin etc., 1990, pp. 302-319.
493. Wallach, D. S., Felton, E. W., Understanding Java stack inspection. In: Proc. IEEE Symposium on Security and Privacy, Oakland, May 1998, pp. 1-12.
494. Wang, L., Li, Y., Wijesekera, D., Jajodia, S., Precisely answering multi-dimensional range queries without privacy breaches. In: Proc. 8th European Symposium on Research in Computer Security, ESORICS 03, Lecture Notes in Computer Science 2808, Springer, Berlin etc., 2003, pp. 100-115.
495. Wang, X., Feng, D., Lai, X., Yu, H., Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD, Cryptology ePrint Archive, Report 2004/199, 2004, http://eprint.iacr.org/2004/199.
496. Wegener, I., Complexity Theory: Exploring the Limits of Efficient Algorithms, Springer, Berlin etc., 2005.
497. Weikum, G., Vossen, G., Transactional Information Systems, Academic Press, San Diego/London, 2002.
498. Wespi, A., Dacier, M., Debar, H., Intrusion detection using variable-length audit trail patterns. In: Proc. 3rd International Symposium on Recent Advances in Intrusion Detection, RAID 2000, Lecture Notes in Computer Science 1907, Springer, Berlin etc., 2000, pp. 110-129.
499. Wijesekera, D., Jajodia, S., A propositional policy algebra for access control, ACM Transactions on Information and System Security 6(2) (2003), pp. 286-325.
500. Wijesekera, D., Jajodia, S., Parisi-Presicce, F., Hagström, A., Removing permissions in the flexible authorization framework, ACM Transactions on Database Systems 28(3) (2003), pp. 209-229.
501. Winslett, M, Smith, K., Qian, X., Formal query languages for secure relational databases, ACM Transactions on Database Systems 19(4) (1994), pp. 626-662.
502. Wulf, W., Cohen, E., Corwin, W., Jones, A., Levin, R., Pierson, C., Pollack, F., HYDRA: The kernel of a multiprocessor operating system, Communications of the ACM 17(6) (1974), pp. 337-345.
503. Wulf, W. A., Levin, S. P., Harbison, S. P., Hydra/Cmmp: An Experimental Computer System, McGraw-Hill, New York, 1981.
504. Xu, D., Ning, P., Privacy-preserving alert correlation: A concept hierarchy based approach. In: Proc. 21st Annual Computer Security Applications Confernce, ACSAC 2005, IEEE, 2005, pp. 537-546.
505. Yao, A. C., Theory and application of trapdoor functions. In: 23rd IEEE Symposium on Foundations of Computer Science, 1982, pp. 80-91.
506. Yao, A. C., Protocols for secure computations. In: 23rd IEEE Symposium on Foundations of Computer Science, 1982, pp. 160-164.
507. Yao, A. C., How to generate and exchange secrets. In: Proc. 27th IEEE Symposium on Foundations of Computer Science, 1986, pp. 162-167.
508. Yu, T., Winslett, M., Seamons, K. E., Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotations, ACM Transactions on Information and System Security 6(1) (2003), pp. 1-42.
509. Zimmermann, P. R., The Official PGP User's Guide, MIT Press, Boston, 1995.