Conceptual foundations for a model of task-based authorizations

Proceedings of the Computer Security Foundations Workshop

Volumn , Issue , 1995, Pages 66-79

  Thomas, R K ^a   Sandhu, R S ^a  

^a GEORGE MASON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION SYSTEMS; INFORMATION USE; NETWORK SECURITY; SECURITY SYSTEMS;

BUSINESS ACTIVITIES; COMPUTERIZED INFORMATION SYSTEMS; COMPUTERIZED SYSTEMS; CONCEPTUAL FOUNDATIONS; DATA COMPONENTS; FORMAL MODEL; INTERNAL CONTROLS; LEVEL OF ABSTRACTION;

FOUNDATIONS;

EID: 84988789822     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSFW.1994.315946     Document Type: Conference Paper

References (20)

1. P.E. Ammann and R.S. Sandhu. Implementing transaction control expressions by checking for absence of access rights. Proceedings of the Eight Annual Computer Security Applications Conference, IEEE Press, December, 1992.
2. P. Attie et. al. Specifying and enforcing intertask dependencies. MCC Technical Report Carnot-245-92, Microelectronics and Computer Technology Corporation, Austin, TX 78759.
3. L. Badger. A model for specifying multi-granularity integrity policies. Proc. of the IEEE Symposium on Security and Privacy, 1989.
4. D.E. Bell and L.J. LaPadula. Secure computer systems: Unified exposition and multics interpretation. EDS-TR-75-306, The MITRE Corp., Bedford, MA., March 1976.
5. K. Biba. Integrity considerations for secure computer systems. U.S Air Force Electronic Systems Division, 1977.
6. D.D. Clark and D.R. Wilson. A comparison of commercial and military security policies. Proc. of the IEEE Symposium on Security and Privacy, 1987.
7. J. Dobson. New Security Paradigms: What other concepts do we need as well. Proc. of the First New Security Paradigms Workshop, Little Compton, Rhode Island, IEEE Press, 1993.
8. R. Strens and J. Dobson. How responsibility modelling leads to security requirements, Proc. of the Second New Security Paradigms Workshop, Little Compton, Rhode Island, IEEE Press, 1993.
9. J. Gray. Probabilistic interference. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, IEEE Press, 1990.
10. J. A. Goguen and J. Meseguer. Security policy and security models. Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., May 1982, pages 11-20.
11. M.H. Harrison, W.L. Ruzzo, and J.D. Ullman. Protection in operating systems. Communications of the ACM, 19(8), pages 461-471, 1976.
12. L.J. LaPadula and J.G. Williams. Toward a Universal Integrity Model. Proc. of the IEEE Computer Security Foundations Workshop, Franconia, New Hampshire, IEEE Press, 1991.
13. D. McCullough. Specifications for multi-level security and a hook-up property. In Proceedings of ike 1987 IEEE Symposium on Research in Security and Privacy, IEEE Press, 1987.
14. J. McLean. Security models and information flow. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, IEEE Press, 1990.
15. R.S. Sandhu. Transaction control expressions for separation of duties. Proc. of the Fourth Computer Security Applications Conference, pp. 282-286, 1988.
16. R.S. Sandhu. Separation of duties in computerized information systems. Database Security IV, Status and Prospects, S. Jajodia and C.E Landwehr (Editors), Elsevier Science Publishers B.V. (North-Holland)
17. R.S. Sandhu. On the four definitions of data integrity. Proc. of the seventh annual IFIP Working Conference on Database Security, September 12-15, Huntsville, Alabama.
18. R.S. Sandhu. "The Typed Access Matrix Model." Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1992, pages 122-136.
19. R.K. Thomas and R.S Sandhu. Towards a task-based paradigm for flexible and adaptable access control in distributed applications, Proc. of the Second New Security Paradigms Workshop, Little Compton, Rhode Island, IEEE Press, 1993.
20. The Auditor's Study and Evaluation of Internal Control in EDP Systems, American Institute of Certified Public Accountants, 1977.