[[TOC(Internal/Rbac,Internal/Rbac/OrbitRbacLevels,Internal/Rbac/OrbitRbacDesign,Internal/Rbac/LdapResources,Internal/Rbac/RbacResources)]] == RBAC Resources == The National Institute of Standards and Technology maintains a comprehensive RBAC web site [[http://csrc.nist.gov/rbac/ Role Based Access Control]] edited by David Ferraiolo, Rick Kuhn, Ramaswamy Chandramouli, and John Barkley. This site includes sections on RBAC Standards, RBAC Design and Implementation, Downloadable RBAC Software, and NIST RBAC Patents. It references [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacSTD-ACM.pdf FSGE01]] as a tutorial on the model used in RBAC. There is a book that covers the background and most technical aspects of RBAC: [[http://www.amazon.com/gp/product/1580533701/102-0938547-5630513?v=glance&n=283155 Role-Based Access Control]], David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli, Artech House, Inc., Norwood, MA, USA, 2003. Role Based Access Control (RBAC) is an American Standard: [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ANSI+INCITS+359-2004.pdf American National Standard for Information Technology - Role Based Access Control]], American National Standards Institute Inc, ANSI INCITS 359-2004, February 2004. The RBAC standard uses the Z Formal Specification Notation to specify the actions of RBAC methods. It is an International Standard: [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/c021573_ISO_IEC_13568_2002E.pdf Information Technology - Z Formal Specification Notation - Syntax, Type System and Semantics]], ISO/IEC International Standard 13568:2002(E), July 2002. An important Z reference: [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/zrm.pdf The Z Notation: A Reference Manual, Second Edition]], J. M. Spivey, Oriel College, Oxford, UK, 1998. The Z Formal Specification Notation employs a number of special symbols. Each of these special symbols can be represented in [[http://www.unicode.org Unicode]], and, although Trac uses Unicode internally, some of these symbols may not display with any of the fonts available on your browser. BTW, any Unicode code point can be entered in Trac using its four-digit hexadecimal value from the Unicode code charts and the HTML ꯟ format in an HTML block like the blue one below on the right, then that character may be cut and pasted from the resulting page. {{{ #!html

∀⟪⟦⊦⩥⧹⋃⟧⟫

}}} == RBAC References == [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01647810.pdf AC05]] Raman Adaikkalavan and Sharma Chakravarthy. Active Authorization Rules for Enforcing Role-Based Access Control and its Extensions. In ''21st International Conference on Data Engineering Workshops'', pages 1197--1206, Washington, DC, USA, April 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/WOSIS2004.pdf AH04]] Gail-Joon Ahn and Seng-Phil Hong. Group Hierarchies with Constrained User Assignment in Linux. In ''Proceedings of The Second International Workshop on Security In Information Systems (WOSIS)'', pages 24--33, April 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-gail.pdf Ahn99]] Gail-Joon Ahn. ''The RCL 2000 Language for Specifying Role-Based Authorization Constraints''. PhD thesis, George Mason University, 1999. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ahn01conuga.pdf AK01]] Gail-Joon Ahn and Kwangjo Kim. CONUGA: Constrained User Group Assignment. ''J. Netw. Comput. Appl.'', 24(2):87--100, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-mohammad.pdf AK04]] Mohammad Abdullah Al-Kahtani. ''A Family of Models for Rule-Based User-Role Assignment''. PhD thesis, George Mason University, 2004. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176307.pdf AKS02]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. A Model for Attribute-Based User-Role Assignment. In ''ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference'', pages 353--362, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p142-al-kahtani.pdf AKS03]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. Induced Role Hierarchies with Attribute-Based RBAC. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 142--148, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01377248.pdf AKS04]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. Rule-Based RBAC With Negative Authorization. In ''20th Annual Computer Security Applications Conference (ACSAC'04)'', pages 405--415, Washington, DC, USA, December 2004. IEEE Computer Society. [[http://www.networksecurityarchive.org/html/Web-App-Sec/2005-08/msg00036.html Ali05]] Saqib Ali. RBAC for !WebApps using LDAP, August 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01286758.pdf AM04a]] Gail-Joon Ahn and Badrinath Mohan. Secure Information Sharing Using Role-Based Delegation. In ''Proceedings of the International Conference on Information Technology: Coding and Computing, ITCC 2004, Volume 2'', pages 810--815, Washington, DC, USA, April 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ao04role.pdf AM04b]] Xuhui Ao and Naftaly H. Minsky. On the Role of Roles: from Role-Based to Role-Sensitive Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 51--60, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbac-std-ncits.pdf Ame03]] American National Standards Institute Inc. DRAFT American National Standard for Information Technology - Role Based Access Control. BSR INCITS 359, April 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ANSI+INCITS+359-2004.pdf Ame04]] American National Standards Institute Inc. American National Standard for Information Technology - Role Based Access Control. ANSI INCITS 359-2004, February 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sdarticle.pdf AMH06]] Gail-Joon Ahn, Badrinath Mohan, and Seng-Phil Hong. Secure information sharing using role-based delegation. ''Journal of Network and Computer Applications'', 2006. In press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p43-ahn.pdf AS99]] Gail-Joon Ahn and Ravi Sandhu. The RSL99 Language for Role-Based Separation of Duty Constraints. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 43--54, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p207-ahn.pdf AS00]] Gail-Joon Ahn and Ravi S. Sandhu. Role-Based Authorization Constraints Specification. ''ACM Trans. Inf. Syst. Secur.'', 3(4):207--226, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00953406.pdf AS01]] Gail-Joon Ahn and Michael E. Shin. Role-Based Authorization Constraints Specification Using Object Constraint Language. In ''WETICE '01: Proceedings of the 10th IEEE International Workshops on Enabling Technologies'', pages 157--162, Washington, DC, USA, 2001. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2928_1724_76-10-01.pdf ASKP00]] Gail-Joon Ahn, Ravi S. Sandhu, Myong Kang, and Joon Park. Injecting RBAC to Secure a Web-based Workflow System. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 1--10, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/health_paper.ps Bar95]] John Barkley. Application Engineering in Health Care. In ''Proceedings of the 2nd Annual CHIN Summit'', 1995. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p69-bartz.pdf Bar97]] Larry S. Bartz. hyperDRIVE: Leveraging LDAP to Implement RBAC on the Web. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 69--74, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-Ezedin.pdf Bar02]] Ezedin S. Barka. ''Framework for Role-Based Delegation Models''. PhD thesis, George Mason University, 2002. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p23-berry.pdf BBB05]] Lior Berry, Lyn Bartram, and Kellogg S. Booth. Role-Based Control of Shared Application Views. In ''UIST '05: Proceedings of the 18th Annual ACM Symposium on User Interface Software and Technology'', pages 23--32, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p191-bertino.pdf BBF01]] Elisa Bertino, Piero Andrea Bonatti, and Elena Ferrari. TRBAC: A Temporal Role-Based Access Control Model. ''ACM Trans. Inf. Syst. Secur.'', 4(3):191--233, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00485637.pdf BBFS96]] Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. A Temporal Access Control Mechanism for Database Systems. ''IEEE Transactions on Knowledge and Data Engineering'', 8(1):67--80, 1996. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/bertino97decentralized.pdf BBFS97]] Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. Decentralized administration for a temporal access control model. ''Inf. Syst.'', 22(4):223--248, 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p231-bertino.pdf BBFS98]] Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning. ''ACM Trans. Database Syst.'', 23(3):231--285, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01314738.pdf BBG05]] Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. A Trust-Based Context-Aware Access Control Model for Web-Services. ''Distrib. Parallel Databases'', 18(1):83--105, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/CACM_Accepted.pdf BBG06]] Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. An Integrated Approach to Federated Identity and Privilege Management in Open Systems. ''Communications of the ACM'', 2006. Accepted for publication. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p126-bertino.pdf BBS94]] Elisa Bertino, Claudio Bettini, and Pierangela Samarati. A Temporal Authorization Model. In ''CCS '94: Proceedings of the 2nd ACM Conference on Computer and communications security'', pages 126--135, New York, NY, USA, 1994. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p71-bertino.pdf BCFP03]] Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. A Logical Framework for Reasoning about Access Control Models. ''ACM Trans. Inf. Syst. Secur.'', 6(1):71--127, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p100-lodderstedt.pdf BDL03]] David Basin, Jürgen Doser, and Torsten Lodderstedt. Model Driven Security for Process-Oriented Systems. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 100--109, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p39-basin.pdf BDL06]] David Basin, Jürgen Doser, and Torsten Lodderstedt. Model Driven Security: From UML Models to Access Control Infrastructures. ''ACM Trans. Softw. Eng. Methodol.'', 15(1):39--91, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/botha.pdf BE01]] Reinhardt A. Botha and Jan H. P. Eloff. Separation of Duties for Access Control Enforcement in Workflow Environments. ''IBM Syst. J.'', 40(3):666--682, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03shielding.pdf BE03]] András Belokosztolszki and David Eyers. Shielding RBAC Infrastructures from Cyberterrorism. In ''Research Directions in Data and Applications Security'', pages 3--14. Kluwer Academic Publishers, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01206964.pdf BEM03]] András Belokosztolszki, David M. Eyers, and Ken Moody. Policy Contexts: Controlling Information Flow in Parameterised RBAC. In ''Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks, POLICY 2003'', pages 99--110, Washington, DC, USA, June 2003. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03rolebased.pdf BEPE03]] András Belokosztolszki, David M. Eyers, Peter R. Pietzuch, Jean Bacon, and Ken Moody. Role-Based Access Control for Publish/Subscribe Middleware Architectures. In ''DEBS '03: Proceedings of the 2nd International Workshop on Distributed Event-Based Systems'', pages 1--8, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03policy.pdf BEWM03]] András Belokosztolszki, David M. Eyers, Wei Wang, and Ken Moody. Policy Storage for Role-Based Access Control Systems. In ''Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'03)'', pages 196--201, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00502679.pdf BFL96]] Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized Trust Management. In ''Proceedings of the 1996 IEEE Symposium on Security and Privacy'', pages 164--173, Washington, DC, USA, May 1996. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p187-bhatti.pdf BGBJ05]] Rafae Bhatti, Arif Ghafoor, Elisa Bertino, and James B. D. Joshi. X-GTRBAC: an XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. ''ACM Trans. Inf. Syst. Secur.'', 8(2):187--227, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-27.pdf Bha03]] Rafae Bhatti. X-GTRBAC: an XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. Master's thesis, Purdue University, May 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ICWS_2003.pdf BJBG03]] Rafae Bhatti, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. Access Control in Dynamic XML-Based Web Services Using X-RBAC. In ''Proceedings of the First International Conference on Web Services (ICWS)'', June 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p78-bhatti.pdf BJBG04]] Rafae Bhatti, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 78--86, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/bell76.pdf BL76]] David E. Bell and Leonard J. !LaPadula. Secure Computer Systems: Unified Exposition and MULTICS Interpretation. Technical Report MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA, March 1976. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p59-bacon.pdf BM02a]] Jean Bacon and Ken Moody. Toward Open, Secure, Widely Distributed Services. ''Commun. ACM'', 45(6):59--64, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01011298.pdf BM02b]] András Belokosztolszki and Ken Moody. Meta-policies for distributed role-based access control systems. In ''Policy 2002: IEEE 3rd International Workshop on Policies for Distributed Systems and Networks'', pages 106--115, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p492-bacon.pdf BMY02]] Jean Bacon, Ken Moody, and Walt Yao. A Model of OASIS Role-Based Access Control and Its Support for Active Security. ''ACM Trans. Inf. Syst. Secur.'', 5(4):492--540, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chwall.pdf BN89]] David F. C. Brewer and Michael J. Nash. The Chinese Wall Security Policy. In A. L. Buczak, J. Zimmerman, and K. Kurapati, editors, ''1989 IEEE Symposium on Security and Privacy'', pages 206--214, Washington, DC, USA, May 1989. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p71-brooks.pdf Bro99]] Kami Brooks. Migrating to Role-Based Access Control. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 71--81, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/brucker02cvsserver.pdf BRW02]] Achim D. Brucker, Frank Rittinger, and Burkhart Wolff. The CVS-Server Case Study: A Formalized Security Architecture. In G. Schellhorn D. Haneberg and W. Reif, editors, ''FM-TOOLS 2002, The 5th Workshop on Tools for System Design and Verification, Reisensburg, Germany'', Report 2002-11, pages 47--52. Universität Augsburg, Institut für Informatik, July 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/barka00rolebased.pdf BS00]] Ezedin Barka and Ravi S. Sandhu. A Role-Based Delegation Model and Some Extensions. In ''23rd National Information Systems Security Conference'', Washington, DC, USA, October 2000. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01377247.pdf BS04]] Ezedin Barka and Ravi S. Sandhu. Role-Based Delegation Model/Hierarchical Roles (RBDM1). In ''20th Annual Computer Security Applications Conference'', pages 396--404, Washington, DC, USA, December 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01416861.pdf BS05]] Elisa Bertino and Ravi Sandhu. Database Security - Concepts, Approaches, and Challenges. ''IEEE Transactions on Dependable and Secure Computing'', 2(1):2--19, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p388-bhatti.pdf BSBE05]] Rafae Bhatti, Basit Shafiq, Elisa Bertino, Arif Ghafoor, and James B. D. Joshi. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. ''ACM Trans. Inf. Syst. Secur.'', 8(4):388--423, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rwhat.pdf BSCE05]] Sacha Brostoff, M. Angela Sasse, David Chadwick, James Cunningham, Uche Mbanaso, and Sassa Otenko. R-What? Development of a Role-Based Access Control (RBAC) Policy-Writing Tool for e-Scientists. ''Software: Practice and Experience'', 35(9):835--856, July 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01565245.pdf BTKV05]] Elisa Bertino, Evimaria Terzi, Ashish Kamra, and Athena Vakali. Intrusion Detection in RBAC-administered Databases. In ''21st Annual Computer Security Applications Conference'', volume l, pages 10--19, Washington, DC, USA, December 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p77-burrow.pdf Bur04]] Andrew Lincoln Burrow. Negotiating Access within Wiki: A System to Construct and Maintain a Taxonomy of Access Rules. In ''HYPERTEXT '04: Proceedings of the Fifteenth ACM Conference on Hypertext and Hypermedia'', pages 77--86, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fmics_03.pdf BW03]] Achim D. Brucker and Burkhart Wolff. A Case Study of a Formalized Security Architecture. In ''Electr. Notes Theor. Comput. Sci., FMICS'03: Eighth International Workshop on Formal Methods for Industrial Critical Systems'', volume 80, pages 1--17, Netherlands, June 2003. Elsevier Science B. V. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/862262.pdf Car03]] Gerald Carter. ''LDAP System Administration''. O'Reilly Media, Inc., Sebastopol, CA, USA, March 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ACM_XML_Paper_Final.pdf Cha00]] Ramaswamy Chandramouli. Application of XML Tools for Enterprise-Wide RBAC Implementation Tasks. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 11--18, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chandramouli01framework.pdf Cha01]] Ramaswamy Chandramouli. A Framework for Multiple Authorization Types in a Healthcare Application System. In ''ACSAC '01: Proceedings of the 17th Annual Computer Security Applications Conference'', page 137, Washington, DC, USA, December 2001. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_validate.pdf Cha03]] Ramaswamy Chandramouli. Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints. In ''World Multiconference on Systems, Cybernetics and Informatics, July 27-30, 2003'', July 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2143.pdf Cho05]] Shih-Chien Chou. An RBAC-Based Access Control Model for Object-Oriented Systems Offering Dynamic Aspect Features. ''IEICE Trans Inf Syst'', E88-D(9):2143--2147, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01506523.pdf CJ05]] Suroop Mohan Chandran and James B. D. Joshi. Towards Administration of a Hybrid Role Hierarchy. In ''2005 IEEE International Conference on Information Reuse and Integration'', pages 500--505, Washington, DC, USA, August 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fulltext.pdf CL01a]] Jan Chomicki and Jorge Lobo. Monitors for History-Based Policies. In ''POLICY '01: Proceedings of the International Workshop on Policies for Distributed Systems and Networks'', pages 57--72, London, UK, 2001. Springer-Verlag. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p6-crampton.pdf CL01b]] Jason Crampton and George Loizou. Authorisation and Antichains. ''SIGOPS Oper. Syst. Rev.'', 35(3):6--15, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p201-crampton.pdf CL03]] Jason Crampton and George Loizou. Administrative Scope: A Foundation for Role-Based Administrative Models. ''ACM Trans. Inf. Syst. Secur.'', 6(2):201--231, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p130-chen.pdf CL06]] Hong Chen and Ninghui Li. Constraint Generation for Separation of Duty. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 130--138, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p111-crampton.pdf CLB06]] Jason Crampton, Wing Leung, and Konstantin Beznosov. The Secondary and Approximate Authorization Model and its Application to Bell-!LaPadula Policies. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 111--120, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p135-chadwick.pdf CO02a]] David W. Chadwick and Alexander Otenko. The PERMIS X.509 Role Based Privilege Management Infrastructure. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 135--140, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chadwickRBAC509.pdf CO02b]] David W. Chadwick and Alexander Otenko. RBAC Policies in XML for X.509 Based Privilege Management. In M. A. Ghonaimy, M. T. El-Hadidi, and H.K. Aslan, editors, ''Security in the Information Society: Visions and Perspectives: IFIP TC11 17th Int. Conf. On Information Security (SEC2002), Cairo, Egypt'', pages 39--53. Kluwer Academic Publishers, May 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Sec2002Final.pdf CO02c]] David W. Chadwick and Alexander Otenko. RBAC Policies in XML for X.509 Based Privilege Management -- Final, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/InternetComputingPaperv4.pdf COB04]] David W. Chadwick, Alexander Otenko, and Edward Ball. Implementing Role Based Access Controls Using X.509 Attribute Certificates - the PERMIS Privilege Management Infrastructure. In ''Security and Privacy in Advanced Networking Technologies'', pages 26--39, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/qut-isrc-tr-1999-005.pdf CR99a]] William Caelli and Anthony Rhodes. Implementation of Active Role Based Access Control in a Collaborative Environment. Technical Report QUT-ISRC-TR-1999-005, University of Queensland, Australia, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/qut-isrc-tr-1999-003.pdf CR99b]] William Caelli and Anthony Rhodes. RBACManager: Implementing a Minimal Role Based Access Control Scheme (RBACm) Under the Windows NT 4.0 Workstation Operating System. Technical Report QUT-ISRC-TR-1999-003, Information Security Institute, Queensland University of Technology, Brisbane, Australia, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p49-chakraborty.pdf CR06]] Sudip Chakraborty and Indrajit Ray. TrustBAC: Integrating Trust Relationships into the RBAC Model for Access Control in Open Systems. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 49--58, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p85-crampton.pdf Cra03a]] Jason Crampton. On Permissions, Inheritance and Role Hierarchies. In ''CCS '03: Proceedings of the 10th ACM Conference on Computer and Communications Security'', pages 85--92, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p43-crampton.pdf Cra03b]] Jason Crampton. Specifying and Enforcing Constraints in Role-Based Access Control. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 43--50, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fcs04.pdf Cra04]] Jason Crampton. An Algebraic Approach to the Analysis of Constrained Workflow Systems. In ''Proceedings of the 3rd Workshop on the Foundations of Computer Security'', pages 61--74, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p38-crampton.pdf Cra05a]] Jason Crampton. A Reference Monitor for Workflow Systems with Constrained Task Execution. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 38--47, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p158-crampton.pdf Cra05b]] Jason Crampton. Understanding and Developing Role-Based Administrative Models. In ''CCS '05: Proceedings of the 12th ACM Conference on Computer and Communications Security'', pages 158--167, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/clark_wilson.pdf CW87]] David D. Clark and David R. Wilson. A Comparison of Commercial and Military Computer Security Policies. In ''1987 IEEE Symposium on Security and Privacy'', pages 184--194, Washington, DC, USA, 1987. IEEE. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sacmat04-tbac.pdf DBEE04]] Nathan Dimmock, András Belokosztolszki, David Eyers, Jean Bacon, and Ken Moody. Using Trust and Risk in Role-Based Access Control Policies. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 156--162, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/risk-tbac-itrust05.pdf DBIM05]] Nathan Dimmock, Jean Bacon, David Ingram, and Ken Moody. Risk Models for Trust-Based Access Control (TBAC). In ''iTrust 2005'', pages 364--371. University of Cambridge, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01357945.pdf DBTS04]] Michael Drouineaud, Maksym Bortin, Paolo Torrini, and Karsten Sohr. A first step towards formal verification of security policy properties for RBAC. In ''QSIC '04: Proceedings of the Fourth International Conference on Quality Software'', pages 60--67, Washington, DC, USA, 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/tcsec-dod85.pdf Def85]] Department of Defense. ''Department of Defense Trusted Computer System Evaluation Criteria''. United States Government Printing Office, December 1985. DOD 5200.28-STD (The Orange Book). [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p236-denning.pdf Den76]] Dorothy E. Denning. A Lattice Model of Secure Information Flow. ''Commun. ACM'', 19(5):236--243, 1976. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cts2006-oce-dynamic-access-control-05.pdf DGTE06]] Yuri Demchenko, Leon Gommans, Andrew Tokmakoff, Rene van Buuren, and Cees de Laut. Policy Based Access Control in Dynamic Grid-based Collaborative Environment. In ''International Symposium on Collaborative Technologies and Systems CTS 2006'', pages 64--73. University of Amsterdam, May 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01578976.pdf DJYM05]] Wu Di, Lin Jian, Dong Yabo, and Zhu Miaoliang. Using Semantic Web Technologies to Specify Constraints of RBAC. In ''Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2005'', pages 543--545, Washington, DC, USA, December 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01265447.pdf DMP04]] Fredj Dridi, Björn Muschall, and Günther Pernul. Administration of an RBAC System. In ''Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS '04)'', volume 07, pages 70187b--92, Los Alamitos, CA, USA, 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/acpande.pdf DPS03]] Sabrina De Capitani di Vimercati, Stefano Paraboschi, and Pierangela Samarati. Access Control: Principles and Solutions. ''Software: Practice and Experience'', 33(5):397--421, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbaclab.pdf Du06]] Wenliang Du. Role-Based Access Control (RBAC) Lab. Lab Description developed under NSF grant, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p53-evered.pdf EB04]] Mark Evered and Serge Bögeholz. A Case Study in Access Control Requirements for a Health Information System. In ''ACSW Frontiers '04: Proceedings of the Second Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation'', pages 53--61, Darlinghurst, Australia, Australia, 2004. Australian Computer Society, Inc. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-pete.pdf Eps02]] Pete A. Epstein. ''Engineering of Role/Permission Assignments''. PhD thesis, George Mason University, 2002. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/uml-org.pdf ES99]] Pete Epstein and Ravi Sandhu. Towards a UML Based Approach to Role Engineering. In ''RBAC '99: Proceedings of the fourth ACM workshop on Role-based access control'', pages 135--143, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p95-faden.pdf Fad99]] Glenn Faden. RBAC in UNIX Administration. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 95--101, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p34-ferraiolo.pdf FBK99]] David F. Ferraiolo, John F. Barkley, and D. Richard Kuhn. A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet. ''ACM Transactions on Information and System Security'', 2(1):34--64, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p12-ferraiolo.pdf FCAG03]] David F. Ferraiolo, R. Chandramouli, Gail-Joon Ahn, and Serban I. Gavrila. The Role Control Center: Features and Case Studies. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 12--20, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ferraiolo-cugini-kuhn-95.pdf FCK95]] David F. Ferraiolo, Janet A. Cugini, and D. Richard Kuhn. Role-Based Access Control: Features and Motivations. In ''Proceedings of the 11th Annual Computer Security Applications Conference (CSAC '95)'', 1995. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACcase-study.pdf Fer05a]] Richard Fernandez. Enterprise Dynamic Access Control (EDAC) Case Study. Technical report, United States Pacific Fleet, May 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACcompliance.pdf Fer05b]] Richard Fernandez. Enterprise Dynamic Access Control (EDAC) Compliance with the American National Standards Institute (ANSI) Role Based Access Control (RBAC). Technical report, United States Pacific Fleet, May 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACv2overview.pdf Fer06]] Richard Fernandez. Enterprise Dynamic Access Control Version 2 Overview. Technical report, United States Pacific Fleet, January 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p141-fraser.pdf FFME01]] Timothy Fraser, David Ferraiolo, Mikel L. Matthews, Casey Schaufler, Stephen Smalley, and Robert Watson. Panel: Which Access Control Technique Will Provide the Greatest Overall benefit? In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 141--149, New York, NY, USA, 2001. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fernandez97determining.pdf FH97]] Eduardo B. Fernandez and J. C. Hawkins. Determining Role Rights from Use Cases. In ''Proceedings of the 2nd ACM Workshop on Role Based Access Control (RBAC'97)'', pages 121--126, 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ferraiolo-kuhn-92.pdf FK92]] David Ferraiolo and Richard Kuhn. Role-Based Access Control. In ''Proceedings of the 15th NIST-NCSC National Computer Security Conference'', pages 554--563, 1992. [[http://csrc.nist.gov/rbac/NIST-ITL-RBAC-bulletin.html FK95]] David Ferraiolo and Richard Kuhn. An Introduction to Role-Based Access Control. Technical report, National Institute of Standards and Technology, December 1995. [[http://www.amazon.com/gp/product/1580533701/ FKC03]] David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli. ''Role-Based Access Control''. Artech House, Inc., Norwood, MA, USA, 2003. [[http://csrc.nist.gov/rbac/ FKCB06]] David Ferraiolo, Rick Kuhn, Ramaswamy Chandramouli, and John Barkley. Role-Based Access Control. National Institute of Standards and Technology web site, August 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p196-fisler.pdf FKMT05]] Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, and Michael Carl Tschantz. Verification and Change-Impact Analysis of Access-Control Policies. In ''ICSE '05: Proceedings of the 27th international conference on Software engineering'', pages 196--205, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/drbac-icdcs02.pdf FPPE02]] Eric Freudenthal, Tracy Pesin, Lawrence Port, Edward Keenan, and Vijay Karamcheti. dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments. In ''Proceedings of the 22nd International Conference on Distributed Computing Systems'', pages 411--420, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacSTD-ACM.pdf FSGE01]] David F. Ferraiolo, Ravi S. Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed NIST Standard for Role-Based Access Control. ''ACM Trans. Inf. Syst. Secur.'', 4(3):224--274, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p81-gavrila.pdf GB98a]] Serban I. Gavrila and John F. Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 81--90, New York, NY, USA, 1998. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p55-goh.pdf GB98b]] Cheh Goh and Adrian Baldwin. Towards a More Complete Model of Role. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 55--62, New York, NY, USA, 1998. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2957.pdf GC04]] Jeroen van de Graaf and Osvaldo Carvalho. Reflecting on X.509 and LDAP or How Separating Identity and Attributes Could Simplify a PKI. In ''Fourth Workshop em Segurança de Sistemas Computacionais WSEG2004''. UFMG, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/gao-etal-2004.pdf GDYE04]] Shu Gao, Yi Deng, Huiqin Yu, Xudong He, Konstanin Beznosov, and Kendra Cooper. Applying Aspect-Orientation in Designing Security Systems: A Case Study. In ''Proceedings of the Sixteenth International Conference on Software Engineering and Knowledge Engineering'', 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00674833.pdf GGF98]] Virgi D. Gligor, Serban I. Gavrila, and David Ferraiolo. On the Formal Definition of Separation-of-Duty Policies and Their Composition. In ''Proceedings of the 19th IEEE Computer Society Symposium on Research in Security and Privacy'', pages 1--12, Washington, DC, USA, May 1998. IEEE Computer Society. [[http://digitalbusinessstrategy.com/?p=48 Gif06]] Bob Gifford. My RBAC Heresy. ''Digital Business Strategy'', June 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p11-giuri.pdf Giu99]] Luigi Giuri. Role-Based Access Control on the Web Using Java. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 11--18, New York, NY, USA, 1999. ACM Press. [[http://www.computerworld.com/securitytopics/security/story/0,10801,86699,00.html GL03]] Trey Guerin and Richard Lord. How role-based access control can provide security and business benefits. ''ComputerWorld'', November 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p21-georgiadis.pdf GMPT01]] Christos K. Georgiadis, Ioannis Mavridis, George Pangalos, and Roshan K. Thomas. Flexible Team-Based Access Control Using Contexts. In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 21--27, New York, NY, USA, 2001. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p90-guth.pdf GNS03]] Susanne Guth, Gustaf Neumann, and Mark Strembeck. Experiences with the Enforcement of Access Rights Extracted from ODRL-based Digital Contracts. In ''DRM '03: Proceedings of the 3rd ACM Workshop on Digital Rights Management'', pages 90--102, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cs1050005.pdf Gov04]] Government Reform Committee. Report of the Best Practices and Metrics Teams. Technical Report CS1/05-0005, United States House of Representatives, November 2004. Corporate Information Security Working Group of the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census of the Government Reform Committee. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01624027.pdf GPR06]] Zvi Gutterman, Benny Pinkas, and Tzachy Reinman. Analysis of the Linux Random Number Generator. Cryptology ePrint Archive, Report 2006/086, 2006. url = http://eprint.iacr.org/. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/weiguan.pdf Gua06]] Wei Guan. Improvement on role based access control model. Technical report, Information Retrieval Lab of IIT, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/STAT_RBAC_Paper.pdf Har06]] Harris Corp. Role-Based Access Control In Network Vulnerability Management. Technical report, Harris Corp., March 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01636184.pdf HKF06]] Vincent C. Hu, D. Richard Kuhn, and David F. Ferraiolo. The Computational Complexity of Enforceability Validation for Generic Access Control Rules. In ''IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06)'', volume 1, pages 260--267, Los Alamitos, CA, USA, 2006. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/hua98modeling.pdf HO98]] Lingling Hua and Sylvia Osborn. Modeling UNIX Access Control with a Role Graph. In ''Proceedings of 1998 International Conference on Computers and Information'', June 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00646185.pdf Hof97]] J. Hoffman. Implementing RBAC on a Type Enforced System. In ''ACSAC '97: Proceedings of the 13th Annual Computer Security Applications Conference'', pages 158--163, Washington, DC, USA, 1997. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ActiveRbacManual.pdf Hol06]] Manuel Holtgrewe. ''The ActiveRBAC Manual for ActiveRBAC 0.3.1'', 0.3.1 edition, April 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01541190.pdf HPN05]] Zhijun He, Tuan Phan, and Thu D. Nguyen. Enforcing Enterprise-Wide Policies Over Standard Client-Server Interactions. In ''SRDS '05: Proceedings of the 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05)'', pages 119--131, Washington, DC, USA, 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p461-harrison.pdf HRU76]] Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. Protection in Operating Systems. ''Commun. ACM'', 19(8):461--471, 1976. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01265212.pdf Hun04]] Patrick C. K. Hung. From Conflict of Interest to Separation of Duties in WS-Policy for Web Services Matchmaking Process. In ''Proceedings of the 37th Annual Hawaii International Conference on System Sciences'', pages 1--10, January 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00902348.pdf HV00]] M. Hitchens and V. Varadharajan. Design and specification of role based access control policies. ''IEE Proceedings on Software'', 147(4):117--129, August 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/c021573_ISO_IEC_13568_2002E.pdf ISO02]] ISO/IEC. Information Technology - Z Formal Specification Notation - Syntax, Type System and Semantics. Technical Report 13568:2002, ISO/IEC, July 2002. International Standard. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p33-jaeger.pdf Jae99]] Trent Jaeger. On the Increasing Importance of Constraints. In ''RBAC '99: Proceedings of the fourth ACM workshop on Role-based access control'', pages 33--42, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/jansen98revised.pdf Jan98]] W. A. Jansen. A Revised Model for Role-Based Access Control. IR 6192, NIST, July 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p81-joshi.pdf JB06]] James B. D. Joshi and Elisa Bertino. Fine-Grained Role-Based Delegation in the Presence of the Hybrid Role Hierarchy. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 81--90, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01355921.pdf JBBG04]] James B. D. Joshi, Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. Access-Control Language for Multidomain Environments. ''IEEE Internet Computing'', 8(6):40--50, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01453534.pdf JBG05]] James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model. ''IEEE Transactions on Dependable and Secure Computing'', 2(2):157--175, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01363762.pdf JBLG05]] James B. D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A Generalized Temporal Role-Based Access Control Model. ''IEEE Transactions on Knowledge and Data Engineering'', 17(1):4--23, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p51-joshi.pdf JSGB03]] James B. D. Joshi, Basit Shafiq, Arif Ghafoor, and Elisa Bertino. Dependencies and Separation of Duty Constraints in GTRBAC. In ''SACMAT '03: Proceedings of the Eighth ACM symposium on Access Control Models and Technologies'', pages 51--64, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p65-jaeger.pdf JT00]] Trent Jaeger and Jonathon E. Tidswell. Rebuttal to the NIST RBAC Model Proposal. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 65--66, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p158-jaeger.pdf JT01]] Trent Jaeger and Jonathon E. Tidswell. Practical Safety in Flexible Access Control Models. ''ACM Trans. Inf. Syst. Secur.'', 4(2):158--190, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p29-kane.pdf KB06]] Kevin Kane and James C. Browne. On Classifying Access Control Implementations for Distributed Systems. In ''SACMAT '06: Proceedings of the Eleventh ACM symposium on Access Control Models and Technologies'', pages 29--38, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Or-BAC.pdf KBME03]] Anas Abou El Kalam, Salem Benferhat, Alexandre Miège, Rania El Baida, Frédéric Cuppens, Claire Saurel, Philippe Balbiani, Yves Deswarte, and Gilles Trouessin. Organization Based Access Control. In ''POLICY '03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks'', page 120, Washington, DC, USA, 2003. IEEE Computer Society. [[http://www.networkworld.com/newsletters/dir/2005/0207id1.html Kea05]] Dave Kearns. Rules and policies vs. actual practice - Network World. ''Network World'', February 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p87-kern.pdf KKKR04]] Axel Kern, Martin Kuhlmann, Rainer Kuropka, and Andreas Ruthert. A Meta Model for Authorisations in Application Security Systems and Their Integration into RBAC Administration. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 87--96, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p43-kern.pdf KKSM02]] Axel Kern, Martin Kuhlmann, Andreas Schaad, and Jonathan Moffett. Observations on the Role Life-Cycle in the Context of Enterprise Security Management. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 43--51, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p332-koch.pdf KMPP02]] Manuel Koch, Luigi V. Mancini, and Francesco Parisi-Presicce. A Graph-Based Formalism for RBAC. ''ACM Trans. Inf. Syst. Secur.'', 5(3):332--365, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p97-koch.pdf KMPP04]] M. Koch, L. V. Mancini, and F. Parisi-Presicce. Administrative Scope in the Graph-Based Framework. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 97--104, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/kandala02secure.pdf KS02]] Savith Kandala and Ravi S. Sandhu. Secure Role-Based Workflow Models. In ''DAS'01: Proceedings of the Fifteenth Annual Working Conference on Database and Application Security'', pages 45--58, Norwell, MA, USA, 2002. Kluwer Academic Publishers. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p210-keppler.pdf KSJ06]] David Keppler, Vipin Swarup, and Sushil Jajodia. Redirection Policies for Mission-Based Information Sharing. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 210--218, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-kern.pdf KSM03]] Axel Kern, Andreas Schaad, and Jonathan Moffett. An Administration Concept for the Enterprise Role-Based Access Control Model. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 3--11, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p23-kuhn.pdf Kuh97]] D. Richard Kuhn. Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 23--30, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p130-kern.pdf KW05]] Axel Kern and Claudia Walhorn. Rule Support for Role-Based Access Control. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 130--138, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/waveset_WP_HIPAA_Compliance.pdf Lan03]] Doug Landoll. Achieving HIPAA Compliance with Indentity Management from Waveset. Technical report, Waveset Technologies, Inc., 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p42-li.pdf LBT04]] Ninghui Li, Ziad Bizri, and Mahesh V. Tripunitara. On Mutually-Exclusive Roles and Separation of Duty. In ''CCS '04: Proceedings of the 11th ACM conference on Computer and communications security'', pages 42--51, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p11-lupu.pdf LMSY96]] Emil C. Lupu, Damian A. Marriott, Morris S. Sloman, and Nicholas Yialelis. A Policy Based Role Framework for Access Control. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', page 11, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01004366.pdf LMW02]] Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a Role-based Trust-management Framework. In ''Proceedings of the 2002 IEEE Symposium on Security and Privacy'', pages 114--130, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00800059.pdf LN99]] !HyungHyo Lee and !BongNam Noh. An Integrity Enforcement Application Design and Operation Framework in Role-Based Access Control Systems: A Session-Oriented Approach. In ''Proceedings of the 1999 International Workshop on Parallel Processing'', pages 179--184, Washington, DC, USA, September 1999. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p25-lorch.pdf LPLE03]] Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafura, and Sumit Shah. First Experiences Using XACML for Access Control in Distributed Systems. In ''XMLSEC '03: Proceedings of the 2003 ACM workshop on XML security'', pages 25--37, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01552918.pdf LSQ05]] Qi Li, Jingpu Shi, and Sihan Qing. An Administration Model of DRBAC on the Web. In ''2005 IEEE International Conference on e-Business Engineering (ICEBE 2005)'', pages 364--367, Washington, DC, USA, October 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p126-li.pdf LT04]] Ninghui Li and Mahesh V. Tripunitara. Security Analysis in Role-Based Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 126--135, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p112-liu.pdf LWGE06]] Yanhong A. Liu, Chen Wang, Michael Gorbovitski, Tom Rothamel, Yongxi Cheng, Yingchao Zhao, and Jing Zhang. Core Role-Based Access Control: Efficient Implementations by Transformations. In ''PEPM '06: Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation'', pages 112--120, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176310.pdf Mar02]] Andrew D. Marshall. A Financial Institution's Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard. In ''Proceedings of the 18th Annual Computer Security Applications Conference'', pages 382--390, Washington, DC, USA, 2002. IEEE Computer Society. [[http://www.tonymarston.net/php-mysql/role-based-access-control.html Mar04]] Tony Marston. A Role-Based Access Control (RBAC) System for PHP, May 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01214883.pdf MDS03]] Till Mossakowski, Michael Drouineaud, and Karsten Sohr. A Temporal-Logic Extension of Role-Based Access Control Covering Dynamic Separation of Duties. In ''Proceedings of the Fourth International Conference on Temporal Logic and 10th International Symposium on Temporal Representation and Reasoning'', pages 83--90, Washington, DC, USA, July 2003. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01229859.pdf MF03]] Gustavo H. M. B. Motta and Sergio S. Furuie. A Contextual Role-Based Access Control Authorization Model for Electronic Patient Record. ''IEEE Transactions on Information Technology in Biomedicine'', 7(3):202--207, September 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/moffett99uses.pdf ML99]] Jonathan D. Moffett and Emil Lupu. The Uses of Role Hierarchies in Access Control. In ''ACM Workshop on Role-Based Access Control'', pages 153--160, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/an-approach-to-extract.pdf MSSN04]] Jan Mendling, Mark Strembeck, Gerald Stermsek, and Gustaf Neumann. An Approach to Extract RBAC Models from BPEL4WS Processes. In ''13th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprises (WETICE 2004)'', pages 81--86, Washington, DC, USA, June 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-qamar.pdf Mun00]] Qamar Munawer. ''Administrative Models for Role-Based Access Control''. PhD thesis, George Mason University, 2000. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-icics-nabhen-jamhour-maziero.pdf NJM03]] Ricardo Nabhen, Edgard Jamhour, and Carlos Maziero. A Policy-Based Framework for RBAC. In Marcus Brunner and Alexander Keller, editors, ''Self-Managing Distributed Systems, Proceedings of the 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2003'', volume 2867 of ''Lecture Notes in Computer Science'', pages 181--193. Springer, October 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2004-wgrs-nabhen-jamhour-maziero.pdf NJM04]] Ricardo Nabhen, Edgard Jamhour, and Carlos Maziero. RBPIM: Enforcing RBAC Policies in Distributed Heterogeneous Systems. In ''Workshop de Gerência e Operação de Redes e Serviços'', 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p45-nyanchama.pdf NO93]] Matunda Nyanchama and Sylvia Osborn. Role-Based Security, Object Oriented Databases and Separation of Duty. ''SIGMOD Rec.'', 22(4):45--51, 1993. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-nyanchama.pdf NO99]] Matunda Nyanchama and Sylvia Osborn. The Role Graph Model and Conflict of Interest. ''ACM Trans. Inf. Syst. Secur.'', 2(1):3--33, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/conundrums.pdf NP90]] Michael J. Nash and Keith R. Poland. Some Conundrums Concerning Separation of Duty. In ''IEEE Computer Society Symposium on Research in Security and Privacy'', pages 201--207, Washington, DC, USA, May 1990. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/neumann01design.pdf NS01]] Gustaf Neumann and Mark Strembeck. Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. In ''ACM Conference on Computer and Communications Security'', pages 58--67, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p33-neumann.pdf NS02]] Gustaf Neumann and Mark Strembeck. A Scenario-driven Role Engineering Process for Functional RBAC Roles. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 33--42, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/IC_TECH_REPORT_200131.pdf NW01]] Txomin Nieva and Alain Wegmann. A Role-based Use Case Model for Remote Data Acquisition Systems. Technical Report DSC/201/031, Institute for Computer Communications and Applications (ICA), Swiss Federal Institute of Technology, Lausanne, Switzerland, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cd-xacml-rbac-profile-01.pdf OAS04]] OASIS Technical Committee. XACML Profile for Role Based Access, February 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_control-xacml-2.0-rbac-profile1-spec-os.pdf OAS05a]] OASIS Technical Committee. Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML v2.0. Technical report, Organization for the Advancement of Structured Information Standards, February 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_control-xacml-2.0-saml-profile-spec-os.pdf OAS05b]] OASIS Technical Committee. OASIS eXtensible Access Control Markup Language (xacml) v2.0. Technical report, Organization for the Advancement of Structured Information Standards, February 2005. XACML-2.0-OS-NORMATIVE.zip. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01000036.pdf OF02]] Rafael R. Obelheiro and Joni S. Fraga. Role-Based Access Control for CORBA Distributed Object Systems. In ''WORDS '02: Proceedings of the The Seventh IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2002)'', page 53, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/osborn00modeling.pdf OG00]] Sylvia Osborn and Yuxia Guo. Modeling Users in Role-Based Access Control. In ''ACM RBAC 2000'', pages 31--37, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00945161.pdf OP01]] Sejong Oh and Seog Park. Enterprise Model as a Basis of Administration on Role-Based Access Control. In ''The Proceedings of the Third International Symposium on Cooperative Database Systems for Advanced Applications, CODAS 2001'', pages 150--158, Washington, DC, USA, April 2001. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/guide.pdf Ope05]] The OpenLDAP Foundation. ''OpenLDAP Software 2.3 Administrator's Guide'', 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p163-osborn.pdf Osb02]] Sylvia L. Osborn. Information Flow Analysis of an RBAC System. In ''ACM Symposium on Access Control Models and Technologies'', pages 163--168, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p85-osborn.pdf OSM00]] Sylvia L. Osborn, Ravi S. Sandhu, and Qamar Munawer. Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ''Information and System Security'', 3(2):85--106, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jean.pdf Par99]] Joon S. Park. ''Secure Attribute Services on the Web''. PhD thesis, George Mason University, 1999. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jae.pdf Par03]] Jaehong Park. ''Usage Control: A Unified Framework for Next Generation Access Control''. PhD thesis, George Mason University, 2003. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Joon S. Park, Gail-Joon Ahn, and Ravi S. Sandhu. Role-Based Access Control on the Web Using LDAP. In ''Proceeding of the 15th IFIP WG 11.3 Working Conference on Database and Application Security'', pages 19--30, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/JP_004.pdf PBE01]] Stephen Perelson, Reinhardt Botha, and Jan Eloff. Separation of Duty Administration. ''SACJ/SART'', 27(1):64--70, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p163-park.pdf PCND04]] Joon S. Park, Keith P. Costello, Teresa M. Neven, and Josh A. Diosomito. A Composite RBAC Approach for Large, Complex Organizations. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 163--172, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/phillipsdissdraft.pdf Phi04]] Charles Edward Phillips, Jr. ''Security Assurance for a Resource-Based RBAC/DAC/MAC Security Model''. PhD thesis, University of Connecticut, 2004. Major Advisor: Steven A. Demurjian. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01544776.pdf PJ05]] Smithi Piromruen and James B. D. Joshi. An RBAC Framework for Time Constrained Secure Interoperation in Multi-Domain Environments. In ''WORDS '05: Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems'', pages 36--48, Washington, DC, USA, 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01566202.pdf PM05]] Aneta Poniszewska-Maranda. Role Engineering of Information System Using Extended RBAC Model. In ''WETICE '05: Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise'', pages 154--159, Washington, DC, USA, 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01632009.pdf PMC06]] Anil L. Pereira, Vineela Muppavarapu, and Soon M. Chung. Role-Based Access Control for Grid Database Services Using the Community Authorization Service. ''IEEE Transactions on Dependable and Secure Computing'', 3(2):156--166, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Pavlich-IFIP05.pdf PMDME05]] Jaime A. Pavlich-Mariscal, Thuong Doan, Laurent Michel, Steven A. Demurjian, and T. C. Ting. Role Slices: A Notation for RBAC Permission Assignment and Enforcement. In S. Jojodia, editor, ''Proceedings of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security'', volume 3654 of ''Lecture Notes in Computer Science'', pages 40--53, Berlin / Heidelberg, August 2005. Springer. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacaspect.pdf PMMD05]] Jaime Pavlich-Mariscal, Laurent Michel, and Steven Demurjian. ''A Formal Enforcement Framework for Role-Based Access Control Using Aspect-Oriented Programming'', volume 3713 of ''Lecture Notes in Computer Science'', pages 537--552. Springer, Berlin / Heidelberg, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p236-popek.pdf Pop73]] Gerald J. Popek. Correctness in Access Control. In ''ACM'73: Proceedings of the Annual Conference'', pages 236--241, New York, NY, USA, 1973. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-park.pdf PS99a]] Joon S. Park and Ravi S. Sandhu. RBAC on the Web by Smart Certificates. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 1--9, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] Joon S. Park and Ravi S. Sandhu. Smart Certificates: Extending X.509 for Secure Attribute Services on the Web. In ''Proc. of 22nd National Information Systems Security Conference (NISSC)'', October 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00binding.pdf PS00a]] J. S. Park and Ravi S. Sandhu. Binding Identities and Attributes Using Digitally Signed Certificates. In ''ACSAC 2000'', pages 120--127, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00secure.pdf PS00b]] Joon S. Park and Ravi S. Sandhu. Secure Cookies on the Web. ''IEEE Internet Computing'', 4(4):36--44, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01011294.pdf PS02a]] Jaehong Park and Ravi Sandhu. Originator Control in Usage Control. In ''POLICY '02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)'', pages 60--66, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p57-park.pdf PS02b]] Jaehong Park and Ravi Sandhu. Towards Usage Control Models: Beyond Traditional Access Control. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 57--64, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p128-park.pdf PS04]] Jaehong Park and Ravi Sandhu. The UCONABC Usage Control Model. ''ACM Trans. Inf. Syst. Secur.'', 7(1):128--174, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p37-park.pdf PSA01]] Joon S. Park, Ravi S. Sandhu, and Gail-Joon Ahn. Role-Based Access Control on the Web. ''ACM Trans. Inf. Syst. Secur.'', 4(1):37--71, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park99rbac.pdf PSG99]] Joon S. Park, Ravi S. Sandhu, and !SreeLatha Ghanta. RBAC on the Web by Secure Cookies. In ''IFIP Workshop on Database Security'', pages 49--62, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p87-phillips.pdf PTD02]] Charles E. Phillips, Jr., T.C. Ting, and Steven A. Demurjian. Information Sharing and Security in Dynamic Coalitions. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 87--96, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/IFIP04-mutability.pdf PZS04]] Jaehong Park, Xinwen Zhang, and Ravi S. Sandhu. Attribute Mutability in Usage Control. In Csilla Farkas and Pierangela Samarati, editors, ''Proceedings of the Eighteenth Annual Conference on Data and Applications Security, Research Directions in Data and Applications Security XVIII, IFIP TC11/WG 11.3'', pages 15--29. Kluwer, July 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/report02-1.pdf Res02]] Research Triangle Institute. The Economic Impact of Role Based Access Control. Technical Report Planning Report 02-01, NIST, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01233707.pdf RNKZ03]] Tatyana Ryutov, Clifford Neuman, Dongho Kim, and Li Zhou. Integrated Access Control and Intrusion Detection for Web Servers. ''IEEE Transactions on Parallel and Distributed Systems'', 14(9):841--850, September 2003. [[http://cuddletech.com/blog/pivot/entry.php?id=362 Roc03]] Ben Rockwood. Using RBAC on (Open)Solaris, September 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/RBAC_DBMS_Comparison.pdf RS98]] Chandramouli Ramaswamy and Ravi S. Sandhu. Role-Based Access Control Features in Commercial Database Management Systems. In ''Proc. 21st NIST-NCSC National Information Systems Security Conference'', pages 503--511, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p103-roeckle.pdf RSW00]] Haio Roeckle, Gerhard Schimpf, and Rupert Weidinger. Process-Oriented Approach for Role-Finding to Implement Role-Based Security Administration in a Large Industrial Organization. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 103--110, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01607578.pdf RY05]] Indrakshi Ray and Lijun Yu. Short Paper: Towards a Location-Aware Role-Based Access Control Model. In ''Proceedings of the 1st IEEE Conference on Security and Privacy for Emerging Areas in Commmunication Networks'', pages 234--236, Los Alamitos, CA, USA, September 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/dotstar.pdf S06]] Ifti S. Implementing RBAC on .Net. developer dot star web site, May 2006. http://www.developerdotstar.com/community/node/482. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1121-shin.pdf SACJ04]] Dongwan Shin, Gail-Joon Ahn, Sangrae Cho, and Seunghun Jin. A Role-Based Infrastructure Management System: Design and Implementation. ''Concurr. Comput. : Pract. Exper.'', 16(11):1121--1141, September 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fulltext-1.pdf SAGM05]] Karsten Sohr, Gail-Joon Ahn, Martin Gogolla, and Lars Migge. Specification and Validation of Authorisation Constraints Using UML and OCL. In Sabrina De Capitani di Vimercati, Paul F. Syverson, and Dieter Gollmann, editors, ''Computer Security, Proceedings of the 10th European Symposium on Research in Computer Security - ESORICS 2005'', volume 3679 of ''Lecture Notes in Computer Science'', pages 64--79, Berlin / Heidelberg, September 2005. Springer. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p15-sohr.pdf SAM05]] Karsten Sohr, Gail-Joon Ahn, and Lars Migge. Articulating and Enforcing Authorisation Policies with UML and OCL. In ''SESS '05: Proceedings of the 2005 Workshop on Software engineering for secure systems - building trustworthy applications'', pages 1--7, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00113349.pdf San88]] Ravi S. Sandhu. Transaction Control Expressions for Separation of Duties. In ''Proceedings of the Fourth Aerospace Computer Security Applications Conference'', pages 282--286, Washington, DC, USA, December 1988. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00241422.pdf San93]] Ravi S. Sandhu. Lattice-Based Access Control Models. ''Computer'', 26(11):9--19, 1993. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu96access.pdf San96a]] Ravi S. Sandhu. Access Control: The Neglected Frontier. In ''ACISP '96: Proceedings of the First Australasian Conference on Information Security and Privacy'', pages 219--227, London, UK, 1996. Springer-Verlag. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/issue.pdf San96b]] Ravi S. Sandhu. Issues in RBAC. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--21--I--46, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/role-group.pdf San96c]] Ravi S. Sandhu. Roles Versus Groups. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--25--I--26, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/summary-1.pdf San96d]] Ravi S. Sandhu. Workshop Summary. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--1--I--7, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p33-sandhu.pdf San98a]] Ravi S. Sandhu. Role Activation Hierarchies. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 33--40, New York, NY, USA, 1998. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu97rolebased.pdf San98b]] Ravi S. Sandhu. Role-Based Access Control. In M. Zerkowitz, editor, ''Advances in Computers'', volume 48. Academic Press, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu00engineering.pdf San00]] Ravi S. Sandhu. Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way. In ''ACM RBAC 2000'', pages 111--119, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/icgt-04.pdf San04]] Ravi S. Sandhu. A Perspective on Graphs and Access Control Models (Invited Talk). In H. Ehrig, G. Engels, F. Parisi-Presicce, and G. Rozenberg, editors, ''Proc. 2nd Intl. Conference on Graph Transformations (ICGT 2004)'', volume 3256 of ''Lecture Notes in Computer Science'', pages 2--12, Berlin/Heidelberg, 2004. Springer-Verlag. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01045125.pdf SAP02]] Dongwan Shin, Gail-Joon Ahn, and Joon S. Park. An Application of Directory Service Markup Language (DSML) for Role-Based Access Control (RBAC). In ''Proceedings of the 26th Annual International Computer Software and Applications Conference, COMPSAC 2002'', pages 934--939, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu97ura.pdf SB97]] Ravi S. Sandhu and Venkata Bhamidipati. The URA97 Model for Role-Based User-Role Assignment. In ''IFIP Workshop on Database Security'', pages 262--275, 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu98rolebasedURA97.pdf SB99]] Ravi S. Sandhu and Venkata Bhamidipati. Role-Based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation. ''Journal of Computer Security'', 7(4), 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p41-sandhu.pdf SBCE97]] Ravi Sandhu, Venkata Bhamidipati, Edward Coyne, Srinivas Canta, and Charles Youman. The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline. In ''Proceedings of 2nd ACM Workshop on Role-Based Access Control'', pages 41--54, New York, NY, USA, November 1997. ACM. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p58-shehab.pdf SBG05a]] Mohamed Shehab, Elisa Bertino, and Arif Ghafoor. Secure Collaboration in Mediator-Free Environments. In ''CCS '05: Proceedings of the 12th ACM conference on Computer and communications security'', pages 58--67, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p159-shehab.pdf SBG05b]] Mohamed Shehab, Elisa Bertino, and Arif Ghafoor. SERAT: SEcure Role mApping Technique for Decentralized Secure Interoperability. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 159--167, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p105-sandhu.pdf SBM99]] Ravi Sandhu, Venkata Bhamidipati, and Qamar Munawer. The ARBAC97 Model for Role-Based Administration of Roles. ''ACM Trans. Inf. Syst. Secur.'', 2(1):105--135, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00367293.pdf SCFY94]] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control: A Multi-Dimensional View. In ''Proceedings of the 10th Annual Computer Security Applications Conference'', pages 54--62, December 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu96rolebased.pdf SCFY96]] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control Models. ''IEEE Computer'', 29(2):38--47, 1996. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00991528.pdf Sch01]] Andreas Schaad. Detecting Conflicts in a Role-based Delegation Model. In ''Proceedings of the 17th Annual Computer Security Applications Conference, 2001. ACSAC 2001'', pages 117--126, December 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/schaad03framework.pdf Sch03]] Andreas Schaad. ''A Framework for Organisational Control Principles''. PhD thesis, The University of York, July 2003. Advisor: Dr. Jonathan Moffett. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p32-siewe.pdf SCZ03]] François Siewe, Antonio Cau, and Hussein Zedan. A Compositional Framework for Access Control Policies Enforcement. In ''FMSE '03: Proceedings of the 2003 ACM workshop on Formal methods in security engineering'', pages 32--42, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p332-sohr.pdf SDA05]] Karsten Sohr, Michael Drouineaud, and Gail-Joon Ahn. Formal Specification of Role-Based Security Policies for Clinical Information Systems. In ''SAC '05: Proceedings of the 2005 ACM Symposium on Applied Computing'', pages 332--339, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu94three.pdf SF94]] Ravi S. Sandhu and Hal L. Feinstein. A Three Tier Architecture for Role-Based Access Control. In ''Proc. 17th NIST-NCSC National Computer Security Conference'', pages 34--46, 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu00nist.pdf SFK00]] Ravi Sandhu, David Ferraiolo, and Richard Kuhn. The NIST Model for Role-Based Access Control: Towards a Unified Standard. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 47--63, New York, NY, USA, 2000. ACM Press. [[http://dream.sims.berkeley.edu/doc-eng/projects/ROLES/roles-final-report.html SGGE02]] Calvin Smith, Patrick Garvey, Marc Gratacos, E. Liggett, and Charis Kaskiris. ROLES Project Final Report. Technical report, University of California, Berkeley, The Center for Document Engineering, December 2002. [[http://idsynch.com/docs/beyond-roles-google.html Sho06]] Idan Shoham. Beyond Roles: A Practical Approach to Enterprise User Provisioning. Technical report, M-Tech, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/secure-interoperation-tkde.pdf SJBG05]] Basit Shafiq, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. Secure Interoperation in a Multidomain Environment Employing RBAC Policies. ''IEEE Transactions on Knowledge and Data Engineering'', 17(11):1557--1577, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01454316.pdf SJN05]] Timothy E. Squair, Edgard Jamhour, and Ricardo C. Nabhen. An RBAC-Based Policy Information Base. In ''POLICY '05: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05)'', pages 171--180, Washington, DC, USA, 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p139-schaad.pdf SLS06]] Andreas Schaad, Volkmar Lotz, and Karsten Sohr. A Model-Checking Approach to Analysing Organisational Controls in a Loan Origination Process. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 139--149, New York, NY, USA, 2006. ACM Press. [[http://www.informatik.uni-trier.de/~ley/db/journals/compsec/compsec13.html#SolmsM94 SM94]] Sebastiaan H. von Solms and Isak van der Merwe. The Management of Computer Security Profiles Using a Role-Oriented Approach. ''Computers and Security'', 13(8):673--680, 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p47-sandhu.pdf SM98]] Ravi S. Sandhu and Qamar Munawer. How to do Discretionary Access Control Using Roles. In ''ACM Workshop on Role-Based Access Control'', pages 47--54, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176294.pdf SM02a]] Andreas Schaad and Jonathan D. Moffett. A Framework for Organisational Control Principles. In ''Proceedings of the 18th Annual Computer Security Applications Conference'', pages 229--238, Washington, DC, USA, December 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p13-schaad.pdf SM02b]] Andreas Schaad and Jonathan D. Moffett. A Lightweight Approach to Specification and Analysis of Role-Based Access Control Extensions. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 13--22, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1380-schaad.pdf SM04]] Andreas Schaad and Jonathan Moffett. Separation, Review and Supervision Controls in the Context of a Credit Application Process -- A Case Study of Organisational Control Principles. In ''SAC '04: Proceedings of the 2004 ACM Symposium on Applied Computing'', pages 1380--1384, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01544773.pdf SMJG05]] Basit Shafiq, Ammar Masood, James Joshi, and Arif Ghafoor. A Role-Based Access Control Policy Verification Framework for Real-Time Systems. In ''10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems'', pages 13--20, Washington, DC, USA, February 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01504134.pdf SMLP05]] Yuqing Sun, Xiangxu Meng, Shijun Liu, and Peng Pan. An Approach for Flexible RBAC Workflow System. In ''Proceedings of the Ninth International Conference on Computer Supported Cooperative Work in Design'', volume 1, pages 524--529, Washington, DC, USA, May 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p392-strembeck.pdf SN04]] Mark Strembeck and Gustaf Neumann. An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ''ACM Trans. Inf. Syst. Secur.'', 7(3):392--427, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-sandhu.pdf SP98]] Ravi S. Sandhu and Joon S. Park. Decentralized User-Role Assignment for Web-Based Intranets. In ''ACM Workshop on Role-Based Access Control'', pages 1--12, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003_MMS_UCON.pdf SP03]] Ravi S. Sandhu and Jaehong Park. Usage Control: A Vision for Next Generation Access Control. In Vladimir Gorodetsky, Leonard J. Popyack, and Victor A. Skormin, editors, ''Proceedings of the Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003'', volume 2776 of ''Lecture Notes in Computer Science'', pages 17--31. Springer, September 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/researchpaper.pdf Spe04]] Bradley Spengler. Increasing Performance and Granularity in Role-Based Access Control Systems -- A Case Study in GRSECURITY. Technical report, OpenOffice.org, May 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/zrm.pdf Spi98]] J. M. Spivey. ''The Z Notation: A Reference Manual, Second Edition''. Oriel College. J. M. Spivey, Oxford, UK, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p170-sreedhar.pdf Sre06]] Vugranam C. Sreedhar. Data-Centric Security: Role Analysis and Role Typestates. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 170--179, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00312842.pdf SS94]] Ravi S. Sandhu and Pierangela Samarati. Access Control: Principles and Practice. ''IEEE Communications Magazine'', 32(9):40--48, September 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1328-schaad.pdf SSW05]] Andreas Schaad, Pascal Spadone, and Helmut Weichsel. A Case Study of Separation of Duty Properties in the Context of the Austrian "eLaw" Process. In ''SAC '05: Proceedings of the 2005 ACM Symposium on Applied Computing'', pages 1328--1332, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/se2004.pdf Str04]] Mark Strembeck. Conflict Checking of Separation of Duty Constraints in RBAC -- Implementation Experiences. In ''Proceedings of the Conference on Software Engineering, SE 2004'', 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01454322.pdf Str05]] Mark Strembeck. Embedding Policy Rules for Software-Based Systems in a Requirements Context. In ''Sixth IEEE International Workshop on Policies for Distributed Systems and Networks'', pages 235--238, June 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/stoupa04xmlbased.pdf SVLT04]] Konstantina Stoupa, Athena Vakali, Fang Li, and Ioannis Tsoukalas. XML-Based Revocation and Delegation in a Distributed Environment. In Wolfgang Lindner, Marco Mesiti, Can Türker, Yannis Tzitzikas, and Athena Vakali, editors, ''Lecture Notes in Computer Science, Current Trends in Database Technology - EDBT 2004'', volume 3268, pages 299--308. Springer, Berlin / Heidelberg, March 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.pdf Swa06]] Siswati Swami. Requirements Specifications for ORBIT Access Control. Technical report, Rutgers University, New Brunswick, New Jersey USA, June 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.doc in MS Word format]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cs1050129.pdf SWPE02]] Marianne Swanson, Amy Wohl, Lucinda Pope, Tim Grance, Joan Hash, and Ray Thomas. Contingency Planning Guide for Information Technology Systems. Technical Report Special Publication 800-34, NIST, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00596811.pdf SZ97]] Richard T. Simon and Mary Ellen Zurko. Separation of Duty in Role-Based Environments. In ''Proceedings of the 10th Computer Security Foundations Workshop'', pages 183--194, June 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p147-sandhu.pdf SZ05]] Ravi Sandhu and Xinwen Zhang. Peer-to-Peer Access Control Architecture Using Trusted Computing Technology. In ''SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies'', pages 147--158, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p29-tolone.pdf TAPH05]] William Tolone, Gail-Joon Ahn, Tanusree Pai, and Seng-Phil Hong. Access Control in Collaborative Systems. ''ACM Comput. Surv.'', 37(1):29--41, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01310739.pdf TCG04]] Kaijun Tan, Jason Crampton, and Carl A. Gunter. The Consistency of Task-Based Authorization Constraints in Workflow. In ''Proceedings of the 17th IEEE Computer Security Foundations Workshop, 2004'', pages 155--169, June 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/draft-rbac-implementation-std-v01.pdf Tec06]] INCITS Committee on Information Technology Standards. DRAFT Role Based Access Control Implementation Standard, January 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p13-thomas.pdf Tho97]] Roshan K. Thomas. Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 13--19, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p154-tidswell.pdf TJ00]] Jonathon E. Tidswell and Trent Jaeger. An Access Control Model for Simplifying Constraint Expression. In ''CCS '00: Proceedings of the 7th ACM Conference on Computer and Communications Security'', pages 154--163, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/CRPITV21ATaylor.pdf TM03]] Kerry Taylor and James Murty. Implementing Role Based Access Control for Federated Information Systems on the Web. In ''ACSW Frontiers '03: Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003'', pages 87--95, Darlinghurst, Australia, Australia, 2003. Australian Computer Society, Inc. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i97tbac.pdf TS98]] Roshan K. Thomas and Ravi S. Sandhu. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management. In ''Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI'', pages 166--181, London, UK, UK, 1998. Chapman & Hall, Ltd. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-wobber.pdf WABL94]] Edward Wobber, Martín Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos Operating System. ''ACM Trans. Comput. Syst.'', 12(1):3--32, 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/wainer01wrbac.pdf WBK01]] Jacques Wainer, Paulo Barthelmess, and Akhil Kumar. W-RBAC - A workflow security model incorporating controlled overriding of constraints. Technical Report IC-01-013, Instituto de Computação, Universidade Estadual de Campinas, October 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01342816.pdf WJYJ04]] Xu Wei, Wei Jun, Liu Yu, and Li Jing. SOWAC: A Service-Oriented Workflow Access Control Model. In ''Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004'', volume 1, pages 128--134, September 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p91-wang.pdf WO06]] He Wang and Sylvia L. Osborn. Delegation in the Role Graph Model. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 91--100, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01357989.pdf WT04]] Roosdiana Wonohoesodo and Zahir Tari. A Role Based Access Control for Web Services. In ''Proceedings of the 2004 IEEE International Conference on Services Computing (SCC 2004)'', pages 49--56, Washington, DC, USA, September 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01578944.pdf YHHL05]] Hanbing Yao, Heping Hu, Baohua Huang, and Ruixuan Li. Dynamic Role and Context-Based Access Control for Grid Applications. In ''Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2005'', pages 404--406, Los Alamitos, CA, USA, December 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01376833.pdf YHM04]] Wataru Yamazaki, Hironori Hiraishi, and Fumio Mizoguchi. Designing an Agent-Based RBAC System for Dynamic Security Policy. In ''WETICE '04: Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises'', pages 199--204, Washington, DC, USA, 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01414530.pdf YS04]] Burin Yenmunkong and Chanboon Sathitwiriyawong. An Experimental Study of ERBAC03 for Access Control Administration. In ''2004 IEEE Region 10 Conference, TENCON 2004'', volume B2, pages 57--60, November 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01232433.pdf YZ03]] Cungang Yang and Chang N. Zhang. Secure Web-Based Applications with XML and RBAC. In ''Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society'', pages 276-- 281, Washington, DC, USA, June 2003. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Paper_code16.pdf ZM04]] Wei Zhou and Christoph Meinel. Implement Role Based Access Control with Attribute Certificates. In ''The 6th International Conference on Advanced Communication Technology'', pages 536--540, Washington, DC, USA, 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/04-zhang-logic.pdf ZPPPS04]] Xinwen Zhang, Jaehong Park, Francesco Parisi-Presicce, and Ravi Sandhu. A Logical Specification for Usage Control. In ''SACMAT '04: Proceedings of the Ninth ACM symposium on Access Control Models and Technologies'', pages 1--10, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p351-zhang.pdf ZPPSP05]] Xinwen Zhang, Francesco Parisi-Presicce, Ravi Sandhu, and Jaehong Park. Formal Model and Policy Specification of Usage Control. ''ACM Trans. Inf. Syst. Secur.'', 8(4):351--387, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/RBAC-1.pdf ZWCJ02]] John Zao, Hoetech Wee, Jonathan Chu, and Daniel Jackson. RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis. Technical report, MIT, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00948401.pdf ZY01a]] Chang N. Zhang and Cungang Yang. An Object-Oriented RBAC Model for Distributed System. In ''Proceedings of the Working IEEE/IFIP Conference on Software Architecture'', pages 24--32, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00933700.pdf ZY01b]] Chang N. Zhang and Cungang Yang. Specification and Enforcement of Object-Oriented RBAC Model. In ''Proceedings of the Canadian Conference on Electrical and Computer Engineering, 2001'', volume 1, pages 301--305, 2001.