[[TOC(Internal/Rbac,Internal/Rbac/OrbitRbacLevels,Internal/Rbac/OrbitRbacDesign,Internal/Rbac/LdapResources,Internal/Rbac/RbacResources)]] == RBAC Resources == The National Institute of Standards and Technology maintains a comprehensive RBAC web site [[http://csrc.nist.gov/rbac/ Role Based Access Control]] edited by David Ferraiolo, Rick Kuhn, Ramaswamy Chandramouli, and John Barkley. This site includes sections on RBAC Standards, RBAC Design and Implementation, Downloadable RBAC Software, and NIST RBAC Patents. It references [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacSTD-ACM.pdf FSGE01]] as a tutorial on the model used in RBAC. There is a book that covers the background and most technical aspects of RBAC: [[http://www.amazon.com/gp/product/1580533701/ Role-Based Access Control]], David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli, Artech House, Inc., Norwood, MA, USA, 2003. Role Based Access Control (RBAC) is an American Standard: [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ANSI+INCITS+359-2004.pdf American National Standard for Information Technology - Role Based Access Control]], American National Standards Institute Inc, ANSI INCITS 359-2004, February 2004; see also its [[http://xml.coverpages.org/RBAC-ANSI.html announcement]]. There is an on-going effort to standardize aspects of its implementation too [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/draft-rbac-implementation-std-v01.pdf Tec06]] and [[http://www.incits.org/tc_home/cs1.htm INCITS CS1 site]]. There is also some discussion of problems with the standards API's [[http://lists.oasis-open.org/archives/xacml/200404/msg00036.html And04]] and of desirable changes to the standard [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/aboutRBACStandard.pdf LBB06]] and a forthcoming reply [[http://csrc.nist.gov/staff/kuhn/rkhome.html Kuh06 under External publications]]. The RBAC standard uses the Z Formal Specification Notation to specify the actions of RBAC methods. It is an International Standard: [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/c021573_ISO_IEC_13568_2002E.pdf Information Technology - Z Formal Specification Notation - Syntax, Type System and Semantics]], ISO/IEC International Standard 13568:2002(E), July 2002. An important Z reference: [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/zrm.pdf The Z Notation: A Reference Manual, Second Edition]], J. M. Spivey, Oriel College, Oxford, UK, 1998. The Z Formal Specification Notation employs a number of special symbols. Each of these special symbols can be represented in [[http://www.unicode.org Unicode]], and, although Trac uses Unicode internally, some of these symbols may not display with any of the fonts available on your browser. BTW, any Unicode code point can be entered in Trac using its four-digit hexadecimal value from the Unicode code charts and the HTML ꯟ format in an HTML block like the blue one below on the right, then that character may be cut and pasted from the resulting page. {{{ #!html

∀א⟪∃⟦Šš⊦™⩥⋃⧹⟧⟫

}}} == RBAC References == [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p706-abadi.pdf ABLP93]] Martín Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A Calculus for Access Control in Distributed Systems. ''ACM Trans. Program. Lang. Syst.'', 15(4):706--734, 1993. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01647810.pdf AC05]] Raman Adaikkalavan and Sharma Chakravarthy. Active Authorization Rules for Enforcing Role-Based Access Control and its Extensions. In ''21st International Conference on Data Engineering Workshops'', pages 1197--1206, Washington, DC, USA, April 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/WOSIS2004.pdf AH04]] Gail-Joon Ahn and Seng-Phil Hong. Group Hierarchies with Constrained User Assignment in Linux. In ''Proceedings of The Second International Workshop on Security In Information Systems (WOSIS)'', pages 24--33, April 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-gail.pdf Ahn99]] Gail-Joon Ahn. ''The RCL 2000 Language for Specifying Role-Based Authorization Constraints''. PhD thesis, George Mason University, 1999. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ahn01conuga.pdf AK01]] Gail-Joon Ahn and Kwangjo Kim. CONUGA: Constrained User Group Assignment. ''J. Netw. Comput. Appl.'', 24(2):87--100, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-mohammad.pdf AK04]] Mohammad Abdullah Al-Kahtani. ''A Family of Models for Rule-Based User-Role Assignment''. PhD thesis, George Mason University, 2004. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176307.pdf AKS02]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. A Model for Attribute-Based User-Role Assignment. In ''ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference'', pages 353--362, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p142-al-kahtani.pdf AKS03]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. Induced Role Hierarchies with Attribute-Based RBAC. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 142--148, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01377248.pdf AKS04]] Mohammad A. Al-Kahtani and Ravi S. Sandhu. Rule-Based RBAC With Negative Authorization. In ''20th Annual Computer Security Applications Conference (ACSAC'04)'', pages 405--415, Washington, DC, USA, December 2004. IEEE Computer Society. [[http://www.networksecurityarchive.org/html/Web-App-Sec/2005-08/msg00036.html Ali05]] Saqib Ali. RBAC for !WebApps using LDAP, August 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01286758.pdf AM04a]] Gail-Joon Ahn and Badrinath Mohan. Secure Information Sharing Using Role-Based Delegation. In ''Proceedings of the International Conference on Information Technology: Coding and Computing, ITCC 2004, Volume 2'', pages 810--815, Washington, DC, USA, April 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ao04role.pdf AM04b]] Xuhui Ao and Naftaly H. Minsky. On the Role of Roles: from Role-Based to Role-Sensitive Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 51--60, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbac-std-ncits.pdf Ame03]] American National Standards Institute Inc. DRAFT American National Standard for Information Technology - Role Based Access Control. BSR INCITS 359, April 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ANSI+INCITS+359-2004.pdf Ame04]] American National Standards Institute Inc. American National Standard for Information Technology - Role Based Access Control. ANSI INCITS 359-2004, February 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sdarticle.pdf AMH06]] Gail-Joon Ahn, Badrinath Mohan, and Seng-Phil Hong. Towards secure information sharing using role-based delegation. ''Journal of Network and Computer Applications'', 2006. In press. [[http://lists.oasis-open.org/archives/xacml/200404/msg00036.html And04]] Anne Anderson. Re: [xacml] ANSI INCITS 359-2004 etc. e-mail to Robin Cover of Isogen, April 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p43-ahn.pdf AS99]] Gail-Joon Ahn and Ravi Sandhu. The RSL99 Language for Role-Based Separation of Duty Constraints. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 43--54, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p207-ahn.pdf AS00]] Gail-Joon Ahn and Ravi S. Sandhu. Role-Based Authorization Constraints Specification. ''ACM Trans. Inf. Syst. Secur.'', 3(4):207--226, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00953406.pdf AS01]] Gail-Joon Ahn and Michael E. Shin. Role-Based Authorization Constraints Specification Using Object Constraint Language. In ''WETICE '01: Proceedings of the 10th IEEE International Workshops on Enabling Technologies'', pages 157--162, Washington, DC, USA, 2001. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2928_1724_76-10-01.pdf ASKP00]] Gail-Joon Ahn, Ravi S. Sandhu, Myong Kang, and Joon Park. Injecting RBAC to Secure a Web-based Workflow System. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 1--10, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/health_paper.ps Bar95]] John Barkley. Application Engineering in Health Care. In ''Proceedings of the 2nd Annual CHIN Summit'', 1995. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p20-barkley.pdf Bar96]] John Barkley. Implementing Role-Based Access Control Using Object Technology. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', page 20, New York, NY, USA, 1996. ACM Press; [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/titlewkshp.ps also in postscript]]. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p127-barkley.pdf Bar97a]] John Barkley. Comparing Simple Role Based Access Control Models and Access Control Lists. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 127--132, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p69-bartz.pdf Bar97b]] Larry S. Bartz. hyperDRIVE: Leveraging LDAP to Implement RBAC on the Web. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 69--74, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-Ezedin.pdf Bar02]] Ezedin S. Barka. ''Framework for Role-Based Delegation Models''. PhD thesis, George Mason University, 2002. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p23-berry.pdf BBB05]] Lior Berry, Lyn Bartram, and Kellogg S. Booth. Role-Based Control of Shared Application Views. In ''UIST '05: Proceedings of the 18th Annual ACM Symposium on User Interface Software and Technology'', pages 23--32, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p191-bertino.pdf BBF01]] Elisa Bertino, Piero Andrea Bonatti, and Elena Ferrari. TRBAC: A Temporal Role-Based Access Control Model. ''ACM Trans. Inf. Syst. Secur.'', 4(3):191--233, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00485637.pdf BBFS96]] Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. A Temporal Access Control Mechanism for Database Systems. ''IEEE Transactions on Knowledge and Data Engineering'', 8(1):67--80, 1996. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/bertino97decentralized.pdf BBFS97]] Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. Decentralized Administration for a Temporal Access Control Model. ''Inf. Syst.'', 22(4):223--248, 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p231-bertino.pdf BBFS98]] Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning. ''ACM Trans. Database Syst.'', 23(3):231--285, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01314738.pdf BBG05]] Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. A Trust-Based Context-Aware Access Control Model for Web-Services. ''Distrib. Parallel Databases'', 18(1):83--105, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/CACM_Accepted.pdf BBG06]] Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. An Integrated Approach to Federated Identity and Privilege Management in Open Systems. ''Communications of the ACM'', 2006. Accepted for publication. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01297300.pdf BBGJ04]] Rafae Bhatti, Elisa Bertino, Arif Ghafoor, and James B. D. Joshi. XML-Based Specification for Web Services Document Security. ''Computer'', 37(4):41--49, April 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p126-bertino.pdf BBS94]] Elisa Bertino, Claudio Bettini, and Pierangela Samarati. A Temporal Authorization Model. In ''CCS '94: Proceedings of the 2nd ACM Conference on Computer and Communications Security'', pages 126--135, New York, NY, USA, 1994. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p55-barkley.pdf BBU99]] John Barkley, Konstantin Beznosov, and Jinny Uppal. Supporting Relationships in Access Control Using Role Based Access Control. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 55--65, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p73-barkley.pdf BC98]] John Barkley and Anthony Cincotta. Managing Role/Permission Relationships Using Object Access Types. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 73--80, New York, NY, USA, 1998. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p29-bertino.pdf BCDP05]] Elisa Bertino, Barbara Catania, Maria Luisa Damiani, and Paolo Perlasca. GEO-RBAC: A Spatially Aware RBAC. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 29--37, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/barkley-et-al-rbac-web-97.ps BCFE97]] John F. Barkley, Anthony V. Cincotta, David F. Ferraiolo, Serban Gavrila, and D. Richard Kuhn. Role Based Access Control for the World Wide Web. In ''Proceedings of the 20th National Information System Security Conference'', pages 1--7, 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p71-bertino.pdf BCFP03]] Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. A Logical Framework for Reasoning about Access Control Models. ''ACM Trans. Inf. Syst. Secur.'', 6(1):71--127, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-04.pdf BDBE06]] Rafae Bhatti, Maria Damiani, David W. Bettis, Elisa Bertino, and Arif Ghafoor. A Modular Framework for Administering Spatial Constraints in Context-Aware RBAC. Technical Report TR 2006-04, Purdue University CERIAS, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00816041.pdf BDBB99]] Konstantin Beznosov, Yi Deng, Bob Blakley, and John Barkley. A Resource Access Decision Service for CORBA-Based Distributed Systems. In ''ACSAC '99: Proceedings of the 15th Annual Computer Security Applications Conference'', page 310, Washington, DC, USA, 1999. IEEE Computer Society; [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/5ndocgm9.ps also in postscript]]. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p100-lodderstedt.pdf BDL03]] David Basin, Jürgen Doser, and Torsten Lodderstedt. Model Driven Security for Process-Oriented Systems. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 100--109, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p39-basin.pdf BDL06]] David Basin, Jürgen Doser, and Torsten Lodderstedt. Model Driven Security: From UML Models to Access Control Infrastructures. ''ACM Trans. Softw. Eng. Methodol.'', 15(1):39--91, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/JP_006.pdf BE01a]] Reinhardt A. Botha and Jan H. P. Eloff. A Framework for Access Control in Workflow Systems. ''Information Management and Computer Security'', 9(3):126--133, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/botha.pdf BE01b]] Reinhardt A. Botha and Jan H. P. Eloff. Separation of Duties for Access Control Enforcement in Workflow Environments. ''IBM Syst. J.'', 40(3):666--682, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03shielding.pdf BE03]] András Belokosztolszki and David Eyers. Shielding the OASIS RBAC Infrastructure from Cyberterrorism. In E. Gudes and S. Shenoi, editors, ''Research Directions in Data and Applications Security'', pages 3--14. Kluwer Academic Publishers, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01206964.pdf BEM03]] András Belokosztolszki, David M. Eyers, and Ken Moody. Policy Contexts: Controlling Information Flow in Parameterised RBAC. In ''Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks, POLICY 2003'', pages 99--110, Washington, DC, USA, June 2003. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03rolebased.pdf BEPE03]] András Belokosztolszki, David M. Eyers, Peter R. Pietzuch, Jean Bacon, and Ken Moody. Role-Based Access Control for Publish/Subscribe Middleware Architectures. In ''DEBS '03: Proceedings of the 2nd International Workshop on Distributed Event-Based Systems'', pages 1--8, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/belokosztolszki03policy.pdf BEWM03]] András Belokosztolszki, David M. Eyers, Wei Wang, and Ken Moody. Policy Storage for Role-Based Access Control Systems. In ''Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'03)'', pages 196--201, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p65-bertino.pdf BFA99]] Elisa Bertino, Elena Ferrari, and Vijay Atluri. The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ''ACM Trans. Inf. Syst. Secur.'', 2(1):65--104, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00502679.pdf BFL96]] Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized Trust Management. In ''Proceedings of the 1996 IEEE Symposium on Security and Privacy'', pages 164--173, Washington, DC, USA, May 1996. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p187-bhatti.pdf BGBJ05]] Rafae Bhatti, Arif Ghafoor, Elisa Bertino, and James B. D. Joshi. X-GTRBAC: an XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. ''ACM Trans. Inf. Syst. Secur.'', 8(2):187--227, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-27.pdf Bha03]] Rafae Bhatti. X-GTRBAC: an XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. Master's thesis, Purdue University, May 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-13.pdf Bha06]] Rafae Bhatti. ''A Policy Engineering Framework for Federated Access Management''. PhD thesis, Purdue University, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ICWS_2003.pdf BJBG03]] Rafae Bhatti, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. Access Control in Dynamic XML-Based Web Services Using X-RBAC. In ''Proceedings of the First International Conference on Web Services (ICWS)'', June 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p78-bhatti.pdf BJBG04]] Rafae Bhatti, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 78--86, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/bell76.pdf BL76]] David E. Bell and Leonard J. !LaPadula. Secure Computer Systems: Unified Exposition and MULTICS Interpretation. Technical Report MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA, March 1976. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p59-bacon.pdf BM02a]] Jean Bacon and Ken Moody. Toward Open, Secure, Widely Distributed Services. ''Commun. ACM'', 45(6):59--64, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01011298.pdf BM02b]] András Belokosztolszki and Ken Moody. Meta-Policies for Distributed Role-Based Access Control Systems. In ''Policy 2002: IEEE 3rd International Workshop on Policies for Distributed Systems and Networks'', pages 106--115, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p492-bacon.pdf BMY02]] Jean Bacon, Ken Moody, and Walt Yao. A Model of OASIS Role-Based Access Control and Its Support for Active Security. ''ACM Trans. Inf. Syst. Secur.'', 5(4):492--540, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chwall.pdf BN89]] David F. C. Brewer and Michael J. Nash. The Chinese Wall Security Policy. In A. L. Buczak, J. Zimmerman, and K. Kurapati, editors, ''1989 IEEE Symposium on Security and Privacy'', pages 206--214, Washington, DC, USA, May 1989. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/SmartRolesDataSheet.pdf Bri05]] Bridgestream Inc. SmartRoles™ Business Roles Automation. Bridgestream data sheet, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p71-brooks.pdf Bro99]] Kami Brooks. Migrating to Role-Based Access Control. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 71--81, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/brucker02cvsserver.pdf BRW02]] Achim D. Brucker, Frank Rittinger, and Burkhart Wolff. The CVS-Server Case Study: A Formalized Security Architecture. In G. Schellhorn D. Haneberg and W. Reif, editors, ''FM-TOOLS 2002, The 5th Workshop on Tools for System Design and Verification, Reisensburg, Germany'', Report 2002-11, pages 47--52. Universität Augsburg, Institut für Informatik, July 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/barka00rolebased.pdf BS00]] Ezedin Barka and Ravi S. Sandhu. A Role-Based Delegation Model and Some Extensions. In ''23rd National Information Systems Security Conference'', Washington, DC, USA, October 2000. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01377247.pdf BS04]] Ezedin Barka and Ravi S. Sandhu. Role-Based Delegation Model/Hierarchical Roles (RBDM1). In ''20th Annual Computer Security Applications Conference'', pages 396--404, Washington, DC, USA, December 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01416861.pdf BS05]] Elisa Bertino and Ravi Sandhu. Database Security - Concepts, Approaches, and Challenges. ''IEEE Transactions on Dependable and Secure Computing'', 2(1):2--19, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p388-bhatti.pdf BSBE05]] Rafae Bhatti, Basit Shafiq, Elisa Bertino, Arif Ghafoor, and James B. D. Joshi. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. ''ACM Trans. Inf. Syst. Secur.'', 8(4):388--423, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-03.pdf BSBG06]] Rafae Bhatti, Daniel Sanz, Elisa Bertino, and Arif Ghafoor. A Policy-Based Authorization System for Web Services: Integrating X-GTRBAC and WS-Policy. Technical Report TR 2006-03, Purdue University CERIAS, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rwhat.pdf BSCE05]] Sacha Brostoff, M. Angela Sasse, David Chadwick, James Cunningham, Uche Mbanaso, and Sassa Otenko. R-What? Development of a Role-Based Access Control (RBAC) Policy-Writing Tool for e-Scientists. ''Software: Practice and Experience'', 35(9):835--856, July 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01565245.pdf BTKV05]] Elisa Bertino, Evimaria Terzi, Ashish Kamra, and Athena Vakali. Intrusion Detection in RBAC-administered Databases. In ''21st Annual Computer Security Applications Conference'', volume l, pages 10--19, Washington, DC, USA, December 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p77-burrow.pdf Bur04]] Andrew Lincoln Burrow. Negotiating Access within Wiki: A System to Construct and Maintain a Taxonomy of Access Rules. In ''HYPERTEXT '04: Proceedings of the Fifteenth ACM Conference on Hypertext and Hypermedia'', pages 77--86, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00596810.pdf BV97]] Yun Bai and Vijay Varadharajan. A Logic for State Transformations in Authorization Policies. In ''CSFW '97: Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97)'', page 173, Washington, DC, USA, 1997. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fmics_03.pdf BW03]] Achim D. Brucker and Burkhart Wolff. A Case Study of a Formalized Security Architecture. In ''Electr. Notes Theor. Comput. Sci., FMICS'03: Eighth International Workshop on Formal Methods for Industrial Critical Systems'', volume 80, pages 1--17, Netherlands, June 2003. Elsevier Science B. V. [[http://www.amazon.com/gp/product/1565924916/ Car03]] Gerald Carter. ''LDAP System Administration''. O'Reilly Media, Inc., Sebastopol, CA, USA, March 2003. [[http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetserv/html/AzManRoles.asp Cav03]] Mohan Rao Cavale. Role-Based Access Control Using Windows Server 2003 Authorization Manager. Microsoft Corporation web site, January 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/IC_003.pdf CBE00]] Damian G. Cholewka, Reinhardt A. Botha, and Jan H. P. Eloff. A Context-Sensitive Access Control Model and Prototype Implementation. In ''Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures'', pages 341--350, Deventer, The Netherlands, The Netherlands, 2000. Kluwer, B.V. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ACM_XML_Paper_Final.pdf Cha00]] Ramaswamy Chandramouli. Application of XML Tools for Enterprise-Wide RBAC Implementation Tasks. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 11--18, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chandramouli01framework.pdf Cha01]] Ramaswamy Chandramouli. A Framework for Multiple Authorization Types in a Healthcare Application System. In ''ACSAC '01: Proceedings of the 17th Annual Computer Security Applications Conference'', page 137, Washington, DC, USA, December 2001. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_validate.pdf Cha03]] Ramaswamy Chandramouli. Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints. In ''World Multiconference on Systems, Cybernetics and Informatics, July 27-30, 2003'', July 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2143.pdf Cho05]] Shih-Chien Chou. An RBAC-Based Access Control Model for Object-Oriented Systems Offering Dynamic Aspect Features. ''IEICE Trans Inf Syst'', E88-D(9):2143--2147, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01506523.pdf CJ05]] Suroop Mohan Chandran and James B. D. Joshi. Towards Administration of a Hybrid Role Hierarchy. In ''2005 IEEE International Conference on Information Reuse and Integration'', pages 500--505, Washington, DC, USA, August 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fulltext.pdf CL01a]] Jan Chomicki and Jorge Lobo. Monitors for History-Based Policies. In ''POLICY '01: Proceedings of the International Workshop on Policies for Distributed Systems and Networks'', pages 57--72, London, UK, 2001. Springer-Verlag. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p6-crampton.pdf CL01b]] Jason Crampton and George Loizou. Authorisation and Antichains. ''SIGOPS Oper. Syst. Rev.'', 35(3):6--15, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p201-crampton.pdf CL03]] Jason Crampton and George Loizou. Administrative Scope: A Foundation for Role-Based Administrative Models. ''ACM Trans. Inf. Syst. Secur.'', 6(2):201--231, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p130-chen.pdf CL06]] Hong Chen and Ninghui Li. Constraint Generation for Separation of Duty. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 130--138, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p111-crampton.pdf CLB06]] Jason Crampton, Wing Leung, and Konstantin Beznosov. The Secondary and Approximate Authorization Model and its Application to Bell-!LaPadula Policies. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 111--120, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p135-chadwick.pdf CO02a]] David W. Chadwick and Alexander Otenko. The PERMIS X.509 Role Based Privilege Management Infrastructure. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 135--140, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chadwickRBAC509.pdf CO02b]] David W. Chadwick and Alexander Otenko. RBAC Policies in XML for X.509 Based Privilege Management. In M. A. Ghonaimy, M. T. El-Hadidi, and H.K. Aslan, editors, ''Security in the Information Society: Visions and Perspectives: IFIP TC11 17th Int. Conf. On Information Security (SEC2002), Cairo, Egypt'', pages 39--53. Kluwer Academic Publishers, May 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Sec2002Final.pdf CO02c]] David W. Chadwick and Alexander Otenko. RBAC Policies in XML for X.509 Based Privilege Management -- Final, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/InternetComputingPaperv4.pdf COB04]] David W. Chadwick, Alexander Otenko, and Edward Ball. Implementing Role Based Access Controls Using X.509 Attribute Certificates - the PERMIS Privilege Management Infrastructure. In ''Security and Privacy in Advanced Networking Technologies'', pages 26--39, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p4-coyne.pdf Coy96]] Edward J. Coyne. Role Engineering. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--15--I--16, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/qut-isrc-tr-1999-005.pdf CR99a]] William Caelli and Anthony Rhodes. Implementation of Active Role Based Access Control in a Collaborative Environment. Technical Report QUT-ISRC-TR-1999-005, University of Queensland, Australia, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/qut-isrc-tr-1999-003.pdf CR99b]] William Caelli and Anthony Rhodes. RBACManager: Implementing a Minimal Role Based Access Control Scheme (RBACm) Under the Windows NT 4.0 Workstation Operating System. Technical Report QUT-ISRC-TR-1999-003, Information Security Institute, Queensland University of Technology, Brisbane, Australia, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p49-chakraborty.pdf CR06]] Sudip Chakraborty and Indrajit Ray. TrustBAC: Integrating Trust Relationships into the RBAC Model for Access Control in Open Systems. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 49--58, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p145-crampton.pdf Cra02]] Jason Crampton. Administrative scope and role hierarchy operations. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 145--154, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p85-crampton.pdf Cra03a]] Jason Crampton. On Permissions, Inheritance and Role Hierarchies. In ''CCS '03: Proceedings of the 10th ACM Conference on Computer and Communications Security'', pages 85--92, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p43-crampton.pdf Cra03b]] Jason Crampton. Specifying and Enforcing Constraints in Role-Based Access Control. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 43--50, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fcs04.pdf Cra04]] Jason Crampton. An Algebraic Approach to the Analysis of Constrained Workflow Systems. In ''Proceedings of the 3rd Workshop on the Foundations of Computer Security'', pages 61--74, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p38-crampton.pdf Cra05a]] Jason Crampton. A Reference Monitor for Workflow Systems with Constrained Task Execution. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 38--47, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p158-crampton.pdf Cra05b]] Jason Crampton. Understanding and Developing Role-Based Administrative Models. In ''CCS '05: Proceedings of the 12th ACM Conference on Computer and Communications Security'', pages 158--167, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/clark_wilson.pdf CW87]] David D. Clark and David R. Wilson. A Comparison of Commercial and Military Computer Security Policies. In ''1987 IEEE Symposium on Security and Privacy'', pages 184--194, Washington, DC, USA, 1987. IEEE. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sacmat04-tbac.pdf DBEE04]] Nathan Dimmock, András Belokosztolszki, David Eyers, Jean Bacon, and Ken Moody. Using Trust and Risk in Role-Based Access Control Policies. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 156--162, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/risk-tbac-itrust05.pdf DBIM05]] Nathan Dimmock, Jean Bacon, David Ingram, and Ken Moody. Risk Models for Trust-Based Access Control (TBAC). In ''iTrust 2005'', pages 364--371. University of Cambridge, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01357945.pdf DBTS04]] Michael Drouineaud, Maksym Bortin, Paolo Torrini, and Karsten Sohr. A first step towards formal verification of security policy properties for RBAC. In ''QSIC '04: Proceedings of the Fourth International Conference on Quality Software'', pages 60--67, Washington, DC, USA, 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p59-damiani.pdf DDPS00]] Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, and Pierangela Samarati. Design and Implementation of an Access Control Processor for XML Documents. ''Computer Networks'', 33:59--75, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/tcsec-dod85.pdf Def85]] Department of Defense. ''Department of Defense Trusted Computer System Evaluation Criteria''. United States Government Printing Office, December 1985. DOD 5200.28-STD (The Orange Book). [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p236-denning.pdf Den76]] Dorothy E. Denning. A Lattice Model of Secure Information Flow. ''Commun. ACM'', 19(5):236--243, 1976. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cts2006-oce-dynamic-access-control-05.pdf DGTE06]] Yuri Demchenko, Leon Gommans, Andrew Tokmakoff, Rene van Buuren, and Cees de Laut. Policy Based Access Control in Dynamic Grid-based Collaborative Environment. In ''International Symposium on Collaborative Technologies and Systems CTS 2006'', pages 64--73. University of Amsterdam, May 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01578976.pdf DJYM05]] Wu Di, Lin Jian, Dong Yabo, and Zhu Miaoliang. Using Semantic Web Technologies to Specify Constraints of RBAC. In ''Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2005'', pages 543--545, Washington, DC, USA, December 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01265447.pdf DMP04]] Fredj Dridi, Björn Muschall, and Günther Pernul. Administration of an RBAC System. In ''Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS '04)'', volume 07, pages 70187b--92, Los Alamitos, CA, USA, 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/acpande.pdf DPS03]] Sabrina De Capitani di Vimercati, Stefano Paraboschi, and Pierangela Samarati. Access Control: Principles and Solutions. ''Software: Practice and Experience'', 33(5):397--421, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbaclab.pdf Du06]] Wenliang Du. Role-Based Access Control (RBAC) Lab. Lab Description developed under NSF grant, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p53-evered.pdf EB04]] Mark Evered and Serge Bögeholz. A Case Study in Access Control Requirements for a Health Information System. In ''ACSW Frontiers '04: Proceedings of the Second Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation'', pages 53--61, Darlinghurst, Australia, Australia, 2004. Australian Computer Society, Inc. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-pete.pdf Eps02]] Pete A. Epstein. ''Engineering of Role/Permission Assignments''. PhD thesis, George Mason University, 2002. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/uml-org.pdf ES99]] Pete Epstein and Ravi Sandhu. Towards a UML Based Approach to Role Engineering. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-based Access Control'', pages 135--143, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p95-faden.pdf Fad99]] Glenn Faden. RBAC in UNIX Administration. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 95--101, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p77-ferraiolo.pdf FB97]] David Ferraiolo and John Barkley. Specifying and Managing Role-Based Access Control Within a Corporate Intranet. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-based Access Control'', pages 77--82, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p34-ferraiolo.pdf FBK99]] David F. Ferraiolo, John F. Barkley, and D. Richard Kuhn. A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet. ''ACM Transactions on Information and System Security'', 2(1):34--64, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p12-ferraiolo.pdf FCAG03]] David F. Ferraiolo, R. Chandramouli, Gail-Joon Ahn, and Serban I. Gavrila. The Role Control Center: Features and Case Studies. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 12--20, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ferraiolo-cugini-kuhn-95.pdf FCK95]] David F. Ferraiolo, Janet A. Cugini, and D. Richard Kuhn. Role-Based Access Control: Features and Motivations. In ''Proceedings of the 11th Annual Computer Security Applications Conference (CSAC '95)'', 1995; also in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ferraiolo-cugini-kuhn-95.ps postscript]] and [[http://hissa.ncsl.nist.gov/rbac/newpaper/rbac.html HTML]]. [[http://www.sun.com/bigadmin/features/articles/id_rbac.html Feh05]] Scott Fehrman. Using Sun Java System Identity Manager With RBAC Profiles in the Solaris OS. Sun Microsystem's The !BigAdmin System Administration Portal, August 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sd541cond.pdf Fer04]] Richard Fernandez. COMPACFLT SEAC RBAC, June 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACcase-study.pdf Fer05a]] Richard Fernandez. Enterprise Dynamic Access Control (EDAC) Case Study. Technical report, United States Pacific Fleet, May 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACcompliance.pdf Fer05b]] Richard Fernandez. Enterprise Dynamic Access Control (EDAC) Compliance with the American National Standards Institute (ANSI) Role Based Access Control (RBAC). Technical report, United States Pacific Fleet, May 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/EDACv2overview.pdf Fer06]] Richard Fernandez. Enterprise Dynamic Access Control Version 2 Overview. Technical report, United States Pacific Fleet, January 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p141-fraser.pdf FFME01]] Timothy Fraser, David Ferraiolo, Mikel L. Matthews, Casey Schaufler, Stephen Smalley, and Robert Watson. Panel: Which Access Control Technique Will Provide the Greatest Overall benefit? In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 141--149, New York, NY, USA, 2001. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p11-ferraiolo.pdf FGHK05]] David F. Ferraiolo, Serban Gavrila, Vincent Hu, and D. Richard Kuhn. Composing and Combining Policies under the Policy Machine. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 11--20, New York, NY, USA, 2005. ACM Press. [[http://csrc.nist.gov/publications/nistir/ir4976.txt FGL92]] David F. Ferraiolo, Dennis M. Gilbert, and Nickilyn Lynch. Assessing Federal and Commercial Information Needs. Technical Report NISTIR 4976, National Institute of Standards and Technology, November 1992. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fernandez97determining.pdf FH97]] Eduardo B. Fernandez and J. C. Hawkins. Determining Role Rights from Use Cases. In ''Proceedings of the 2nd ACM Workshop on Role Based Access Control (RBAC'97)'', pages 121--126, 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ferraiolo-kuhn-92.pdf FK92]] David Ferraiolo and Richard Kuhn. Role-Based Access Control. In ''Proceedings of the 15th NIST-NCSC National Computer Security Conference'', pages 554--563, 1992; also in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ferraiolo-kuhn-92.ps postscript]]. [[http://csrc.nist.gov/rbac/NIST-ITL-RBAC-bulletin.html FK95]] David Ferraiolo and Richard Kuhn. An Introduction to Role-Based Access Control. Technical report, National Institute of Standards and Technology, December 1995. [[http://www.amazon.com/gp/product/1580533701/ FKC03]] David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli. ''Role-Based Access Control''. Artech House, Inc., Norwood, MA, USA, 2003. [[http://csrc.nist.gov/rbac/ FKCB06]] David Ferraiolo, Rick Kuhn, Ramaswamy Chandramouli, and John Barkley. Role-Based Access Control. National Institute of Standards and Technology web site, September 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p196-fisler.pdf FKMT05]] Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, and Michael Carl Tschantz. Verification and Change-Impact Analysis of Access-Control Policies. In ''ICSE '05: Proceedings of the 27th international Conference on Software engineering'', pages 196--205, New York, NY, USA, 2005. ACM Press. [[http://csrc.nist.gov/staff/kuhn/rkhome.html FKS06]] David F. Ferraiolo, D. Richard Kuhn, and Ravi S. Sandhu. Comments on 'A Critique of the ANSI Standard on Role Based Access Control'. ''IEEE Security and Privacy'', 2006. to appear 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01662285.pdf Fle06]] Felix F. Flemish. Using CORBA and XML to Deliver Unified NGN Management Interfaces - Rationale and Summary. In ''Proceedings of The 1st International Workshop on Broadband Convergence Networks, 2006. BcN 2006'', pages 1--6, April 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/drbac-icdcs02.pdf FPPE02]] Eric Freudenthal, Tracy Pesin, Lawrence Port, Edward Keenan, and Vijay Karamcheti. dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments. In ''Proceedings of the 22nd International Conference on Distributed Computing Systems'', pages 411--420, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacSTD-ACM.pdf FSGE01]] David F. Ferraiolo, Ravi S. Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed NIST Standard for Role-Based Access Control. ''ACM Trans. Inf. Syst. Secur.'', 4(3):224--274, 2001; [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/RBAC-std-draft.doc also in MS Word]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p81-gavrila.pdf GB98a]] Serban I. Gavrila and John F. Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 81--90, New York, NY, USA, 1998. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p55-goh.pdf GB98b]] Cheh Goh and Adrian Baldwin. Towards a More Complete Model of Role. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 55--62, New York, NY, USA, 1998. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2957.pdf GC04]] Jeroen van de Graaf and Osvaldo Carvalho. Reflecting on X.509 and LDAP or How Separating Identity and Attributes Could Simplify a PKI. In ''Fourth Workshop em Segurança de Sistemas Computacionais WSEG2004''. UFMG, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00630829.pdf GDS97]] Mats Gustafsson, Benoit Deligny, and Nahid Shahmehri. Using NFS to Implement Role-Based Access Control. In ''WET-ICE '97: Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises'', pages 299--304, Washington, DC, USA, 1997. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/gao-etal-2004.pdf GDYE04]] Shu Gao, Yi Deng, Huiqin Yu, Xudong He, Konstantin Beznosov, and Kendra Cooper. Applying Aspect-Orientation in Designing Security Systems: A Case Study. In ''Proceedings of the Sixteenth International Conference on Software Engineering and Knowledge Engineering'', 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00674833.pdf GGF98]] Virgi D. Gligor, Serban I. Gavrila, and David Ferraiolo. On the Formal Definition of Separation-of-Duty Policies and Their Composition. In ''Proceedings of the 19th IEEE Computer Society Symposium on Research in Security and Privacy'', pages 1--12, Washington, DC, USA, May 1998. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01583874.pdf GHv06]] Paul G. Greeff, Gerhard P. Hancke, and Derrick L. van der Merwe. Design of an Access Control Module for an Instrumentation Gateway. ''IEEE Transactions on Instrumentation and Measurement'', 55(1):140--149, February 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01227041.pdf GHvH03]] Paul G. Greeff, Gerhard P. Hancke, Derrick L. van der Merwe, and László Horváth. Design of an Access Control Module for an Instrumentation Gateway. In ''Virtual Environments, IEEE International Symposium on Human-Computer Interfaces and Measurement Systems, 2003. VECIMS '03'', pages 119--124, July 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00503698.pdf GI96]] Luigi Giuri and Pietro Iglio. A Formal Model for Role-Based Access Control with Constraints. In ''Proceedings of the 9th IEEE Computer Security Foundations Workshop'', pages 136--145, Washington, DC, USA, June 1996. IEEE Computer Society. [[http://digitalbusinessstrategy.com/?p=48 Gif06]] Bob Gifford. My RBAC Heresy. ''Digital Business Strategy'', June 2006. [[http://www.databasejournal.com/features/mysql/article.php/10897_3311731_2 Gil04]] Ian Gilfillan. An introduction to MySQL permissions, February 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p91-giuri.pdf Giu98]] Luigi Giuri. Role-Based Access Control in Java. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 91--100, New York, NY, USA, 1998. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p11-giuri.pdf Giu99]] Luigi Giuri. Role-Based Access Control on the Web Using Java. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 11--18, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/dotguide.pdf GKN02]] Emden Gansner, Eleftherios Koutsofios, and Stephen North. ''Drawing graphs with dot''. AT&T Labs, Inc. - Research, February 2002. see also www.graphviz.org. [[http://www.computerworld.com/securitytopics/security/story/0,10801,86699,00.html GL03]] Trey Guerin and Richard Lord. How role-based access control can provide security and business benefits. ''ComputerWorld'', November 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p21-georgiadis.pdf GMPT01]] Christos K. Georgiadis, Ioannis Mavridis, George Pangalos, and Roshan K. Thomas. Flexible Team-Based Access Control Using Contexts. In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 21--27, New York, NY, USA, 2001. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p90-guth.pdf GNS03]] Susanne Guth, Gustaf Neumann, and Mark Strembeck. Experiences with the Enforcement of Access Rights Extracted from ODRL-based Digital Contracts. In ''DRM '03: Proceedings of the 3rd ACM Workshop on Digital Rights Management'', pages 90--102, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/report02-1.pdf GOK02]] Michael A. Gallaher, Alan C. O'Connor, and Brian M. Kropp. The Economic Impact of Role Based Access Control. Technical Report Planning Report 02-01, Research Triangle Institute, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cs1050005.pdf Gov04]] Government Reform Committee. Report of the Best Practices and Metrics Teams. Technical Report CS1/05-0005, United States House of Representatives, November 2004. Corporate Information Security Working Group of the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census of the Government Reform Committee. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01665170.pdf GOvE06]] Sachin Ganu, Maximilian Ott, Ivan Šeškar, Dipankar Raychaudhuri, and Sanjoy Paul. Architecture and Framework for Supporting Open-Access Multi-user Wireless Experimentation. In ''Proceedings of the First International Conference on Communication System Software and Middleware, Comsware 2006'', pages 1--9, New York, NY USA, January 2006. IEEE Communiations Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01624027.pdf GPR06]] Zvi Gutterman, Benny Pinkas, and Tzachy Reinman. Analysis of the Linux Random Number Generator. Cryptology ePrint Archive, Report 2006/086, 2006. url = http://eprint.iacr.org/. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/weiguan.pdf Gua06]] Wei Guan. Improvement on role based access control model. Technical report, Information Retrieval Lab of IIT, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p83-huang.pdf HA99]] Wei-Kuang Huang and Vijayalakshmi Atluri. !SecureFlow: A Secure Web-Enabled Workflow Management System. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 83--94, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/STAT_RBAC_Paper.pdf Har06]] Harris Corp. Role-Based Access Control In Network Vulnerability Management. Technical report, Harris Corp., March 2006. [[http://www.hackinglinuxexposed.com/articles/20030424.html Hat03]] Brian Hatch. Linux File Permission Confusion pt 2. Hacking Linux Exposed web site, April 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/341.pdf Hil97]] Burkhard Hilchenbach. Observations on the Real-World Implementation of Role-Based Access Control. In ''Proceedings of the 20th National Information Systems Security Conference'', pages 341--352, October 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sg246647.pdf HJLE06]] Alicia Harvey, Travis Jeanneret, Thiam Cheng Lee, Rangarajan S. Manavalan, and Marty Trice. ''Administering and Implementing !WebSphere Business Integration Server V4.3''. IBM Redbook. IBM International Technical Support Organization, ibm.com/redbooks, first edition, April 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/hallyn.pdf HK00]] Serge E. Hallyn and Phil Kearns. Domain and Type Enforcement for Linux. In ''Proceedings of the 4th Annual Linux Showcase and Conference'', pages 247--260. The USENIX Association, October 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01636184.pdf HKF06]] Vincent C. Hu, D. Richard Kuhn, and David F. Ferraiolo. The Computational Complexity of Enforceability Validation for Generic Access Control Rules. In ''IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06)'', volume 1, pages 260--267, Los Alamitos, CA, USA, 2006. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00848442.pdf HMME00]] Amir Herzberg, Yosi Mass, Joris Michaeli, Yiftach Ravid, and Dalit Naor. Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In ''SP '00: Proceedings of the 2000 IEEE Symposium on Security and Privacy'', page 2, Washington, DC, USA, 2000. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/hua98modeling.pdf HO98]] Lingling Hua and Sylvia Osborn. Modeling UNIX Access Control with a Role Graph. In ''Proceedings of 1998 International Conference on Computers and Information'', June 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/060322.pdf Hoa06]] John C. Hoag. An Architecture for Network Operations and Management Based on State and Services. In ''Proceedings of The 1st International Workshop on Broadband Convergence Networks, 2006. BcN 2006'', pages 205--208, April 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00646185.pdf Hof97]] J. Hoffman. Implementing RBAC on a Type Enforced System. In ''ACSAC '97: Proceedings of the 13th Annual Computer Security Applications Conference'', pages 158--163, Washington, DC, USA, 1997. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ActiveRbacManual.pdf Hol06]] Manuel Holtgrewe. ''The ActiveRBAC Manual for ActiveRBAC 0.3.1'', 0.3.1 edition, April 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01541190.pdf HPN05]] Zhijun He, Tuan Phan, and Thu D. Nguyen. Enforcing Enterprise-Wide Policies Over Standard Client-Server Interactions. In ''SRDS '05: Proceedings of the 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05)'', pages 119--131, Washington, DC, USA, 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p461-harrison.pdf HRU76]] Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. Protection in Operating Systems. ''Commun. ACM'', 19(8):461--471, 1976. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01265212.pdf Hun04]] Patrick C. K. Hung. From Conflict of Interest to Separation of Duties in WS-Policy for Web Services Matchmaking Process. In ''Proceedings of the 37th Annual Hawaii International Conference on System Sciences'', pages 1--10, January 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00902348.pdf HV00]] M. Hitchens and V. Varadharajan. Design and Specification of Role Based Access Control Policies. ''IEE Proceedings on Software'', 147(4):117--129, August 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/95948X509A4.ps ISO93]] ISO/IEC. ITU-T Rec. x.509 (1993E), Information technology -- Open Systems Interconnection -- The Directory: Authentication Framework. Technical Report Recommendation X.509 ISO/IEC 9594-8, ISO/IEC, 1993. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/c021573_ISO_IEC_13568_2002E.pdf ISO02]] ISO/IEC. Information Technology - Z Formal Specification Notation - Syntax, Type System and Semantics. Technical Report 13568:2002, ISO/IEC, July 2002. International Standard. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p33-jaeger.pdf Jae99]] Trent Jaeger. On the Increasing Importance of Constraints. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-based Access Control'', pages 33--42, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p38-joshi.pdf JAGS01]] James B. D. Joshi, Walid G. Aref, Arif Ghafoor, and Eugene H. Spafford. Security Models for Web-Based Applications. ''Commun. ACM'', 44(2):38--44, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/jansen98revised.pdf Jan98]] W. A. Jansen. A Revised Model for Role-Based Access Control. IR 6192, NIST, July 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p81-joshi.pdf JB06]] James B. D. Joshi and Elisa Bertino. Fine-Grained Role-Based Delegation in the Presence of the Hybrid Role Hierarchy. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 81--90, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01355921.pdf JBBG04]] James B. D. Joshi, Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. Access-Control Language for Multidomain Environments. ''IEEE Internet Computing'', 8(6):40--50, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2004-46.pdf JBBG05]] James Joshi, Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. X- RBAC: An Access Control Language for Multi-domain Environments. Technical Report TR 2004-46, Purdue University CERIAS, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p74-joshi.pdf JBG02]] James B D Joshi, Elisa Bertino, and Arif Ghafoor. Temporal Hierarchies and Inheritance Semantics for GTRBAC. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 74--83, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01453534.pdf JBG05]] James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model. ''IEEE Transactions on Dependable and Secure Computing'', 2(2):157--175, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-25.pdf JBJ06]] E. Bertino. A. Ghafoor James B. Joshi. Formal Foundations for Hybrid Hierarchies in GTRBAC. Technical Report TR 2006-25, Purdue University CERIAS, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2001-47.pdf JBLG01]] James B. D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. Generalized Temporal Role Based Access Control Model (GTRBAC) (Part I) - Specification and Modeling. Technical Report TR 2001-47, Purdue University CERIAS, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-01.pdf JBLG03]] James B. D. Joshi, Elisa Bertin, Usman Latif, and Arif Ghafoor. Generalized Temporal Role Based Access Control Model (GTRBAC) (Part II) - Expressiveness and Design Issues. Technical Report TR 2003-01, Purdue University CERIAS, 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01363762.pdf JBLG05]] James B. D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A Generalized Temporal Role-Based Access Control Model. ''IEEE Transactions on Knowledge and Data Engineering'', 17(1):4--23, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-23.pdf Jos03]] James B. D. Joshi. ''A Generalized Temporal Role Based Access Control Model for Developing Secure Systems''. PhD thesis, Purdue University, August 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p51-joshi.pdf JSGB03]] James B. D. Joshi, Basit Shafiq, Arif Ghafoor, and Elisa Bertino. Dependencies and Separation of Duty Constraints in GTRBAC. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 51--64, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00601312.pdf JSS97]] Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A Logical Language for Expressing Authorizations. In ''SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy'', page 31, Washington, DC, USA, 1997. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p65-jaeger.pdf JT00]] Trent Jaeger and Jonathon E. Tidswell. Rebuttal to the NIST RBAC Model Proposal. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 65--66, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p158-jaeger.pdf JT01]] Trent Jaeger and Jonathon E. Tidswell. Practical Safety in Flexible Access Control Models. ''ACM Trans. Inf. Syst. Secur.'', 4(2):158--190, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00856939.pdf Kar00]] Guenter Karjoth. An Operational Semantics of Java 2 Access Control. In ''CSFW '00: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW'00)'', page 224, Washington, DC, USA, 2000. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p29-kane.pdf KB06]] Kevin Kane and James C. Browne. On Classifying Access Control Implementations for Distributed Systems. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 29--38, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Or-BAC.pdf KBME03]] Anas Abou El Kalam, Salem Benferhat, Alexandre Miège, Rania El Baida, Frédéric Cuppens, Claire Saurel, Philippe Balbiani, Yves Deswarte, and Gilles Trouessin. Organization Based Access Control. In ''POLICY '03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks'', page 120, Washington, DC, USA, 2003. IEEE Computer Society. [[http://www.networkworld.com/newsletters/dir/2005/0207id1.html Kea05]] Dave Kearns. Rules and policies vs. actual practice - Network World. ''Network World'', February 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176305.pdf Ker02]] Axel Kern. Advanced Features for Enterprise-Wide Role-Based Access Control. In ''ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference'', page 333, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p53-kumar.pdf KKC02]] Arun Kumar, Neeran Karnik, and Girish Chafle. Context Sensitivity in Role-Based Access Control. ''SIGOPS Oper. Syst. Rev.'', 36(3):53--66, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p87-kern.pdf KKKR04]] Axel Kern, Martin Kuhlmann, Rainer Kuropka, and Andreas Ruthert. A Meta Model for Authorisations in Application Security Systems and Their Integration into RBAC Administration. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 87--96, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p43-kern.pdf KKSM02]] Axel Kern, Martin Kuhlmann, Andreas Schaad, and Jonathan Moffett. Observations on the Role Life-Cycle in the Context of Enterprise Security Management. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 43--51, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p332-koch.pdf KMPP02]] Manuel Koch, Luigi V. Mancini, and Francesco Parisi-Presicce. A Graph-Based Formalism for RBAC. ''ACM Trans. Inf. Syst. Secur.'', 5(3):332--365, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p97-koch.pdf KMPP04]] M. Koch, L. V. Mancini, and F. Parisi-Presicce. Administrative Scope in the Graph-Based Framework. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 97--104, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p66-kang.pdf KPF01]] Myong H. Kang, Joon S. Park, and Judith N. Froscher. Access Control Mechanisms for Inter-organizational Workflow. In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 66--74, New York, NY, USA, 2001. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/kandala02secure.pdf KS02]] Savith Kandala and Ravi S. Sandhu. Secure Role-Based Workflow Models. In ''DAS'01: Proceedings of the Fifteenth Annual Working Conference on Database and Application Security'', pages 45--58, Norwell, MA, USA, 2002. Kluwer Academic Publishers. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p210-keppler.pdf KSJ06]] David Keppler, Vipin Swarup, and Sushil Jajodia. Redirection Policies for Mission-Based Information Sharing. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 210--218, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-kern.pdf KSM03]] Axel Kern, Andreas Schaad, and Jonathan Moffett. An Administration Concept for the Enterprise Role-Based Access Control Model. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 3--11, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p23-kuhn.pdf Kuh97]] D. Richard Kuhn. Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 23--30, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p25-kuhn.pdf Kuh98]] D. Richard Kuhn. Role Based Access Control on MLS Systems Without Kernel Changes. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-based Access Control'', pages 25--32, New York, NY, USA, 1998. ACM Press. [[http://csrc.nist.gov/staff/kuhn/rkhome.html Kuh06]] Rick Kuhn. Rick Kuhn, CSD - Computer Security Resource Center. National Institute of Standards and Technology web site, September 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p130-kern.pdf KW05]] Axel Kern and Claudia Walhorn. Rule Support for Role-Based Access Control. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 130--138, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p265-lampson.pdf LABW92]] Butler Lampson, Martín Abadi, Michael Burrows, and Edward Wobber. Authentication in Distributed Systems: Theory and Practice. ''ACM Trans. Comput. Syst.'', 10(4):265--310, 1992. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p18-lampson.pdf Lam71]] Butler W. Lampson. Protection. In ''Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems'', pages 437--443, Princeton, NJ, USA, March 1971. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/waveset_WP_HIPAA_Compliance.pdf Lan03]] Doug Landoll. Achieving HIPAA Compliance with Identity Management from Waveset. Technical report, Waveset Technologies, Inc., 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/aboutRBACStandard.pdf LBB06]] Ninghui Li, Ji-Won Byun, and Elisa Bertino. A Critique of the ANSI Standard on Role Based Access Control. ''IEEE Security and Privacy'', 2006. Revision under review. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p42-li.pdf LBT04]] Ninghui Li, Ziad Bizri, and Mahesh V. Tripunitara. On Mutually-Exclusive Roles and Separation of Duty. In ''CCS '04: Proceedings of the 11th ACM Conference on Computer and Communications Security'', pages 42--51, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/HPL-1999-59.pdf Lin99]] Along Lin. Integrating Policy-Driven Role Based Access Control with the Common Data Security Architecture. Technical Report HPL-1999-59, HP Labs, April 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/BcN2006-PS13.pdf LM06]] Chae-Sub Lee and Naotaka Morita. Next Generation Network Standards in ITU-T. In ''Proceedings of The 1st International Workshop on Broadband Convergence Networks, 2006. BcN 2006'', pages 1--15, April 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p11-lupu.pdf LMSY96]] Emil C. Lupu, Damian A. Marriott, Morris S. Sloman, and Nicholas Yialelis. A Policy Based Role Framework for Access Control. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', page 11, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01004366.pdf LMW02]] Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a Role-based Trust-management Framework. In ''Proceedings of the 2002 IEEE Symposium on Security and Privacy'', pages 114--130, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2004-03.pdf LMWE04]] Ninghui Li, John C. Mitchell, William H. Winsborough, Kent E. Seamons, Michael Halcrow, and Jared Jacobson. RTML: A Role-based Trust-management Markup Language. Technical Report TR 2004-3, Purdue University CERIAS, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00800059.pdf LN99]] !HyungHyo Lee and !BongNam Noh. An Integrity Enforcement Application Design and Operation Framework in Role-Based Access Control Systems: A Session-Oriented Approach. In ''Proceedings of the 1999 International Workshop on Parallel Processing'', pages 179--184, Washington, DC, USA, September 1999. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p25-lorch.pdf LPLE03]] Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafura, and Sumit Shah. First Experiences Using XACML for Access Control in Distributed Systems. In ''XMLSEC '03: Proceedings of the 2003 ACM Workshop on XML security'', pages 25--37, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01552918.pdf LSQ05]] Qi Li, Jingpu Shi, and Sihan Qing. An Administration Model of DRBAC on the Web. In ''2005 IEEE International Conference on e-Business Engineering (ICEBE 2005)'', pages 364--367, Washington, DC, USA, October 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p126-li.pdf LT04]] Ninghui Li and Mahesh V. Tripunitara. Security Analysis in Role-Based Access Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 126--135, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2005-02.pdf LT05]] Ninghui Li and Mahesh V. Tripunitara. Security Analysis in Role-Based Access Control. Technical Report TR 2005-02, Purdue University CERIAS, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbac_analysis_tissec.pdf LT06]] Ninghui Li and Mahesh V. Tripunitara. Security Analysis in Role-Based Access Control. ''ACM Transactions on Information and System Security (TISSEC)'', 2006. to appear. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/algebra_ccs06.pdf LW06]] Ninghui Li and Qihua Wang. Beyond Separation of Duty: An Algebra for Specifying High-level Security Policies. In ''Proceedings of the ACM Conference in Computer and Communications Security (CCS)'', November 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p112-liu.pdf LWGE06]] Yanhong A. Liu, Chen Wang, Michael Gorbovitski, Tom Rothamel, Yongxi Cheng, Yingchao Zhao, and Jing Zhang. Core Role-Based Access Control: Efficient Implementations by Transformations. In ''PEPM '06: Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation'', pages 112--120, New York, NY, USA, 2006. ACM Press. [[http://www.idsynch.com/docs/beyond-roles.html M-T06]] M-Tech Information Technology, Inc. Beyond Roles: A Practical Approach to Enterprise User Provisioning. Web article, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176310.pdf Mar02]] Andrew D. Marshall. A Financial Institution's Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard. In ''Proceedings of the 18th Annual Computer Security Applications Conference'', pages 382--390, Washington, DC, USA, 2002. IEEE Computer Society. [[http://www.tonymarston.net/php-mysql/role-based-access-control.html Mar04]] Tony Marston. A Role-Based Access Control (RBAC) System for PHP, May 2004. [[http://www.tonymarston.net/php-mysql/php-mysql(whatsnew).html Mar06a]] Tony Marston. What's New in the world of PHP and MySQL, September 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/WFFdyMeSysUG.pdf Mar06b]] Marver Solutions Ltd. ''WFF Dynamic Menu System User Guide, Dynamic menu and navigation based on access control settings'', June 2006. Version 1.0. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2005-62.pdf MBGM05]] Ammar Masood, Rafae Bhatti, Arif Gahfoor, and Aditya P. Mathur. Model-based Testing of Access Control Systems that Employ RBAC Policies. Technical Report TR 2005-62, Purdue University CERIAS, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01214883.pdf MDS03]] Till Mossakowski, Michael Drouineaud, and Karsten Sohr. A Temporal-Logic Extension of Role-Based Access Control Covering Dynamic Separation of Duties. In ''Proceedings of the Fourth International Conference on Temporal Logic and 10th International Symposium on Temporal Representation and Reasoning'', pages 83--90, Washington, DC, USA, July 2003. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01229859.pdf MF03]] Gustavo H. M. B. Motta and Sergio S. Furuie. A Contextual Role-Based Access Control Authorization Model for Electronic Patient Record. ''IEEE Transactions on Information Technology in Biomedicine'', 7(3):202--207, September 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-24.pdf MGM06]] Ammar Masood, Arif Ghafoor, and Aditya Mathur. Scalable and Effective Test Generation for Access Control Systems that Employ RBAC Policies. Technical Report TR 2006-24, Purdue University CERIAS, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/moffett99uses.pdf ML99]] Jonathan D. Moffett and Emil Lupu. The Uses of Role Hierarchies in Access Control. In ''ACM Workshop on Role-Based Access Control'', pages 153--160, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/moffett93policy.pdf MS93]] Jonathan D. Moffett and Morris S. Sloman. Policy Conflict Analysis in Distributed System Management. ''Journal of Organizational Computing'', pages 1--19, 1993. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/an-approach-to-extract.pdf MSSN04]] Jan Mendling, Mark Strembeck, Gerald Stermsek, and Gustaf Neumann. An Approach to Extract RBAC Models from BPEL4WS Processes. In ''13th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprises (WETICE 2004)'', pages 81--86, Washington, DC, USA, June 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-qamar.pdf Mun00]] Qamar Munawer. ''Administrative Models for Role-Based Access Control''. PhD thesis, George Mason University, 2000. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/konquerorh9E2Ta.1-en.pdf MyS06a]] MySQL AB. ''MySQL 3.23, 4.0, 4.1 Reference Manual'', 3517 edition, October 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/konquerorsdK2Hb.pdf MyS06b]] MySQL AB. ''MySQL GUI Tools Manual'', 3513 edition, September 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003-icics-nabhen-jamhour-maziero.pdf NJM03]] Ricardo Nabhen, Edgard Jamhour, and Carlos Maziero. A Policy-Based Framework for RBAC. In Marcus Brunner and Alexander Keller, editors, ''Self-Managing Distributed Systems, Proceedings of the 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2003'', volume 2867 of ''Lecture Notes in Computer Science'', pages 181--193. Springer, October 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2004-wgrs-nabhen-jamhour-maziero.pdf NJM04]] Ricardo Nabhen, Edgard Jamhour, and Carlos Maziero. RBPIM: Enforcing RBAC Policies in Distributed Heterogeneous Systems. In ''Workshop de Gerência e Operação de Redes e Serviços'', 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p45-nyanchama.pdf NO93]] Matunda Nyanchama and Sylvia Osborn. Role-Based Security, Object Oriented Databases and Separation of Duty. ''SIGMOD Rec.'', 22(4):45--51, 1993. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/nyanchama94access.pdf NO94]] Matunda Nyanchama and Sylvia L. Osborn. Access Rights Administration in Role-Based Security Systems. In ''Proceedings of the IFIP WG11.3 Working Conference on Database Security VII'', pages 37--56. North-Holland, 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-nyanchama.pdf NO99]] Matunda Nyanchama and Sylvia Osborn. The Role Graph Model and Conflict of Interest. ''ACM Trans. Inf. Syst. Secur.'', 2(1):3--33, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/nebraska.pdf Nov04]] Novell. State of Nebraska Case Study. www.novel.com, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/conundrums.pdf NP90]] Michael J. Nash and Keith R. Poland. Some Conundrums Concerning Separation of Duty. In ''IEEE Computer Society Symposium on Research in Security and Privacy'', pages 201--207, Washington, DC, USA, May 1990. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/neumann01design.pdf NS01]] Gustaf Neumann and Mark Strembeck. Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. In ''ACM Conference on Computer and Communications Security'', pages 58--67, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p33-neumann.pdf NS02]] Gustaf Neumann and Mark Strembeck. A Scenario-driven Role Engineering Process for Functional RBAC Roles. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 33--42, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p65-strembeck.pdf NS03]] Gustaf Neumann and Mark Strembeck. An Approach to Engineer and Enforce Context Constraints in an RBAC Environment. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 65--79, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/IC_TECH_REPORT_200131.pdf NW01]] Txomin Nieva and Alain Wegmann. A Role-based Use Case Model for Remote Data Acquisition Systems. Technical Report DSC/201/031, Institute for Computer Communications and Applications (ICA), Swiss Federal Institute of Technology, Lausanne, Switzerland, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/neumann00xotcl.pdf NZ00]] Gustaf Neumann and Uwe Zdun. XOTcl: An Object-Oriented Scripting Language. In ''Proceedings of the Seventh USENIX Conference'', pages 163--174, February 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cd-xacml-rbac-profile-01.pdf OAS04]] OASIS Technical Committee. XACML Profile for Role Based Access, February 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_control-xacml-2.0-rbac-profile1-spec-os.pdf OAS05a]] OASIS Technical Committee. Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML v2.0. Technical report, Organization for the Advancement of Structured Information Standards, February 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_control-xacml-2.0-saml-profile-spec-os.pdf OAS05b]] OASIS Technical Committee. OASIS eXtensible Access Control Markup Language (xacml) v2.0. Technical report, Organization for the Advancement of Structured Information Standards, February 2005. XACML-2.0-OS-NORMATIVE.zip. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01000036.pdf OF02]] Rafael R. Obelheiro and Joni S. Fraga. Role-Based Access Control for CORBA Distributed Object Systems. In ''WORDS '02: Proceedings of the The Seventh IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2002)'', page 53, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/osborn00modeling.pdf OG00]] Sylvia Osborn and Yuxia Guo. Modeling Users in Role-Based Access Control. In ''ACM RBAC 2000'', pages 31--37, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00945161.pdf OP01]] Sejong Oh and Seog Park. Enterprise Model as a Basis of Administration on Role-Based Access Control. In ''The Proceedings of the Third International Symposium on Cooperative Database Systems for Advanced Applications, CODAS 2001'', pages 150--158, Washington, DC, USA, April 2001. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/guide.pdf Ope05]] The OpenLDAP Foundation. ''OpenLDAP Software 2.3 Administrator's Guide'', 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p155-oh.pdf OS02]] Sejong Oh and Ravi Sandhu. A Model for Role Administration Using Organization Structure. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 155--162, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p31-osborn.pdf Osb97]] Sylvia Osborn. Mandatory Access Control and Role-Based Access Control Revisited. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 31--40, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p163-osborn.pdf Osb02]] Sylvia L. Osborn. Information Flow Analysis of an RBAC System. In ''ACM Symposium on Access Control Models and Technologies'', pages 163--168, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p85-osborn.pdf OSM00]] Sylvia L. Osborn, Ravi S. Sandhu, and Qamar Munawer. Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ''Information and System Security'', 3(2):85--106, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p113-oh.pdf OSZ06]] Sejong Oh, Ravi Sandhu, and Xinwen Zhang. An Effective Role Administration Model Using Organization Structure. ''ACM Trans. Inf. Syst. Secur.'', 9(2):113--137, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/orbit-software-architecture-v2-1.pdf OvSS05]] Maximilian Ott, Ivan Šeškar, Robert J. Siracusa, and Manpreet Singh. ORBIT Testbed Software Architecture: Supporting Experiments as a Service. In ''Proceedings of the First International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, Tridentcom 2005'', pages 136--145, New York, NY USA, February 2005. IEEE Communiations Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jean.pdf Par99]] Joon S. Park. ''Secure Attribute Services on the Web''. PhD thesis, George Mason University, 1999. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jae.pdf Par03]] Jaehong Park. ''Usage Control: A Unified Framework for Next Generation Access Control''. PhD thesis, George Mason University, 2003. Dissertation Director: Dr. Ravi Sandhu. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Joon S. Park, Gail-Joon Ahn, and Ravi S. Sandhu. Role-Based Access Control on the Web Using LDAP. In ''Proceeding of the 15th IFIP WG 11.3 Working Conference on Database and Application Security'', pages 19--30, 2001. [[http://hissa.ncsl.nist.gov/rbac/poole/ir5820/nistir5820.htm PBBE95]] Joseph Poole, John Barkley, Kevin Brady, Anthony Cincotta, and Wayne Salamon. Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications. Technical Report NISTIR 5820, NIST, 1995; also in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/hcpaper.ps postscript]], see also [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbac-slides-omg.ppt PowerPoint slides]]. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/JP_004.pdf PBE01]] Stephen Perelson, Reinhardt Botha, and Jan Eloff. Separation of Duty Administration. ''SACJ/SART'', 27(1):64--70, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p163-park.pdf PCND04]] Joon S. Park, Keith P. Costello, Teresa M. Neven, and Josh A. Diosomito. A Composite RBAC Approach for Large, Complex Organizations. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 163--172, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/phillipsdissdraft.pdf Phi04]] Charles Edward Phillips, Jr. ''Security Assurance for a Resource-Based RBAC/DAC/MAC Security Model''. PhD thesis, University of Connecticut, 2004. Major Advisor: Steven A. Demurjian. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01544776.pdf PJ05]] Smithi Piromruen and James B. D. Joshi. An RBAC Framework for Time Constrained Secure Interoperation in Multi-Domain Environments. In ''WORDS '05: Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems'', pages 36--48, Washington, DC, USA, 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01566202.pdf PM05]] Aneta Poniszewska-Maranda. Role Engineering of Information System Using Extended RBAC Model. In ''WETICE '05: Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise'', pages 154--159, Washington, DC, USA, 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01632009.pdf PMC06]] Anil L. Pereira, Vineela Muppavarapu, and Soon M. Chung. Role-Based Access Control for Grid Database Services Using the Community Authorization Service. ''IEEE Transactions on Dependable and Secure Computing'', 3(2):156--166, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Pavlich-IFIP05.pdf PMDME05]] Jaime A. Pavlich-Mariscal, Thuong Doan, Laurent Michel, Steven A. Demurjian, and T. C. Ting. Role Slices: A Notation for RBAC Permission Assignment and Enforcement. In S. Jojodia, editor, ''Proceedings of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security'', volume 3654 of ''Lecture Notes in Computer Science'', pages 40--53, Berlin / Heidelberg, August 2005. Springer. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/CSAPe.pdf PMDP04]] Torsten Priebe, Björn Muschall, Wolfgang Dobmeier, and Günther Pernul. ''A Flexible Security System for Enterprise and e-Government Portals'', volume 3180 of ''Lecture Notes in Computer Science'', pages 884--893. Springer, Berlin / Heidelberg, October 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/rbacaspect.pdf PMMD05]] Jaime Pavlich-Mariscal, Laurent Michel, and Steven Demurjian. ''A Formal Enforcement Framework for Role-Based Access Control Using Aspect-Oriented Programming'', volume 3713 of ''Lecture Notes in Computer Science'', pages 537--552. Springer, Berlin / Heidelberg, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p236-popek.pdf Pop73]] Gerald J. Popek. Correctness in Access Control. In ''ACM'73: Proceedings of the Annual Conference'', pages 236--241, New York, NY, USA, 1973. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-park.pdf PS99a]] Joon S. Park and Ravi S. Sandhu. RBAC on the Web by Smart Certificates. In ''RBAC '99: Proceedings of the Fourth ACM Workshop on Role-Based Access Control'', pages 1--9, New York, NY, USA, 1999. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] Joon S. Park and Ravi S. Sandhu. Smart Certificates: Extending X.509 for Secure Attribute Services on the Web. In ''Proc. of 22nd National Information Systems Security Conference (NISSC)'', October 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00binding.pdf PS00a]] J. S. Park and Ravi S. Sandhu. Binding Identities and Attributes Using Digitally Signed Certificates. In ''ACSAC 2000'', pages 120--127, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00secure.pdf PS00b]] Joon S. Park and Ravi S. Sandhu. Secure Cookies on the Web. ''IEEE Internet Computing'', 4(4):36--44, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01011294.pdf PS02a]] Jaehong Park and Ravi Sandhu. Originator Control in Usage Control. In ''POLICY '02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)'', pages 60--66, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p57-park.pdf PS02b]] Jaehong Park and Ravi Sandhu. Towards Usage Control Models: Beyond Traditional Access Control. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 57--64, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p128-park.pdf PS04]] Jaehong Park and Ravi Sandhu. The UCONABC Usage Control Model. ''ACM Trans. Inf. Syst. Secur.'', 7(1):128--174, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p37-park.pdf PSA01]] Joon S. Park, Ravi S. Sandhu, and Gail-Joon Ahn. Role-Based Access Control on the Web. ''ACM Trans. Inf. Syst. Secur.'', 4(1):37--71, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park99rbac.pdf PSG99]] Joon S. Park, Ravi S. Sandhu, and !SreeLatha Ghanta. RBAC on the Web by Secure Cookies. In ''IFIP Workshop on Database Security'', pages 49--62, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/wed-b-1530-payne.pdf PTBO99]] C. Payne, D. Thomsen, J. Bogle, and R. O'Brien. Napoleon: A recipe for workflow. In ''ACSAC '99: Proceedings of the 15th Annual Computer Security Applications Conference'', page 134, Washington, DC, USA, 1999. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p87-phillips.pdf PTD02]] Charles E. Phillips, Jr., T.C. Ting, and Steven A. Demurjian. Information Sharing and Security in Dynamic Coalitions. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 87--96, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/IFIP04-mutability.pdf PZS04]] Jaehong Park, Xinwen Zhang, and Ravi S. Sandhu. Attribute Mutability in Usage Control. In Csilla Farkas and Pierangela Samarati, editors, ''Proceedings of the Eighteenth Annual Conference on Data and Applications Security, Research Directions in Data and Applications Security XVIII, IFIP TC11/WG 11.3'', pages 15--29. Kluwer, July 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p115-ray.pdf RLFK04]] Indrakshi Ray, Na Li, Robert France, and Dae-Kyoo Kim. Using UML to Visualize Role-Based Access Control Constraints. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 115--124, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01233707.pdf RNKZ03]] Tatyana Ryutov, Clifford Neuman, Dongho Kim, and Li Zhou. Integrated Access Control and Intrusion Detection for Web Servers. ''IEEE Transactions on Parallel and Distributed Systems'', 14(9):841--850, September 2003. [[http://cuddletech.com/blog/pivot/entry.php?id=362 Roc03]] Ben Rockwood. Using RBAC on (Open)Solaris, September 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sis_2000.pdf ROS00]] G. Pernul R. Oppliger and C. Strauss. Using Attribute Certificates to Implement Role Based Authorization and Access Control Models. In ''Proc. 4th Fachtagung Sicherheit in Informationsystemen (SIS 2000)'', pages 169--184, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/RBAC_DBMS_Comparison.pdf RS98]] Chandramouli Ramaswamy and Ravi S. Sandhu. Role-Based Access Control Features in Commercial Database Management Systems. In ''Proc. 21st NIST-NCSC National Information Systems Security Conference'', pages 503--511, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p103-roeckle.pdf RSW00]] Haio Roeckle, Gerhard Schimpf, and Rupert Weidinger. Process-Oriented Approach for Role-Finding to Implement Role-Based Security Administration in a Large Industrial Organization. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 103--110, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Orbit_WCNC_05_final.pdf RvOE05]] Dipankar Raychaudhuri, Ivan Šeškar, Maximilian Ott, Sachin Ganu, Kishore Ramachandran, Haris Kremo, Robert J. Siracusa, Hang Liu, and Manpreet Singh. Overview of the ORBIT Radio Grid Testbed for Evaluation of Next-Generation Wireless Network Protocols. In ''Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC 2005)'', volume 3, pages 1664--1669, New York, NY USA, March 2005. IEEE Communiations Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01607578.pdf RY05]] Indrakshi Ray and Lijun Yu. Short Paper: Towards a Location-Aware Role-Based Access Control Model. In ''Proceedings of the 1st IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks'', pages 234--236, Los Alamitos, CA, USA, September 2005. IEEE Computer Society. [[http://www.developerdotstar.com/community/node/482 S06]] Ifti S. Implementing RBAC on .Net. developer dot star web site, May 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1121-shin.pdf SACJ04]] Dongwan Shin, Gail-Joon Ahn, Sangrae Cho, and Seunghun Jin. A Role-Based Infrastructure Management System: Design and Implementation. ''Concurr. Comput. : Pract. Exper.'', 16(11):1121--1141, September 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/fulltext-1.pdf SAGM05]] Karsten Sohr, Gail-Joon Ahn, Martin Gogolla, and Lars Migge. Specification and Validation of Authorisation Constraints Using UML and OCL. In Sabrina De Capitani di Vimercati, Paul F. Syverson, and Dieter Gollmann, editors, ''Computer Security, Proceedings of the 10th European Symposium on Research in Computer Security - ESORICS 2005'', volume 3679 of ''Lecture Notes in Computer Science'', pages 64--79, Berlin / Heidelberg, September 2005. Springer. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p15-sohr.pdf SAM05]] Karsten Sohr, Gail-Joon Ahn, and Lars Migge. Articulating and Enforcing Authorisation Policies with UML and OCL. In ''SESS '05: Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications'', pages 1--7, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00113349.pdf San88]] Ravi S. Sandhu. Transaction Control Expressions for Separation of Duties. In ''Proceedings of the Fourth Aerospace Computer Security Applications Conference'', pages 282--286, Washington, DC, USA, December 1988. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00241422.pdf San93]] Ravi S. Sandhu. Lattice-Based Access Control Models. ''Computer'', 26(11):9--19, 1993. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu96access.pdf San96a]] Ravi S. Sandhu. Access Control: The Neglected Frontier. In ''ACISP '96: Proceedings of the First Australasian Conference on Information Security and Privacy'', pages 219--227, London, UK, 1996. Springer-Verlag. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/issue.pdf San96b]] Ravi S. Sandhu. Issues in RBAC. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--21--I--46, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu96role.pdf San96c]] Ravi S. Sandhu. Role Hierarchies and Constraints for Lattice-Based Access Controls. In ''ESORICS '96: Proceedings of the 4th European Symposium on Research in Computer Security'', pages 65--79, London, UK, 1996. Springer-Verlag. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/role-group.pdf San96d]] Ravi S. Sandhu. Roles Versus Groups. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--25--I--26, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/summary-1.pdf San96e]] Ravi S. Sandhu. Workshop Summary. In ''RBAC '95: Proceedings of the First ACM Workshop on Role-Based Access Control'', pages I--1--I--7, New York, NY, USA, 1996. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p33-sandhu.pdf San98a]] Ravi S. Sandhu. Role Activation Hierarchies. In ''RBAC '98: Proceedings of the Third ACM Workshop on Role-Based Access Control'', pages 33--40, New York, NY, USA, 1998. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu97rolebased.pdf San98b]] Ravi S. Sandhu. Role-Based Access Control. In M. Zerkowitz, editor, ''Advances in Computers'', volume 48. Academic Press, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu00engineering.pdf San00]] Ravi S. Sandhu. Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way. In ''ACM RBAC 2000'', pages 111--119, 2000. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/icgt-04.pdf San04]] Ravi S. Sandhu. A Perspective on Graphs and Access Control Models (Invited Talk). In H. Ehrig, G. Engels, F. Parisi-Presicce, and G. Rozenberg, editors, ''Proc. 2nd Intl. Conference on Graph Transformations (ICGT 2004)'', volume 3256 of ''Lecture Notes in Computer Science'', pages 2--12, Berlin/Heidelberg, 2004. Springer-Verlag. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01045125.pdf SAP02]] Dongwan Shin, Gail-Joon Ahn, and Joon S. Park. An Application of Directory Service Markup Language (DSML) for Role-Based Access Control (RBAC). In ''Proceedings of the 26th Annual International Computer Software and Applications Conference, COMPSAC 2002'', pages 934--939, Washington, DC, USA, 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/41_01.doc SB-05]] SB-43509. Principles for the Management of Next Generation Networks, February 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu97ura.pdf SB97]] Ravi S. Sandhu and Venkata Bhamidipati. The URA97 Model for Role-Based User-Role Assignment. In ''IFIP Workshop on Database Security'', pages 262--275, 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu98rolebasedURA97.pdf SB99]] Ravi S. Sandhu and Venkata Bhamidipati. Role-Based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation. ''Journal of Computer Security'', 7(4), 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p41-sandhu.pdf SBCE97]] Ravi Sandhu, Venkata Bhamidipati, Edward Coyne, Srinivas Canta, and Charles Youman. The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline. In ''Proceedings of 2nd ACM Workshop on Role-Based Access Control'', pages 41--54, New York, NY, USA, November 1997. ACM. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p58-shehab.pdf SBG05a]] Mohamed Shehab, Elisa Bertino, and Arif Ghafoor. Secure Collaboration in Mediator-Free Environments. In ''CCS '05: Proceedings of the 12th ACM Conference on Computer and Communications Security'', pages 58--67, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p159-shehab.pdf SBG05b]] Mohamed Shehab, Elisa Bertino, and Arif Ghafoor. SERAT: SEcure Role mApping Technique for Decentralized Secure Interoperability. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 159--167, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p105-sandhu.pdf SBM99]] Ravi Sandhu, Venkata Bhamidipati, and Qamar Munawer. The ARBAC97 Model for Role-Based Administration of Roles. ''ACM Trans. Inf. Syst. Secur.'', 2(1):105--135, 1999. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00367293.pdf SCFY94]] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control: A Multi-Dimensional View. In ''Proceedings of the 10th Annual Computer Security Applications Conference'', pages 54--62, December 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu96rolebased.pdf SCFY96]] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control Models. ''IEEE Computer'', 29(2):38--47, 1996. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00991528.pdf Sch01]] Andreas Schaad. Detecting Conflicts in a Role-based Delegation Model. In ''Proceedings of the 17th Annual Computer Security Applications Conference, 2001. ACSAC 2001'', pages 117--126, December 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/schaad03framework.pdf Sch03]] Andreas Schaad. ''A Framework for Organisational Control Principles''. PhD thesis, The University of York, July 2003. Advisor: Dr. Jonathan Moffett. [[http://www.planetmysql.org/entries/3909 Sch06]] Baron Schwartz. How to build role-based access control in SQL. Planet MySQL blog, August 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p32-siewe.pdf SCZ03]] François Siewe, Antonio Cau, and Hussein Zedan. A Compositional Framework for Access Control Policies Enforcement. In ''FMSE '03: Proceedings of the 2003 ACM Workshop on Formal Methods in Security Engineering'', pages 32--42, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p332-sohr.pdf SDA05]] Karsten Sohr, Michael Drouineaud, and Gail-Joon Ahn. Formal Specification of Role-Based Security Policies for Clinical Information Systems. In ''SAC '05: Proceedings of the 2005 ACM Symposium on Applied Computing'', pages 332--339, New York, NY, USA, 2005. ACM Press. [[http://www.amazon.com/gp/product/0321335724/ Sea06]] Robert C. Seacord. ''Secure Coding in C and C++''. SEI Series in Software Engineering. Addison-Wesley, Upper Saddle River, New Jersey USA, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu94three.pdf SF94]] Ravi S. Sandhu and Hal L. Feinstein. A Three Tier Architecture for Role-Based Access Control. In ''Proc. 17th NIST-NCSC National Computer Security Conference'', pages 34--46, 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sandhu00nist.pdf SFK00]] Ravi Sandhu, David Ferraiolo, and Richard Kuhn. The NIST Model for Role-Based Access Control: Towards a Unified Standard. In ''RBAC '00: Proceedings of the Fifth ACM Workshop on Role-Based Access Control'', pages 47--63, New York, NY, USA, 2000. ACM Press. [[http://dream.sims.berkeley.edu/doc-eng/projects/ROLES/roles-final-report.html SGGE02]] Calvin Smith, Patrick Garvey, Marc Gratacos, E. Liggett, and Charis Kaskiris. ROLES Project Final Report. Technical report, University of California, Berkeley, The Center for Document Engineering, December 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p181-seacord.pdf SH98]] Robert C. Seacord and Scott A. Hissam. Browsers for Distributed Systems: Universal Paradigm or Siren's Song? ''World Wide Web'', 1(4):181--191, 1998; see also [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/98tr010.pdf 98TR010]]. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2006-19.pdf Sha06]] Basit Shafiq. ''Access Control Management and Security in Multi-Domain Collaborative Environments''. PhD thesis, Purdue University, 2006. [[http://idsynch.com/docs/beyond-roles-google.html Sho06]] Idan Shoham. Beyond Roles: A Practical Approach to Enterprise User Provisioning. Technical report, M-Tech, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/secure-interoperation-tkde.pdf SJBG05]] Basit Shafiq, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor. Secure Interoperation in a Multidomain Environment Employing RBAC Policies. ''IEEE Transactions on Knowledge and Data Engineering'', 17(11):1557--1577, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01454316.pdf SJN05]] Timothy E. Squair, Edgard Jamhour, and Ricardo C. Nabhen. An RBAC-Based Policy Information Base. In ''POLICY '05: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05)'', pages 171--180, Washington, DC, USA, 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p139-schaad.pdf SLS06]] Andreas Schaad, Volkmar Lotz, and Karsten Sohr. A Model-Checking Approach to Analysing Organisational Controls in a Loan Origination Process. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 139--149, New York, NY, USA, 2006. ACM Press. [[http://www.informatik.uni-trier.de/~ley/db/journals/compsec/compsec13.html#SolmsM94 SM94]] Sebastiaan H. von Solms and Isak van der Merwe. The Management of Computer Security Profiles Using a Role-Oriented Approach. ''Computers and Security'', 13(8):673--680, 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p47-sandhu.pdf SM98]] Ravi S. Sandhu and Qamar Munawer. How to Do Discretionary Access Control Using Roles. In ''ACM Workshop on Role-Based Access Control'', pages 47--54, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/PositionPapers.pdf SM01]] Andreas Schaad and Jonathan Moffett. The Incorporation of Control Policies into Access Control Policies. In ''Proceedings of the Workshop on Policies for Distributed Systems and Networks, Policy 2001'', pages 18--21, January 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01176294.pdf SM02a]] Andreas Schaad and Jonathan D. Moffett. A Framework for Organisational Control Principles. In ''Proceedings of the 18th Annual Computer Security Applications Conference'', pages 229--238, Washington, DC, USA, December 2002. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p13-schaad.pdf SM02b]] Andreas Schaad and Jonathan D. Moffett. A Lightweight Approach to Specification and Analysis of Role-Based Access Control Extensions. In ''SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies'', pages 13--22, New York, NY, USA, 2002. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1380-schaad.pdf SM04]] Andreas Schaad and Jonathan Moffett. Separation, Review and Supervision Controls in the Context of a Credit Application Process -- A Case Study of Organisational Control Principles. In ''SAC '04: Proceedings of the 2004 ACM Symposium on Applied Computing'', pages 1380--1384, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-schaad.pdf SMJ01]] Andreas Schaad, Jonathan Moffett, and Jeremy Jacob. The Role-Based Access Control System of a European Bank: A Case Study and Discussion. In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 3--9, New York, NY, USA, 2001. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01544773.pdf SMJG05]] Basit Shafiq, Ammar Masood, James Joshi, and Arif Ghafoor. A Role-Based Access Control Policy Verification Framework for Real-Time Systems. In ''10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems'', pages 13--20, Washington, DC, USA, February 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01504134.pdf SMLP05]] Yuqing Sun, Xiangxu Meng, Shijun Liu, and Peng Pan. An Approach for Flexible RBAC Workflow System. In ''Proceedings of the Ninth International Conference on Computer Supported Cooperative Work in Design'', volume 1, pages 524--529, Washington, DC, USA, May 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p392-strembeck.pdf SN04]] Mark Strembeck and Gustaf Neumann. An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ''ACM Trans. Inf. Syst. Secur.'', 7(3):392--427, 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-sandhu.pdf SP98]] Ravi S. Sandhu and Joon S. Park. Decentralized User-Role Assignment for Web-Based Intranets. In ''ACM Workshop on Role-Based Access Control'', pages 1--12, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00934896.pdf SP01]] Won Bo Shim and Seog Park. Implementing Web Access Control System for the Multiple Web Servers in the Same Domain Using RBAC Concept. In ''ICPADS '01: Proceedings of the Eighth International Conference on Parallel and Distributed Systems'', pages 768--773, Washington, DC, USA, 2001. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2003_MMS_UCON.pdf SP03]] Ravi S. Sandhu and Jaehong Park. Usage Control: A Vision for Next Generation Access Control. In Vladimir Gorodetsky, Leonard J. Popyack, and Victor A. Skormin, editors, ''Proceedings of the Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003'', volume 2776 of ''Lecture Notes in Computer Science'', pages 17--31. Springer, September 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/researchpaper.pdf Spe04]] Bradley Spengler. Increasing Performance and Granularity in Role-Based Access Control Systems -- A Case Study in GRSECURITY. Technical report, !OpenOffice.org, May 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/zrm.pdf Spi98]] J. M. Spivey. ''The Z Notation: A Reference Manual, Second Edition''. Oriel College. J. M. Spivey, Oxford, UK, 1998. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p170-sreedhar.pdf Sre06]] Vugranam C. Sreedhar. Data-Centric Security: Role Analysis and Role Typestates. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 170--179, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00312842.pdf SS94]] Ravi S. Sandhu and Pierangela Samarati. Access Control: Principles and Practice. ''IEEE Communications Magazine'', 32(9):40--48, September 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/skm04.pdf SSN04]] Gerald Stermsek, Mark Strembeck, and Gustaf Neumann. Using Subject- and Object-Specific Attributes for Access Control in Web-based Knowledge Management Systems. In ''Proceedings of the Workshop on Secure Knowledge Management (SKM)'', pages 1--6, September 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1328-schaad.pdf SSW05]] Andreas Schaad, Pascal Spadone, and Helmut Weichsel. A Case Study of Separation of Duty Properties in the Context of the Austrian "eLaw" Process. In ''SAC '05: Proceedings of the 2005 ACM Symposium on Applied Computing'', pages 1328--1332, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/se2004.pdf Str04]] Mark Strembeck. Conflict Checking of Separation of Duty Constraints in RBAC -- Implementation Experiences. In ''Proceedings of the Conference on Software Engineering, SE 2004'', 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01454322.pdf Str05a]] Mark Strembeck. Embedding Policy Rules for Software-Based Systems in a Requirements Context. In ''Sixth IEEE International Workshop on Policies for Distributed Systems and Networks'', pages 235--238, June 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sreis05.pdf Str05b]] Mark Strembeck. A Role Engineering Tool for Role-Based Access Control. In ''Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS)'', August 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/xoRBAC-API-Reference.pdf Str06]] Mark Strembeck. ''xoRBAC API Reference''. www.XOTcl.org, 0.6.2 edition, April 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/stoupa04xmlbased.pdf SVLT04]] Konstantina Stoupa, Athena Vakali, Fang Li, and Ioannis Tsoukalas. XML-Based Revocation and Delegation in a Distributed Environment. In Wolfgang Lindner, Marco Mesiti, Can Türker, Yannis Tzitzikas, and Athena Vakali, editors, ''Lecture Notes in Computer Science, Current Trends in Database Technology - EDBT 2004'', volume 3268, pages 299--308. Springer, Berlin / Heidelberg, March 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.pdf Swa06]] Siswati Swami. Requirements Specifications for ORBIT Access Control. Technical report, Rutgers University, New Brunswick, New Jersey USA, June 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.doc in MS Word format]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/cs1050129.pdf SWPE02]] Marianne Swanson, Amy Wohl, Lucinda Pope, Tim Grance, Joan Hash, and Ray Thomas. Contingency Planning Guide for Information Technology Systems. Technical Report Special Publication 800-34, NIST, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00596811.pdf SZ97]] Richard T. Simon and Mary Ellen Zurko. Separation of Duty in Role-Based Environments. In ''Proceedings of the 10th Computer Security Foundations Workshop'', pages 183--194, June 1997. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/tecos04.pdf SZ04]] Mark Strembeck and Uwe Zdun. Scenario-based Component Testing Using Embedded Metadata. In Sami Beydeda, Volker Gruhn, Johannes Mayer, Ralf Reussner, and Franz Schweiggert, editors, ''Testing of Component-Based Systems and Software Quality, Proceedings of SOQUA 2004 (First International Workshop on Software Quality) and TECOS 2004 (Workshop Testing Component-Based Systems)'', volume 58 of ''Lecture Notes in Informatics (LNI)'', pages 1--15. GI, September 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p147-sandhu.pdf SZ05]] Ravi Sandhu and Xinwen Zhang. Peer-to-Peer Access Control Architecture Using Trusted Computing Technology. In ''SACMAT '05: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies'', pages 147--158, New York, NY, USA, 2005. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/odal06.pdf SZ06]] Mark Strembeck and Uwe Zdun. Definition of an Aspect-Oriented DSL Using a Dynamic Programming Language. In ''Proceedings of the Workshop on Open and Dynamic Aspect Languages (ODAL)'', March 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p29-tolone.pdf TAPH05]] William Tolone, Gail-Joon Ahn, Tanusree Pai, and Seng-Phil Hong. Access Control in Collaborative Systems. ''ACM Comput. Surv.'', 37(1):29--41, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01310739.pdf TCG04]] Kaijun Tan, Jason Crampton, and Carl A. Gunter. The Consistency of Task-Based Authorization Constraints in Workflow. In ''Proceedings of the 17th IEEE Computer Security Foundations Workshop, 2004'', pages 155--169, June 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/draft-rbac-implementation-std-v01.pdf Tec06]] INCITS Committee on Information Technology Standards. DRAFT Role Based Access Control Implementation Standard, January 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sg244986.pdf TEGE04]] Steven Tuttle, Ami Ehlenberger, Ramakrishna Gorthi, Jay Leiserson, Richard Macbeth, Nathan Owen, Sunil Ranahandola, Michael Storrs, and Chunhui Yang. ''Understanding LDAP Design and Implementation''. IBM Redbook. IBM International Technical Support Organization, ibm.com/redbooks, second edition, June 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p13-thomas.pdf Tho97]] Roshan K. Thomas. Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In ''RBAC '97: Proceedings of the Second ACM Workshop on Role-Based Access Control'', pages 13--19, New York, NY, USA, 1997. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p154-tidswell.pdf TJ00]] Jonathon E. Tidswell and Trent Jaeger. An Access Control Model for Simplifying Constraint Expression. In ''CCS '00: Proceedings of the 7th ACM Conference on Computer and Communications Security'', pages 154--163, New York, NY, USA, 2000. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2004-10.pdf TL04]] Mahesh V. Tripunitara and Ninghui Li. Comparing the Expressive Power of Access Control Models. Technical Report TR 2004-10, Purdue University CERIAS, August 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/CRPITV21ATaylor.pdf TM03]] Kerry Taylor and James Murty. Implementing Role Based Access Control for Federated Information Systems on the Web. In ''ACSW Frontiers '03: Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003'', pages 87--95, Darlinghurst, Australia, Australia, 2003. Australian Computer Society, Inc. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2005-83.pdf Tri05]] Mahesh V. Tripunitara. ''A Theory Based on Security Analysis for Comparing the Expressive Power of Access Control Models''. PhD thesis, Purdue University, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/b93tba.pdf TS93]] Roshan K. Thomas and Ravi S. Sandhu. Task-Based Authorization: A Paradigm for Flexible and Adaptable Access Control in Distributed Applications (Extended Abstract). In ''Proceedings of the 16th NIST-NCSC National Computer Security Conference'', pages 409--415, September 1993. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i97tbac.pdf TS98]] Roshan K. Thomas and Ravi S. Sandhu. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Authorization Management. In ''Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI'', pages 166--181, London, UK, 1998. Chapman & Hall, Ltd. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p405-vuong.pdf VSD01]] Nathan N. Vuong, Geoffrey S. Smith, and Yi Deng. Managing Security Policies in a Distributed Environment Using eXtensible Markup Language (XML). In ''SAC '01: Proceedings of the 2001 ACM Symposium on Applied Computing'', pages 405--411, New York, NY, USA, 2001. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-wobber.pdf WABL94]] Edward Wobber, Martín Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos Operating System. ''ACM Trans. Comput. Syst.'', 12(1):3--32, 1994. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/wainer01wrbac.pdf WBK01]] Jacques Wainer, Paulo Barthelmess, and Akhil Kumar. W-RBAC - A workflow security model incorporating controlled overriding of constraints. Technical Report IC-01-013, Instituto de Computação, Universidade Estadual de Campinas, October 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00790905.pdf WBS99]] Shukri Wakid, John Barkley, and Mark Skall. Object Retrieval and Access Management in Electronic Commerce. ''IEEE Communications Magazine'', 37(9):74--77, September 1999. [[http://en.wikipedia.org/wiki/RBAC Wik06]] Wikipedia. Role-Based Access Control. Wikipedia article, 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01342816.pdf WJYJ04]] Xu Wei, Wei Jun, Liu Yu, and Li Jing. SOWAC: A Service-Oriented Workflow Access Control Model. In ''Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004'', volume 1, pages 128--134, September 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p91-wang.pdf WO06]] He Wang and Sylvia L. Osborn. Delegation in the Role Graph Model. In ''SACMAT '06: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies'', pages 91--100, New York, NY, USA, 2006. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01357989.pdf WT04]] Roosdiana Wonohoesodo and Zahir Tari. A Role Based Access Control for Web Services. In ''Proceedings of the 2004 IEEE International Conference on Services Computing (SCC 2004)'', pages 49--56, Washington, DC, USA, September 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01578944.pdf YHHL05]] Hanbing Yao, Heping Hu, Baohua Huang, and Ruixuan Li. Dynamic Role and Context-Based Access Control for Grid Applications. In ''Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2005'', pages 404--406, Los Alamitos, CA, USA, December 2005. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01376833.pdf YHM04]] Wataru Yamazaki, Hironori Hiraishi, and Fumio Mizoguchi. Designing an Agent-Based RBAC System for Dynamic Security Policy. In ''WETICE '04: Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises'', pages 199--204, Washington, DC, USA, 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p171-yao.pdf YMB01]] Walt Yao, Ken Moody, and Jean Bacon. A Model of OASIS Role-Based Access Control and Its Support for Active Security. In ''SACMAT '01: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies'', pages 171--181, New York, NY, USA, 2001. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01414530.pdf YS04]] Burin Yenmunkong and Chanboon Sathitwiriyawong. An Experimental Study of ERBAC03 for Access Control Administration. In ''2004 IEEE Region 10 Conference, TENCON 2004'', volume B2, pages 57--60, November 2004. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01232433.pdf YZ03]] Cungang Yang and Chang N. Zhang. Secure Web-Based Applications with XML and RBAC. In ''Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society'', pages 276-- 281, Washington, DC, USA, June 2003. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Paper_code16.pdf ZM04]] Wei Zhou and Christoph Meinel. Implement Role Based Access Control with Attribute Certificates. In ''The 6th International Conference on Advanced Communication Technology'', pages 536--540, Washington, DC, USA, 2004. IEEE Computer Society. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p149-zhang.pdf ZOS03]] Xinwen Zhang, Sejong Oh, and Ravi Sandhu. PBDM: A Flexible Delegation Model in RBAC. In ''SACMAT '03: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies'', pages 149--157, New York, NY, USA, 2003. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/04-zhang-logic.pdf ZPPPS04]] Xinwen Zhang, Jaehong Park, Francesco Parisi-Presicce, and Ravi Sandhu. A Logical Specification for Usage Control. In ''SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies'', pages 1--10, New York, NY, USA, 2004. ACM Press. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p351-zhang.pdf ZPPSP05]] Xinwen Zhang, Francesco Parisi-Presicce, Ravi Sandhu, and Jaehong Park. Formal Model and Policy Specification of Usage Control. ''ACM Trans. Inf. Syst. Secur.'', 8(4):351--387, 2005. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/schema-based-xml-security.pdf ZPS03]] Xinwen Zhang, Jaehong Park, and Ravi Sandhu. Schema Based XML Security: RBAC Approach. In ''Proceedings of the Seventeenth Annual IFIP WG 11.3 Working Conference on Data and Applications Security'', pages 1--15, August 2003. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/sc06-1.pdf ZS06a]] Uwe Zdun and Mark Strembeck. Modeling Composition in Dynamic Programming Environments with Model Transformations. In ''Proceedings of the 5th International Symposium on Software Composition (SC)'', number LNCS 4089 in Lecture Notes in Computer Science. Springer, Berlin / Heidelberg, March 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/late06.pdf ZS06b]] Uwe Zdun and Mark Strembeck. Modeling the Evolution of Aspect Configurations using Model Transformations. In ''Proceedings of the Linking Aspect Technology and Evolution Workshop (LATE)'', March 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/RBAC-1.pdf ZWCJ02]] John Zao, Hoetech Wee, Jonathan Chu, and Daniel Jackson. RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis. Technical report, MIT, 2002. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00948401.pdf ZY01a]] Chang N. Zhang and Cungang Yang. An Object-Oriented RBAC Model for Distributed System. In ''Proceedings of the Working IEEE/IFIP Conference on Software Architecture'', pages 24--32, 2001. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/00933700.pdf ZY01b]] Chang N. Zhang and Cungang Yang. Specification and Enforcement of Object-Oriented RBAC Model. In ''Proceedings of the Canadian Conference on Electrical and Computer Engineering, 2001'', volume 1, pages 301--305, 2001.