| 54 | | [[ftp://orbit-lab.org/internal3/rbacwebapps.pdf Ali]] Saqib Ali. RBAC for WebApps using LDAP. http://www.networksecurityarchive.org/html/Web-App-Sec/2005-08/msg00036.html. |
| 55 | | |
| 56 | | [[ftp://orbit-lab.org/internal3/826869.pdf KBME03]] Anas Abou El Kalam, Salem Benferhat, Alexandre Miège, Rania El Baida, Frédéric Cuppens, Claire Saurel, Philippe Balbiani, Yves Deswarte, and Gilles Trouessin. Organization Based Access Control. In ''POLICY '03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks'', page 120, Washington, DC, USA, 2003. IEEE Computer Society. |
| 57 | | |
| 58 | | [[ftp://orbit-lab.org/internal3/1133079.pdf SLS06]] Andreas Schaad, Volkmar Lotz, and Karsten Sohr. A model-checking approach to analysing organisational controls in a loan origination process. In ''SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies'', pages 139--149, New York, NY, USA, 2006. ACM Press. |
| 59 | | |
| 60 | | [[ftp://orbit-lab.org/internal3/sandhu98how.pdf SM98]] Ravi S. Sandhu and Qamar Munawer. How to do Discretionary Access Control Using Roles. In ''ACM Workshop on Role-Based Access Control'', pages 47--54, 1998. |
| 61 | | |
| 62 | | [[ftp://orbit-lab.org/internal3/784768.pdf SM02a]] Andreas Schaad and Jonathan D. Moffett. A framework for organisational control principles. In ''ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference'', page 229, Washington, DC, USA, 2002. IEEE Computer Society. first 20 pages only. |
| 63 | | |
| 64 | | [[ftp://orbit-lab.org/internal3/schaad-lightweight.pdf SM02b]] Andreas Schaad and Jonathan D. Moffett. A lightweight approach to specification and analysis of role-based access control extensions. In ''SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies'', pages 13--22, New York, NY, USA, 2002. ACM Press. |
| 65 | | |
| 66 | | [[ftp://orbit-lab.org/internal3/968177.pdf SM04]] Andreas Schaad and Jonathan Moffett. Separation, review and supervision controls in the context of a credit application process -- a case study of organisational control principles. In ''SAC '04: Proceedings of the 2004 ACM symposium on Applied computing'', pages 1380--1384, New York, NY, USA, 2004. ACM Press. |
| 67 | | |
| 68 | | [[ftp://orbit-lab.org/internal3/1015043.pdf SN04]] Mark Strembeck and Gustaf Neumann. An integrated approach to engineer and enforce context constraints in RBAC environments. ''ACM Trans. Inf. Syst. Secur.'', 7(3):392--427, 2004. |
| 69 | | |
| 70 | | [[ftp://orbit-lab.org/internal3/spenglergrsecurity.pdf Spe04]] Bradley Spengler. Increasing Performance and Granularity in Role-Based Access Control Systems -- A Case Study in GRSECURITY. Technical report, OpenOffice.org, May 2004. |
| 71 | | |
| 72 | | [[ftp://orbit-lab.org/internal3/1133082.pdf Sre06]] Vugranam C. Sreedhar. Data-centric security: role analysis and role typestates. In ''SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies'', pages 170--179, New York, NY, USA, 2006. ACM Press. |
| 73 | | |
| 74 | | [[ftp://orbit-lab.org/internal3/1066976.pdf SSW05]] Andreas Schaad, Pascal Spadone, and Helmut Weichsel. A case study of separation of duty properties in the context of the Austrian "eLaw" process. In ''SAC '05: Proceedings of the 2005 ACM symposium on Applied computing'', pages 1328--1332, New York, NY, USA, 2005. ACM Press. |
| 75 | | |
| 76 | | [[ftp://orbit-lab.org/internal3/1057979.pdf TAPH05]] William Tolone, Gail-Joon Ahn, Tanusree Pai, and Seng-Phil Hong. Access control in collaborative systems. ''ACM Comput. Surv.'', 37(1):29--41, 2005. |
| 77 | | |
| 78 | | [[ftp://orbit-lab.org/internal3/1133072.pdf WO06]] He Wang and Sylvia L. Osborn. Delegation in the role graph model. In ''SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies'', pages 91--100, New York, NY, USA, 2006. ACM Press. |
| 79 | | |
| | 54 | [ |
