Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. (1993). “A Calculus
for Access Control in Distributed Systems.” ACM Transactions on Programming
Languages and Systems, 15(4), 706-733.
Anderson, R. J. “A Security Policy Model for Clinical Information Systems.”
1996 IEEE Symposium on Security and Privacy, 30-42.
Bertino, E., and Jajodia, S. “Supporting Multiple Access Control Policies
in Database Systems.” 1996 Symposium on Security and Privacy, 94-107.
Blaze, M., Feigenbaum, J., and Lacy, J. (1996). “Decentralized Trust
Management.” 96-17, DIMACS Technical Report.
Blaze, M., Feigenbaum, J., and Lacy, J. “Decentralized Trust Management.”
Boswell, A. (1995). “Specification and Validation of a Security Policy
Model.” IEEE Transactions on Software Engineering, 21(2), 63-68.
Cholvy, L., and Cuppens, F. “Analyzing Consistency of Security Policies.”
1997 IEEE Symposium on Security and Privacy, Oakland, CA, 103-112.
Clark, D. D., and Wilson, D. R. “A Comparison of Commercial and Military
Computer Security Policies.” Proceedings of the Symposium on Security
and Privacy 1987, 184-193.
Cuppens, F., and Saurel, C. “Specifying a Security Policy: A Case Study.”
Proceedings of the 9th IEEE Computer Security Foundations Workshop,
Dinolt, G. W., Benzinger, L. A., and Yatabe, M. G. “Combining Components
and Policies.” Proceedings of the Computer Security Foundations Workshop
VII, Los Alamitos, CA, 22-33.
Edjlali, G., Acharya, A., and Chaudhary, V. “History-based Access-control
for Mobile Code.” Proceedings of the Fifth ACM Conference on Computer
and Communications Security, San Francisco, CA.
Ford, W. R. “Administration in a Multiple Policy/Domain Environment:
The Administration and Melding of Disparate Policies.” , 42-51.
Fraser, T., and Badger, L. “Ensuring Continuity During Dynamic Security
Policy Reconfiguration in DTE.” 1998 Symposium on Security and Privacy,
Oakland, CA, 15-26.
Freeman, J. W., Neely, R. B., and Heckard, M. A. “A Validated Security
Policy Modeling Approach.” , 189-200.
Giuri, L., and Iglio, P. “A Formal Model for Role-Based Access Control
with Constraints.” , 136-145.
Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. “On the Formal Definition
of Separation-of-Duty Policies and their Composition.” 1998 Symposium
on Security and Privacy, Oakland, CA, 172-183.
Goguen, J. A., and Meseguer, J. “Security Policies and Security Models.”
1982 Symposium on Security and Privacy, 11-20.
Goguen, J. A., and Meseguer, J. “Unwinding the Inference Control.”
1984 Symposium on Security and Privacy, 75-85.
Guttman, J. D. “Filtering Postures: Local Enforcement for Global Policies.”
1997 IEEE Symposium on Security and Privacy, Oakland, CA, 120-129.
Hamilton, D. “Application Layer Security Requirements of a Medical
Information System.” 15th National Computer Security Conference,
Baltimore Convention Center, Baltimore, MD, 9-17.
Hayton, R. J., Bacon, J. M., and Moody, K. “Access Control in an Open
Distributed Environment.” 1998 Symposium on Security and Privacy,
Oakland, CA, 3-14.
Heydon, A., Maimone, M. W., Tygar, J. D., Wing, J. M., and Zaremski,
A. M. “Miro Tools.” 1989 IEEE Workshop on Visual Languages, 86-91.
Heydon, A., Maimone, M. W., Tygar, J. D., Wing, J. M., and Zaremski,
A. M. (1990). “Miró: Visual Specification of Security.” IEEE
Transactions on Software Engineering, 6(10), 1185-1197.
Heydon, A., and Tygar, J. D. “Specifying and Checking Unix Security
Constraints.” In UNIX Security Symposium III Proceedings, Berkeley,
Hoagland, J., and Patel, B. “Specification and Application of Policies
for Securing Communication.” 1998 USENIX Security Conference, submitted.
Hoagland, J., Pandey, R., and Levitt, K. N. (1998). “Security Policy
Specification Using a Graphical Approach.” CSE-98-3, University
of California, Davis, Davis, CA.
Jajodia, S., Samarati, P., and Subrahmanian, V. S. “A Logical Language
for Expressing Authorizations.” , Oakland, CA, 31-42.
Kuhnhauser, W. E. “A Paradigm for User-Defined Security Policies.”
1995 IEEE Symposium on Reliable Distribution of Systems, 135-144.
Lampson, B. W. “Protection.” Proceedings of the 5th Symposium on
Information Sciences and Systems, Princeton University.
Maimone, M. W., Tygar, J. D., and Wing, J. M. “Miró Semantics
for Security.” 1988 Workshop on Visual Languages, Princeton University,
Michael, J. B., Sibley, E. H., Baum, R. F., Wexelblat, R. L., and Li,
F. “Experiments in Support of Policy Representation.” Proceedings of
the International Conference on Economics/Management and Information Technology,
Tokyo, Japan, 323-326.
Michael, J. B., Sibley, E. H., and Littman, D. C. “Integration of Formal
And Heuristic Reasoning as a Basis for Testing and Debugging Computer Security
Policy.” Proceedings of the New Security Paradigms Workshop, Los
Alamitos, CA, 69-75.
Michael, J. B., Sibley, E. H., Baum, R. F., and Li, F. (1993). “On
the Axiomation of Security Policy: Some Tentative Observations About Logic
Representation.” Database Security, VI: Status and Prospects, B. M. Thuraisingham
and C. E. Landwehr, eds., Elsevier Science Publishers, North Holland, 367-386.
Michael, J. B., Sibley, E. H., and Lin, T. H. “Designing and Maintaining
Intelligent Vehicle Highway System Security Policy.” Proceedings of
the First World Congress on Applications of Transport Telematics and Intelligent
Vehicle-Highway Systems, 213-220.
Miller, D. V., and Baldwin, R. W. “Access control by Boolean Expression
Evaluation.” Proceedings Fifth Annual Computer Security Applications
Conference, Tucson, AZ, 131-139.
Moffett, J. D., and Sloman, S. (1991). “The Representation of Policies
as System Objects.” Association for Computing Machinery, 12(2-3),
Myers, A. C., and Liskov, B. “Complete, Safe Information Flow with
Decentralized Labels.” 1998 Symposium on Security and Privacy, Oakland,
Peri, R. V., and Wulf, W. A. “Formal Specification of Information Flow
Security Policies and Their Enforcement in Security Critical Systems.”
Proceedings, the Computer Security Foundations Workshop VII, Los
Alamitos, CA, 118-125.
Peri, R. V., Wulf, W. A., and Kienzle, D. M. “A Logic of Composition
for Information Flow Predicates.” Proceedings of the 9th IEEE Computer
Security Foundations Workshop, Los Alamitos, CA, 82-94.
Polk, W. T. “Approximating Clark-Wilson 'Access Triple' with Basic
UNIX Controls.” UNIX Security Symposium IV, 145-154.
Sandhu, R. S. “The Typed Access Matrix Model.” Proceedings of the
1992 IEEE Symposium on Security and Privacy, Oakland, CA, 122-136.
Sandhu, R. S. (1993). “Lattice-Based Access Control Models.” Computer,
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. “Role-based
access control: a multi-dimensional view.” Proceedings of the 10th Annual
Computer Security Applications Conference, Orlando, FL, 54-62.
Serban, C., and McMillin, B. “Run-Time Security Evaluation (RTSE) for
Distributed Applications.” 1996 IEEE Symposium on Security and Privacy,
Sibley, E. H., Wexelblat, R. L., Michael, J. B., Tanner, M. C., and
Littman, D. C. “The Role of Policy in Requirements Definition.” IEEE
International Symposium on Requirements Engineering, Los Alamitos,
Sinclair, J., and Ince, D. “The Use of Z in Specifying Security Properties.”
Proceedings, 7th International Conference on : Putting into practice
methods and tools for information system design, Nantes, France, 27-39.
Son, S. H., Chaney, C., and Thomlinson, N. P. “Partial Security Policies
to Support Timeliness in Secure Real-time Databases.” 1998 Symposium
on Security and Privacy, Oakland, CA, 136-147.
Steinke, G. (1997). “A Task-Based Approach to Implementing Computer
Security.” Journal of Computer Information Systems, Fall, 47-54.
Thompson, R. M. “Security Policy, Requirements, and Verification.”
1992 URISA Proceedings, 157-165.
Tygar, J. D., and Wing, J. M. “Visual Specification of Security Constraints.”
Proceedings of the 1987 Workshop on Visual Languages, 288-301.
Varadharajan, V., and Calvelli, C. (1996). “An Access Control Model
and its Use in Representing Mental Health Application Access Policy.” IEEE
Transactions on Knowledge and Data Engineering, 8(1), 81-95.
Woo, T. Y. C., and Lam, S. S. “Authorization in Distributed Systems:
A Formal Approach.” 1992 IEEE Computer Society Symposium on Research
in Security and Privacy, Los Alamitos, CA, 33-50.
Zakinthinos, A., and Lee, E. S. “A General Theory of Security Properties.”
1997 Symposium on Security and Policy, Oakland, CA, 94-102.