A connector-centric approach to architectural access control
暂无分享,去创建一个
[1] E. James Whitehead,et al. Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol , 2004, RFC.
[2] Elisa Bertino,et al. An analysis of expressiveness and design issues for the generalized temporal role-based access control model , 2005, IEEE Transactions on Dependable and Secure Computing.
[3] K J Biba,et al. Integrity Considerations for Secure Computer Systems , 1977 .
[4] B. Dutertre,et al. Intrusion tolerant software architectures , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.
[5] Paul Dourish,et al. In the eye of the beholder: A visualization-based approach to information system security , 2005, Int. J. Hum. Comput. Stud..
[6] Bart De Win,et al. Engineering application-level security through aspect-oriented software development , 2004 .
[7] Sushil Jajodia,et al. A propositional policy algebra for access control , 2003, TSEC.
[8] Khaled M. Khan,et al. A security characterisation framework for trustworthy component based software systems , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.
[9] Peter Y. A. Ryan,et al. Mathematical Models of Computer Security , 2000, FOSAD.
[10] Giovanni Vigna,et al. Detecting malicious JavaScript code in Mozilla , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).
[11] C. A. R. Hoare,et al. Communicating Sequential Processes (Reprint) , 1983, Commun. ACM.
[12] Hal Berghel,et al. The Code Red Worm , 2001, CACM.
[13] Richard N. Taylor,et al. A Component- and Message-Based Architectural Style for GUI Software , 1995, 1995 17th International Conference on Software Engineering.
[14] Daryl McCullough,et al. Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.
[15] David Garlan,et al. A formal basis for architectural connection , 1997, TSEM.
[16] Peter Herrmann,et al. Formal Security Policy Verification of Distributed Component-Structured Software , 2003, FORTE.
[17] Clemens A. Szyperski,et al. Component software - beyond object-oriented programming , 2002 .
[18] Sabrina De Capitani di Vimercati,et al. An algebra for composing access control policies , 2002, TSEC.
[19] Joan Feigenbaum,et al. Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.
[20] Karl N. Levitt,et al. Applying the composition principle to verify a hierarchy of security servers , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.
[21] Richard N. Taylor,et al. An approach for tracing and understanding asynchronous architectures , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..
[22] Natarajan Shankar,et al. PVS: A Prototype Verification System , 1992, CADE.
[23] Nenad Medvidovic,et al. Modeling software architectures in the Unified Modeling Language , 2002, TSEM.
[24] Francesco Tisato,et al. Architectural Reflection: Realising Software Architectures via Reflective Activities , 2000, EDO.
[25] Valérie Issarny,et al. Security Benefits from Software Architecture , 1997, COORDINATION.
[26] David Garlan,et al. A compositional formalization of connector wrappers , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..
[27] Sabrina De Capitani di Vimercati,et al. Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.
[28] Michael Carl Tschantz,et al. Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[29] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.
[30] Stephen Weeks,et al. Understanding trust management systems , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.
[31] Gary McGraw,et al. An Approach for Certifying Security in Software Components , 1998 .
[32] Bowen Alpern,et al. Defining Liveness , 1984, Inf. Process. Lett..
[33] John McLean,et al. A General Theory of Composition for a Class of "Possibilistic'' Properties , 1996, IEEE Trans. Software Eng..
[34] David Flanagan,et al. JavaScript: The Definitive Guide , 1996 .
[35] Peter Y. A. Ryan,et al. Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.
[36] Fred B. Schneider,et al. A Language-Based Approach to Security , 2001, Informatics.
[37] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.
[38] Lea Kutvonen,et al. Trust Management Survey , 2005, iTrust.
[39] Roberto Gorrieri,et al. Foundations of Security Analysis and Design - Tutorial Lectures , 2000 .
[40] Richard N. Taylor,et al. A Secure Software Architecture Description Language , 2005 .
[41] Leslie Lamport,et al. The temporal logic of actions , 1994, TOPL.
[42] Roberto Gorrieri,et al. Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.
[43] Ninghui Li,et al. Comparing the expressive power of access control models , 2004, CCS '04.
[44] Jeff Magee,et al. Dynamic structure in software architectures , 1996, SIGSOFT '96.
[45] Robin Milner,et al. Communication and concurrency , 1989, PHI Series in computer science.
[46] Victoria Stavridou,et al. Secure Interoperation of Secure Distributed Databases , 1999, World Congress on Formal Methods.
[47] Sushil Jajodia,et al. Revocations - A classification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..
[48] Stéphane Ducasse,et al. Executable connectors: towards reusable design elements , 1997, ESEC '97/FSE-5.
[49] Joan Feigenbaum,et al. Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.
[50] Khaled M. Khan,et al. A framework for an active interface to characterise compositional security contracts of software components , 2001, Proceedings 2001 Australian Software Engineering Conference.
[51] Martín Abadi,et al. A logic of authentication , 1990, TOCS.
[52] Jan Vitek,et al. Secure composition of untrusted code: box π, wrappers, and causality types , 2003 .
[53] Nigel McFarlane. Rapid Application Development with Mozilla , 2003 .
[54] Michel Wermelinger,et al. Higher-order architectural connectors , 2003, TSEM.
[55] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[56] Trent Jaeger,et al. Policy management using access control spaces , 2003, TSEC.
[57] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.
[58] Richard A. Falk,et al. Who Needs It , 1975 .
[59] Bhavani M. Thuraisingham,et al. MOMT: A Multilevel Object Modeling Technique for Designing Secure Database Applications , 1996, J. Object Oriented Program..
[60] David Garlan,et al. A compositional approach for constructing connectors , 2001, Proceedings Working IEEE/IFIP Conference on Software Architecture.
[61] Butler W. Lampson,et al. A note on the confinement problem , 1973, CACM.
[62] Jonathan K. Millen,et al. Non-interference, who needs it? , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..
[63] J. Todd Wittbold,et al. Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.
[64] Joseph Y. Halpern,et al. Using first-order logic to reason about policies , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..
[65] Maritta Heisel,et al. Confidentiality-Preserving Refinement is Compositional - Sometimes , 2002, ESORICS.
[66] Richard N. Taylor,et al. A comprehensive approach for the development of modular software architecture description languages , 2005, TSEM.
[67] Aris Zakinthinos,et al. On the composition of security properties , 1997 .
[68] Ravi S. Sandhu,et al. How to do discretionary access control using roles , 1998, RBAC '98.
[69] Paul Dourish,et al. Towards an architectural treatment of software security , 2005 .
[70] Li Gong,et al. Secure software architectures , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).
[71] Paola Inverardi,et al. Deadlock-free software architectures for COM/DCOM Applications , 2003, J. Syst. Softw..
[72] Frédéric Cuppens,et al. A stratification-based approach for handling conflicts in access control , 2003, SACMAT '03.
[73] Robert DeLine,et al. Avoiding packaging mismatch with flexible packaging , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).
[74] S. M. Bellovin,et al. Security problems in the TCP/IP protocol suite , 1989, CCRV.
[75] Andrew C. Myers,et al. Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].
[76] F. Javier Thayer,et al. Security and the Composition of Machines , 1988, CSFW.
[77] Don Coppersmith,et al. The Data Encryption Standard (DES) and its strength against attacks , 1994, IBM J. Res. Dev..
[78] Jeannette M. Wing. A call to action look beyond the horizon , 2003, IEEE Security & Privacy Magazine.
[79] Heather M. Hinton. Under-specification, composition and emergent properties , 1998, NSPW '97.
[80] Ninghui Li,et al. RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.
[81] Peter Herrmann. Information flow analysis of component-structured applications , 2001, Seventeenth Annual Computer Security Applications Conference.
[82] Pierre Bieber. Security function interactions , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.
[83] Victoria Stavridou,et al. SDTP: a verified architecture for secure distributed transaction processing , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.
[84] John McLean. Twenty years of formal methods , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).
[85] Todd Fine,et al. Using composition to design secure, fault-tolerant systems , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.
[86] Nenad Medvidovic,et al. Towards a taxonomy of software connectors , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.
[87] Yi Deng,et al. An Approach for Modeling and Analysis of Security System Architectures , 2003, IEEE Trans. Knowl. Data Eng..
[88] Joseph Y. Halpern,et al. Secrecy in multiagent systems , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.
[89] Angelos D. Keromytis,et al. Experience with the KeyNote Trust Management System: Applications and Future Directions , 2003, iTrust.
[90] David D. Clark,et al. A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.
[91] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.
[92] Victoria Ungureanu,et al. Unified Support for Heterogeneous Security Policies in Distributed Systems , 1998, USENIX Security Symposium.
[93] Xiaoyun Wang,et al. Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.
[94] Khaled M. Khan,et al. Composing Security-Aware Software , 2002, IEEE Softw..
[95] David A. Basin,et al. SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.
[96] Thomas H. Cormen,et al. Introduction to algorithms [2nd ed.] , 2001 .
[97] David F. Redmiles,et al. The design of a configurable, extensible and dynamic notification service , 2003, DEBS '03.
[98] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..
[99] C. N. Payne. Using composition and refinement to support security architecture trade-off analysis , 1999 .
[100] Shmuel Katz,et al. Architectural views of aspects , 2003, AOSD '03.
[101] Naftaly H. Minsky,et al. Should architectural principles be enforced? , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).
[102] Jeffrey D. Ullman,et al. Protection in operating systems , 1976, CACM.
[103] William A. Wulf,et al. A logic of composition for information flow predicates , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.
[104] Judith A. Hemenway,et al. Applying the Abadi-Lamport composition theorem in real-world secure system integration environments , 1994, Tenth Annual Computer Security Applications Conference.
[105] Matt Bishop,et al. Computer Security: Art and Science , 2002 .
[106] Jonathan K. Millen. 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).
[107] K. Caplan,et al. Building an international security standard , 1999 .
[108] Jan Vitek,et al. Secure composition of untrusted code: wrappers and causality types , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.
[109] John E. Dobson,et al. Building Reliable Secure Computing Systems Out Of Unreliable Insecure Components , 1986, 1986 IEEE Symposium on Security and Privacy.
[110] Gregor Kiczales,et al. Aspect-oriented programming , 1996, CSUR.
[111] Cristina V. Lopes,et al. Aspect-oriented programming , 1999, ECOOP Workshops.
[112] Trevor Jim,et al. SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.
[113] Angelos D. Keromytis,et al. Key note: Trust management for public-key infrastructures , 1999 .
[114] Roberto Gorrieri,et al. The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..
[115] Martín Abadi,et al. Composing specifications , 1989, TOPL.
[116] Henry Eddon,et al. Inside COM+ Base Services , 1999 .
[117] John McLean,et al. A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.
[118] Riccardo Focardi. Analysis and Automatic Detection of Information Flows in Systems and Networks , 1999 .
[119] Roberto Gorrieri,et al. A Classification of Security Properties , 1993 .
[120] Michael J. Nash,et al. The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.
[121] Richard J. Feiertag,et al. A framework for building composable replaceable security services , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.
[122] Polar Humenn,et al. The Formal Semantics of XACML , 2003 .
[123] E. Stewart Lee,et al. Composing secure systems that have emergent properties , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).
[124] Roberto Gorrieri,et al. A Taxonomy of Security Properties for Process Algebras , 1995, J. Comput. Secur..
[125] Indrakshi Ray,et al. An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..
[126] Heiko Mantel,et al. On the composition of secure systems , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[127] Xiaolei Qian,et al. Correct Architecture Refinement , 1995, IEEE Trans. Software Eng..
[128] Jeannette M. Wing,et al. Specification matching of software components , 1997 .
[129] Richard N. Taylor,et al. A Classification and Comparison Framework for Software Architecture Description Languages , 2000, IEEE Trans. Software Eng..
[130] Khaled M. Khan,et al. Security characterisation of software components and their composition , 2000, Proceedings 36th International Conference on Technology of Object-Oriented Languages and Systems. TOOLS-Asia 2000.