• Trinh T, To V, Truong N and Le H. (2024). Analysing Conflict of Interest Integrated in Role-Based Access Control Model Using Event-B. Intelligence of Things: Technologies and Applications. 10.1007/978-3-031-75593-4_6. (57-72).

    https://link.springer.com/10.1007/978-3-031-75593-4_6

  • Ghazal R, Qadeer N, Raza H and Malik A. (2024). Automated Semantic Role Mining Using Intelligent Role Based Access Control in Globally Distributed Banking Environment. ITNG 2024: 21st International Conference on Information Technology-New Generations. 10.1007/978-3-031-56599-1_7. (51-55).

    https://link.springer.com/10.1007/978-3-031-56599-1_7

  • Parkinson S and Khan S. (2022). A Survey on Empirical Security Analysis of Access-control Systems: A Real-world Perspective. ACM Computing Surveys. 55:6. (1-28). Online publication date: 30-Jun-2023.

    https://doi.org/10.1145/3533703

  • Hamed R. (2023). The Role of Internal Control Systems in Ensuring Financial Performance Sustainability. Sustainability. 10.3390/su151310206. 15:13. (10206).

    https://www.mdpi.com/2071-1050/15/13/10206

  • Sun J, Wang J, Liu T, Cheng B and Li Y. (2023). Design of an Access Control System for Unmanned Bathroom Based on Image Processing Technology 2023 IEEE 2nd International Conference on Electrical Engineering, Big Data and Algorithms (EEBDA). 10.1109/EEBDA56825.2023.10090513. 978-1-6654-6253-2. (1171-1175).

    https://ieeexplore.ieee.org/document/10090513/

  • Tay B and Mourad A. Intelligent Performance-Aware Adaptation of Control Policies for Optimizing Banking Teller Process Using Machine Learning. IEEE Access. 10.1109/ACCESS.2020.3015616. 8. (153403-153412).

    https://ieeexplore.ieee.org/document/9163345/

  • Kusumonegoro Y and Samopa F. (2019). User Access Rights Recommendation using Modified Fuzzy C-Means in Role Mining of an Indonesian Core Banking System 2019 12th International Conference on Information & Communication Technology and System (ICTS). 10.1109/ICTS.2019.8850977. 978-1-7281-2133-8. (241-245).

    https://ieeexplore.ieee.org/document/8850977/

  • Elliott A and Knight S. (2018). ORGODEX: Service Portfolios for the Cloud 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). 10.1109/CLOUD.2018.00128. 978-1-5386-7235-8. (887-890).

    https://ieeexplore.ieee.org/document/8457896/

  • Elliott A and Knight S. (2018). ORGODEX: Authorization as a service (AaaS) 2018 Annual IEEE International Systems Conference (SysCon). 10.1109/SYSCON.2018.8369532. 978-1-5386-3664-0. (1-8).

    https://ieeexplore.ieee.org/document/8369532/

  • Song S, Fu S, Sun X, Li P, Wu J, Dong T, He F and Deng Y. (2018). Identification of Cyclic Dipeptides from Escherichia coli as New Antimicrobial Agents against Ralstonia Solanacearum. Molecules. 10.3390/molecules23010214. 23:1. (214).

    http://www.mdpi.com/1420-3049/23/1/214

  • Rajkumar P and Sandhu R. Safety Decidability for Pre-Authorization Usage Control with Identifier Attribute Domains. IEEE Transactions on Dependable and Secure Computing. 10.1109/TDSC.2018.2839745. (1-1).

    https://ieeexplore.ieee.org/document/8362972/

  • Hu J, Khan K, Zhang Y, Bai Y and Li R. (2017). Role updating in information systems using model checking. Knowledge and Information Systems. 51:1. (187-234). Online publication date: 1-Apr-2017.

    https://doi.org/10.1007/s10115-016-0974-4

  • Crampton J, Gagarin A, Gutin G, Jones M and Wahlström M. (2016). On the Workflow Satisfiability Problem with Class-Independent Constraints for Hierarchical Organizations. ACM Transactions on Privacy and Security. 19:3. (1-29). Online publication date: 12-Dec-2016.

    https://doi.org/10.1145/2988239

  • Elliott A and Knight S. Start Here. Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies. (113-124).

    https://doi.org/10.1145/2914642.2914651

  • Bruno E, Iacoviello G and Lazzini A. (2016). The Adequacy of Information Systems for Supporting the Asset Quality Review Process in Banks. Evidence from an Italian Case Study. Strengthening Information and Control Systems. 10.1007/978-3-319-26488-2_5. (59-75).

    http://link.springer.com/10.1007/978-3-319-26488-2_5

  • Elliott A and Knight S. Towards Managed Role Explosion. Proceedings of the 2015 New Security Paradigms Workshop. (100-111).

    https://doi.org/10.1145/2841113.2841121

  • Uzun E, Lorenzi D, Atluri V, Vaidya J and Sural S. (2015). Migrating from DAC to RBAC. Data and Applications Security and Privacy XXIX. 10.1007/978-3-319-20810-7_5. (69-84).

    http://link.springer.com/10.1007/978-3-319-20810-7_5

  • Uzun E, Atluri V, Vaidya J, Sural S, Ferrara A, Parlato G and Madhusudan P. (2014). Security analysis for temporal role based access control. Journal of Computer Security. 22:6. (961-996). Online publication date: 1-Nov-2014.

    /doi/10.5555/2699777.2699780

  • Bloom G and Simha R. Hardware-enhanced distributed access enforcement for role-based access control. Proceedings of the 19th ACM symposium on Access control models and technologies. (5-16).

    https://doi.org/10.1145/2613087.2613096

  • Ruan C and Varadharajan V. (2014). Dynamic delegation framework for role based access control in distributed data management systems. Distributed and Parallel Databases. 32:2. (245-269). Online publication date: 1-Jun-2014.

    https://doi.org/10.1007/s10619-012-7120-4

  • Gouglidis A, Mavridis I and Hu V. (2014). Security policy verification for multi-domains in cloud systems. International Journal of Information Security. 13:2. (97-111). Online publication date: 1-Apr-2014.

    https://doi.org/10.1007/s10207-013-0205-x

  • Lawall A, Schaller T and Reichelt D. (2014). Enterprise Architecture: A Formalism for Modeling Organizational Structures in Information Systems. Enterprise and Organizational Modeling and Simulation. 10.1007/978-3-662-44860-1_5. (77-95).

    https://link.springer.com/10.1007/978-3-662-44860-1_5

  • Roy A, Sural S and Majumdar A. (2014). Impact of Multiple t-t SMER Constraints on Minimum User Requirement in RBAC. Information Systems Security. 10.1007/978-3-319-13841-1_7. (109-128).

    http://link.springer.com/10.1007/978-3-319-13841-1_7

  • Santos A, Júnior J, Scarlata V, Lima A, Alves I and Sampaio D. SACM. Proceedings of the 2013 IEEE 16th International Conference on Computational Science and Engineering. (317-324).

    https://doi.org/10.1109/CSE.2013.211

  • Zhang W, Chen Y, Gunter C, Liebovitz D and Malin B. Evolving role definitions through permission invocation patterns. Proceedings of the 18th ACM symposium on Access control models and technologies. (37-48).

    https://doi.org/10.1145/2462410.2462422

  • Jayaraman K, Tripunitara M, Ganesh V, Rinard M and Chapin S. (2013). Mohawk. ACM Transactions on Information and System Security. 15:4. (1-28). Online publication date: 1-Apr-2013.

    https://doi.org/10.1145/2445566.2445570

  • Ranise S. (2013). Symbolic backward reachability with effectively propositional logic. Formal Methods in System Design. 42:1. (24-45). Online publication date: 1-Feb-2013.

    https://doi.org/10.1007/s10703-012-0157-1

  • Leitner M. (2013). Delta Analysis of Role-Based Access Control Models. Computer Aided Systems Theory - EUROCAST 2013. 10.1007/978-3-642-53856-8_64. (507-514).

    https://link.springer.com/10.1007/978-3-642-53856-8_64

  • Armando A and Ranise S. (2012). Scalable automated symbolic analysis of administrative role-based access control policies by SMT solving. Journal of Computer Security. 20:4. (309-352). Online publication date: 1-Jul-2012.

    /doi/10.5555/2590602.2590604

  • Pan L and Xu Q. (2012). Visualization Analysis of Multi-Domain Access Control Policy Integration Based on Tree-Maps and Semantic Substrates. Intelligent Information Management. 10.4236/iim.2012.45028. 04:05. (188-193).

    http://www.scirp.org/journal/doi.aspx?DOI=10.4236/iim.2012.45028

  • Ma X, Li R, Lu Z and Wang W. (2012). Mining constraints in role-based access control. Mathematical and Computer Modelling. 10.1016/j.mcm.2011.01.053. 55:1-2. (87-96). Online publication date: 1-Jan-2012.

    http://linkinghub.elsevier.com/retrieve/pii/S0895717711000719

  • Gupta M and Sharman R. (2011). Incorporating social-cultural contexts in role engineering: an activity theoretic approach. International Journal of Business Information Systems. 7:1. (60-77). Online publication date: 1-Dec-2011.

    https://doi.org/10.1504/IJBIS.2011.037297

  • Jayaraman K, Ganesh V, Tripunitara M, Rinard M and Chapin S. Automatic error finding in access-control policies. Proceedings of the 18th ACM conference on Computer and communications security. (163-174).

    https://doi.org/10.1145/2046707.2046727

  • Sasturkar A, Yang P, Stoller S and Ramakrishnan C. (2011). Policy analysis for Administrative Role-Based Access Control. Theoretical Computer Science. 412:44. (6208-6234). Online publication date: 1-Oct-2011.

    https://doi.org/10.1016/j.tcs.2011.05.009

  • Faynberg I, Lu H and Ristock H. (2011). On dynamic access control in Web 2.0 and beyond: Trends and technologies. Bell Labs Technical Journal. 16:2. (199-218). Online publication date: 1-Sep-2011.

    https://doi.org/10.1002/bltj.20511

  • Uzun E, Atluri V, Lu H and Vaidya J. An optimization model for the extended role mining problem. Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy. (76-89).

    /doi/10.5555/2029896.2029908

  • Stepien B, Matwin S and Felty A. (2011). Advantages of a non-technical XACML notation in role-based models 2011 Ninth Annual International Conference on Privacy, Security and Trust. 10.1109/PST.2011.5971983. 978-1-4577-0584-7. (193-200).

    http://ieeexplore.ieee.org/document/5971983/

  • Wei Q, Crampton J, Beznosov K and Ripeanu M. (2011). Authorization recycling in hierarchical RBAC systems. ACM Transactions on Information and System Security. 14:1. (1-29). Online publication date: 1-May-2011.

    https://doi.org/10.1145/1952982.1952985

  • Hu J, Li R, Lu Z, Lu J and Ma X. (2011). RAR. Future Generation Computer Systems. 27:5. (574-586). Online publication date: 1-May-2011.

    https://doi.org/10.1016/j.future.2010.09.008

  • Ruan C and Varadharajan V. Reasoning about dynamic delegation in role based access control systems. Proceedings of the 16th international conference on Database systems for advanced applications - Volume Part I. (239-253).

    /doi/10.5555/1997305.1997330

  • Tsai W and Shao Q. Role-Based Access-Control Using Reference Ontology in Clouds. Proceedings of the 2011 Tenth International Symposium on Autonomous Decentralized Systems. (121-128).

    https://doi.org/10.1109/ISADS.2011.21

  • Komlenovic M, Tripunitara M and Zitouni T. An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC). Proceedings of the first ACM conference on Data and application security and privacy. (121-132).

    https://doi.org/10.1145/1943513.1943530

  • Uzun E, Atluri V, Lu H and Vaidya J. (2011). An Optimization Model for the Extended Role Mining Problem. Data and Applications Security and Privacy XXV. 10.1007/978-3-642-22348-8_8. (76-89).

    http://link.springer.com/10.1007/978-3-642-22348-8_8

  • Ruan C and Varadharajan V. (2011). Reasoning about Dynamic Delegation in Role Based Access Control Systems. Database Systems for Advanced Applications. 10.1007/978-3-642-20149-3_19. (239-253).

    http://link.springer.com/10.1007/978-3-642-20149-3_19

  • Vaidya J. Automating security configuration and administration. Proceedings of the 5th international conference on Advances in information and computer security. (1-9).

    /doi/10.5555/1927197.1927199

  • Hu J, Zhang Y and Li R. Towards automatic update of access control policy. Proceedings of the 24th international conference on Large installation system administration. (1-7).

    /doi/10.5555/1924976.1924981

  • Vaidya J, Atluri V and Guo Q. (2010). The role mining problem. ACM Transactions on Information and System Security. 13:3. (1-31). Online publication date: 1-Jul-2010.

    https://doi.org/10.1145/1805974.1805983

  • Vaidya J, Atluri V, Warner J and Guo Q. (2010). Role Engineering via Prioritized Subset Enumeration. IEEE Transactions on Dependable and Secure Computing. 7:3. (300-314). Online publication date: 1-Jul-2010.

    https://doi.org/10.1109/TDSC.2008.61

  • Huang C, Sun J, Wang X and Si Y. (2010). Minimal role mining method for Web service composition. Journal of Zhejiang University SCIENCE C. 10.1631/jzus.C0910186. 11:5. (328-339). Online publication date: 1-May-2010.

    http://link.springer.com/10.1631/jzus.C0910186

  • Datta A, Jha S, Li N, Melski D and Reps T. (2010). Analysis Techniques for Information Security. Synthesis Lectures on Information Security, Privacy, and Trust. 10.2200/S00260ED1V01Y201003SPT002. 2:1. (1-164). Online publication date: 28-Apr-2010.

    http://www.morganclaypool.com/doi/abs/10.2200/S00260ED1V01Y201003SPT002

  • Ferrari E. (2010). Access Control in Data Management Systems. Synthesis Lectures on Data Management. 10.2200/S00281ED1V01Y201005DTM004. 2:1. (1-117). Online publication date: 1-Jan-2010.

    http://www.morganclaypool.com/doi/abs/10.2200/S00281ED1V01Y201005DTM004

  • HUANG C, SUN J, WANG X and WU D. (2010). Inconsistency Resolution Method for RBAC Based Interoperation. IEICE Transactions on Information and Systems. 10.1587/transinf.E93.D.1070. E93-D:5. (1070-1079).

    http://joi.jlc.jst.go.jp/JST.JSTAGE/transinf/E93.D.1070?from=CrossRef

  • Vaidya J. (2010). Automating Security Configuration and Administration: An Access Control Perspective. Advances in Information and Computer Security. 10.1007/978-3-642-16825-3_1. (1-9).

    http://link.springer.com/10.1007/978-3-642-16825-3_1

  • Huang W and Yang Y. (2009). Planning user assignment in administrative role-based access control 2009 ISECS International Colloquium on Computing, Communication, Control, and Management (CCCM). 10.1109/CCCM.2009.5267501. 978-1-4244-4247-8. (615-618).

    http://ieeexplore.ieee.org/document/5267501/

  • Huang C, Sun J, Wang X and Si Y. Selective Regression Test for Access Control System Employing RBAC. Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance. (70-79).

    https://doi.org/10.1007/978-3-642-02617-1_8

  • He Q and Antón A. (2009). Requirements-based Access Control Analysis and Policy Specification (ReCAPS). Information and Software Technology. 51:6. (993-1009). Online publication date: 1-Jun-2009.

    https://doi.org/10.1016/j.infsof.2008.11.005

  • Huang C, Sun J, Wang X and Si Y. Role Engineering with SKAOS for Systems Employing RBAC. Proceedings of the 2009 International Conference on Networking and Digital Society - Volume 02. (56-60).

    https://doi.org/10.1109/ICNDS.2009.94

  • Huang C, Sun J, Wang X and Si Y. (2009). Inconsistency Management of Role Base Access Control Policy 2009 International Conference on E-Business and Information System Security (EBISS). 10.1109/EBISS.2009.5138002. 978-1-4244-4589-9. (1-5).

    http://ieeexplore.ieee.org/document/5138002/

  • Vaidya J, Atluri V, Guo Q and Lu H. (2009). Edge-RMP: Minimizing administrative assignments for role-based access control. Journal of Computer Security. 17:2. (211-235). Online publication date: 1-Apr-2009.

    /doi/10.5555/1544133.1544137

  • Jha S, Li N, Tripunitara M, Wang Q and Winsborough W. (2008). Towards Formal Verification of Role-Based Access Control Policies. IEEE Transactions on Dependable and Secure Computing. 5:4. (242-255). Online publication date: 1-Oct-2008.

    https://doi.org/10.1109/TDSC.2007.70225

  • Diwakar H and Naik A. Investigation of Information Security Management Practices in Indian Pubic Sector Banks. Proceedings of the 2008 IEEE 8th International Conference on Computer and Information Technology Workshops. (276-281).

    https://doi.org/10.1109/CIT.2008.Workshops.115

  • Wei Q, Crampton J, Beznosov K and Ripeanu M. Authorization recycling in RBAC systems. Proceedings of the 13th ACM symposium on Access control models and technologies. (63-72).

    https://doi.org/10.1145/1377836.1377848

  • Vaidya J, Atluri V, Guo Q and Adam N. Migrating to optimal RBAC with minimal perturbation. Proceedings of the 13th ACM symposium on Access control models and technologies. (11-20).

    https://doi.org/10.1145/1377836.1377839

  • Lu H, Vaidya J and Atluri V. Optimal Boolean Matrix Decomposition. Proceedings of the 2008 IEEE 24th International Conference on Data Engineering. (297-306).

    https://doi.org/10.1109/ICDE.2008.4497438

  • Damiani M, Silvestri C and Bertino E. Hierarchical Domains for Decentralized Administration of Spatially-Aware RBAC Systems. Proceedings of the 2008 Third International Conference on Availability, Reliability and Security. (153-160).

    https://doi.org/10.1109/ARES.2008.44

  • TAGUCHI K and TAHARA Y. (2008). Curriculum design and methodologies for security requirements analysis. Progress in Informatics. 10.2201/NiiPi.2008.5.4:5. (19). Online publication date: 1-Mar-2008.

    http://www.nii.ac.jp/pi/n5/5_19.html

  • Jafari M and Fathian M. Management advantages of object classification in role-based access control (RBAC). Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security. (95-110).

    /doi/10.5555/1781694.1781709

  • Stoller S, Yang P, Ramakrishnan C and Gofman M. Efficient policy analysis for administrative role based access control. Proceedings of the 14th ACM conference on Computer and communications security. (445-455).

    https://doi.org/10.1145/1315245.1315300

  • Salim F, Sheppard N and Safavi-Naini R. Enforcing P3P policies using a digital rights management system. Proceedings of the 7th international conference on Privacy enhancing technologies. (200-217).

    /doi/10.5555/1779330.1779343

  • Warner J, Atluri V, Mukkamala R and Vaidya J. Using semantics for automatic enforcement of access control policies among dynamic coalitions. Proceedings of the 12th ACM symposium on Access control models and technologies. (235-244).

    https://doi.org/10.1145/1266840.1266877

  • Vaidya J, Atluri V and Guo Q. The role mining problem. Proceedings of the 12th ACM symposium on Access control models and technologies. (175-184).

    https://doi.org/10.1145/1266840.1266870

  • Lin D, Rao P, Bertino E and Lobo J. An approach to evaluate policy similarity. Proceedings of the 12th ACM symposium on Access control models and technologies. (1-10).

    https://doi.org/10.1145/1266840.1266842

  • Clark I. (2007). An Introduction to Role-Based Access Control. Information Security Management Handbook, Sixth Edition. 10.1201/9781439833032.ch61. (751-764). Online publication date: 14-May-2007.

    http://www.crcnetbase.com/doi/10.1201/9781439833032.ch61

  • Li N, Tripunitara M and Bizri Z. (2007). On mutually exclusive roles and separation-of-duty. ACM Transactions on Information and System Security. 10:2. (5-es). Online publication date: 1-May-2007.

    https://doi.org/10.1145/1237500.1237501

  • Li N and Mao Z. Administration in role-based access control. Proceedings of the 2nd ACM symposium on Information, computer and communications security. (127-138).

    https://doi.org/10.1145/1229285.1229305

  • Jafari M and Fathian M. Management Advantages of Object Classification in Role-Based Access Control (RBAC). Advances in Computer Science – ASIAN 2007. Computer and Network Security. 10.1007/978-3-540-76929-3_11. (95-110).

    http://link.springer.com/10.1007/978-3-540-76929-3_11

  • Salim F, Sheppard N and Safavi-Naini R. Enforcing P3P Policies Using a Digital Rights Management System. Privacy Enhancing Technologies. 10.1007/978-3-540-75551-7_13. (200-217).

    http://link.springer.com/10.1007/978-3-540-75551-7_13

  • Zhang Z, Zhang X and Sandhu R. (2006). ROBAC: Scalable Role and Organization Based Access Control Models 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing. 10.1109/COLCOM.2006.361879. 1-4244-0428-2. (1-9).

    http://ieeexplore.ieee.org/document/4207551/

  • Vaidya J, Atluri V and Warner J. RoleMiner. Proceedings of the 13th ACM conference on Computer and communications security. (144-153).

    https://doi.org/10.1145/1180405.1180424

  • Wang J, Takata Y and Seki H. HBAC. Proceedings of the 11th European conference on Research in Computer Security. (263-278).

    https://doi.org/10.1007/11863908_17

  • Sasturkar A, Yang P, Stoller S and Ramakrishnan C. Policy Analysis for Administrative Role Based Access Control. Proceedings of the 19th IEEE workshop on Computer Security Foundations. (124-138).

    https://doi.org/10.1109/CSFW.2006.22

  • Abdallah A and Khayat E. Formal Z Specifications of Several Flat Role-Based Access Control Models. Proceedings of the 30th Annual IEEE/NASA Software Engineering Workshop. (282-292).

    https://doi.org/10.1109/SEW.2006.20

  • He Q, Otto P, Anton A and Jones L. Ensuring Compliance between Policies, Requirements and Software Design. Proceedings of the Fourth IEEE International Workshop on Information Assurance. (79-92).

    https://doi.org/10.1109/IWIA.2006.7

  • Krehnke M, Krehnke D, Clark I, Tiller J, Hootman J, Fried S, Myerson J, Hare C, McGhie L, Houser D, Richards D, Leo R, Sandhu R, Stackpole W, Kurzban S, Bird C, Tiller J, Skoudis E, Berti J, Rogers M, Schiller C, Deograt G, Haldo R, Fried S, James S and Bianco C. (2006). Penetration Testing. Information Security Management Handbook on CD-ROM, 2006 Edition. 10.1201/NOE0849385858.ch1. Online publication date: 6-Apr-2006.

    http://www.crcnetbase.com/doi/10.1201/NOE0849385858.ch1

  • Clark I. (2006). An Introduction to Role-Based Access Control. Information Security Management Handbook, Fifth Edition, Volume 3. 10.1201/9781420003406.ch2. (17-29). Online publication date: 13-Jan-2006.

    http://www.crcnetbase.com/doi/10.1201/9781420003406.ch2

  • Kartseva V, Hulstijn J, Gordijn J and Tan Y. Modelling Value-based Inter-Organizational Controls in Healthcare Regulations. Project E-Society: Building Bricks. 10.1007/978-0-387-39229-5_23. (279-291).

    http://link.springer.com/10.1007/978-0-387-39229-5_23

  • Fisler K, Krishnamurthi S, Meyerovich L and Tschantz M. Verification and change-impact analysis of access-control policies. Proceedings of the 27th international conference on Software engineering. (196-205).

    https://doi.org/10.1145/1062455.1062502

  • Li W and Allen E. An Access Control Model for Secure Cluster-Computing Environments. Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 09.

    https://doi.org/10.1109/HICSS.2005.74

  • Fisler K, Krishnamurthi S, Meyerovich L and Tschantz M. Verification and change-impact analysis of access-control policies 27th International Conference on Software Engineering, 2005. ICSE 2005.. 10.1109/ICSE.2005.1553562. 1-59593-963-2. (196-205).

    http://ieeexplore.ieee.org/document/1553562/

  • Li N and Tripunitara M. Security analysis in role-based access control. Proceedings of the ninth ACM symposium on Access control models and technologies. (126-135).

    https://doi.org/10.1145/990036.990058

  • Schaad A and Moffett J. Separation, review and supervision controls in the context of a credit application process. Proceedings of the 2004 ACM symposium on Applied computing. (1380-1384).

    https://doi.org/10.1145/967900.968177

  • Belokosztolszki A, Moody K and Eyers D. (2004). A formal model for hierarchical policy contexts Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004.. 10.1109/POLICY.2004.1309159. 0-7695-2141-X. (127-136).

    http://ieeexplore.ieee.org/document/1309159/

  • Schaad A. An Extended Analysis of Delegating Obligations. Research Directions in Data and Applications Security XVIII. 10.1007/1-4020-8128-6_4. (49-64).

    http://link.springer.com/10.1007/1-4020-8128-6_4

  • Shin D, Ahn G, Cho S and Jin S. On modeling system-centric information for role engineering. Proceedings of the eighth ACM symposium on Access control models and technologies. (169-178).

    https://doi.org/10.1145/775412.775434

  • Kern A, Schaad A and Moffett J. An administration concept for the enterprise role-based access control model. Proceedings of the eighth ACM symposium on Access control models and technologies. (3-11).

    https://doi.org/10.1145/775412.775414

  • Chandramouli R. A policy validation framework for enterprise authorization specification 19th Annual Computer Security Applications Conference, 2003.. 10.1109/CSAC.2003.1254336. 0-7695-2041-3. (319-328).

    http://ieeexplore.ieee.org/document/1254336/

  • Han W, Chen G, Yin J and Dong J. (2017). Consistency maintenance for constraint in role-based access control model. Journal of Zhejiang University-SCIENCE A. 10.1631/BF03396456. 3:3. (292-297). Online publication date: 1-Jul-2002.

    https://link.springer.com/10.1631/BF03396456

  • Kern A, Kuhlmann M, Schaad A and Moffett J. Observations on the role life-cycle in the context of enterprise security management. Proceedings of the seventh ACM symposium on Access control models and technologies. (43-51).

    https://doi.org/10.1145/507711.507718

  • Schaad A and Moffett J. A lightweight approach to specification and analysis of role-based access control extensions. Proceedings of the seventh ACM symposium on Access control models and technologies. (13-22).

    https://doi.org/10.1145/507711.507714

  • Yihong Lu , Hantao Song , Yuanming Gong and Yunrong Liang . China official documents run system and its access control mechanism 7th International Conference on Computer Supported Cooperative Work in Design. 10.1109/CSCWD.2002.1047736. 85-285-0050-0. (490-497).

    http://ieeexplore.ieee.org/document/1047736/

  • Barletta M, Ranise S and Viganò L. (2001). A declarative two-level framework to specify and verify workflow and authorization policies in service-oriented architectures. Service Oriented Computing and Applications. 5:2. (105-137). Online publication date: 1-Jun-2001.

    https://doi.org/10.1007/s11761-010-0073-4

  • Schaad A. Detecting conflicts in a role-based delegation model Seventeenth Annual Computer Security Applications Conference. 10.1109/ACSAC.2001.991528. 0-7695-1405-7. (117-126).

    http://ieeexplore.ieee.org/document/991528/