Sun and the CERT recommend for secure Java development to not allow partially initialized objects to be accessed. The CERT considers the severity of the risks taken by not followin...
Laurent Hubert, Thomas P. Jensen, Vincent Monfort,...
Usage control is a generalization of access control that also addresses how data is used after it is released. We present a formal model for different mechanisms that can enforce ...
Alexander Pretschner, Manuel Hilty, David A. Basin...
We introduce the RT framework, a family of Rolebased Trust-management languages for representing policies and credentials in distributed authorization. RT combines the strengths o...
Ninghui Li, John C. Mitchell, William H. Winsborou...
The security of systems such as operating systems, hypervisors, and web browsers depend critically on reference monitors to correctly enforce their desired security policy in the ...
Jason Franklin, Sagar Chaki, Anupam Datta, Arvind ...
Access control software must be based on a security policy model. Flaws in them may come from a lack of precision or some incoherences in the policy model or from inconsistencies ...