CPSC 601.40: Syllabus and Reading List
$Id: ref.html,v 1.5 2018/01/15 18:27:37 pwlfong Exp $
Remarks:
Make sure you read the Remarks,
which tell you which part of a paper you should read, or provide
additional information regarding a paper.
Also, papers that
are marked Supplementary are optional
readings. They are listed for those who are
keen.
- Introduction
- David F. Ferraiolo, D. Richard Kuhn, and
Ramaswamy Chandramouli.
Role-Based Access Control (2nd Edition),
Chapters 1-2.
Artech House, 2007. The book is available electronically
from the University Library website.
- Modeling Access Control Systems
- Philip W. L. Fong.
Modelling an Access
Control System. This is an early draft of a chapter taken from my upcoming book
to be published by the Cambridge University Press. Please do not
distribute.
- Supplementary:
- G. Scott Graham and Peter J. Denning.
Protection: principles and practice.
In Proceedings of the
1972 AFIPS Spring Joint Computer Conference,
volume 40, pages 417-429, Atlantic City, New Jersey, USA, May 1972.
- Ninghui Li and Mahesh V. Tripunitara. On safety in discretionary access control.
In Proceedings of the 2005 IEEE Symposium on
Security and Privacy (S&P'05), pages 96-109,
Oakland, California, USA, May 2005.
- Remarks: Read only up to and
including Section 4.1. Read also the history behind the above paper, especially
the section entitled Towards raising the
level of rigorousness in access control research.
- The Harrison-Ruzzo-Ullman Model and Safety
Analysis
- Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman.
Protection in operating systems.
Communications of the ACM,
19(8):461-471, August 1976.
- Remarks: In case you are rusty in
Turing Machines and undecidability proofs,
consult Chapters 8 and 9 of Hopcroft, Motwani, and Ullman,
Introduction to Automata Theory, Languages, and
Computation, Addison Wesley, 2007.
- Remarks: In case you are rusty in
the theory of NP-completeness and reduction proofs,
consult Chapters 1-3 of Garey and Johnson,
Computers and Intractability, Freeman, 1979.
- Supplementary:
Mahesh V. Tripunitara and Ninghui Li.
The Foundational Work of Harrison-Ruzzo-Ullman
Revisited. IEEE Transactions on Dependable
and Secure Computing, 10(1), January 2013.
- Workflow Authorization
Models and Safety/Resiliency Analysis
- Qihua Wang and Ninghui Li.
Satisfiability and Resiliency in Workflow Authorization
Systems.
ACM Transactions on Information and System
Security, 13(4), December 2010.
- Remarks: In case you do not have
background in the polynomial hierarchy, consult Section 7.2 of
Garey and Johnson, Computers and
Intractability,
Freeman, 1979. If you want a more
technical treatment of the subject, consult
Chapter 5 of Arora and Barak, Computational
Complexity: A Modern Approach, Cambridge, 2009.
- Information Flow Control
- The Bell-La-Padula Model
- Noninterference
- Propositional Logic
- Attribute-Based
Access Control and Policy Analysis
- Vincent C. Hu, David ferraiolo, Rick Kuhn, Adam Schnitzer,
Kenneth Sandlin, Robert Miller, and Karen Scarfone.
Guide to Attribute Based Access Control (ABAC)
Definition and Considerations, NIST Special Publication
800-162, National Institute of Standards and Technology, January 2014.
- Glenn Bruns and Michael Huth.
Access Control via Belnap Logic: Intuitive, Expressive
and Analyzable Policy Composition.
ACM Transactions on Information and System
Security, 14(1), May 2011.
- Facebook-style Social Network
Systems
- Mohd Anwar, Zhen Zhao, and Philip W. L. Fong.
An
Access Control Model for Facebook-style
Social Network Systems.
Technical Report 2010-959-08, Department of
Computer Science, University of Calgary, Calgary,
Alberta, Canada, July 2010.
- Remarks:
An earlier version of the above paper was
published as: Philip W. L. Fong, Mohd Anwar and Zhen Zhao.
A Privacy Preservation Model for Facebook-Style
Social Network Systems.
In Proceedings of the 14th European
Symposium on Research In Computer Security (ESORICS'09),
volume 5789 of Lecture Notes in Computer Science,
pages 303-320,
Saint Malo, France, September 21-23, 2009. Springer.
- Philip W. L. Fong.
Preventing Sybil Attacks by Privilege Attenuation:
A Design Principle for Social Network Systems.
In Proceedings of the 2011 IEEE Symposium on
Security and Privacy (S&P'11),
pages 263-278, Oakland, California, USA, May 22-25,
2011.
- Modal Logic
- Relationship-Based Access
Control
- Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and
Charles E. Youman.
Role-based access control models.
IEEE Computer,
19(2):38-47, February 1996.
- Philip W. L. Fong.
Relationship-Based
Access Control: Protection Model and Policy
Language.
In Proceedings of the First ACM Conference on Data
and Application Security and Privacy (CODASPY'11),
San Antonio, Taxas, USA, February 21-23, 2011.
- Glenn Bruns, Philip W. L. Fong, Ida Siahaan,
and Michael Huth.
Relationship-Based Access Control:
Its Expression and Enforcement Through Hybrid
Logic.
In Proceedings of the 2nd ACM
Conference on Data and Application Security and
Privacy (CODASPY'2012),
San Antonio, TX, USA, February 7-9, 2012.
- Temporal Logic
- History-Based Access Control and
Policy Characterization
- Fred B. Schneider.
Enforceable security policies.
ACM Transactions on Information and System Security,
3(1):30-50, February 2000.
- Supplementary:
B. Alpern and F. B. Schneider.
Defining liveness.
Information Processing Letters,
21(4):181-185, October 1985.
- Edward Chang, Zohar Manna, and Amir Pnueli.
The Safety-Progress Classification.
Logic and Algebra of Specification, pages 143-202,
volume 94 of NATO ASI Series, Springer, 1993.
pages
- Model Checking
- History-Based Access Control and Reputation
Systems
$Id: ref.html,v 1.5 2018/01/15 18:27:37 pwlfong Exp $