Reading List
As part of this doctoral seminar, we will create a comprehensive reading list . From the list, we will select better ones for review/presentation and discussion in class. The reading lists will contain papers related to trust, access control, as well as intrusion/survivability management. Based on the number of students and interest, we may narrow down to only few topics. The students are welcome to suggest new additions.
All the papers should be available online.
Introductory Reading
J. B. D. Joshi, Arif Ghafoor, Walid Aref, and Eugene H. Spafford, "Digital Government Security Infrastructure Design Challenges", IEEE Computer, Vol. 34, No. 2, February 2001, pp. 66-72.
Bertino, E. and Sandhu, R. Database Security-Concepts, Approaches, and Challenges. Dependable and Secure Computing, IEEE Transactions on, 2 (1). 2-19.
T. Grandison, M. Sloman, “A Survey of Trust in Internet Applications,” IEEE Communications Surveys. Fourth Quarter 2000.
Manchala, D.W. E-commerce trust metrics and models. Internet Computing, IEEE, 4 (2). 36-44.
Sandhu et al. “Role Based Access Control Models,” IEEE Computer, 1996
Access Control in Distributed Systems (Role Based Access Control)
D. Ferraiolo, R. Sandhu, S. Gavrila, R. Kuhn, and R. Chandramouli, “The NIST Model for Role-Based Access Control: Towards a Unified Standard,” ACM Transactions on Information and System Security, Vol 4, Issue 3, August 2001, pp. 224-274.
Ahn, G. and Sandhu, R. Role-Based Authorization Constraints Specification. ACM Transactions on Information and System Security, 3 (4).
Joshi, J. B. D., Bertino, E., Latif, U., and Ghafoor, A., "A Generalized Temporal Role-Based Access Control Model," , IEEE Transactions on Knowledge and Data Engineering, vol. 17, pp. 4-23, 2005.
J. B. D. Joshi, R. Bhatti, E. Bertino, and A. Ghafoor, “X-RBAC - An Access Control Language for Multidomain Environments”, Submitted to IEEE Internet Computing.
Joshi, J. B. D., Bertino, E., and Ghafoor, A., "Analysis of Expressiveness and Design Issues for a Temporal Role Based Access Control Model," IEEE Transactions on Dependable and Secure Computing, pp. Vol 2, No 2, 157-175, April-June 2005.
S. L. Osborn, R. Sandhu, and Q. Munawer, “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies,” ACM Transactions on Information and System Security, Vol. 3, No. 2, February 2000, pp. 85-106.
Gong, L. and Qian, X. Computational Issues in Secure Interoperation. IEEE Transaction on Software and Engineering, 22 (1).
Piero Bonatti, Sabrina De Capitani di Vimercati, Pierangela Samarati. An algebra for composing access control policies. ACM Transactions on Information and System Security (TISSEC), Volume 5 , Issue 1 (February 2002) Pages: 1 – 35.
Shafiq, B., Joshi, J. B. D., Bertino, E., and Ghafoor, A., "Secure Interoperation in a Multi-Domain Environment Employing RBAC Policies," IEEE Transactions on Knowledge and Data Engineering (accepted), 2005.
Jaehong Park, Ravi Sandhu, The UCONABC usage control model, ACM Transactions on Information and System Security (TISSEC) Volume 7 , Issue 1 (February 2004) Pages: 128 – 174.
M. Abadi, M. Burrows, B. W. Lampson, and G. Plotkin, “A Calculus for Access Control in Distributed Systems”, ACM Transactions on Programming Languages and Systems, Vol. 15, No. 4, September 1993, pp. 706-734.
J. B. D. Joshi, K. Li, H. Fahmi, B. Shafiq, and A. Ghafoor, “A Model for Secure Multimedia Document Database System in a Distributed Environment,” IEEE Transactions on Multimedia: Special issue on Multimedia Databases, Vol. 4, No. 2, June, 2002.pp. 215-234.
Corradi, A., Montanari, R. and Tibaldi, D., Context-based Access Control in Ubiquitous Environments. in Third IEEE International Symposium on Network Computing and Applications (NCA 2004), (2004), 253 - 260.
Steve Barker, Peter J. Stuckey, Flexible access control policy specification with constraint logic programming, ACM Transactions on Information and System Security (TISSEC), Volume 6 , Issue 4 (November 2003)Pages: 501 – 546.
Trent Jaeger, Xiaolan Zhang, Fidel Cacheda, Policy management using access control spaces. ACM Transactions on Information and System Security (TISSEC), Volume 6 , Issue 3 (August 2003) Pages: 327 – 364
Longhua Zhang, Gail-Joon Ahn, Bei-Tseng Chu, A rule-based framework for role-based delegation and revocation ACM Transactions on Information and System Security (TISSEC), Volume 6 , Issue 3 (August 2003) Pages: 404 – 441
Ninghui Li, Benjamin N. Grosof, Joan Feigenbaum, Delegation logic: A logic-based approach to distributed authorization, ACM Transactions on Information and System Security (TISSEC) Volume 6 , Issue 1 (February 2003) Pages: 128 - 171
Trust [includes P2P]
Au, R., Looi, M. and Ashley, P. Automated cross-organizational trust establishment on extranets. in Proceedings of the workshop on Information technology for virtual enterprises, IEEE Computer Society, Queensland, Australia, 2001, 3-11.
Bertino, E., Ferrari, E. and Squicciarini, A.C. Trust-X: a peer-to-peer framework for trust establishment. Knowledge and Data Engineering, IEEE Transactions on, 16 (7). 827-842.
Damiani, E., Vimercati, S.d.C.d., Paraboschi, S., Samarati, P. and Violante, F., A Reputation-based Approach for Choosing Reliable Resources in Peer-to-Peer Networks. in CCS'02, (Washington DC, USA, 2002).
Khedr, M. and Karmouch, A. Negotiating Context Information in Context-Aware Systems. IEEE Intelligent Systems, 19 (6). 21-29.
Lin, C., Varadharajan, V., Wang, Y. and Pruthi, V., Enhancing grid security with trust management. in Services Computing, 2004. (SCC 2004). Proceedings. 2004 IEEE International Conference on, (2004), 303-310.
Mengshu, H., Xianliang, L., Xu, Z. and Chuan, Z. A trust model of p2p system based on confirmation theory. SIGOPS Oper. Syst. Rev., 39 (1). 56-62.
Au, R., Looi, M. and Ashley, P. Automated cross-organisational trust establishment on extranets. in Proceedings of the workshop on Information technology for virtual enterprises, IEEE Computer Society, Queensland, Australia, 2001, 3-11.
Ting Yu; Winslett, M.; A unified scheme for resource protection in automated trust negotiation. Security and Privacy, 2003. Proceedings. 2003 Symposium on 11-14 May 2003 Page(s):110 - 122
Kagal, L.; Finin, T.; Joshi, A.; Trust-based security in pervasive computing environments. IEEE Computer Volume 34, Issue 12, Dec. 2001 Page(s):154 – 157
Seamons, K.E.; Winslett, M.; Ting Yu; Chan, T.; Child, E.; Halcrow, M.; Hess, A.; Holt, J.; Jacobson, J.; Jarvis, R.; Smith, B.; Sundelin, T.; Lina Yu; Trust Negotiation in Dynamic Coalitions. DARPA Information Survivability Conference and Exposition, 2003. Proceedings, Volume 2, 22-24 April 2003 Page(s):240 - 245 vol.2
Huu Tran; Hitchens, M.; Varadharajan, V.; Watters, P.; A Trust based Access Control Framework for P2P File-Sharing Systems. System Sciences, 2005. HICSS '05. Proceedings of the 38th Annual Hawaii International Conference on 03-06 Jan. 2005 Page(s):302c - 302c
Hua Wang; Yanchun Zhang; Jinli Cao; Varadharajan, V.; Achieving secure and flexible M-services through tickets. Systems, Man and Cybernetics, Part A, IEEE Transactions on, Volume 33, Issue 6, Nov. 2003 Page(s):697 – 708
Gummadi, A.; Yoon, J.P.; Modeling group trust for peer-to-peer access control. Database and Expert Systems Applications, 2004. Proceedings. 15th International Workshop on 30 Aug.-3 Sept. 2004 Page(s):971 – 978
Seamons, K.E.; Chan, T.; Child, E.; Halcrow, M.; Hess, A.; Holt, J.; Jacobson, J.; Jarvis, R.; Patty, A.; Smith, B.; Sundelin, T.; Lina Yu; TrustBuilder: negotiating trust in dynamic coalitions. DARPA Information Survivability Conference and Exposition, 2003. Proceedings, Volume 2, 22-24 April 2003 Page(s):49 - 51 vol.2
Adam Hess, Jason Holt, Jared Jacobson, Kent E. Seamons, Content-triggered trust negotiation, Pages: 428 – 456.
Khambatti, M.; Partha Dasgupta; Ryu, K.D.; A role-based trust model for peer-to-peer communities and dynamic coalitions Information Assurance Workshop, 2004. Proceedings. Second IEEE International. 2004 Page(s):141 - 154
Song Ye; Makedon, F.; Ford, J.; Collaborative automated trust negotiation in peer-to-peer systems. Peer-to-Peer Computing, 2004. Proceedings. Proceedings. Fourth International Conference on 25-27 Aug. 2004 Page(s):108 - 115
Bearly, T.; Vijay Kumar; Expanding trust beyond reputation in peer-to-peer systems. Database and Expert Systems Applications, 2004. Proceedings. 15th International Workshop on. 30 Aug.-3 Sept. 2004 Page(s):966 – 970
Aameek Singh; Ling Liu; TrustMe: anonymous management of trust relationships in decentralized P2P systems. Peer-to-Peer Computing, 2003. (P2P 2003). Proceedings. Third International Conference on. 1-3 Sept. 2003 Page(s):142 – 149.
Wierzbicki, A.; Strzelecki, R.; Swierezewski, D.; Znojek, M.; Rhubarb: a tool for developing scalable and secure peer-to-peer applications. Peer-to-Peer Computing, 2002. (P2P 2002). Proceedings. Second International Conference on 5-7 Sept. 2002 Page(s):144 – 151
Kangasharju, J.; Ross, K.W.; Turner, D.A.; Secure and resilient peer-to-peer e-mail design and implementation. Peer-to-Peer Computing, 2003. (P2P 2003). Proceedings. Third International Conference on 1-3 Sept. 2003 Page(s):184 – 191.
Skogsrud, H.; Benatallah, B.; Casati, F.; Model-driven trust negotiation for Web services.Internet Computing, IEEE. Volume 7, Issue 6, Nov.-Dec. 2003 Page(s):45 – 52
Security in Workflow Systems, Service Oriented Architectures
Xu Wei; Wei Jun; Liu Yu; Li Jing; SOWAC: a service-oriented workflow access control model. Computer Software and Applications Conference, 2004. COMPSAC 2004. Proceedings of the 28th Annual International.2004 Page(s):128 - 134 vol.1
Bartoletti, M.; Degano, P.; Ferrari, G.L.; Enforcing Secure Service Composition. Computer Security Foundations, 2005. CSFW-18 2005. 18th IEEE Workshop. 20-22 June 2005 Page(s):211 – 223.
Maamar, Z.; Mostefaoui, S.K.; Yahyaoui, H.; Toward an agent-based and context-oriented approach for Web services composition. Knowledge and Data Engineering, IEEE Transactions on. Volume 17, Issue 5, May 2005 Page(s):686 – 697
(More to come on SOA)
N. R. Adam, V. Atluri, W-K. Huang, “Modeling and Analysis of Workflows Using Petri Nets,” Journal of Intelligent Information Systems, Special Issue on Workflow and Process Management, Vol. 10, No. 2, March 1998.
Dong, X., Chen, G., Yin, J. and Dong, J., Petri-net-based Context-related Access Control in Workflow Environment. in 16’th Annual Conference on Computer Security Application, (2002).
V. Atluri and W-K. Huang, “An Authorization Model for Workflows”, Proceedings of the Fifth European Symposium on Research in Computer Security, Rome, Italy, and Lecture Notes in Computer Science, No. 1146, Springer-Verlag, September, 96, pp. 44-64.
E. Bertino, E. Ferrari, and V. Atluri, “The Specification and Enforcement of Authorization Constraints in Workflow Management Systems”, ACM Transactions on Information and System Security, Vol. 2, No. 1, February 1999, pp. 65-104.
S. Kandala, R. Sandhu, “Secure Role-Based Workflow Models”, Database Security XV: Status and Prospects, Kluwer 2002.
Altintas, I., Berkley, C., Jaeger, E., Jones, M., Ludaescher, B. and Mock, S., Keplar: Towards a Grid-Enabled System for Scientific Workflows. in Workflow in Grid Systems Workshop in GGF10, (Berlin, Germany, 2004).
Blythe, J., Deelman, E. and Gil, Y. Automatically composed workflows for grid environments. Intelligent Systems, IEEE [see also IEEE Expert], 19 (4). 16-23.
Botha, R.A. and Eloff, J.H.P. Access Control in Document-centric Workflow Systems – An Agent-based Approach. Computers & Security, 20 (6). 525 – 532.
Botha, R.A. and Eloff, J.H.P. A Framework for Access Control in Workflow Systems. Information Management and Computer Security, 9 (3).
Bourbonais, S., Gogate, V.M., Haas, L.M., Horman, R.W., Malaika, S., Narang, I. and Raman, V. Towards an Information Infrastructure for the Grid. IBM Systems Journal, 43 (4).
Crampton, J. A reference monitor for workflow systems with constrained task execution. in Proceedings of the tenth ACM symposium on Access control models and technologies, ACM Press, Stockholm, Sweden, 2005, 38-47.
Gudes, E., Olivier, M.S. and Riet, R.P.v.d. Modelling, Specifying and Implementing Workflow Security in Cyberspace. Journal of Computer Security, 7 (4). 287-315.
Narendra, N.C. Design of an Integrated Role-Based Access Control Infrastructure for Adaptive Workflow Systems. Journal of Computing and Information Technology, 11 (4).
Security for Grid Systems
Ian Foster , Carl Kesselman , Gene Tsudik , Steven Tuecke, "A security architecture for computational grids", Proceedings of the 5th ACM conference on Computer and communications security , November 1998.
Altintas, I., Berkley, C., Jaeger, E., Jones, M., Ludaescher, B. and Mock, S., Keplar: Towards a Grid-Enabled System for Scientific Workflows. in Workflow in Grid Systems Workshop in GGF10, (Berlin, Germany, 2004).
Azzedin, F. and Maheswaran, M., Towards Trust-Aware Resource Mangement. in 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGrid'02), (2002).
Butt, A.R.; Adabala, S.; Kapadia, N.H.; Figueiredo, R.; Fortes, J.A.B. "Fine-grain access control for securing shared resources in computational grids", Parallel and Distributed Processing Symposium., Proceedings International, IPDPS 2002, Abstracts and CD-ROM , 2002, Page(s): 206 -213.
Cornwall, L.A., Jensen, J., Kelsey, D.P., Frohner, Á., Kouil, D., Bonnassieux, F., Nicoud, S., Lrentey, K., Hahkala, J., Silander, M., Cecchini, R., Ciaschini, V., dellAgnello, L., Spataro, F., OCallaghan, D., Mulmo, O., Volpato, G.L., Groep, D., Steenbakkers, M. and McNab, A. Authentication and Authorization Mechanisms for Multi-Domain Grid Environments. Journal of Grid Computing, 22 (4). 301 - 311.
Detsch, A., Gaspary, L.P., Barcellos, M.P. and Cavalheiro, G.G.H. Towards a flexible security framework for peer-to-peer based grid computing. in Proceedings of the 2nd workshop on Middleware for grid computing, ACM Press, Toronto, Ontario, Canada, 2004, 52-56.
Dumitrescu, C. and Foster, I., Usage policy-based CPU sharing in virtual organizations. in Grid Computing, 2004. Proceedings. Fifth IEEE/ACM International Workshop on, (2004), 53-60.
Lorch, M. and Kafura, D., Supporting Secure Ad-hoc User Collaboration in Grid Environments. in 3rd Int. Workshop on Grid Computing, (Baltimore, 2002), 181 - 193.
Erwin, D.W. and Snelling, D.F. UNICORE: A Grid Computing Environment. in, 2001.
Feigenbaum, J., Freedman, M.J., Sander, T. and Shostack, A. Privacy engineering for digital rights management systems, 2001.
Access Control + Privacy
Damiani, E., Vimercati, S.D.C.d., Fugazza, C. and Samarati, P., Semantics-Aware Privacy and Access Control. in 1st Italian Semantic Web Workshop, (2004).
Kagal, L., Paolucci, M., Srinivasan, N., Denker, G., Finin, T. and Sycara, K. Authorization and Privacy for Semantic Web Services. IEEE Intelligent Systems, 19 (4). 50-56.
Mavridis, I., Pangalos, G., Khair, M. and Bozios, L., Defining Access Control Mechanisms for Privacy Protection in Distributed Medical Databases. in IFIP Working Conference on User Identification and Privacy Protection, (Stockholm, Sweden, 1999).
Ackerman, M. S., Cranor, L. F., & Reagle, J. (1999). Privacy in e-commerce: examining user scenarios and privacy preferences. Proceedings of the first ACM conference on Electronic commerce. 1-8.
Adams, A., & Sasse, M. A. (1999). Taming the Wolf in Sheep’s Clothing: Privacy in Multimedia Communications. ACM Multimedia 99. 101-106.
Agrawal, R. & Srikant, R. (2000). Privacy preserving data mining, Conference on Management of Data in ACM SIGMOD, Dallas, TX, 2000, pp. 439–450.
Berthold, O. & Kohntopp, M. (2000). Identity Management Based On P3P. Workshop on Design Issues in Anonymity and Unobservability.
Borking, J. J.. (2001). Laws, PETS and other Technologies for Privacy Protection. Journal of Information, Law and Technology.
Byun, J.-W., Bertino, E. & Li, N. (2005). Purpose Based Access Control of Complex Data for Privacy Protection. CERIAS Tech Report 2005-12.
He, Q. (2003). Privacy Enforcement with an Extended Role-Based Access Control Model, North Carolina State University, Raleigh.
Mont, M. C., Pearson, S. & Bramhall, P. (2003). Towards accountable management of identity and privacy: sticky policies and enforceable tracing services. 14th International Workshop on Database and Expert Systems Applications.
Thuraisingham, B. (2003). Data mining, national security, privacy and civil liberties. ACM SIGKDD.
Peer to Peer Systems
Einhorn, M.A. and Rosenblatt, B. Peer-to-Peer Networking and digital rights managmeent: How market tools can solve copyright problems. Policy Analysis (534).
Fenkam, P.; Dustdar, S.; Kirda, E.; Reif, G.; Gall, H.; Towards an access control system for mobile peer-to-peer collaborative environments. Enabling Technologies: Infrastructure for Collaborative Enterprises, 2002. WET ICE 2002. Proceedings. Eleventh IEEE International Workshops on 10-12 June 2002 Page(s):95 - 100
Ravi Sandhu, Xinwen Zhang, Access management for distributed systems: Peer-to-peer access control architecture using trusted computing technology. Proceedings of the tenth ACM symposium on Access control models and technologies. June 2005
Dailey Paulson, L.; P2P hacker tool poses escalating threat, IEEE Computer, Volume 37, Issue 5, May 2004 Page(s):22 – 23.
Li Xiong; Ling Liu; PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities. Knowledge and Data Engineering, IEEE Transactions on. Volume 16, Issue 7, July 2004 Page(s):843 – 857.
Talia, D.; Trunflo, P.; Toward a synergy between P2P and grids. Internet Computing, IEEE. Volume 7, Issue 4, July-Aug. 2003 Page(s):96, 94 - 95
Bin Yu; Singh, M.P.; Sycara, K.; Developing trust in large-scale peer-to-peer systems. Multi-Agent Security and Survivability, 2004 IEEE First Symposium on. 30-31 Aug. 2004 Page(s):1 – 10.
Locasto, M.E.; Parekh, J.J.; Keromytis, A.D.; Stolfo, S.J.; Towards collaborative security and P2P intrusion detection. Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. Proceedings from the Sixth Annual IEEE. 15-17 June 2005 Page(s):333 - 339
Zhengqiang Liang; Weisong Shi; PET: A PErsonalized Trust Model with Reputation and Risk Evaluation for P2P Resource Sharing System Sciences, 2005. HICSS '05. Proceedings of the 38th Annual Hawaii International Conference on. 03-06 Jan. 2005 Page(s):201b - 201b.
Wang, Y.; Vassileva, J.; Trust and reputation model in peer-to-peer networks. Peer-to-Peer Computing, 2003. (P2P 2003). Proceedings. Third International Conference on. 1-3 Sept. 2003 Page(s):150 - 157
Survivability and Intrusion Management
R. J. Ellison, D. A. Fisher, R. C. Linger, H. F. Lipson, T. Longstaff, N. R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013 Software Engineering Institute, Carnegie Mellon University, November, 1997.
S. Jajodia, P. Liu, and C. D. McCollum, “Application-level Isolation to Cope with Malicious Database Users,” in Proc. ACSAC’98, pp. 73 – 82.
C. E. Landwehr, A. R. Bull, J. P. McDermott, W. S. Choi, "A Taxonomy of Computer Program Security Flaws, with Examples," ACM Computing Surveys, Vol. 26, No. 3, Sept. 1994, pp. 211-254.
U. Lindqvist, E. Jonsson, “How to Systematically Classify Computer Security Intrusions,” Proceedings of the 1997 Symposium on Security and Privacy, pages 154-163, Oakland, California, USA, May 4-7, 1997.
V.C.S. Lee, J. A. Stankovic, and S.H. Son, “Intrusion Detection in Real-time Database Systems via Time Signatures,” Sixth IEEE Symposium on Real-Time Technology and Applications Symposium, RTAS 2000, pp. 124 – 133.
P. Liu, “Architectures for Intrusion Tolerant Database Systems,” in Proc. ACSAC ’02, 9-13 Dec. 2002, pp. 311 – 320.
P. Luenam, P. Liu, “The Design of an Adaptive Intrusion Tolerant Database System” Foundations of Intrusion Tolerant Systems, 2003, pp.14 – 21.
P. Liu, “Architectures for Intrusion Tolerant Database Systems” Foundations of Intrusion Tolerant Systems, 2003, pp. 3 – 13.
P. Liu; “DAIS: a Real-time Data Attack Isolation System for Commercial Database Applications” in Proc. ACSAC ‘01, pp. 219 – 229.
P. Liu, and S. Jajodia, “Multi-phase Damage Confinement in Database Systems for Intrusion Tolerance” in Proc. of IEEE Workshop on Computer Security Foundations, 11-13 June 2001, pp. 191 – 205.
S. J. Stolfo, W. Fan, W. Lee. A. Prodromidis, and P. K. Chan, “Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project” in Proc. DISCEX '00, Vol. 2 , pp. 130 - 144 vol.2.
B. M. Thuraisingham, J.A. Maurer; “Information survivability for evolvable and adaptable real-time command and control systems,” Knowledge and Data Engineering, IEEE Transactions on, Volume: 11, Issue: 1 , Jan.-Feb. 1999, Pages: 228 – 238.
S. S. Yau and J. Zhu, “Intrusion Ripple Analysis in Distributed Information Systems”, in Proc. of the Sixth IEEE Computer Society Workshop on Future Trends of Distributed Computing Systems, 29-31 Oct. 1997, pp. 28 – 33.
Peng Ning , Sushil Jajodia , Xiaoyang Sean Wang, "Abstraction-based intrusion detection in distributed environments", ACM Transactions on Information and System Security (TISSEC) Volume 4 Issue 4, November 2001.
Klaus Julisch, Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security (TISSEC), Volume 6 , Issue 4 (November 2003) Pages: 443 – 471.
Suresh N. Chari, Pau-Chen Cheng, BlueBoX: A policy-driven, host-based intrusion detection system, ACM Transactions on Information and System Security (TISSEC). Volume 6 , Issue 2 (May 2003) Pages: 173 – 200
Peng Ning, Sushil Jajodia, Xiaoyang Sean Wang. Abstraction-based intrusion detection in distributed environments. ACM Transactions on Information and System Security (TISSEC) Volume 4 , Issue 4 (November 2001) Pages: 407 – 452
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory, ACM Transactions on Information and System Security (TISSEC), Volume 3 , Issue 4 (November 2000), Pages: 262 - 294