Papers should be available from Pitt domain.
Assigned Papers
- James B. D. Joshi, Walid G. Aref, Arif Ghafoor
and Eugene H. Spafford, "Security models for web-based applications",
Communications of the ACM , 44, 2 (Feb. 2001), Page 38-44. (PDF
version).
- Ravi S. Sandhu, Pierangela Samarati, “Access Control: Principles
and Practice”, IEEE Communications Magazine, September 1994. (PDF
version)
- Bhavani M. Thuraisingham, Chris Clifton, Amar Gupta, Elisa Bertino,
Elena Ferrari, “Directions for Web and E-Commerce Applications Security,”
WETICE 2001: 200-204 (PDF
Version)
- James Joshi, Arif Ghafoor, Walid G. Aref, Eugene H. Spafford: Digital
Government Security Infrastructure Design Challenges. IEEE Computer 34(2):
66-72 (2001) (PDF
Version)
Optional Readings
- Michael A. Harrison, Walter L. Ruzzo and Jeffrey D. Ullman, "Protection
in Operating Systems", Communications of the ACM, Vol 19, No 8, August 1976.
(pdf)
- Dorothy E. Denning and Peter J. Denning, "Data Security", Computing
Surveys, Vol 11, No. 3, September, 1979 (pdf)
- Carl, E. Landwehr, "Formal Models for Computer Security," Computing
Surveys, Vol 13, No 3, September, 1981 (pdf)
- Ravindrapal Singh Sandhu, "The Schematic Protection Model: Its Definition
and Analysis for Acyclic Attenuating Schemes," Journal of Association of Computing
Machinery, Vol 35, No. 2, April 1988, pp 404-432. (pdf).
- David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn,
Ramaswamy Chandramouli, "Proposed NIST Standard for Role-based Access Control,"
ACM Transactions on Information and Systems Security, Vol. 4, Issue 3, August
2001 (pdf).
- S. Osborn, R. Sandhu, Q. Munawer, “Configuring Role-Based Access
Control to Enforce Mandatory and Discretionary Access Control Policies”,
ACM Transaction on Information and System Security, May 2000. (PDF
version)