Databases Reference
In-Depth Information
the implementation. However, as more and more enterprises recognize the
need for security solutions to protect their data, many problems remain. For
example, how to integrate the security functions into the existing systems
eciently and inexpensively, and how to verify the relationships between the
security requirements and the implementations.
References
1. D. Jackson. Alloy: A Lightweight Object Modelling Notation.
ACM Transaction
on Software Engineering and Methodology
, Vol. 11(2), pp. 256-290, 2002.
2. P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter: Enterprise Privacy
Authorization Language (EPAL 1.1) Specification. IBM Research Report, 2003.
Available at
http://www.zurich.ibm.com/security/enterprise-privacy/epal
.
3. G. Brose, M. Koch, and K.-P. Lohr: Integrating Access Control Design into the
Software Development Process. In
Proceeding of the 6th International Conference
on Integrated Design and Process Technology
(IDPT), 2002.
4. A. Brown, S. Johnston, and K. Kelly: Using service-oriented architecture and
component-based development to build Web service applications. Rational Soft-
ware White Paper. Available at
http://www-128.ibm.com/developerworks/
rational/library/content/03July/2000/2169/2169.pdf
.
5. A. Dardenne, A. van Lamsweerde, and S. Fickas: Goal-directed Requirements
Acquisition.
Science of Computer Programming
, Vol. 20(1-2), pp. 3-50, 1993.
6. A. Fuxman, R. Kazhamiakin, M. Pistore, and M. Roveri:
Formal Tropos: lan-
guages and semantics
. University of Trento and IRST, Trento, Italy, 2003.
7. J.V. Guttag and J.J. Horning, with S.J. Garland, K.D. Jones, A. Modet, and
J.M. Wing. Larch:
Languages and Tools for Formal Specification
. Springer-Verlag,
1993.
8. J. Jurjens: Towards Development of Secure Systems using UMLsec. In
Proceedings
of Fundamental Approaches to Software Engineering, 4th Internacional Confer-
ence
, pp. 187-200, 2001.
9. M. Kudo and S. Hada: XML Document Security based on Provisional Autho-
rization.
7th ACM Conference on Computer and Communications Security
, pp.
87-96, 2000.
10. OASIS eXtensible Access Control Markup Language (XACML). OASIS (2002).
11. S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian: Flexible Support
for Multiple Access Control Policies.
ACM Transactions on Database Systems
,
Vol. 26(2), pp. 214-260, 2001.
12. S. Jajodia, P. Samarati, and V.S. Subrahmanian: A Logical Language for Ex-
pressing Authorizations. In
Proceedings of 1997 IEEE Symposium on Security
and Privacy
, pp. 31-42, 1997.
13. S.
Johnston:
Modeling
security
concerns
in
service-oriented
archi-
tectures.
Rational
Software
White
Paper.
Available
at
http://www-
128.ibm.com/developerworks/rational/library/4860.html
. (2004)
14. T. Lodderstedt, D. Basin, and J.Doser: SecureUML: A UML-Based Modeling
Language for Model-Driven Security. In
5th International conference on The Uni-
fied Modeling Language
, pp. 426-441, 2000.
15. The
Platform
for
Privacy
Preferences
1.1
(P3P
1.1).
Available
at
http://www.w3.org/TR/2006/NOTE-P3P11-20061113/
.
