[1]SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models[J]. IEEE Computer, 1996, 29(2): 38-47.[2]JOSHI J B D, BERTINO E, LATIF U, et al. A generalized temporal role-based access control model[J]. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(1): 4-23.[3]BREWER D F C, NASH M. The Chinese wall security policy [C]// Proceedings of the 1989 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 1989:206-214.[4]HOSMER H H.Using fuzzy logic to represent security policies in the multipolicy paradigm [J].ACM SIGSAC Reviews,1992,10(4):12-21.[5]TAKABI H, AMINI M. Separation of duty in role-based access control model through fuzzy relation[C]// IAS 2007: Proceedings of the Third International Symposium on Information Assurance and Security. Piscataway: IEEE, 2007:125-130.[6]NAWARATHNA U H G R D, KODITHUWAKKU S R. A fuzzy role based access control model for database security[C]// Proceedings of the 2005 International Conference on Information and Automation. Piscataway: IEEE, 2005:313-318.[7]MARTINEZ-GARCA C, NAVARRO-ARRIBAS G, BORRELL J. Fuzzy role-based access control[J]. Information Processing Letters, 2011,111(10):483-487.[8]窦文阳,王小明,张立臣. 普适环境下的动态模糊访问控制模型研究[J]. 计算机科学,2010, 37(9):63-67.[9]刘武,段海新,张洪,等. TRBAC:基于信任的访问控制模型[J]. 计算机研究与发展,2011, 48(8):1414-1420.[10]王艳辉,肖雪梅,贾利民. 互操作信任的模糊变权动态综合评价方法[J]. 计算机研究与发展,2012, 49(6):1235-1242.[11]CELIKEL E, KANTARCIOGLU M, THURAISINGHAN B, et al. Managing risks in RBAC employed distributed environments [C]// On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS, LNCS 4804. Berlin: Springer, 2007:1548-1566.[12]CELIKEL E, KANTARCIOGLU M, THURAIINGHAM B M, et al. A risk management approach to RBAC[J]. Risk and Decision Analysis, 2009, 1(2):21-33.[13]CHAPIN P, SKALKA C, WANG X S. Risk assessment in distributed authorization[C]// FMSE05: Proceedings of the 2005 ACM Workshop on Formal methods in Security Engineering. New York: ACM, 2005:33-42.[14]NISSANKE N, KHAYAT E J. Risk based security analysis of permissions in RBAC[C]// ICEIS 2004: Proceedings of the 2nd International Workshop on Security in Information Systems, Security in Information Systems. Porto, Portugal: INSTICC Press, 2004:332-341.[15]CHENG P C, ROHATGI P, WAGNER G M, et al. Fuzzy multi-level security: an experiment on quantified risk-adaptive access control[C]// SP07: Proceedings of the 2007IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2007:222-230.[16]NI Q, BERTINO E, LOBO J. Risk-based access control systems built on fuzzy inferences[C]// ASIACCS10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2010:250-260.[17]CHARI S, LOBO J, MOLLOY I. Practical risk aggregation in RBAC models[C]// SACMAT12: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. New York: ACM, 2012:117-118.[18]BARACALDO N, JOSHI J. A trust-and-risk aware RBAC framework: tackling insider threat[C]// SACMAT12: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. New York: ACM, 2012:167-176.[19]郭一凡,李腾,郭玉翠. P2P网络中基于随时间推移的风险值评估的信任管理模型[J]. 计算机应用,2012,32(9):2613-2616. |