|
[1] N. R. Adam, Y. Yesha, Electronic Commerce: Current Research Issues and Applications, Springer, (1996). [2] P. E. Ammann & R. Sandhu, “Implementing Transaction Control Expressions by Checking for Absence of Access Rights,” Proc. of 8th Annual Computer Security Applications Conf., San Antonio, TX, (Dec. 1992), pp.131-140. [3] J. Barkley, Comparing Simple Role Based Access Control Models: Features and Motivations, National Institute of Standards and Technology, (August 1997). [4] J.F. Barkley, A.V. Cincotta, D.F. Ferraiolo, S. Gavrilla, and D.R. Kuhn, Role Based Access Control for the World Wide Web, National Institute of Standards and Technology, (April 8 1997). [5] G. Bleumer, Offline Personal Credentials, AT&T Labs-Research, (April 1998). [6] M. Branchaud, A Survey of Public-Key Infrastructures, Master Thesis, Department of Computer Science, McGill University, Montreal, (March 1997). [7] C. E. Brown, Internal Control Concepts, (http://www.bus.orst.edu/faculty/brownc/lectures/controls/control1.htm ) [8] W.E.Burr, Public Key Infrastructure (PKI) Technical Specifications (Version 3): Part C─Concepts of Operations, NIST-TWG-97-59, Working Draft, (June 1998). [9] D.F. Ferraiolo, J.F. Barkley, and D.R. Kuhn, “A Role Based Access Control Model and Reference Implementation within a Corporate Intranet,” ACM Transactions on Information Systems Security, 1 (2), (February 1999). [10] D. Ferraiolo, J. Cugini, and D.R. Kuhn, “Role Based Access Control: Features and Motivations,” Proc. of Annual Computer Security Applications Conference, IEEE Computer Society Press, (1995). [11] A. Fischer, “Electronic Document Authorization,” Message Handling Systems and Application Layer Communication Protocols: Proceedings of the IFIP WG6.5 International Symposium, Zurich, (October 1990). [12] W. Ford, “Public-Key Infrastructure Interoperation,” IEEE Aerospace Conference, (1998). [13] C. Goh, A. Baldwin, “Towards a more Complete Model of Role,” 3rd ACM Workshop on Role-Based Access Control, (1998) [14] L.Harn, H.-Y. Lin, “Integration of user authentication and access control,” IEE PROCEEDINGS-E, 139 (2), (March 1992). [15] R.J. Hayton, J.M.Bacon, K. Moody, “Access Control in an Open Distributed Environment,” IEEE Symposium on Security and Privacy, (1998). [16] Y.-K. Hsu, “An Intranet Security Framework Based on Short-Lived Certificates,” IEEE Internet Computing, (March-April 1998), pp.73-79. [17] Y.-K. Hsu, “Development of an Intranet Security Infrastructure and Its Application,” Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, (1998), pp.334-339. [18] ITU-T Recommendation X.509 (ISO/IEC 9594-8), Information Technology─Open Systems Interconnection─The Directory: Authentication Framework, (June 1997). [19] ITU-T Recommendation X.812 (ISO/IEC 10181-3), Information Technology─Open Systems Interconnection─Security Framework For Open System : Access Control Framework, (1996). [20] W. Johnston, S. Mudumbai, and M. Thompson, “Authorization and Attribute Certificates for Widely Distributed Access Control,” Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, (1998), pp.340-345. [21] V.E. Jones, N. Ching, M. Winslett, “Credentials for Privacy and Interoperation, “ New Security Paradigms Workshop, (1995), pp.92-100. ' [22] R. Kalakota, A.B. Whinston, Frontiers of Electronic Commerce, Addison-Wesley Publishing Company Inc., (1996). [23] C. King, “Building a Corporate Public Key Infrastructure,” Computer Security Journal, 8 (2), (1997), pp.13-24. [24] A. Kini and J. Choobineh, “Trust in Electronic Commerce: Definition and Theoretical Considerations,” Proc. 31st Annual Hawaii International Conference on System Science, (1998), 51-61. [25] W. Kou, Networking Security and Standards, Kluwer Academic Publishers, (1997). [26] L.G. Lawrence, “The Role of Roles,” Computers and Security, 12 (1), 1993. [27] P. Lin, L. Lin, “Security in Enterprise Networking: A Quick Tour,” IEEE Communications Magazine, (January 1996), pp.56-61. [28] K. Lindup, “The Role of Information Security in Corporate Governance,” Computer & Security, 15, (1996), pp.477-485. [29] L. Lo’pez, J. Carracedo, “Hierarchical Organization of Certification Authorities for Secure Environments,” Proceedings of the 1997 Symposium on Network and Distributed System Security, (1997), pp.112-121. [30] J. G. Maley, “Enterprise Security Infrastructure,” Proceedings of the 5th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprise, (1996), pp.92-99. [31] M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol─OCSP, PKIX Working Group, http://www.edvz.univie.ac.at/netinfo/internet-drafts/draft-ietf-pkiz-ocsp-05.txt, (August 1998). [32] B. C. Neuman, “Proxy-Based Authentication and Accounting for Distributed Systems,” Proceedings of the 13th International Conference on Distributed Computing Systems, Pittsburgh, (May 1993). [33] T.A.Parker, A Secure European System for Applications in a Multi-vendor Environment (The SESAME Project), Associated Services Division, ICL, http://www.engarde.com/~mcn/sunrise/sesame.html, (26th March 1992). [34] R. L. Rivest, B. Lampson, SDSI─A Simple Distributed Security Infrastructure, (Sep. 15 1996). (http://theory.lcs.mit.edu/~rivest/sdsi10.html) [35] S. Russell, “paradigms for Verification of Authorization at Source of Electronic documents in an Integrated Environment,” Proceedings of the 8th Annual Computer Security Applications Conference, San Antonio, Texas, (December 1992). [36] S. Russell, “Transparent Cosignatures for Electronic Documents,” Proceedings of the Ninth Annual Computer Security Application Conference, (1993), pp.82-91. [37] S. Russell, “Audit-by-receiver Paradigms for Verification of Authorization at Source of Electronic Documents,” Computers & Security, 13, (1994), pp.59-67. [38] Y. Sameshima, P. Kirstein, “Authorization with Security Attributes and Privilege Delegation─Access Control beyond the ACL,” Computer Communications, 20, (1997), pp.376-384. [39] R. Sandhu, “Transaction Control Expressions for Separation of Duties,” Proc. 4th Aerospace Computer Security Applications Conference, Orlando, Florida, (Dec. 1988), pp.282-286. [40] R. Sandhu, “Separation of Duties in Computerized Information Systems,” Proc. of the IFIP WG11.3 Workshop on Database Security, Halifax, U.K., (September 1990). [41] R. Sandhu, E. J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Models,” IEEE Computer, (1996), pp.38-47. [42] R. Sandhu, E. J. Coyne, H.L. Feinstein, and C. E. Youman, “Role-Based Access Control: A Multi-Dimensional View,” Proc. of 10th Annual Computer Security Applications Conference, Orlando, Florida, (December 1994), pp.54-62. [43] R. Sandhu, P. Samarati, “Access Control: Principles and Practices,” IEEE Communication magazine, 32 (9), (1994), pp.40-48. [44] A. Sheth, Workflow Automation, Tutorial notes, SIGMOD Conference, May 1995, California. (http:// www.cs.uga.edu/LSDIS ) [45] C. Shih, M. Jansson, R. Drummon, L. Yarbrough, Requirements for Inter-operable Internet EDI, EDIINT Working Group, ftp://ftp.ietf.org/internet-drafts/draft-ietf-ediint-req-00.txt, (Jul. 1996). [46] C. L. Smith, “A Survey to Determine Federal Agency Needs for a Role-Based Access Control Security Product,” IEEE, (1997), pp.222-232. [47] R.C. Summers, Secure Computing: Threats and Safeguards, McGraw-Hill, (1997) [48] Z. Tari, S.-W. Chan, “A Role-Based Access Control for Intranet Security,” IEEE Internet Computing, (1997), pp.24-34. [49] A.Tate, Workflow Management Coalition-Overview, (http://www.aiai.ed.ac.uk/WfMC ) [50] R.K. Thomas and R. Sandhu, “Towards a tast-based paradigm for flexible and adaptable access control in distributed applications,” Proc. of 1992-1993 ACM SIGSAC New Security Paradigms Workshops, Little Compton, RI, (1993), pp.138-142. [51] R.K. Thomas and R. Sandhu, “Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management,” Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, (August 1997). [52] P. Tom, Sundt, Chris, “Role-based access control in real systems,” Information Systems Security, 5 (1), (Spring 96). [53] TrustedWeb Technical Summary, TrustedWeb, (April 1997). (http://www.trustedweb.com) [54] M. Vandenwauver, R. Govaerts, J. Vandewalle, “How Role Based Access Control is implemented in SESAME,” Sixth Workshop on Enabling Technologies: infrastructure for collaborative enterprises, (1997), pp.293-298. [55] S. Wilson, “Certificates and trust in electronic commerce,” Information Management & Computer Security, 5 (5), (1997), pp.175-181. [56] M. Winslett, N. Ching, V. Jones and I. Slepchin, “Using digital credentials on the World Wide Web,” Journal of Computer Security, 5, (1997), pp.255-267. [57] 黃景彰,吳國禎,EDI數位簽章的安全管理(1)﹕密碼金匙的管理,行政院國家科學委員會專題研究計畫成果報告 NSC85-2213-E-009-054,(1996) [58] 樊國楨,電子商務高階安全防護,資訊與電腦出版社,(1997)。 [59] 鍾丁順,黃景彰,以員工職務證書為基礎之存取控制:一個系統設計,國立交通大學資訊管理研究所,碩士論文(1998)。 [60] 陳彥學,樊國楨,工商登記驗證體系訊息交換協定雛議,第九屆全國資訊安全會議論文集,(1999),pp.262-269。
|