1. 吳國禎、黃景彰,1997「現代企業網路中使用者識別與存取授權之整合設計」,中山管理評論,第五卷,第四期 ﹕ 779-796頁。![new window](/gs32/images/newin.png)
2. 邱榮輝、許瑞哲、李中銘,1996「多重角色之存取控制策略」,第六屆全國資訊安全會議,93-98頁。
3. 鄭東仁、黃景彰、王丕承,1993「一個安全控制系統的概觀」,第三屆全國資訊安全會議,A2-3.1-3.15。
4. 羅景源 、 樊國楨 、 黃景彰,1997「公開金鑰管理組織運作架構」,第七屆全國資訊安全會議,15-22頁。
5. Abrams, M. D., Jajodia, S., and Podell, H. J. (1995), Information Security﹕ An Integrated Collection of Essays, (Essay 27), IEEE Computer Society Press, Los Alamitos, California.
6. Ashley, P., and Vandenwauver, M. (1999), Practical Intranet Security﹕ review of the state of art and available technologies, Kluwer Academic Publishers, Boston.
7. Barkley, J. (1995), “Role-based Access Controls,” http﹕//waltz.ncsl.nist.gov/rbac/rbac/paper.
8. Barkley, J. (1997), “Comparing Simple Role Based Access Control Models and Access Control Lists,” National Institute of Standards and Technology, Aug.11.
9. Bertino, E., Jajodia, S., and Samarati, P. (1995), “Database Security﹕ Research and Practice, “ Information Systems, 20(7), 537-556.
10. Branchaud, M., A Survey of Public-Key Infrastructures, Department of Computer Science, McGill University, Montreal, March 1997.
11. Branstad, D. (1996), “An Introduction to the Public Key Infrastructure, Trusted Information Systems, “ Data Security Letter, Sep, (74), pp. 1-6.
12. Castano, S., Fugini, M. G., Martella, G., and Samarati, P (1995), Database Security, ACM Press, Addison-Wesley Publishing.
13. Castano, S., Martella, G. and Samarati, P. (1997), “Analysis, comparison and design of role-based security specifications,” Data and Knowledge Engineering, 21, 31-55.
14. Chen, F., and Sandhu, R. S. (1996), “Constraints for Role-Based Access Control,” ACM RBAC Workshop, MD, 21-29.
15. Chokani, S. (1994), “Toward National Public Key Infrastructure,” IEEE Commuications, Sep. pp. 43-55.
16. Denning, D. E. (1976), “A lattice model of secure information flow,” Communications of ACM, 11(5), pp. 236-243.
17. Denning, D. E. (1982), Cryptography and Data Security, Addison-Wesley, Reading, MA.
18. Ferraiolo, D. and Gugini, J. and Kuhn, D. R. (1995), “Role Based Access Control﹕ Features and Motivations,” Annual Computer Security Applications Conference. IEEE Computer Society Press.
19. Ferraiolo, D., and Barkley, J. (1997), “Specifying and Managing Role-Based Access Control within a Corporate Intranet,” Second ACM Workshop on Role-Based Access Control.
20. Ferraiolo, D. F., Barkley, J. F., and Kuhn, D. R. (1999), “A Role Based Access Control Model and Reference Implementation within a Corporate Intranet,” ACM Transcations on Information Systems Security, Feb. 1(2), pp. 12-41.![new window](/gs32/images/newin.png)
21. Giuri, L., Iglio, P., and Bordone, F. U. (1996), “A Formal Model For Role-based Access Control with Constraints,” Proceedings of IEEE Computer Security Foundations Workshop 9, IEEE Press, Piscataway, N. J. June pp.136-145.
22. Giuri, L. (1995), “A New Model for Role-based Access Control,” In Proceedings of 11th Annual Computer Security Application Conference, New Orleans, LA, Dec. pp. 13-15.
23. Gligor, V. G., Gavrila, S. I., and Ferraiolo, D. (1998), “On the Formal Definition of Separation-of-Duty Policies and their Composition,” Proceedings of IEEE Symposium on Security and Privacy, pp. 172-183.
24. Guttman, B., and Bagwill, R. (1997), Internet Security Policy﹕ A TECHNICAL GUIDE, National Institute of Standards and Technology Special Publication, pp. 800-849(draft).
25. Hoffman, D. L., Novak, T. P., and Peralta, M. (1999), “Building Conssumer Trust Online,” Communications of the ACM, Apr. 42(4), pp. 80-85.
26. Hsu, Y. K., and Seymour, S. T. (1998), “An Intranet Security Framework Based on Short-Lived Certificates,” IEEE Internet Computing, Mar-Apr, pp. 73-78.
27. Hwang, J. J., Shao, B. M., and Wang, P. C. (1992), “A new access control method using prime factorization,” The Computer Journal, 35(1), pp. 16-20.![new window](/gs32/images/newin.png)
28. ISO/IEC 10181-2 (1996), Information technology─Open Systems Interconnection─Security Framework for Open Systems﹕ Authentication Framework.
29. ISO/IEC 10181-3 (1996), Information technology─Open Systems Interconnection─Security Framework for Open Systems﹕ Access Control Framework.
30. ITU-T Q15/7 and ISO/IEC JTC 1/SC 21/WG 4 (1996), “Collaborative Editing Meeting on the Directory,” Final Text of Draft Amendments DAM 4 to ISO/IEC 9594-2, DAM 2 to ISO/IEC 9594-6, DAM 1 to ISO/IEC 9594-8 on Certificate Extensions.![new window](/gs32/images/newin.png)
31. ITU-T Recommendation X.509 (ISO/IEC 9594-8), (1997), “Information technology─Open Systems Interconnection─The Directory﹕ Authentication Framework”.
32. Jone, V., Ching, N., and Winslett, M. (1995), “Credentials for Privacy and Interoperation,” In Proceedings of the Workshop on New Security Paradigms, pp. 92-100.
33. Kapidzic, N. (1998), “Creating Security Applications Based on The Global Certificate Management System,” Computers and Security, 17, pp. 507-515.
34. King, C. (1997), “Building a Corporate Public Key Infrastructure,“ Computer Security Journal,ⅩⅢ(2), pp. 13-24.
35. Lindup, K. (1996), “The Role of Information Security in Corporate Governance,” Computers and Security, 15, pp. 477-485.
36. Morton, G. M. (1966), “A computer oriented geodetic database and a new technique in file sequencing,” IBM Canada Ltd.
37. Niven, I., and Zuckerman, H. S. (1980), An Introduction to the Theory of Numbers. Wiley, New York.
38. Neuman, C. and Theodore, T. (1994), “Kerberos﹕ An Authentication Service for Computer Networks,” IEEE Communications Magazine, 32(9), 33-38.
39. Nurminen, M. I. and Torvinen, V. (1996), “Role-based Interpretation of ISs,” Turku Centre for Computer Science (TUCS) Technical Report, No. 9, May.
40. Parker, T. A. (1992), A Secure European System for Applications in a Multi-vendor Environment (The SESAME Project), Associated Services Division, ICL, 26th March. (http﹕//www.engarde.com/~mcn/sunrise/sesame.html).
41. Ken, P. (1998), PCWEEK online, (http﹕//www.zdnet.com/pcweek/stories/printme/0,4235,375261,00.html).
42. Pfleeger, C. P. (1995), Security in Computing, Second Edition, Prentice-Hall International, Inc.
43. RSA Data Security Inc., RSA Labs FAQ 3.0 on Cryptography, http﹕//www.rsa.com.
44. Robbins, (1991), Management 3rd. Prentice-Hall International.
45. Sivana et al (1995), Database Security. ACM Press
46. Sandhu, R. S. (1993), “Lattice-based Access Control Models,” Computers, Nov. 26(11), pp. 9-19.
47. Sandhu, R. S., and Samarati, P. (1994), ”Access Control﹕ Principles and Practice,” IEEE Communications. Magazine, Sep. pp. 40-48.
48. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman C. E. (1994), ”Role-based Access Control﹕ A Multi-Dimensional View,” Proceedings Of Computer Security Application Conf, Orlando, Florida, Dec. 5-9, 54-62.
49. Sandhu, R. S., and Coyne, E. J. (1996), “Role-based Access Control Models,” IEEE Computer, Feb. pp. 38-47.
50. Seamons, K. E., and Winsborough, W. (1999), “Internet Credential Acceptance Policies,” http﹕//www.transarc.com/~winsboro/papers/CAP.html.
51. Simon, R., and Zurko, M. E. (1997), “Separation of Duty in Role-Based Environments,” Proceedings, ACM Conference on Computer Security Foundations Workshop, June 10-12, 183-194.
52. Simon, R., and Zurko, M. E. (1997), “Adage﹕ An architecture for distributed authorization,” Technical report, Open Group Research Institute.
53. Sivana et al. (1995), Database Security, ACM Press.
54. Smith, C. L., Coyne, E. J., and Youman, C. E. (1996), “A Marketing Survey of Civil Federal Government Organizations to Determine the Need for a Role-Based Access Control (RBAC) Security Product Technical Report,“ SETA Small Business Innovation Research (SBIR).
55. Strack, H.K., and Lam, Y. (1993), “Context-Dependent Access Control in Distributed Systems,” IFIP/SEC93, 9th International Computer Security Symposium and Exhibition, Toronto, Canada, ELSEVIER Science Publishers.
56. Thomas, R. and Sandhu, R. S. (1994), “Conceptual Foundations for a Model of Task-based Authorization,” Proceedings of IEEE Computer Security Foundations Workshop 7, IEEE Press, Piscataway, N. J., June. pp. 66-79.
57. Vandenwauver, M (1996), “The SESAME Home Page,” http﹕//www.esat.kuleuven.ac.be/cosic/sesame/.
58. Wilson, S. (1997), “Certificates and trust in electronic commerce,” Information Management and Computer Security, 5(5), pp. 175-187.
59. Zahar, T. and Shun-Wu, C. (1997), “A Role-based Access Control for Intranet Security,” IEEE Internet Computing, Sep-Oct, 24-34.