{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,1,8]],"date-time":"2025-01-08T22:40:13Z","timestamp":1736376013822,"version":"3.32.0"},"publisher-location":"Berlin, Heidelberg","reference-count":30,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540344780"},{"type":"electronic","value":"9783540344797"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11760146_52","type":"book-chapter","created":{"date-parts":[[2006,5,9]],"date-time":"2006-05-09T15:29:38Z","timestamp":1147188578000},"page":"529-534","source":"Crossref","is-referenced-by-count":2,"title":["Access Control Requirements for Preventing Insider Threats"],"prefix":"10.1007","author":[{"given":"Joon S.","family":"Park","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joseph","family":"Giordano","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"52_CR1","unstructured":"Anderson, R.H.: Research and development initiatives focused on preventing, detecting, and responding to insider misuse of critical defense information systems. In: Workshop at RAND, Santa Monica, CA (1999)"},{"key":"52_CR2","unstructured":"Brackney, R.C., Anderson, R.H.: Understanding the insider threat. In: ARDA (The Advanced Research and Development Activity) Workshop (2004)"},{"key":"52_CR3","unstructured":"Hayden, M.V.: The insider threat to U.S. government information systems. Technical report, National Security Telecommunications and Information Systems Security Committee (NSTISSAM), INFOSEC 1-99 (1999)"},{"key":"52_CR4","doi-asserted-by":"crossref","unstructured":"Park, J.S., Costello, K.P., Neven, T.M., Diosomito, J.A.: A composite RBAC approach for large, complex organizations. In: The 9th ACM Symposium on Access Control Models and Technologies (SACMAT), Yorktown Heights, NY (2004)","DOI":"10.1145\/990036.990063"},{"key":"52_CR5","first-page":"437","volume-title":"The 5th Princeton Symposium in Information Sciences and Systems","author":"B.W. Lamson","year":"1971","unstructured":"Lamson, B.W.: Protection. In: The 5th Princeton Symposium in Information Sciences and Systems, pp. 437\u2013443. Princeton University, Princeton (1971)"},{"key":"52_CR6","unstructured":"Graham, G.S., Denning, P.: Protection principles and practice. In: AFIPS Spring Joint Computer Conference, Montvaler, NJ (1972)"},{"issue":"8","key":"52_CR7","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1145\/360303.360333","volume":"19","author":"M.H. Harrison","year":"1976","unstructured":"Harrison, M.H., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM\u00a019(8), 461\u2013471 (1976)","journal-title":"Communications of the ACM"},{"key":"52_CR8","doi-asserted-by":"crossref","unstructured":"Sandhu, R.S.: The typed access matrix model. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 122\u2013136 (1992)","DOI":"10.1109\/RISP.1992.213266"},{"key":"52_CR9","unstructured":"Bell, D., Lapadula, L.: Secure computer systems: Mathematical foundations. Technical report, The MITRE Corporation, Bedford, MA, MTR-2547 (1973)"},{"issue":"3","key":"52_CR10","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1145\/501978.501980","volume":"4","author":"D.F. Ferraiolo","year":"2001","unstructured":"Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Transactions on Information and System Security (TISSEC)\u00a04(3), 224\u2013274 (2001)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"52_CR11","unstructured":"National Institute of Standards and Technology (NIST): The economic impact of role-based access control, Planning Report 02-1 (2002)"},{"key":"52_CR12","doi-asserted-by":"crossref","unstructured":"Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer\u00a029(2) (1996)","DOI":"10.1109\/2.485845"},{"key":"52_CR13","doi-asserted-by":"crossref","unstructured":"Thomas, R.K., Sandhu, R.S.: Task-based authorization control (TBAC): a family of models for active and enterprise-oriented authorization management. In: IFIP WG11.3 Workshop on Database Security, Vancouver, Canada (1997)","DOI":"10.1007\/978-0-387-35285-5_10"},{"issue":"3-4","key":"52_CR14","doi-asserted-by":"crossref","first-page":"335","DOI":"10.3233\/JCS-1992-13-408","volume":"1","author":"P. Ammann","year":"1992","unstructured":"Ammann, P., Sandhu, R.S.: The extended schematic protection model. Journal of Computer Security\u00a01(3-4), 335\u2013383 (1992)","journal-title":"Journal of Computer Security"},{"key":"52_CR15","unstructured":"Li, N., Mitchell, J.C., Winsborough, W.H.: Beyond proof-of-compliance: Safety and availability analysis in trust management. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 123\u2013139 (2003)"},{"issue":"4","key":"52_CR16","doi-asserted-by":"publisher","first-page":"573","DOI":"10.1145\/1780.1786","volume":"6","author":"N.H. Minsky","year":"1984","unstructured":"Minsky, N.H.: Selective and locally controlled transport of privileges. ACM Transactions on Programming Languages and Systems\u00a06(4), 573\u2013602 (1984)","journal-title":"ACM Transactions on Programming Languages and Systems"},{"issue":"1","key":"52_CR17","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1145\/605434.605437","volume":"6","author":"E. Bertino","year":"2003","unstructured":"Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Transactions on Information and System Security (TISSEC)\u00a06(1), 71\u2013127 (2003)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"issue":"2","key":"52_CR18","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1145\/306686.306687","volume":"17","author":"E. Bertino","year":"1999","unstructured":"Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Transactions on Information and System Security (TISSEC)\u00a017(2), 101\u2013140 (1999)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"52_CR19","doi-asserted-by":"crossref","unstructured":"Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 31\u201342 (1997)","DOI":"10.1109\/SECPRI.1997.601312"},{"key":"52_CR20","doi-asserted-by":"crossref","unstructured":"Park, J.S., Sandhu, R.: RBAC on the web by smart certificates. In: The 4th ACM Workshop on Role-Based Access Control (RBAC), Fairfax, VA (1999)","DOI":"10.1145\/319171.319172"},{"issue":"1","key":"52_CR21","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1145\/383775.383777","volume":"4","author":"J.S. Park","year":"2001","unstructured":"Park, J.S., Sandhu, R., Ahn, G.J.: Role-based access control on the web. ACM Transactions on Information and System Security (TISSEC)\u00a04(1), 207\u2013226 (2001)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"52_CR22","unstructured":"Park, J.S., Sandhu, R., Ghanta, S.: RBAC on the Web by secure cookies. In: The 13th IFIP WG 11.3 Working Conference on Database Security, Seattle, WA (1999)"},{"key":"52_CR23","unstructured":"Park, J.S., Giordano, J.: Role-based profile analysis for scalable and accurate insider-anomaly detection. In: IEEE Workshop on Information Assurance (WIA), Phoenix, AZ (2006)"},{"key":"52_CR24","doi-asserted-by":"crossref","unstructured":"Park, J.S., Ho, S.M.: Composite role-based monitoring (CRBM) for countering insider threats. In: Symposium on Intelligence and Security Informatics (ISI), Tucson, AZ (2004)","DOI":"10.1007\/978-3-540-25952-7_15"},{"issue":"5","key":"52_CR25","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1038\/scientificamerican0501-34","volume":"284","author":"T. Berners-Lee","year":"2001","unstructured":"Berners-Lee, T., Hendler, J., Lassila, O.: The semantic web. Scientific American\u00a0284(5), 34\u201343 (2001)","journal-title":"Scientific American"},{"issue":"10","key":"52_CR26","doi-asserted-by":"crossref","first-page":"676","DOI":"10.1541\/ieejjournal.122.676","volume":"122","author":"J. Hendler","year":"2002","unstructured":"Hendler, J., Berners-Lee, T., Miller, E.: Integrating applications on the semantic web. Journal of the Institute of Electrical Engineers of Japan\u00a0122(10), 676\u2013680 (2002)","journal-title":"Journal of the Institute of Electrical Engineers of Japan"},{"issue":"4","key":"52_CR27","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1109\/4236.707688","volume":"2","author":"O. Lassila","year":"1998","unstructured":"Lassila, O.: Web metadata: a matter of semantics. IEEE Internet Computing\u00a02(4), 30\u201347 (1998)","journal-title":"IEEE Internet Computing"},{"key":"52_CR28","doi-asserted-by":"crossref","unstructured":"Park, J.S.: Towards secure collaboration on the semantic web. ACM Computers and Society\u00a032(6) (2003)","DOI":"10.1145\/1008773.1008774"},{"issue":"3","key":"52_CR29","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1145\/545186.545190","volume":"5","author":"E. Bertino","year":"2002","unstructured":"Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security (TISSEC)\u00a05(3), 290\u2013331 (2002)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"issue":"7","key":"52_CR30","doi-asserted-by":"publisher","first-page":"827","DOI":"10.1109\/TKDE.2004.1318565","volume":"16","author":"E. Bertino","year":"2004","unstructured":"Bertino, E., Ferrari, E., Squicciarini, A.C.: Trust-X: A peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering\u00a016(7), 827\u2013842 (2004)","journal-title":"IEEE Transactions on Knowledge and Data Engineering"}],"container-title":["Lecture Notes in Computer Science","Intelligence and Security Informatics"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11760146_52","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,8]],"date-time":"2025-01-08T22:06:34Z","timestamp":1736373994000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11760146_52"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540344780","9783540344797"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/11760146_52","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}