{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T01:23:12Z","timestamp":1773796992409,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642299629","type":"print"},{"value":"9783642299636","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-29963-6_11","type":"book-chapter","created":{"date-parts":[[2012,4,28]],"date-time":"2012-04-28T12:06:00Z","timestamp":1335614760000},"page":"140-156","source":"Crossref","is-referenced-by-count":42,"title":["Risk-Aware Role-Based Access Control"],"prefix":"10.1007","author":[{"given":"Liang","family":"Chen","sequence":"first","affiliation":[]},{"given":"Jason","family":"Crampton","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"11_CR1","unstructured":"American National Standards Institute: American National Standard for Information Technology \u2013 Role Based Access Control (2004), ANSI INCITS 359-2004"},{"issue":"3","key":"11_CR2","doi-asserted-by":"crossref","first-page":"261","DOI":"10.3233\/HSN-2006-290","volume":"15","author":"B. Aziz","year":"2006","unstructured":"Aziz, B., Foley, S.N., Herbert, J., Swart, G.: Reconfiguring role based access control policies using risk semantics. Journal of High Speed Networks\u00a015(3), 261\u2013273 (2006)","journal-title":"Journal of High Speed Networks"},{"issue":"4","key":"11_CR3","doi-asserted-by":"publisher","first-page":"492","DOI":"10.1145\/581271.581276","volume":"5","author":"J. Bacon","year":"2002","unstructured":"Bacon, J., Moody, K., Yao, W.: A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security\u00a05(4), 492\u2013540 (2002)","journal-title":"ACM Transactions on Information and System Security"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 197\u2013206 (2009)","DOI":"10.1145\/1542207.1542239"},{"issue":"1","key":"11_CR5","doi-asserted-by":"crossref","first-page":"21","DOI":"10.3233\/RDA-2008-0002","volume":"1","author":"E. Celikel","year":"2009","unstructured":"Celikel, E., Kantarcioglu, M., Thuraisingham, B.M., Bertino, E.: A risk management approach to RBAC. Risk and Decision Analysis\u00a01(1), 21\u201333 (2009)","journal-title":"Risk and Decision Analysis"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Chen, L., Crampton, J.: On spatio-temporal constraints and inheritance in role-based access control. In: Proceedings of the 2008 ACM Symposium on Information Computer and Communications Security, pp. 356\u2013369 (2008)","DOI":"10.1145\/1368310.1368341"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 222\u2013230 (2007)","DOI":"10.1109\/SP.2007.21"},{"key":"11_CR8","unstructured":"Clark, J.A., Tapiador, J.E., McDermid, J.A., Cheng, P.C., Agrawal, D., Ivanic, N., Slogget, D.: Risk based access control with uncertain and time-dependent sensitivity. In: Proceedings of the International Conference on Security and Cryptography, pp. 5\u201313 (2010)"},{"key":"11_CR9","unstructured":"Crampton, J., Huth, M.: Detecting and countering insider threats: Can policy-based access control help? In: Proceedings of the 5th International Workshop on Security and Trust Management (2009)"},{"key":"11_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-22444-7_1","volume-title":"Security and Trust Management","author":"J. Crampton","year":"2011","unstructured":"Crampton, J., Morisset, C.: An Auto-Delegation Mechanism for Access Control Systems. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol.\u00a06710, pp. 1\u201316. Springer, Heidelberg (2011)"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Dimmock, N., Belokosztolszki, A., Eyers, D.M., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, pp. 156\u2013162 (2004)","DOI":"10.1145\/990036.990062"},{"key":"11_CR12","unstructured":"Ferraiolo, D.F., Kuhn, D.R.: Role-based access controls. In: Proceedings of the 15th National Computer Security Conference, pp. 554\u2013563 (1992)"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 134\u2013143 (2006)","DOI":"10.1145\/1180405.1180423"},{"key":"11_CR14","unstructured":"JASON\u00a0Program\u00a0Office: Horizontal integration: Broader access models for realizing information dominance. Technical Report JSR-04-132, MITRE Corporation (2004)"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Landoll, D.J.: The Security Risk Assessment Handbook: A Complete Guide for Peforming Security Risk Assessments. CRC Press (2005)","DOI":"10.1201\/9781420031232"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Molloy, I., Cheng, P.C., Rohatgi, P.: Trading in risk: Using markets to improve access control. In: Proceedings of the 2008 Workshop on New Security Paradigms, pp. 107\u2013125 (2008)","DOI":"10.1145\/1595676.1595694"},{"key":"11_CR17","unstructured":"National Institute of Standards and Technology: Risk Management Guide for Information Technology Systems (2002), NIST Special Publication 800-30"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"Ni, Q., Bertino, E., Lobo, J.: Risk-based access control systems built on fuzzy inferences. In: Proceedings of the 5th ACM Symposium on Information Computer and Communications Security, pp. 250\u2013260 (2010)","DOI":"10.1145\/1755688.1755719"},{"key":"11_CR19","unstructured":"Nissanke, N., Khayat, E.J.: Risk based security analysis of permissions in RBAC. In: Proceedings of the 2nd International Workshop on Security in Information Systems, pp. 332\u2013341 (2004)"},{"key":"11_CR20","unstructured":"Moses, T. (ed.): OASIS: eXtensible Access Control Markup Language (XACML) Version 2.0, OASIS Standard (February 1, 2005)"},{"issue":"1","key":"11_CR21","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1145\/984334.984339","volume":"7","author":"J. Park","year":"2004","unstructured":"Park, J., Sandhu, R.S.: The UCONABC usage control model. ACM Transactions on Information and System Security\u00a07(1), 128\u2013174 (2004)","journal-title":"ACM Transactions on Information and System Security"},{"issue":"9","key":"11_CR22","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J.H. Saltzer","year":"1975","unstructured":"Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceeding of the IEEE\u00a063(9), 1278\u20131308 (1975)","journal-title":"Proceeding of the IEEE"},{"issue":"2","key":"11_CR23","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/2.485845","volume":"29","author":"R.S. Sandhu","year":"1996","unstructured":"Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer\u00a029(2), 38\u201347 (1996)","journal-title":"IEEE Computer"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Srivatsa, M., Balfe, S., Paterson, K.G., Rohatgi, P.: Trust management for secure information flows. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 175\u2013188 (2008)","DOI":"10.1145\/1455770.1455794"},{"key":"11_CR25","unstructured":"Zhang, L., Brodsky, A., Jajodia, S.: Toward information sharing: Benefit and risk access control (BARAC). In: Proceedings of the 7th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 45\u201353 (2006)"}],"container-title":["Lecture Notes in Computer Science","Security and Trust Management"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-29963-6_11.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T21:53:37Z","timestamp":1743026017000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-29963-6_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642299629","9783642299636"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-29963-6_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012]]}}}