{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:21:26Z","timestamp":1759134086096},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2010,5,9]],"date-time":"2010-05-09T00:00:00Z","timestamp":1273363200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2010,8]]},"DOI":"10.1007\/s10207-010-0106-1","type":"journal-article","created":{"date-parts":[[2010,5,8]],"date-time":"2010-05-08T05:20:17Z","timestamp":1273296017000},"page":"253-273","source":"Crossref","is-referenced-by-count":51,"title":["EXAM: a comprehensive environment for the analysis of access control policies"],"prefix":"10.1007","volume":"9","author":[{"given":"Dan","family":"Lin","sequence":"first","affiliation":[]},{"given":"Prathima","family":"Rao","sequence":"additional","affiliation":[]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[]},{"given":"Ninghui","family":"Li","sequence":"additional","affiliation":[]},{"given":"Jorge","family":"Lobo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2010,5,9]]},"reference":[{"key":"106_CR1","doi-asserted-by":"crossref","unstructured":"Agrawal, D., Giles, J., Lee, K.W., Lobo, J.: Policy ratification. In: Proceedings of the IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 223\u2013232 (2005)","DOI":"10.1109\/POLICY.2005.25"},{"key":"106_CR2","doi-asserted-by":"crossref","unstructured":"Ahmed, T., Tripathi, A.R.: Static verification of security requirements in role based cscw systems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 196\u2013203 (2003)","DOI":"10.1145\/775412.775438"},{"key":"106_CR3","doi-asserted-by":"crossref","unstructured":"Backes, M., Karjoth, G., Bagga, W., Schunter, M.: Efficient comparison of enterprise privacy policies. In: Proceedings of the 2004 ACM Symposium on Applied Computing (SAC), pp. 375\u2013382 (2004)","DOI":"10.1145\/967900.967983"},{"key":"106_CR4","unstructured":"Baker, M., Kimberly, K., Sean, M.: Why traditional storage systems do not help us save stuff forever. HPL-2005-120. HP Labs 2005 Technical Reports (2005)"},{"key":"106_CR5","doi-asserted-by":"crossref","unstructured":"Bertino, E., Martino, L.: A service-oriented approach to security\u2014concepts and issues. In: Proceedings of the International Symposium on Autonomous Decentralized Systems (ISADS) and of the IEEE International Workshop on Future Trends of Distributed Computing Systems, pp. 21\u201323 (2007)","DOI":"10.1109\/ISADS.2007.7"},{"key":"106_CR6","unstructured":"Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote trust-management system, version 2. IETF RFC 2704 (1999). http:\/\/www.ietf.org\/rfc\/rfc2704.txt"},{"key":"106_CR7","doi-asserted-by":"crossref","unstructured":"Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the policymaker trust management system. In: Proceedings of the International Conference on Financial Cryptography, pp. 254\u2013274 (1998)","DOI":"10.1007\/BFb0055488"},{"key":"106_CR8","doi-asserted-by":"crossref","unstructured":"Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of International Conference on Software Engineering (ICSE), pp. 196\u2013205 (2005)","DOI":"10.1145\/1062455.1062502"},{"issue":"2\u20133","key":"106_CR9","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1023\/A:1008647823331","volume":"10","author":"M. Fujita","year":"1997","unstructured":"Fujita M., McGeer P.C., Yang J.C.Y.: Multi-terminal binary decision diagrams: an efficient datastructure for matrix representation. Form. Methods Syst. Des. 10(2\u20133), 149\u2013169 (1997)","journal-title":"Form. Methods Syst. Des."},{"key":"106_CR10","doi-asserted-by":"crossref","unstructured":"Guelev, D.P., Ryan, M., Schobbens, P.: Model-checking access control policies. In: Proceedings of the Information Security Conference (ISC), pp. 219\u2013230 (2004)","DOI":"10.1007\/978-3-540-30144-8_19"},{"key":"106_CR11","volume-title":"Introduction to Automata Theory, Languages and Computation","author":"J.E. Hopcroft","year":"1979","unstructured":"Hopcroft J.E., Ullman J.D.: Introduction to Automata Theory, Languages and Computation. Addison Wesley, Reading, MA (1979)"},{"key":"106_CR12","unstructured":"Iso 10181-3 access control framework"},{"key":"106_CR13","doi-asserted-by":"crossref","unstructured":"Koch, M., Mancini, L.V., Presicce, P.F.: On the specification and evolution of access control policies. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 121\u2013130 (2001)","DOI":"10.1145\/373256.373280"},{"key":"106_CR14","doi-asserted-by":"crossref","unstructured":"Kolovski, V., Hendler, J., Parsia, B.: Analyzing web access control policies. In: Proceedings of the International World Wide Web Conference, p. 677 (2007)","DOI":"10.1145\/1242572.1242664"},{"key":"106_CR15","doi-asserted-by":"crossref","unstructured":"Lin, D., Rao, P., Bertino, E., Lobo, J.: An approach to evaluate policy similarity. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 1\u201310 (2007)","DOI":"10.1145\/1266840.1266842"},{"issue":"6","key":"106_CR16","doi-asserted-by":"crossref","first-page":"852","DOI":"10.1109\/32.824414","volume":"25","author":"E. Lupu","year":"1999","unstructured":"Lupu E., Sloman M.: Conflicts in policy-based distributed systems management. IEEE Trans Softw Eng (TSE) 25(6), 852\u2013869 (1999)","journal-title":"IEEE Trans Softw Eng (TSE)"},{"key":"106_CR17","doi-asserted-by":"crossref","unstructured":"Mazzoleni, P., Bertino, E., Crispo, B.: XACML policy integration algorithms. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 223\u2013232 (2006)","DOI":"10.1145\/1133058.1133089"},{"issue":"3","key":"106_CR18","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1145\/1178618.1178620","volume":"9","author":"P. McDaniel","year":"2006","unstructured":"McDaniel P., Prakash A.: Methods and limitations of security policy reconciliation. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(3), 259\u2013291 (2006)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"106_CR19","doi-asserted-by":"crossref","unstructured":"Moffett, J.D., Sloman, M.S.: Policy conflict analysis in distributed system management. J. Org. Comput. (1993)","DOI":"10.1109\/49.257932"},{"key":"106_CR20","unstructured":"Morr, D.: Lionshare: A federated p2p app. In: Internet2 members meeting (2007)"},{"key":"106_CR21","unstructured":"Parthenon XACML evaluation engine"},{"key":"106_CR22","doi-asserted-by":"crossref","unstructured":"Rao, P., Ghinita, G., Bertino, E., Lobo, J.: Visualization for access control policy analysis results using multi-level grids (2009)","DOI":"10.1109\/POLICY.2009.29"},{"key":"106_CR23","doi-asserted-by":"crossref","unstructured":"Rao, P., Lin, D., Bertino, E.: XACML function annotations. In: IEEE Workshop on Policies for Distributed Systems and Networks (2007)","DOI":"10.1109\/POLICY.2007.51"},{"key":"106_CR24","doi-asserted-by":"crossref","unstructured":"Rao, P., Lin, D., Bertino, E., Li, N., Lobo, J.: An algebra for fine-grained integration of xacml policies. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT) (2009)","DOI":"10.1145\/1542207.1542218"},{"key":"106_CR25","unstructured":"Sun\u2019s XACML open source implementation"},{"key":"106_CR26","unstructured":"United State Department of Health: Health insurance portability and accountability act of 1996. Available at http:\/\/www.hhs.gov\/ocr\/hipaa\/"},{"key":"106_CR27","unstructured":"Extensible access control markup language (XACML) version 2.0 (2005)"},{"key":"106_CR28","doi-asserted-by":"crossref","unstructured":"Zhang, N., Ryan, M., Guelev, D.P.: Evaluating access control policies through model checking. In: Proceedings of the Information Security Conference (ISC), pp. 446\u2013460 (2005)","DOI":"10.1007\/11556992_32"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-010-0106-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-010-0106-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-010-0106-1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,27]],"date-time":"2021-10-27T12:02:18Z","timestamp":1635336138000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-010-0106-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,5,9]]},"references-count":28,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2010,8]]}},"alternative-id":["106"],"URL":"https:\/\/doi.org\/10.1007\/s10207-010-0106-1","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,5,9]]}}}