{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T08:39:12Z","timestamp":1774946352526,"version":"3.50.1"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"2-3","license":[{"start":{"date-parts":[[2007,2,16]],"date-time":"2007-02-16T00:00:00Z","timestamp":1171584000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2007,3]]},"DOI":"10.1007\/s10207-007-0017-y","type":"journal-article","created":{"date-parts":[[2007,2,15]],"date-time":"2007-02-15T16:47:48Z","timestamp":1171558068000},"page":"133-151","source":"Crossref","is-referenced-by-count":54,"title":["Audit-based compliance control"],"prefix":"10.1007","volume":"6","author":[{"given":"J. G.","family":"Cederquist","sequence":"first","affiliation":[]},{"given":"R.","family":"Corin","sequence":"additional","affiliation":[]},{"given":"M. A. C.","family":"Dekker","sequence":"additional","affiliation":[]},{"given":"S.","family":"Etalle","sequence":"additional","affiliation":[]},{"given":"J. I.","family":"den Hartog","sequence":"additional","affiliation":[]},{"given":"G.","family":"Lenzini","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2007,2,16]]},"reference":[{"key":"17_CR1","unstructured":"AC 2 proof tools at http:\/\/www.cs.ru.nl\/paw"},{"key":"17_CR2","doi-asserted-by":"crossref","unstructured":"Abadi, M.: Logic in access control. In: Kolaitis, P.G. (ed.) Proceedings of the Symposium on Logic in Computer Science (LICS), pp. 228\u2013233. IEEE Computer Society Press (2003)","DOI":"10.1109\/LICS.2003.1210062"},{"key":"17_CR3","doi-asserted-by":"crossref","unstructured":"Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: Tsudik, G. (ed.) Proceedings of the Conference on Computer and Communications Security (CCS), pp. 52\u201362. ACM Press (1999)","DOI":"10.1145\/319709.319718"},{"key":"17_CR4","doi-asserted-by":"crossref","unstructured":"Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-p3p privacy policies and privacy authorization. In: Samarati, P. (ed.) Proceedings of the ACM workshop on Privacy in the Electronic Society (WPES 2002), pp. 103\u2013109. ACM Press (2002)","DOI":"10.1145\/644527.644538"},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Bandmann, O.L., Firozabadi, B.S., Dam, M.: Constrained delegation. In: Abadi, M., Bellovin, S.M. (eds.) Proceedings of the Symposium on Security and Privacy (S&P), pp. 131\u2013140. IEEE Computer Society Press (2002)","DOI":"10.1109\/SECPRI.2002.1004367"},{"key":"17_CR6","doi-asserted-by":"crossref","unstructured":"Becker, M.Y., Sewell, P.: Cassandra: flexible trust management, applied to electronic health records. In: Focardi, R. (ed.) Proceedings of the Computer Security Foundations Workshop (CSFW), pp. 139\u2013154. IEEE Computer Society Press (2004)","DOI":"10.1109\/CSFW.2004.1310738"},{"issue":"3","key":"17_CR7","doi-asserted-by":"crossref","first-page":"339","DOI":"10.1007\/BF00881804","volume":"15","author":"B. Beckert","year":"1995","unstructured":"Beckert B. and Posegga J. (1995). leantap: lean tableau-based deduction. J. Autom. Reasoning 15(3): 339\u2013358","journal-title":"J. Autom. Reasoning"},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the Symposium on Security and Privacy (S&P), pp. 164\u2013173. IEEE Computer Society Press (1996)","DOI":"10.1109\/SECPRI.1996.502679"},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Cederquist, J.G., Corin, R.J., Dekker, M.A.C., Etalle, S., den Hartog, J.I.: An audit logic for accountability. In: Sahai, A., Winsborough, W.H. (eds.) Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 34\u201343. IEEE Computer Society Press (2005)","DOI":"10.1109\/POLICY.2005.5"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Chong, C.N., Peng, Z., Hartel, P.H.: Secure audit logging with tamper-resistant hardware. In: Gritzalis, D., S.D.C., Samarati, P., Katsikas, S.K. (eds.) 18th IFIP TC11 International Conference on Information Security and Privacy in the Age of Uncertainty (SEC), Athens, Greece, pp. 73\u201384. Kluwer Academic, Dordrecht (2003)","DOI":"10.1007\/978-0-387-35691-4_7"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Corin, R., Etalle, S., den Hartog, J.I., Lenzini, G., Staicu, I.: A logic for auditing accountability in decentralized systems. In: Dimitrakos, T., Martinelli, F. (eds.) Proceedings of the IFIP Workshop on Formal Aspects in Security and Trust (FAST), vol. 173, pp. 187\u2014202. Springer, Berlin (2004)","DOI":"10.1007\/0-387-24098-5_14"},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the Symposium on Research in Security and Privacy (S&P), pp. 105\u2013113. IEEE Computer Society Press (2002)","DOI":"10.1109\/SECPRI.2002.1004365"},{"key":"17_CR13","doi-asserted-by":"crossref","unstructured":"Dowek, G., Jiang, Y.: Eigenvariables, bracketing and the decidability of positive minimal intuitionistic logic. Electr. Notes Theor. Comput. Sci. 85(7) (2003)","DOI":"10.1016\/S1571-0661(04)80755-2"},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Garg, D., Bauer, L., Bowers, K., Pfenning, F., Reiter, M.: A linear logic of authorization and knowledge. In: Proceedings of the European Symposium On Research In Computer Security (ESORICS). Springer, Berlin (2006)","DOI":"10.1007\/11863908_19"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: Proceedings of the Computer Security Foundations Workshop (CSFW). IEEE Computer Society Press (2006)","DOI":"10.1109\/CSFW.2006.18"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Halpern, J.Y., van der Meyden, R.: A logic for SDSI\u2019s linked local name spaces. In: Syverson, P. (ed.) Proceedings of the Computer Security Foundations Workshop (CSFW), pp. 111\u2013122. IEEE Computer Society Press (1999)","DOI":"10.1109\/CSFW.1999.779767"},{"key":"17_CR17","doi-asserted-by":"crossref","unstructured":"Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. In: Focardi, R. (ed.) Proceedings of the Computer Security Foundations Workshop (CSFW), pp. 187\u2013201. IEEE Computer Society Press (2003)","DOI":"10.1109\/CSFW.2003.1212713"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Hu, V., Ferraiolo, D., Kuhn, D.: Assessment of access control systems\u2014NIST interagency report. Technical report, National Institute of Standards and Technology (2006)","DOI":"10.6028\/NIST.IR.7316"},{"key":"17_CR19","unstructured":"Jajodia, S., Gadia, S., Bhargava, G.: Logical design of audit information in relational databases. In: Information Security: An integrated Collection of Essays, pp. 585\u2013595. IEEE Computer Society Press (1995)"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. Privacy Enhancing Technologies (2002)","DOI":"10.1007\/3-540-36467-6_6"},{"issue":"1","key":"17_CR21","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1145\/605434.605438","volume":"6","author":"N. Li","year":"2003","unstructured":"Li N., Grosof B.N. and Feigenbaum J. (2003). Delegation logic: a logic-based approach to distributed authorization. ACM Trans. on Inf. Syst. Secur. (TISSEC) 6(1): 128\u2013171","journal-title":"ACM Trans. on Inf. Syst. Secur. (TISSEC)"},{"key":"17_CR22","doi-asserted-by":"crossref","unstructured":"Li, N., Mitchell, J.: Datalog with constraints: A foundation for trust management languages. In: Dahl, V., Wadler, P. (eds.) Proceedings of the International Symposium on Practical Aspects of Declarative Languages (PADL) (2003)","DOI":"10.1007\/3-540-36388-2_6"},{"key":"17_CR23","unstructured":"Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust-management framework. In: Abadi, M., Bellovin, S.M. (eds.) Proceedings of the Symposium on Research in Security and Privacy (S&P), pp. 114\u2013130. IEEE Computer Society Press (2002)"},{"key":"17_CR24","doi-asserted-by":"crossref","unstructured":"Longstaff, J.J., Lockyer, M.A., Thick, M.G.: A model of accountability, confidentiality and override for healthcare and other applications. In: Proceedings of the Workshop on Role-based Access Control (RBAC)","DOI":"10.1145\/344287.344304"},{"key":"17_CR25","unstructured":"Necula, G.C.: Compiling with proofs. Ph.D. thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA (1998)"},{"key":"17_CR26","unstructured":"OASIS Access Control TC: eXtensible Access Control Markup Language (XACML) Version 2.0\u2014Oasis Standard, 1 Feb 2005 (2005)"},{"key":"17_CR27","unstructured":"Park, J., Sandhu, R.: Originator control in usage control. In: Lobo, J., Dulay, N. (eds.) Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY), p. 60. IEEE Computer Society, Washington, DC, USA (2002)"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Bertino, E. (ed.) Proceedings of the Symposium on Access Control Models and Technologies (SACMAT), pp. 57\u201364. ACM Press (2002)","DOI":"10.1145\/507711.507722"},{"key":"17_CR29","unstructured":"Pfenning, F.: Linear logic course handouts. http:\/\/www.cs.cmu. edu\/ fp\/courses\/linear.html (2002)"},{"key":"17_CR30","doi-asserted-by":"crossref","unstructured":"Pfenning, F., Sch\u00fcrmann, C.: System description: Twelf\u2014a meta-logical framework for deductive systems. In: Ganzinger, H. (ed.) Proceedings of the International Conference on Automated Deduction (CADE), pp. 202\u2013206. Springer, Berlin (1999)","DOI":"10.1007\/3-540-48660-7_14"},{"key":"17_CR31","doi-asserted-by":"crossref","unstructured":"Rissanen, E., Firozabadi, B.S., Sergot, M.J.: Discretionary overriding of access control in the privilege calculus. In: Dimitrakos, T., Martinelli, F. (eds.) Proceedings of the 2nd IFIP Workshop on Formal Aspects in Security and Trust (FAST), pp. 219\u2013232. Springer, Berlin (2004)","DOI":"10.1007\/0-387-24098-5_16"},{"key":"17_CR32","doi-asserted-by":"crossref","unstructured":"Sandhu, R., Park, J.: Usage control: A vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) Proceedings of the International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security MMM-ACNS. LNCS, vol. 2776, pp. 17\u201331. Springer, Berlin (2003)","DOI":"10.1007\/978-3-540-45215-7_2"},{"issue":"9","key":"17_CR33","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/35.312842","volume":"32","author":"R. Sandhu","year":"1994","unstructured":"Sandhu R. and Samarati P. (1994). Access control: principles and practice. IEEE Commun. Mag. 32(9): 40\u201348","journal-title":"IEEE Commun. Mag."},{"issue":"1","key":"17_CR34","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1145\/234313.234412","volume":"28","author":"R. Sandhu","year":"1996","unstructured":"Sandhu R. and Samarati P. (1996). Authentication, access control and audit. ACM Comput. Surv. 28(1): 241\u2013243","journal-title":"ACM Comput. Surv."},{"issue":"1","key":"17_CR35","doi-asserted-by":"crossref","first-page":"167","DOI":"10.3233\/JCS-2005-13107","volume":"13","author":"V. Shmatikov","year":"2005","unstructured":"Shmatikov V. and Talcott C.L. (2005). Reputation-based trust management. J. Comput. Secur. 13(1): 167\u2013190","journal-title":"J. Comput. Secur."},{"key":"17_CR36","volume-title":"The Collected of Gerhard Gentzen","year":"1969","unstructured":"Szabo E.M. ed. (1969). The Collected of Gerhard Gentzen. North Holland, Amsterdam"},{"key":"17_CR37","unstructured":"The European Parliament and the Council of the European Union: UE DIRECTIVE 2002\/58\/EC on privacy and electronic communications. Official Journal of the European Union. http:\/\/europa.eu.int\/eur-lex\/pri\/en\/oj\/dat\/2002\/l_201\/ l_20120020731en 00370047.pdf (2002)"},{"key":"17_CR38","unstructured":"The US Department of Health and Human Services: Summary of the HIPAA Privacy Rule. Available on the website http:\/\/www.hhs.gov\/ocr\/privacysummary.pdf (2002)"},{"key":"17_CR39","doi-asserted-by":"crossref","unstructured":"Topkara, M., Topkara, U., Atallah, M.J.: Words are not enough: sentence level natural language watermarking. In: Proceedings of the International workshop on Contents Protection and Security (MCPS), pp. 37\u201346. ACM Press (2006)","DOI":"10.1145\/1178766.1178777"},{"key":"17_CR40","unstructured":"U.S. Securities and Exchange Commission: Sarbanes-oxley act (2002)"},{"key":"17_CR41","doi-asserted-by":"crossref","unstructured":"Wang, X., Lao, G., De Martini, T., Reddy, H., Nguyen, M., Valenzuela, E.: XrML: eXtensible rights markup language. In: Kudo, M. (ed.) Proceedings of the Workshop on XML Security (XMLSEC), pp. 71\u201379. ACM Press (2002)","DOI":"10.1145\/764792.764803"},{"key":"17_CR42","doi-asserted-by":"crossref","unstructured":"Whitehead, N., Abadi, M., Necula, G.C.: By reason and authority: a system for authorization of proof-carrying code. In: Focardi, R. (ed.) Proceedings of the Computer Security Foundations Workshop (CSFW), pp. 236\u2013250. IEEE Computer Society Press (2004)","DOI":"10.1109\/CSFW.2004.1310744"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-007-0017-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-007-0017-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-007-0017-y","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T11:01:22Z","timestamp":1559127682000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-007-0017-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,2,16]]},"references-count":42,"journal-issue":{"issue":"2-3","published-print":{"date-parts":[[2007,3]]}},"alternative-id":["17"],"URL":"https:\/\/doi.org\/10.1007\/s10207-007-0017-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007,2,16]]}}}