{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:16:19Z","timestamp":1773512179854,"version":"3.50.1"},"reference-count":68,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2019,1,1]]},"DOI":"10.1109\/tse.2017.2765640","type":"journal-article","created":{"date-parts":[[2017,10,24]],"date-time":"2017-10-24T18:19:56Z","timestamp":1508869196000},"page":"2-33","source":"Crossref","is-referenced-by-count":21,"title":["A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies"],"prefix":"10.1109","volume":"45","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5048-8070","authenticated-orcid":false,"given":"Andrea","family":"Margheri","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4737-7107","authenticated-orcid":false,"given":"Massimiliano","family":"Masi","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1419-1405","authenticated-orcid":false,"given":"Rosario","family":"Pugliese","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4740-7521","authenticated-orcid":false,"given":"Francesco","family":"Tiezzi","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","article-title":"Balana: Open source XACML implementation","year":"2017","journal-title":"WSO2"},{"key":"ref38","first-page":"155","article-title":"The X-CREATE framework - A comparison of XACML policy testing strategies","author":"bertolino","year":"2012","journal-title":"Proc Int Conf Web Inf Syst Technol"},{"key":"ref33","first-page":"737","article-title":"Yices 2.2","author":"dutertre","year":"2014","journal-title":"Proc Int Conf Comput Aided Verification"},{"key":"ref32","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1007\/978-3-642-22110-1_14","article-title":"CVC4","author":"barrett","year":"2011","journal-title":"Proc 23rd Int Conf Comput Aided Verification"},{"key":"ref31","article-title":"Electronic health record in austria (elga)","year":"0"},{"key":"ref30","article-title":"Hl7 standards","year":"0","journal-title":"Health Level Seven organization"},{"key":"ref37","year":"2017","journal-title":"FACPL Website"},{"key":"ref36","year":"2017","journal-title":"FACPL e-Health Case Study"},{"key":"ref35","article-title":"Z3: A guide","year":"0","journal-title":"Microsoft Research"},{"key":"ref34","article-title":"The SMT-LIB Standard: Version 2.0","author":"barrett","year":"2010"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxp102"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/1542207.1542239"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/UIC-ATC.2013.33"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/2629502"},{"key":"ref28","first-page":"31","article-title":"Directive 95\/46\/EC","year":"1995","journal-title":"EC of the European Parliament and of the Council"},{"key":"ref64","article-title":"Tiani Spirit-Software Solutions for the best Healthcare","year":"2017"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2014.282"},{"key":"ref65","article-title":"ASCENS","year":"2015","journal-title":"FP7 projects"},{"key":"ref66","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1016\/j.cosrev.2010.02.002","article-title":"Usage control in computer security: A survey","volume":"4","author":"lazouski","year":"2010","journal-title":"Comput Sci Rev"},{"key":"ref29","year":"2013","journal-title":"The Article 29 Data Protection WP"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2016.04.010"},{"key":"ref68","year":"2017","journal-title":"The Stanford Natural Language Processing Group"},{"key":"ref2","first-page":"554","article-title":"Role-based access control","author":"ferraiolo","year":"1992","journal-title":"Proc NIST-NCSC Nat Comput Security Conf"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/775265.775268"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24858-5_14"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/1133058.1133081"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/1542207.1542229"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36388-2_2"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2752952.2752970"},{"key":"ref26","article-title":"An European eHealth Project.","year":"2017","journal-title":"The epSOS project"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2753"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004365"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/69.43410"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2003.1206955"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/505145.505149"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-008-0087-9"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2010.20"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/1530873.1530882"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/1151030.1151053"},{"key":"ref53","doi-asserted-by":"crossref","first-page":"351","DOI":"10.1023\/A:1025711105609","article-title":"Provisions and obligations in policy rule management","volume":"11","author":"bettini","year":"2003","journal-title":"J Netw Syst Manage"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/11555827_7"},{"key":"ref10","first-page":"89","article-title":"XACML 3.0 in answer set programming","author":"ramli","year":"2012","journal-title":"Proc Int Symp Logic-Based Program Synthesis Trans"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2595222"},{"key":"ref40","year":"2017","journal-title":"Xtext"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28166-2_7"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.4204\/EPTCS.188.5"},{"key":"ref14","first-page":"196","article-title":"Verification and change-impact analysis of access-control policies","author":"fisler","year":"2005","journal-title":"Proc 27th Int l Conf Software Eng"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1995376.1995394"},{"key":"ref16","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1007\/978-3-662-46666-7_7","article-title":"Analysis of XACML policies with SMT","author":"turkmen","year":"2015","journal-title":"Proc Int Conf Principles Secur Trust"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242664"},{"key":"ref18","first-page":"337","article-title":"Z3: An efficient SMT solver","author":"de moura","year":"2008","journal-title":"Proc Theory Practice Software 14th Int Conf Tools Algorithms Construct Anal Syst"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1997.601312"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2015.33"},{"key":"ref3","article-title":"A survey of access control models","year":"2009","journal-title":"NIST"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2011.09.014"},{"key":"ref5","first-page":"41","article-title":"A unified attribute-based access control model covering DAC, MAC and RBAC","author":"jin","year":"2012","journal-title":"Proc 26th Annu IFIP WG 11 3 Conf Data Appl Secur Privacy"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1542207.1542218"},{"key":"ref7","article-title":"eXtensible Access Control Markup Language (XACML) version 3.0","year":"2013","journal-title":"OASIS XACML TC"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2009.129"},{"key":"ref9","doi-asserted-by":"crossref","first-page":"390","DOI":"10.1007\/978-3-642-28641-4_21","article-title":"PTaCL: A language for attribute-based access control in open systems","author":"crampton","year":"2012","journal-title":"Proc Int Conf Principles Secur Trust"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ICAS.2009.42"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44569-2_2"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/BF02283186"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2013.05.003"},{"key":"ref42","article-title":"Balana UI for XACML","year":"2017","journal-title":"WSO2"},{"key":"ref41","article-title":"Axiomatics Language for Authorization (ALFA).","year":"2017","journal-title":"Axiomatics"},{"key":"ref44","first-page":"85","article-title":"Developing and enforcing policies for access control, resource usage, and adaptation. A practical approach","author":"margheri","year":"2013","journal-title":"Proc of the 1st Intl Workshop on Web Services and Formal Methods"},{"key":"ref43","year":"2017","journal-title":"FACPL Tools Performance Evaluation"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/8605390\/08081817.pdf?arnumber=8081817","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,13]],"date-time":"2022-07-13T21:14:28Z","timestamp":1657746868000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8081817\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,1]]},"references-count":68,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tse.2017.2765640","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,1,1]]}}}