• Foundation Results

  M. A. Harrison, W. L. Ruzzo, J. D. Ullman, "Protection in Operating Systems", Communications of the ACM, 19(8), pp. 461-471

• Hybrid Policies

  D. Brewer,  M. Nash, "The Chinese Wall Security Policy", Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 206-214 

  R. S. Sandhu,  E. J. Coyne, H. L. Feinstein, C. E. Youman. "Role-Based Access Control Models", IEEE Computer, 29(2): 38-47,
  IEEE Press, 1996.

• Access Control Mechanisms

          M. Miller,  K-P Yee, J. Shapiro, "Capability Myths Demolished", Technical Report, 2003

          D. Wallach,  E. Felten, "Understanding Java Stack Inspection", Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 52-63

• Noninterference

          J. A. Gougen, J. Meseguer, "Security Policies and Security Models", Proceedings of the 1982 Symposium on Privacy and Security, pp. 11-20

• Confinement Problem

          T. Garfinkel, B. Pfaff,  M. Rosenblum, "Ostia: A Delegating Architecture for Secure System Call Interposition", Symposium on Network and Distributed System Security (NDSS 2004).

• Formal Methods

         J. Wing, "A Symbiotic Relationship Between Formal Methods and Security", Proc. NSF Workshop on Computer Security, Fault Tolerance, and Software Assurance: From Needs to Solution. 1998

         L. C. Paulson. Proving properties of security protocols by induction. 10th Computer Security Foundations Workshop (June 1997), 70-83.

• Building System with Assurance

         Common Criteria Part 1

         Common Criteria Part 2

         Common Criteria Part 3