• 1
    Mao Z, Li N, Chen H, Jiang X. Combining discretionary policy with mandatory information flow in operating systems. ACM Transactions on Information and System Security 2011; 14(3):24.
  • 2
    Han W, Cao Y, Bertino E, Yong J. Using automated individual white-list to protect web digital identities. Expert Systems with Applications 2012; 39:11 86111 869.
  • 3
    Molloy I, Li N. Attack on the gridcode one-time password. In ASIACCS, Cheung Bsn, Hui Lck, Sandhu Rs, Wong DS (eds). ACM: New York, NY, USA, 2011; 306315.
  • 4
    Coviello AW, Jr. Open Letter to RSA Customers. EMC Corporation, 2011. URL
  • 5
    Altinkemer K, Wang T. Cost and benefit analysis of authentication systems. Decision Support Systems 2009; 51:394404.
  • 6
    Han W, Shen C, Yin Y, Gu Y, Chen C. Poster: Using quantified risk and benefit to strengthen the security of information sharing. ACM CCS 2011:2011.
  • 7
    Zhang L, Brodsky A, Jajodia S. Toward information sharing: Benefit and risk access control (barac). POLICY'06, 2006; 4553.
  • 8
    Cheng P, Rohatgi P, Keser C, Karger PA, Wagner GM, Reninger AS. Fuzzy multi.level security: an experiment on quantified risk.adaptive access control. In S&P 2007. ACM: Oakland, California, USA, 2007; 222230.
  • 9
    Organization for the advancement of structured information standards (OASIS). OASIS eXtensible Access Control Markup Language (XACML). OASIS. URL
  • 10
    Federal financial institutions examination council (FFIEC). Authentication in an internet banking environment, 2005.
  • 11
    Rabkin A. Personal knowledge questions for fallback authentication: security questions in the era of facebook. In SOUPS ’08. ACM: New York, NY, USA, 2008; 1323.
  • 12
    Franklin J, Paxson V, Perrig A, Savage S. An inquiry into the nature and causes of the wealth of internet miscreants. In ACM CCS 2007. ACM: New York, NY, USA, 2007; 375388.
  • 13
    EMC Corporation. RSA SecurID. EMC Corporation. URL
  • 14
    JASON. Horizontal integration: broader access models for realizing information dominance. Technical Report JSR-04-132, MITRE Corporation, 2004.
  • 15
    Teo L, Ahn G, Zheng Y. Dynamic and risk-aware network access management. In SACMAT'03. Yorktown Heights: New York, USA, 2003; 156162.
  • 16
    Han W, Ni Q, Chen H. Apply measurable risk to strengthen security of a role-based delegation supporting workflow system. In POLICY 2009. IEEE Press: Piscataway, NJ, USA, 2009; 4552.
  • 17
    Chen C, Han W, Yong J. Specify and enforce the policies of quantified risk adaptive access control. Proceedings of the 14th International Conference on Computer Supported Cooperative Work in Design (CSCWD 2010), Shanghai, China, 2010.
  • 18
    Molloy I, Cheng PC, Rohatgi P. Trading in risk: Using markets to improve access control. In Proceedings of New Security Paradigms Workshop (NSPW'08). ACM: Lake Tahoe, California, USA, 2008; 119.
  • 19
    Khanum A, Mufti M, Javed MY, Shafiq MZ. Fuzzy case-based reasoning for facial expression recognition. Fuzzy Sets and Systems 2009; 160:231250.
  • 20
    Hamdi M, Boudriga N. Computer and network security risk management: theory, challenges, and countermeasures. International Journal on Communication Systems 2005; 18(8):763793.
  • 21
    Tsai JL, Wu TC, Tsai KY. New dynamic id authentication scheme using smart cards. International Journal on Communication Systems 2010; 23(12):14491462.
  • 22
    RSA. RSA Adaptive Authentication. EMC Corporation. URL
  • 23
    Oracle Inc. Java Authentication and Authorization Service (JAAS) Reference Guide. Oracle. URL
  • 24
    Kumar CA. Designing role-based access control using formal concept analysis. Security and Communication Networks 2012:n/an/a. DOI:10.1002/sec.589.
  • 25
    Magkos E, Kotzanikolaou P. Achieving privacy and access control in pervasive computing environments. Security and Communication Networks 2011:n/an/a. DOI:10.1002/sec.283.
  • 26
    Liu D, Li N, Wang X, Camp LJ. Security risk management using incentives. IEEE Security & Privacy 2011; 9(6):2028.
  • 27
    Liu D, Li N, Wang X, Camp LJ. Beyond risk-based access control: towards incentive-based access control. In Financial Cryptography, Lecture Notes in Computer Science, Vol. 7035, Danezis G (ed). Springer: Berlin, Heidelberg, 2011; 102112.
  • 28
    Ni Q, Bertino E, Lobo J. Risk-based access control systems built on fuzzy inferences. In ASIACCS, Feng D, Basin DA, Liu P (eds). ACM: New York, NY, USA, 2010; 250260.
  • 29
    Zhou Z, Lui S, Ma C, Liu D, Liu W. Fuzzy data envelopment analysis models with assurance regions: a note. Expert Systems with Applications 2012; 39(2):22272231.
  • 30
    Han W, Lei C. A survey on policy languages in network and security management. Computer Networks 2012; 56:477489.
  • 31
    Sun Y, Gong B, Meng X, Lin Z, Bertino E. Specification and enforcement of flexible security policy for active B2 cooperation. Information Sciences 2009; 179(15):26292642.
  • 32
    Luo J, Ni X, Yong J. A trust degree based access control in grid environments. Information Sciences 2009; 179(15):26182628.