Reading Materials for IS2150/TEL2810 Introduction to Security

• NSTISSI 4011
  • Annex portion of this document is a REQUIRED reading for Lecture 1/HW1
  • Reading of other parts is recommended

• 2007 CSI/FBI report  (Highly RECOMMENDED)

• Recommended Readings used in the past

   

  • Michael A. Harrison, Walter L. Ruzzo and Jeffrey D. Ullman, "Protection in Operating Systems", Communications of the ACM, Vol 19, No 8, August  1976. (pdf)

            [For THEORY on ACCESS CONTROL MATRIX]

   

  • David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, Ramaswamy Chandramouli, "Proposed NIST Standard for Role-based Access Control," ACM Transactions on Information and Systems Security, Vol. 4, Issue 3, August 2001 (pdf).

           [Provides details on RBAC model to be covered before the midterm]

   

  • S. Osborn, R. Sandhu, Q. Munawer, “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies”, ACM Transaction on Information and System Security, May 2000. (PDF)

           [Related to RBAC coverage - shows how RBAC can be configured for other policies]