publications: - title: "How to approach humans?: strategies for social robots to initiate interaction" author: - name: "Satoru Satake" link: "https://researchr.org/alias/satoru-satake" - name: "Takayuki Kanda" link: "https://researchr.org/alias/takayuki-kanda" - name: "Dylan F. Glas" link: "https://researchr.org/alias/dylan-f.-glas" - name: "Michita Imai" link: "https://researchr.org/alias/michita-imai" - name: "Hiroshi Ishiguro" link: "https://researchr.org/alias/hiroshi-ishiguro" - name: "Norihiro Hagita" link: "https://researchr.org/alias/norihiro-hagita" year: "2009" doi: "http://doi.acm.org/10.1145/1514095.1514117" links: doi: "http://doi.acm.org/10.1145/1514095.1514117" tags: - "human-computer interaction" - "social" - "systematic-approach" researchr: "https://researchr.org/publication/SatakeKGIIH09" cites: 0 citedby: 0 pages: "109-116" booktitle: "hri" kind: "inproceedings" key: "SatakeKGIIH09" - title: "A Model-Based Framework for Security Policy Specification, Deployment and Testing" author: - name: "Tejeddine Mouelhi" link: "https://researchr.org/alias/tejeddine-mouelhi" - name: "Franck Fleurey" link: "https://researchr.org/alias/franck-fleurey" - name: "Benoit Baudry" link: "https://researchr.org/alias/benoit-baudry" - name: "Yves Le Traon" link: "https://researchr.org/alias/yves-le-traon" year: "2008" doi: "http://dx.doi.org/10.1007/978-3-540-87875-9_38" abstract: "In this paper, we propose a model-driven approach for specifying, deploying and testing security policies in Java applications. First, a security policy is specified independently of the underlying access control language (OrBAC, RBAC). It is based on a generic security meta-model which can be used for early consistency checks in the security policy. This model is then automatically transformed into security policy for the XACML platform and integrated in the application using aspect-oriented programming. To qualify test cases that validate the security policy in the application, we inject faults into the policy. The fault model and the fault injection process are defined at the meta-model level, making the qualification process language-independent. Empirical results on 3 case studies explore both the feasibility of the approach and the efficiency of a full design & test MDE process. " links: doi: "http://dx.doi.org/10.1007/978-3-540-87875-9_38" tags: - "empirical" - "programming languages" - "object-oriented programming" - "rule-based" - "Java" - "deployment" - "meta programming" - "application framework" - "generic programming" - "case study" - "model checking" - "meta-model" - "modeling language" - "modeling" - "language modeling" - "testing" - "language design" - "security policy specification" - "object-role modeling" - "security" - "aspect oriented programming" - "consistency" - "programming" - "subject-oriented programming" - "access control policies" - "Meta-Environment" - "access control" - "MDE" - "design" - "process modeling" - "role-based access control" - "systematic-approach" - "feature-oriented programming" - "meta-objects" researchr: "https://researchr.org/publication/MouelhiFBT08" cites: 0 citedby: 0 pages: "537-552" booktitle: "MoDELS" kind: "inproceedings" key: "MouelhiFBT08" - title: "Weaving rewrite-based access control policies" author: - name: "Anderson Santana de Oliveira" link: "http://andersonsantana.wordpress.com" - name: "Eric Ke Wang" link: "https://researchr.org/alias/eric-ke-wang" - name: "Claude Kirchner" link: "https://researchr.org/alias/claude-kirchner" - name: "Hélène Kirchner" link: "https://researchr.org/alias/h%C3%A9l%C3%A8ne-kirchner" year: "2007" doi: "http://doi.acm.org/10.1145/1314436.1314446" links: doi: "http://doi.acm.org/10.1145/1314436.1314446" tags: - "rule-based" - "weaving" - "graph-rewriting" - "access control policies" - "access control" - "rewriting" - "role-based access control" researchr: "https://researchr.org/publication/OliveiraWKK07" cites: 0 citedby: 0 pages: "71-80" booktitle: "ccs" kind: "inproceedings" key: "OliveiraWKK07" - title: "Security policies for downgrading" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2004" doi: "http://doi.acm.org/10.1145/1030083.1030110" abstract: "A long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security policies for downgrading and a security type system that incorporates them, allowing secure downgrading of information through an explicit declassification operation. Examples are given showing that the downgrading policy language captures useful aspects of designer intent. These policies are connected to a semantic security condition that generalizes noninterference, and the type system is shown to enforce this security condition. " links: doi: "http://doi.acm.org/10.1145/1030083.1030110" tags: - "control systems" - "data-flow language" - "type system" - "data-flow" - "C++" - "security" - "security policies" researchr: "https://researchr.org/publication/ChongM04" cites: 0 citedby: 0 pages: "198-209" booktitle: "ccs" kind: "inproceedings" key: "ChongM04" - title: "Data-Purpose Algebra: Modeling Data Usage Policies" author: - name: "Chris Hanson" link: "https://researchr.org/alias/chris-hanson" - name: "Tim Berners-Lee" link: "http://www.w3.org/People/Berners-Lee/" - name: "Lalana Kagal" link: "https://researchr.org/alias/lalana-kagal" - name: "Gerald Jay Sussman" link: "http://groups.csail.mit.edu/mac/users/gjs/" - name: "Daniel J. Weitzner" link: "https://researchr.org/alias/daniel-j.-weitzner" year: "2007" doi: "http://doi.ieeecomputersociety.org/10.1109/POLICY.2007.14" abstract: "Data is often encumbered by restrictions on the ways in which it may be used. These restrictions on usage may be determined by statute, by contract, by custom, or by common decency, and they are used to control collection of data, diffusion of data, and the inferences that can be made over the data. In this paper, we present a data-purpose algebra that can be used to model these kinds of restrictions in various different domains. We demonstrate the utility of our approach by modeling part of the Privacy Act (5 USC ?552a)1, which states that data collected about US citizens can be used only for the purposes for which it was collected. We show (i) how this part of the Privacy act can be represented as a set of restrictions on data usage, (ii) how the authorized purposes of data flowing through different government agencies can be calculated, and (iii) how these purposes can be used to determine whether the Privacy Act is being enforced appropriately." links: doi: "http://doi.ieeecomputersociety.org/10.1109/POLICY.2007.14" tags: - "contracts" - "meta-model" - "modeling" - "data-flow" - " algebra" - "Meta-Environment" - "systematic-approach" researchr: "https://researchr.org/publication/HansonBKSW07" cites: 0 citedby: 0 pages: "173-177" booktitle: "policy" kind: "inproceedings" key: "HansonBKSW07" - title: "Analysis of Rewrite-Based Access Control Policies" author: - name: "Claude Kirchner" link: "http://www.loria.fr/~ckirchne/" - name: "Hélène Kirchner" link: "http://www.loria.fr/~hkirchne/" - name: "Anderson Santana de Oliveira" link: "http://andersonsantana.wordpress.com" year: "2009" doi: "http://dx.doi.org/10.1016/j.entcs.2009.02.072" links: doi: "http://dx.doi.org/10.1016/j.entcs.2009.02.072" tags: - "rule-based" - "analysis" - "graph-rewriting" - "access control policies" - "access control" - "rewriting" - "role-based access control" researchr: "https://researchr.org/publication/KirchnerKO09" cites: 0 citedby: 0 journal: "ENTCS" volume: "234" pages: "55-75" kind: "article" key: "KirchnerKO09" - title: "Modular Access Control Via Strategic Rewriting" author: - name: "Daniel J. Dougherty" link: "https://researchr.org/alias/daniel-j.-dougherty" - name: "Claude Kirchner" link: "https://researchr.org/alias/claude-kirchner" - name: "Hélène Kirchner" link: "https://researchr.org/alias/h%C3%A9l%C3%A8ne-kirchner" - name: "Anderson Santana de Oliveira" link: "http://andersonsantana.wordpress.com" year: "2007" doi: "http://dx.doi.org/10.1007/978-3-540-74835-9_38" links: doi: "http://dx.doi.org/10.1007/978-3-540-74835-9_38" tags: - "graph-rewriting" - "access control" - "rewriting" researchr: "https://researchr.org/publication/DoughertyKKO07" cites: 0 citedby: 0 pages: "578-593" booktitle: "esorics" kind: "inproceedings" key: "DoughertyKKO07" - title: "Rewriting-Based Access Control Policies" author: - name: "Anderson Santana de Oliveira" link: "http://andersonsantana.wordpress.com" year: "2007" doi: "http://dx.doi.org/10.1016/j.entcs.2007.02.055" links: doi: "http://dx.doi.org/10.1016/j.entcs.2007.02.055" tags: - "rule-based" - "graph-rewriting" - "access control policies" - "access control" - "rewriting" - "role-based access control" researchr: "https://researchr.org/publication/Oliveira07%3A0" cites: 0 citedby: 0 journal: "ENTCS" volume: "171" number: "4" pages: "59-72" kind: "article" key: "Oliveira07:0" - title: "Access Control Mechanisms in a Distributed, Persistent Memory System" author: - name: "Lanfranco Lopriore" link: "https://researchr.org/alias/lanfranco-lopriore" year: "2002" doi: "http://computer.org/tpds/td2002/l1066abs.htm" links: doi: "http://computer.org/tpds/td2002/l1066abs.htm" tags: - "control systems" - "persistent" - "access control" researchr: "https://researchr.org/publication/Lopriore02" cites: 0 citedby: 0 journal: "tpds" volume: "13" number: "10" pages: "1066-1083" kind: "article" key: "Lopriore02" - title: "Simulating Algebraic Specification Genericity on Languages with Initial Semantics" author: - name: "Anamaria Martins Moreira" link: "https://researchr.org/alias/anamaria-martins-moreira" - name: "Anderson Santana de Oliveira" link: "http://andersonsantana.wordpress.com" year: "2004" doi: "http://dx.doi.org/10.1016/j.entcs.2004.04.009" links: doi: "http://dx.doi.org/10.1016/j.entcs.2004.04.009" tags: - "semantics" - "algebraic specification" - " algebra" - "access control" researchr: "https://researchr.org/publication/MoreiraO04" cites: 0 citedby: 0 journal: "ENTCS" volume: "95" pages: "131-148" kind: "article" key: "MoreiraO04" - title: "Declarative Access Control for WebDSL: Combining Language Integration and Separation of Concerns" author: - name: "Danny M. Groenewegen" link: "https://www.linkedin.com/in/dannygroenewegen/" - name: "Eelco Visser" link: "http://eelcovisser.org" year: "2008" doi: "http://dx.doi.org/10.1109/ICWE.2008.15" abstract: "In this paper, we present the extension of WebDSL, a domain-specific language for web application development, with abstractions for declarative definition of access control. The extension supports the definition of a wide range of access control policies concisely and transparently as a separate concern. In addition to regulating the access to pages and actions, access control rules are used to infer navigation options not accessible to the current user, preventing the presentation of inaccessible links. The extension is an illustration of a general approach to the design of domain-specific languages for different technical domains to support separation of concerns in application development, while preserving linguistic integration. This approach is realized by means of a transformational semantics that weaves separately defined aspects into an integrated implementation. " links: doi: "http://dx.doi.org/10.1109/ICWE.2008.15" "webdsl": "http://webdsl.org" tags: - "WebDSL" - "semantics" - "rule-based" - "separation of concerns" - "transformation language" - " action semantics" - "language design" - "weaving" - "rules" - "web applications" - "DSL" - "abstraction" - "access control policies" - "access control" - "aspect weaving" - "design" - "role-based access control" - "systematic-approach" - "transformation" - "domain-specific language" researchr: "https://researchr.org/publication/GroenewegenV08" cites: 26 citedby: 7 pages: "175-188" booktitle: "ICWE" kind: "inproceedings" key: "GroenewegenV08" - title: "U-MAC: a proactive and adaptive UWB medium access control protocol" author: - name: "Raja Jurdak" link: "https://researchr.org/alias/raja-jurdak" - name: "Pierre Baldi" link: "https://researchr.org/alias/pierre-baldi" - name: "Cristina Videira Lopes" link: "http://www.ics.uci.edu/~lopes/" year: "2005" doi: "http://dx.doi.org/10.1002/wcm.312" links: doi: "http://dx.doi.org/10.1002/wcm.312" tags: - "protocol" - "access control" researchr: "https://researchr.org/publication/JurdakBL05%3A0" cites: 0 citedby: 0 journal: "wicomm" volume: "5" number: "5" pages: "551-566" kind: "article" key: "JurdakBL05:0" - title: "Secure web application via automatic partitioning" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Jed Liu" link: "https://researchr.org/alias/jed-liu" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" - name: "Xin Qi" link: "https://researchr.org/alias/xin-qi" - name: "K. Vikram" link: "https://researchr.org/alias/k.-vikram" - name: "Lantian Zheng" link: "https://researchr.org/alias/lantian-zheng" - name: "Xin Zheng" link: "https://researchr.org/alias/xin-zheng" year: "2007" doi: "http://doi.acm.org/10.1145/1294261.1294265" abstract: "Swift is a new, principled approach to building web applications that are secure by construction. In modern web applications, some application functionality is usually implemented as client-side code written in JavaScript. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the browser, and Java code running on the server. To improve interactive performance, code and data are placed on the client side. However, security-critical code and data are always placed on the server. Code and data can also be replicated across the client and server, to obtain both security and performance. A max-flow algorithm is used to place code and data in a way that minimizes client-server communication. " links: doi: "http://doi.acm.org/10.1145/1294261.1294265" tags: - "program partitioning" - "JavaScript" - "Java" - "functional programming" - "data-flow programming" - "data-flow" - "C++" - "security" - "compiler" - "web applications" - "partitioning" - "systematic-approach" researchr: "https://researchr.org/publication/ChongLMQVZZ07" cites: 33 citedby: 0 pages: "31-44" booktitle: "sosp" kind: "inproceedings" key: "ChongLMQVZZ07" - title: "Rewrite Based Specification of Access Control Policies" author: - name: "Horatiu Cirstea" link: "https://researchr.org/alias/horatiu-cirstea" - name: "Pierre-Etienne Moreau" link: "http://www.loria.fr/~moreau/dokuwiki/doku.php" - name: "Anderson Santana de Oliveira" link: "http://andersonsantana.wordpress.com" year: "2009" doi: "http://dx.doi.org/10.1016/j.entcs.2009.02.071" links: doi: "http://dx.doi.org/10.1016/j.entcs.2009.02.071" tags: - "rule-based" - "graph-rewriting" - "access control policies" - "access control" - "rewriting" - "role-based access control" researchr: "https://researchr.org/publication/CirsteaMO09" cites: 0 citedby: 0 journal: "ENTCS" volume: "234" pages: "37-54" kind: "article" key: "CirsteaMO09" - title: "A survey, classification and comparative analysis of medium access control protocols for ad hoc networks" author: - name: "Raja Jurdak" link: "https://researchr.org/alias/raja-jurdak" - name: "Cristina Videira Lopes" link: "http://www.ics.uci.edu/~lopes/" - name: "Pierre Baldi" link: "https://researchr.org/alias/pierre-baldi" year: "2004" doi: "http://dl.comsoc.org/cocoon/comsoc/servlets/OntologySearch?query=&node=TOC1496&render=false&type=1" links: doi: "http://dl.comsoc.org/cocoon/comsoc/servlets/OntologySearch?query=&node=TOC1496&render=false&type=1" tags: - "classification" - "protocol" - "analysis" - "survey" - "access control" researchr: "https://researchr.org/publication/JurdakLB04%3A0" cites: 0 citedby: 0 journal: "comsur" volume: "6" number: "1-4" pages: "2-16" kind: "article" key: "JurdakLB04:0"