Guide to Papers

Most Cited Papers
Guide to Papers
PhD's Awarded
Invited Talks etc.
Vitae etc.
Contact Me

Essential background readings if you would like to collaborate or join my team:

Note: These papers cover concepts and technical details pertinent to research projects currently in progress amongst my research teams. The content will vary over time. This is NOT a list of all my significant or important papers. The papers are listed in reverse chronological order and can be read largely independent of each other.

    The PEI Framework

  1. Ravi Sandhu, The PEI Framework for Application-Centric Security. In Proc. 5th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Crystal City, Virginia, November 11-14, 2009, pages 1-5. Presentation(ppt) (pdf)
    Google Scholar Search
  2. Ravi Sandhu, Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way, ACM RBAC 2000. Presentation
    Google Scholar Search
  3. OM-AM was the first version of PEI and is essentially very similar. Just a little difference in terminology.

    Access Control Principles

  4. Ravi Sandhu and Venkata Bhamidipati, The ASCAA Principles for Next-Generation Role-Based Access Control . Proc. 3rd International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain, March 4-7, 2008, pages xxvii-xxxii. Presentation Keynote Lecture
    Google Scholar Search
  5. The UCON Model

  6. Jaehong Park and Ravi Sandhu, The UCON_ABC Usage Control Model, ACM Transactions on Information and System Security, Volume 7, Number 1, February 2004, pages 128-174.
    Google Scholar Search
  7. A Series of Models: Pre-Framework

  8. Roshan Thomas and Ravi Sandhu, Towards a Multi-dimensional Characterization of Dissemination Control, POLICY, 2004.
    Google Scholar Search
  9. A Series of Models: Framework

  10. Ezedin Barka and Ravi Sandhu, Framework for Role-Based Delegation Models, ACSAC 2000. Presentation
    Google Scholar Search
  11. A Series of Models: Family

  12. Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman, Role-Based Access Control Models, IEEE Computer, Volume 29, Number 2, February 1996.
    Google Scholar Search
  13. A Series of Models: Single Model

  14. Ravi Sandhu, Lattice-Based Access Control Models, IEEE Computer, Volume 26, Number 11 (Cover Article), November 1993.
    Google Scholar Search
    General takeaways: Single model with some variations with respect to star-property. Single overriding objective of one-way information flow in a lattice. Importance of user-subject distinction. One-way information flow can support (i) confidentiality (ii) integrity (iii) separation of duty.
    Specific takeaways: no difference between (i) Biba (ii) Bell-LaPadula (iii) their combination, Chinese wall cast as a lattice, not much difference between lattice and partial order.
  15. Basic Tutorial on Access Control

  16. R. Sandhu and P. Samarati, Access Control: Principles and Practice, IEEE Communications, 32(9): 40-48, Sept. 1994,
    Google Scholar Search
    Basic tutorial on access control. As valid today as in 1994.