[1]施淵仁(1999),「具流程管理機制之工作存取權限控制模型之研究」,碩士論文,元智大學電機暨資訊工程研究所。[2]劉興華(1999),「執行權管制系統的理論性架構設計」,博士論文,國立交通大學資訊管理研究所,新竹。[3]吳國禎(1999),「數位證書在電子商務安全之應用」,博士論文,國立交通大學資訊管理研究所,新竹。[4]朱建逹(2000),「建立於公開金鑰基礎建設的單一簽入系統」,碩士論文,國立交通大學資訊科學研究所,新竹。
[5]賴溪松、韓亮、張真誠(1995),近代密碼學及其應用,松崗書局,台北。
[6]樊國楨、陳祥輝、蔡敦仁(2002),「資料庫濫用軌跡塑模」,網頁 http://www.ascc.net/nl/90/1711/02.txt。
[7]行政院國科會科學技術資料中心,「標準與規範」,資通安全資訊網,網頁http://ics.stic.gov.tw/Standard/index.php。
[8]Ravi Sandhu, (2002) “Password-Enabled Public-Key Infrastructure (PKI) and Role-Based Access Control (RBAC) on the Secure Identity Appliance,” 第十二屆國家資訊安全會議專題演講,台中。
[9]Willian Stallings(2000), Cryptography and Network Security: Principles and Practice, 2nd Edition, Prentice Hall International, Inc.
[10]Radia Perlman and Charlie Kaufman (February 1999), “Secure Password-Based Protocol for Downloading a Private Key,” Network and Distributed System Security Symposium, San Diego, California.
[11]Ravi Sandhu (February 1996), Edward J. Coyne, Hal L. Feinstein and C. E. Youman, “Role-based Access Control Models,” IEEE Computer, Vol. 29, No. 2, pp. 38-47.
[12]David Ferraiolo and John Barkley (November 1997), “Specifying and Managing Role-Based Access Control within a Corporate Intranet,” Proceedings of the Second ACM Workshop on Role-based Access Control.
[13]Joon S. Park and Ravi Sandhu (October 1999), “RBAC on the Web by Smart Certificates,” Proceedings of the Fourth ACM Workshop on Role-based Access Control.
[14]Joon S. Park and Ravi Sandhu (October 1999), “Smart Certificates: Extending X.509 for Secure Attribute Services on the Web,” Proceedings of 22nd National Information Systems Security Conference, Crystal City, VA.
[15]Jing-Jang Hwang, Kou-Chen Wu and Duen-Ren Liu(2000), “Access Control with Role Attribute Certificates,” Computer Standards & Interfaces, Vol. 22, pp. 43-53.
[16]Joon S. Park and Ravi Sandhu(2000), “Binding Identities and Attributes Using Digitally Signed Certificates,” Proceedings of the 16th Annual Computer Security Applications Conference , New Orleans, Louisiana, USA, pp. 120-127. Gail-Joon Ahn(2000), “Role-based Access Control in DCOM,” Journal of Systems Architecture, Vol. 46, No. 13, pp. 1175-1184.
[18]Reinhardt. A. Botha and Jan. H. Eloff(2001), “ Separation of Duties for Access Control Enforcement in Workflow Environments,” IBM System Journal, Vol. 40, No. 3, pp. 666-682.
[19]S. Bellovin and M. Merritt (May 1992), “Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks,” Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, California.
[20]S. Bellovin and M. Merritt(1994), “Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise,” AT&T Bell Laboratories Technical Report.
[21]D. Jablon (October 1996), “Strong Password-Only Authenticated Key Exchange,” ACM Computer Communications Review.
[22]D. Jablon(June 1997), “Extended Password Protocols Immune to Dictionary Attack, ” Proceedings of the WETICE ’97 Enterprise Security Workshop.
[23]R. Lee and J. Israel(October 1994), “Understanding the Role of Identification and Authentication in NetWare 4,” Novell Application Notes.
[24]Hung-Yu Lin and Lein Harn (1995), “Authentication Protocols for Personal Communication System,” Proceedings of the Conference on Application, Computer Communication, Cambridge, Massachusetts, United States, pp. 256-261.
[25]David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli (August 2001), “ Proposed NIST Standard for Role-based Access Control,” ACM Transactions on Information and Systems Security, Vol. 4, No. 3, pp. 1-51.
[26]Trent Jaeger and Atul Prakash (December 1996), “Requirements of Role-Based Access Control for Collaborative Systems,” Proceedings of the first ACM workshop on Role-Based Access Control.
[27]John Barkley, Konstantin Beznosov and Jinny Uppal (October 1999), “Supporting Relationships in Access Control Using Role Based Access Control,” Proceedings of the fourth ACM workshop on Role-Based Access Control.
[28]Najam Perwaiz and Ian Sommerville (May 2001), “Structured Management of Role-Permission Relationships,” Proceedings of the sixth ACM Symposium on Access Control Models and Technologies.
[29]Walt Yao, Ken Moody and Jean Bacon (May 2001), “A Model of OASIS Role-Based Access Control and its Support for Active Security,” Proceedings of the sixth ACM Symposium on Access Control Models and Technologies.
[30]Longhua Zhang, Gail-Joon Ahn and Bei-Tseng Chu (May 2001), “A Rule-Based Framework for Role-Based Delegation,” Proceedings of the sixth ACM Symposium on Access Control Models and Technologies.
[31]Gail-Joon Ahn and Michael E. Shin(2001), “Role-Based Authorization Constraints Specification Using Object Constraint Language,” Proceedings of the tenth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.
[32]FIPS PUB 186-2 (January 2000), Digital Signature Standard (DSS), NIST, http://www.itl.nist.gov/fipspubs/by-num.htm.
[33]E. B. Fernandez and J. C. Hawkins (November 2001), “Determining Role Rights from Use Cases,” Proceedings of the 8th ACM conference on Computer and Communications Security.
[34]Simon Fong and Chan Se-Leng (April 2000), “Modeling Personnel and Roles for Electronic Commerce Retail,” Proceedings of the 2000 ACM SIGCPR conference on Computer Personnel Research.
[35]Albert Levi and M. Ufuk Caglayan (October 1999), “Verification of Classical Certificates via Nested Certificates and Nested Certificate Paths,” Eight International Conference on Computer Communications and Networks (ICCCN ’99), Boston, MA, USA.
http://mercan.cmpe.boun.edu.tr/~levi/ic3n99al.pdf
[36]Albert Levi and Cetin Kaya Koc (June 2001), “Reducing Certificate Revocation Cost using NPKI,” Trusted Information, The new Decade Challenge, IFIPTCII 16th Internation Conference on Information Security, Bostion MA, pp. 51-59.
[37]Tuomas Aura (1999), “Distributed Access-Rights Management with Delegation Certificates,” Secure Internet Programming: Security Issues for Distributed and Mobile Objects, Springer, volume 1603, series LNCS, pp.211-235.
[38]Mary Ellen Zurko, Rich Simon and Tom Sanfilippo (May 1999), “A User-Centered, Modular Authorization Serveice Built on an RBAC Foundation,” Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California.
[39]Chang. N. Zhang and Cungang Yang (August 2001), “An Object-Oriented RBAC Model for Distributed System,” Working IEEE/IFIP Conference on Software Architecture (WICSA'01), Amsterdam, The Netherlands, p.24.
[40]Chang. N. Zhang and Cungang Yang (May 1999), “Specification and Enforcement of Object-Oriented RBAC Model,” Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California.
[41]Edward C. Cheng (1999), “An Object-Oriented Organizational Model to Support Dynamic Role-Based Access Control in Electronic Commerce Applications,” Proceedings of the 32nd Hawaii International Conference on System Sciences, pp. 1-9.