一、中文部分
林惠徵 (2003),公開金鑰基礎建設之研究-屬性憑證運用在權限管理,中國文化大學資訊管理研究所碩士論文。邵曉薇(2000),配合RBAC的稽核制度之設計-以製造業的採購流程,交通大學資訊管理研究所碩士論文。楊先民 (2003),SQL Serve2000範例教本,台北:學貫行銷股份有限公司發行。
劉興華,黃景彰 (1999),存取權管制系統的設計標準-ISO/IEC 10181-3介紹,中華民國資訊學會學會通訊,2 (3),13-20。
樊國楨 (1999),資料庫安全設計與完整性簡析,台北:行政院研究發展考核會。
樊國楨,陳祥輝,蔡敦仁 (2000),資料庫濫用軌跡塑模,電腦與通訊期刊,94 (8),9-18。二、英文部分
Akoka, J., & Comyn, W. I. (1996). A knowledge-based system for auditing computer and management information system. Expert System with Applications, 11 (3), 361-375.
Ball, E., Chadwick, D. W., & Otenko, A. (2001). XML policy DTD [Online]. Aviliable: http://sec.isi.salford.ac.uk/download/policy 9.dtd [2001, June 1].
Ball, E., Chadwick, D. W., & Otenko, A. (2003). Implementing role based access controls using X.509 attribute certificates. Institute of Electrical and Electronics Engineers Internet Computing, 7 (2), 62-69.
Boeyen, S. (2000). X.509: Overview of PKI & PMI frameworks [Online]. Available : http://www.entrust.com/resources/pdf/509
-overviews.pdf [2000, September 10].
Chadwick, D. W., & Basden, A. (2001). Evaluating trust in a public key certification authority. Journal of Computers and Security, 20 (7), 592-611.
Chadwick, D. W., & Otenko A. (2002). Privilege allocation tool [Online]. Available: http://sec.isi.salford.au.uk/permis[2002, April 11].
Chadwick, D. W., & Otenko, A. (2002). RBAC policies in XML for X.509 based privilege management. In M. A. Ghonaimy and M.T. Hadidi (Eds.), Proceedings of the International Federation for Information Processing of Technology Commit 11 Conference on Information Security (pp.39-54), New York : Kluwer Academic.
Chadwick, D. W., & Otenko, A. (2002). The PERMIS X.509 role based privilege management infrastructure. In R. Sandhu and E. Betrio (Eds.), Proceedings of 7th ACM Symposium On Access Control Models And Technologies (pp135-140), New York: Association for Computing Machinery Press .
Chung, C. Y., Gertz, M., & Levitt, K. (2000). DEMIDS: A misuse detection system for database system. In E. Margarte and B. H. Van (Eds.), Integrity and Internal Control in Information System (pp 159-178), New York: Kluwer Academic.
Farrell, S., & Housley, R. (2002). RFC 3281: an internet attribute certificate profile for authentization [Online]. Available: http://w- w.faqs.org/rfcs/frc3281.html [2002, October 10].
Ferraiolo, D., & Kuhn, R. (1992). Role-based access control. In R. Sandhu (Ed), Proceedings of 15th NIST-NCSC National Computer Security Conference (pp554-563), New York: Association for Computing Machinery Press.
ITU-T recommendation X.812. (1996). Information technology-open systems interconnection-security framework for open system: Access control framework (ISO/IEC 10181-3). Switzerland: International Organization for Standard Press.
ITU-T recommendation X.816. (1996). Information technology-open systems interconnection-security frameworks for open systems: Security audit and alarms framework (ISO/IEC 10181-7). Switzerland: International Organization for Standard Press.
ITU-T recommendation X.509. (2001). Information technology-open systems interconnection-the directory: Public key and attribute certificate frameworks (ISO/IEC 9594-8). Switzerland: International Organization for Standard Press.
Ooi, B. C., Goh, C. H., & Tan, K. L. (1998). Indexing Bitemporal Databases as Points. Information and Software Technology, 40 (5), 327-337.
Otenko, S., Chadwick, D. W., & Thornton, E. (2002). PERMIS PA cookbook [Online]. Available:http://sec.isi.salford.ac.uk/permis/download/PERMIScookbook.doc [2002, April 11].
Sandhu, R. S. (1996). Authentication, access control, and audit. Association for Computing Machinery Computing Surveys, 28 (1), 241-243.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. Institute of Electrical and Electronics Engineers Computer, 29 (2), 38-47.
Stallings, W. (1999). Cryptography and network security principle and practice (2nd ed.). New Jersey: Prentice Hall.