M. Blaze, J. Feigenbaum, and J. Lacy, Decentralized trust management, Proceedings 1996 IEEE Symposium on Security and Privacy, pp.1081-6011, 1996.
DOI : 10.1109/SECPRI.1996.502679

J. Bryans, Reasoning about XACML policies using CSP, Proceedings of the 2005 workshop on Secure web services , SWS '05, 2005.
DOI : 10.1145/1103022.1103028

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

J. Crampton, Authorization and antichains, 2002.

D. Guelev, M. Ryan, and P. , Schobbens, Model-checking access control policies, pp.219-230, 2004.

M. Harrison and W. Ruzzo, Monotonic protection systems, Foundations of Secure Computation, pp.337-363, 1978.

M. Harrison, W. Ruzzo, and J. Ullman, Protection in operating systems, Communications of the ACM, 1976.

E. Kleiner and T. Newcomb, Using CSP to decide safety problems for access control policies, 2006.

M. Koch, L. Mancini, and F. Parisi-presicce, Decidability of Safety in Graph-Based Models for Access Control, ESORICS '02: Proceedings of the 7th European Symposium on Research in Computer Security, pp.229-243, 2002.
DOI : 10.1007/3-540-45853-0_14

R. Lazi´clazi´c, T. Newcomb, and A. Roscoe, On model checking data-independent systems with arrays without reset, Theory and Practice of Logic Programming: Special Issue on Verification and Computational Logic, 2004.

R. Lazi´clazi´c, T. Newcomb, and A. Roscoe, Polymorphic systems with arrays, 2-counter machines and multiset rewriting, Proceedings of INFINITY, pp.3-19, 2004.

N. Li, J. Mitchell, and W. Winsborough, Beyond proof-of-compliance: security analysis in trust management, Journal of the ACM, vol.52, issue.3, pp.474-514, 2005.
DOI : 10.1145/1066100.1066103

R. Lipton and L. Snyder, On synchronization and security, Foundations of Secure Computation, pp.367-385, 1978.

T. Newcomb, Model Checking Data-Independent Systems With Arrays, 2003.

A. Roscoe, The Theory and Practice of Concurrency, 1998.

A. Roscoe and R. Lazi´clazi´c, What can you decide about resetable arrays?, Proceedings of the 2nd International Workshop on Verification and Computational Logic, pp.5-23, 2001.

P. Ryan, S. Schneider, M. Goldsmith, G. Lowe, and A. Roscoe, Modelling and analysis of security protocols, 2001.

R. Sandhu and G. Suri, Non-monotonic transformation of access rights, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp.148-163, 1992.
DOI : 10.1109/RISP.1992.213264

M. Vardi and P. Wolper, An automata-theoretic approach to automatic program verification (preliminary report, Proc. 1st Annual IEEE Symposium on Logic in Computer Science, pp.332-344, 1986.
DOI : 10.1007/3-540-50403-6_33

P. Wolper and V. Lovinfosse, Verifying properties of large sets of processes with network invariants, Lecture Notes in Computer Science, vol.407, pp.68-80, 1989.
DOI : 10.1007/3-540-52148-8_6

N. Zhang, M. Ryan, and D. Guelev, Synthesising verified access control systems in XACML, Proceedings of the 2004 ACM workshop on Formal methods in security engineering , FMSE '04, pp.56-65, 2004.
DOI : 10.1145/1029133.1029141

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

N. Zhang, M. Ryan, and D. Guelev, Evaluating Access Control Policies Through Model Checking, pp.446-460, 2005.
DOI : 10.1007/11556992_32

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=