C. A. Ardagna, S. Capitani-di-vimercati, T. Grandison, S. Jajodia, and P. Samarati, Regulating Exceptions in Healthcare Using Policy Spaces, Proceeedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp.254-267, 2008.
DOI : 10.1023/A:1008604709862

D. F. Brewer and M. J. Nash, The Chinese Wall security policy, Proceedings. 1989 IEEE Symposium on Security and Privacy, pp.329-339, 1989.
DOI : 10.1109/SECPRI.1989.36295

A. D. Brucker, H. Petritsch, and A. Schaad, Delegation assistance. Policies for Distributed Systems and Networks, IEEE International Workshop on, vol.0, pp.84-91, 2009.
DOI : 10.1109/policy.2009.35

A. Chander, J. C. Mitchell, and D. Dean, A state-transition model of trust management and access control, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001., pp.27-43, 2001.
DOI : 10.1109/CSFW.2001.930134

L. Chen and J. Crampton, Risk-Aware Role-Based Access Control, Proceedings of 7th International Workshop on Security and Trust Management, 2011.
DOI : 10.1007/978-3-642-29963-6_11
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.220.8754

P. Cheng, P. A. Karger, and I. T. Watson, Risk modulating factors in risk-based access control for information in a manet, 2008.

P. Cheng, P. Rohatgi, and I. T. Watson, IT security as risk management: A research perspective, 2008.

P. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner et al., Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control, 2007 IEEE Symposium on Security and Privacy (SP '07), pp.222-230, 2007.
DOI : 10.1109/SP.2007.21

J. Crampton and C. Morisset, An Auto-delegation Mechanism for Access Control Systems, Proceedings of 6th International Workshop on Security and Trust Management, 2010.
DOI : 10.1007/978-3-642-22444-7_1

G. Cybenko, Why Johnny Can't Evaluate Security Risk, IEEE Security & Privacy Magazine, vol.4, issue.1, 2006.
DOI : 10.1109/MSP.2006.30

N. N. Diep, L. X. Hung, Y. Zhung, S. Lee, Y. Lee et al., Enforcing Access Control Using Risk Assessment, Fourth European Conference on Universal Multiservice Networks (ECUMN'07), pp.419-424, 2007.
DOI : 10.1109/ECUMN.2007.19

D. F. Ferraiolo and D. R. Kuhn, Role-based access control, Proceedings of the 15th National Computer Security Conference, pp.554-563, 1992.

Y. Han, Y. Hori, and K. Sakurai, Security Policy Pre-evaluation towards Risk Analysis, 2008 International Conference on Information Security and Assurance (isa 2008), pp.415-420, 2008.
DOI : 10.1109/ISA.2008.114

S. O. Hanson, Decision theory: A brief introduction, 1994.

M. A. Harrison, W. L. Ruzzo, and J. D. Ullman, Protection in operating systems, Communications of the ACM, vol.19, issue.8, pp.461-471, 1976.
DOI : 10.1145/360303.360333

J. Kephart, The utility of utility: Policies for self-managing systems, Proceedings of Policies for Distributed Systems and Networks, 2011.

L. Krautsevich, A. Lazouski, F. Martinelli, and A. Yautsiukhin, Influence of Attribute Freshness on Decision Making in Usage Control, Proceedings of the 6th International Workshop on Security and Trust Management, 2010.
DOI : 10.1007/978-3-642-22444-7_3

L. Krautsevich, A. Lazouski, F. Martinelli, and A. Yautsiukhin, Risk-Aware Usage Decision Making in Highly Dynamic Systems, 2010 Fifth International Conference on Internet Monitoring and Protection, 2010.
DOI : 10.1109/ICIMP.2010.13

L. Krautsevich, A. Lazouski, F. Martinelli, and A. Yautsiukhin, Risk-Based Usage Control for Service Oriented Architecture, 2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing, 2010.
DOI : 10.1109/PDP.2010.46

B. Lampson, Protection, Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp.437-443, 1971.
DOI : 10.1145/775265.775268

L. J. Lapadula and D. E. Bell, MITRE Technical Report 2547, Volume II, Journal of Computer Security, vol.4, issue.2-3, pp.239-263, 1996.
DOI : 10.3233/JCS-1996-42-308

Y. Li, H. Sun, Z. Chen, J. Ren, and H. Luo, Using trust and risk in access control for grid environment Risk-adaptable access control (RAdAC). available via http, Proceedings of the 2008 International Conference on Security Technology IEEE. 24. R. W. McGraw, pp.13-16, 2007.

I. Molloy, P. Cheng, and P. Rohatgi, Trading in risk, Proceedings of the 2008 workshop on New security paradigms, NSPW '08, 2008.
DOI : 10.1145/1595676.1595694

I. Molloy, L. Dickens, C. Morisset, P. Cheng, J. Lobo et al., Risk-based access control decisions under uncertainty, 2011.

Q. Ni, E. Bertino, and J. Lobo, Risk-based access control systems built on fuzzy inferences, Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pp.250-260, 2010.
DOI : 10.1145/1755688.1755719

C. Skalka, X. S. Wang, and P. Chapin, Risk management for distributed authorization, Journal of Computer Security, vol.15, issue.4, pp.447-489, 2007.
DOI : 10.3233/JCS-2007-15402

J. Wainer, P. Barthelmess, and A. Kumar, W-RBAC ??? A Workflow Security Model Incorporating Controlled Overriding of Constraints, International Journal of Cooperative Information Systems, vol.12, issue.04, pp.455-485, 2003.
DOI : 10.1142/S0218843003000814

L. Zhang, A. Brodsky, and S. Jajodia, Toward Information Sharing: Benefit And Risk Access Control (BARAC), Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), pp.45-53, 2006.
DOI : 10.1109/POLICY.2006.36