Journals

Conference Proceedings

Book Chapters

Miscellaneous

• J. Crampton. Practical constructions for the efficient cryptographic enforcement of interval-based access control policies. ACM Transactions on Information and System Security, 14(1):14, 2011. (doi:10.1145/1952982.1952996)

• J. Crampton, H.W. Lim, K.G. Paterson, and G. Price. User-friendly and certificate-free grid security infrastructure. International Journal of Information Security, 10(3):137–153, 2011. (doi:10.1007/s10207-011-0123-8)

• Q. Wei, J. Crampton, K. Beznosov, and M. Ripeanu. Authorization recycling in hierarchical RBAC systems. ACM Transactions on Information and System Security, 14(1):3, 2011. (doi:10.1145/1952982.1952985)

• J. Crampton. Cryptographically-enforced hierarchical access control with multiple keys. Journal of Logic and Algebraic Programming, 78(8):690–700, 2009. (doi:10.1016/j.jlap.2009.04.001)

• J. Crampton and H. Khambhammettu. Delegation in role-based access control. International Journal of Information Security, 7(2):123–136, 2008. (doi:10.1007/s10207-007-0044-8)

• F. Paci, E. Bertino, and J. Crampton. An access-control framework for WS-BPEL. International Journal of Web Services Research, 5(3):20–43, 2008. (doi:10.4018/jwsr.2008070102)

• Steve Counsell, Stephen Swift, and Jason Crampton. The interpretation and utility of three cohesion metrics for object-oriented design. ACM Transactions on Software Engineering and Methodololgy, 15(2):123–149, 2006. (doi:10.1145/1131421.1131422)

• J. Crampton. Applying hierarchical and role-based access control to XML documents. Computer Science and System Engineering, 21(5):325–338, 2006. (PDF)

• A. Tucker, J. Crampton, and S. Swift. RGFGA: An efficient representation and crossover for grouping genetic algorithms. Evolutionary Computation, 13(4):477–500, 2005. (doi:10.1162/106365605774666903)

• J. Crampton and H. Khambhammettu. Access control in a distributed object environment using XML and roles. South African Computer Journal, 31:2–8, 2003. (PDF)

• J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, 6(2):201–231, 2003. (doi:10.1145/762476.762478)

• J. Crampton and G. Loizou. Authorisation and antichains. ACM Operating Systems Review, 35(3):6–15, 2001. (doi:10.1145/383237.383238)

• J. Crampton and G. Loizou. The completion of a poset in a lattice of antichains. International Mathematical Journal, 1(3):223–238, 2001. (PDF)

• J. Crampton, G. Loizou, and G. O'Shea. A logic of access control. The Computer Journal, 44(2):137–149, 2001. (doi:10.1093/comjnl/44.1.54)

Journals

Conference Proceedings

Book Chapters

Miscellaneous

• J. Crampton. Time-storage trade-offs for cryptographically-enforced access control. In Proceedings of 16th European Symposium on Research in Computer Security, pages 245–261, 2011. (doi:10.1007/978-3-642-23822-2_14)

• J. Crampton and M. Huth. On the modeling and verification of security-aware and process-aware information systems. In Proceedings of BPM Workshop on Workflow Security Audit and Certification, 2011.

• J. Crampton and M. Huth. Synthesizing and verifying plans for constrained workflows: Transferring tools from formal methods. In Proceedings of 2011 Workshop of Verification and Validation of Planning and Scheduling Systems, 2011. (PDF)

• L. Chen and J. Crampton. Risk-aware role-based access control. In Proceedings of 7th International Workshop on Security and Trust Management, 2011. (PDF)

• J. Crampton. Cryptographic enforcement of role-based access control. In Proceedings of 7th International Workshop on Formal Aspects of Security and Trust, pages 191–205, 2010. (doi:10.1007/978-3-642-19751-2_13)

• J. Crampton and M. Huth. An authorization framework resilient to policy evaluation failures. In Proceedings of 15th European Symposium on Research in Computer Security, pages 472–487, 2010. (doi:10.1007/978-3-642-15497-3_29)

• J. Crampton and M. Huth. A framework for the modular specification and orchestration of authorization policies. In Proceedings of 15th Nordic Workshop on Secure IT Systems, 2010. (PDF)

• J. Crampton and C. Morisset. An auto-delegation mechanism for access control systems. In Proceedings of 6th International Workshop on Security and Trust Management, 2010. To appear. (PDF)

• J. Crampton, R. Daud, and K.M. Martin. Constructing key assignment schemes from chain partitions. In S. Foresti and S. Jajodia, editors, Data and Applications Security XXIV, volume 6166 of Lecture Notes in Computer Science, pages 130–145, 2010. (doi:10.1007/978-3-642-13739-6_9)

• L. Chen and J. Crampton. Set cover problems in role-based access control. In Proceedings of 14th European Symposium on Research in Computer Security, pages 689–704, 2009. (doi:10.1007/978-3-642-04444-1_42)

• J. Crampton. Trade-offs in cryptographic implementations of temporal access control. In Proceedings of 14th Nordic Workshop on Secure IT Systems, pages 72–87, 2009. (doi:10.1007/978-3-642-04766-4_6)

• J. Crampton and M. Huth. Detecting and countering insider threats: Can policy-based access control help? In Proceedings of 5th International Workshop on Security and Trust Management, 2009. (PDF)

• J. Crampton and H. Khambhammettu. A framework for enforcing constrained RBAC policies. In Proceedings of 12th IEEE International Conference on Computational Science and Engineering, pages 195–200, 2009. (doi:10.1109/CSE.2009.325)

• L. Chen and J. Crampton. On spatio-temporal constraints and inheritance in role-based access control. In Proceedings of ACM Symposium on Information, Computer and Communications Security, pages 205–216, 2008. (doi:10.1145/1368310.1368341)

• J. Crampton. Why we should take a second look at access control in Unix. In Proceedings of 13th Nordic Workshop on Secure IT Systems, 2008. (PDF)

• J. Crampton and H. Khambhammettu. Delegation and satisfiability in workflow systems. In I. Ray and N. Li, editors, Proceedings of 13th ACM Symposium on Access Control Models and Technologies, pages 31–40, 2008. (doi:10.1145/1377836.1377842)

• J. Crampton and H. Khambhammettu. On delegation and workflow execution models. In Proceedings of the 2008 ACM Symposium on Applied Computing, pages 2137–2144, 2008. (doi:10.1145/1363686.1364199)

• J. Crampton and H.W. Lim. Role signatures for access control in open distributed systems. In Proceedings of IFIP TC-11 23rd International Information Security Conference, pages 205–220, 2008. (doi:10.1007/978-0-387-09699-5_14)

• M. Dekker, J. Crampton, and S. Etalle. RBAC administration in distributed systems. In I. Ray and N. Li, editors, Proceedings of 13th ACM Symposium on Access Control Models and Technologies, pages 93–102, 2008. (doi:10.1145/1377836.1377852)

• Q. Wei, J. Crampton, K. Beznosov, and M. Ripeanu. Authorization recycling in RBAC systems. In I. Ray and N. Li, editors, Proceedings of 13th ACM Symposium on Access Control Models and Technologies, pages 63–72, 2008. (doi:10.1145/1377836.1377848)

• L. Chen and J. Crampton. Inter-domain role mapping and least privilege. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pages 157–162, 2007. (doi:10.1145/1266840.1266866)

• J. Crampton. Cryptographically-enforced hierarchical access control with multiple keys. In Proceedings of the 12th Nordic Workshop on Secure IT Systems, pages 49–60, 2007.

• J. Crampton and L. Chen. Applications of the oriented permission role-based access control model. In Proceedings of the 26th IEEE International Performance Computing and Communications Conference, pages 387–394, 2007. (doi:10.1109/PCCC.2007.358918)

• J. Crampton, H.W. Lim, and K.G. Paterson. What can identity-based cryptography offer to web services? In Proceedings of 4th ACM Workshop on Secure Web Services, pages 26–36, 2007. (doi:10.1145/1314418.1314424)

• J. Crampton, H.W. Lim, K.G. Paterson, and G. Price. A certificate-free grid security infrastructure supporting password-based user authentication. In Proceedings of 6th Annual PKI R&D Workshop, 2007.

• M. Dekker, J.G. Cederquist, J. Crampton, and S. Etalle. Extended privilege inheritance in RBAC. In F. Bao and S. Miller, editors, Proceedings of 2007 ACM Symposium on InformAtion, Computer and Communications Security, pages 383–385, 2007. (doi:10.1145/1229285.1229335)

• H. Rowe and J. Crampton. Avoiding key redistribution in key assignment schemes. In Proceedings of the Fourth International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, pages 127–140, 2007.

• J. Skene, A. Skene, J. Crampton, and W. Emmerich. The monitorability of service-level agreements for application-service provision. In V. Cortellessa, S. Uchitel, and D. Yankelevich, editors, Proceedings of the 6th International Workshop on Software and Performance, pages 3–14, 2007. (doi:10.1145/1216993.1216997)

• S. Swift, A. Tucker, J. Crampton, and D. Garway-Heath. An improved restricted growth function genetic algorithm for the consensus clustering of retinal nerve fibre data. In H. Lipson, editor, Proceedings of Genetic and Evolutionary Computation Conference, GECCO 2007, pages 2174–2181, 2007. (doi:10.1145/1276958.1277376)

• A. Tucker, S. Swift, and J. Crampton. Efficiency updates for the restricted growth function GA for grouping problems. In H. Lipson, editor, Proceedings of Genetic and Evolutionary Computation Conference, GECCO 2007, page 1536, 2007. (doi:10.1145/1276958.1277265)

• E. Bertino, J. Crampton, and F. Paci. Access control and authorization constraints for WS-BPEL. In Proceedings of IEEE International Conference on Web Services, pages 275–284, 2006. (doi:10.1109/ICWS.2006.21)

• Jason Crampton. Discretionary and mandatory control for role-based administration. In Ernesto Damiani and Peng Liu, editors, Data and Applications Security XX, volume 4127 of Lecture Notes in Computer Science, pages 194–208. Springer, 2006. (doi:10.1007/11805588_14)

• J. Crampton and H. Khambhammettu. Delegation in role-based access control. In Proceedings of 11th European Symposium on Research in Computer Security, pages 174–191, 2006. (doi:10.1007/11805588_14)

• Jason Crampton, Wing Leung, and Konstantin Beznosov. The secondary and approximate authorization model and its application to Bell-LaPadula policies. In Proceedings of 11th ACM Symposium in Access Control Models and Technologies, pages 111–120, 2006. (doi:10.1145/1133058.1133075)

• Jason Crampton, Keith Martin, and Peter Wild. On key assignment for hierarchical access control. In Proceedings of 19th IEEE Computer Security Foundations Workshop, pages 98–111, 2006. (doi:10.1109/CSFW.2006.20)

• J. Crampton. A reference monitor for workflow systems with constrained task execution. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pages 38–47, 2005. (doi:10.1145/1063979.1063986)

• Jason Crampton. Understanding and developing role-based administrative models. In Proceedings of the 12th ACM Conference on Computer and Communications Security, pages 158–167, 2005. (doi:10.1145/1102120.1102143)

• Jason Crampton and Hemanth Khambhammettu. Data structures for constraint enforcement in role-based systems. In Proceedings of the 2005 IASTED Conference on Network and Information Security, pages 158–167, 2005. (PDF)

• S. Swift, A. Shi, J. Crampton, and A. Tucker. ICARUS: Intelligent coupon allocation for retailers using search. In Proceedings of 2005 IEEE Congress on Evolutionary Computation, pages 182–189, 2005. (doi:10.1109/CEC.2005.1554683)

• J. Crampton. An algebraic approach to the analysis of constrained workflow systems. In Proceedings of 3rd Workshop on Foundations of Computer Security (FCS'04), pages 61–74, 2004. (PDF)

• J. Crampton. Applying hierarchial and role-based access control to XML documents. In Proceedings of 2004 ACM Workshop on Secure Web Services, pages 37–46, 2004. (doi:10.1145/1111348.1111353)

• K. Tan, J. Crampton, and C. Gunter. The consistency of task-based authorization constraints in workflow systems. In Proceedings of 17th IEEE Computer Security Foundations Workshop, pages 155–169, 2004. (doi:10.1109/CSFW.2004.1310739)

• J. Crampton. On permissions, inheritance and role hierarchies. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 85–92, 2003. (doi:10.1145/948109.948123)

• J. Crampton. Specifying and enforcing constraints in role-based access control. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies, pages 43–50, 2003. (doi:10.1145/775412.775419)

• J. Crampton and H. Khambhammettu. Access control in a distributed object environment using XML and roles. In Proceedings of 3rd Annual Information Security South Africa Conference (ISSA 2003), pages 75–88, 2003. (PDF)

• J. Crampton and H. Khambhammettu. Authorization and certificates: Are we pushing when we should be pulling? In Proceedings of IASTED Conference on Network and Information Security, pages 62–66, 2003. (PDF)

• J. Crampton and G. Loizou. Administrative scope and hierarchy operations. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies, pages 145–154, 2002. (doi:10.1145/507711.507736)

Journals

Conference Proceedings

Book Chapters

Miscellaneous

• J. Crampton and M. Huth. Towards an access-control framework for countering insider threats. In M. Bishop, D. Gollmann, J. Hunker, and C. Probst, editors, Insider Threats in Cybersecurity – And Beyond, pages 173–196. Springer, 2010.

• F. Paci, E. Bertino, and J. Crampton. An access control framework for WS-BPEL processes. In L.-J. Zhang, editor, Web Services Research for Emerging Applications: Discoveries and Trends, pages 492–515. Information Science Publishing, 2009.

• E. Bertino and J. Crampton. Security for distributed systems: Foundations of access control. In Y. Qian, D. Tipper, P. Krishnamurthy, and J. Joshi, editors, Information Assurance: Survivability and Security in Networked Systems, pages 39–80. Morgan Kaufman, 2007.

• J. Crampton, K.G. Paterson, F. Piper, and M. Robshaw. Information security. In Handbook of Security, pages 358–379. Perpetuity Press, 2006.

Journals

Conference Proceedings

Book Chapters

Miscellaneous

• J. Crampton. On the satisfiability of authorization constraints in workflow systems. Technical Report RHUL–MA–2004–1, Department of Mathematics, Royal Holloway, University of London, 2004. (PDF)

• J. Crampton. Authorization and antichains. PhD thesis, Birkbeck, University of London, London, England, 2002. (PDF)

• J. Crampton and G. Loizou. SARBAC: A new model for role-based administration. Technical Report BBKCS-02-09, Birkbeck College, University of London, 2002. (PDF)

• J. Crampton and G. Loizou. Conflict of interest policies: A general approach. Technical Report BBKCS-00-07, Birkbeck College, University of London, 2000. (PDF)

• J. Crampton and G. Loizou. Structural complexity of conflict of interest policies. Technical Report BBKCS-00-13, Birkbeck College, University of London, 2000. (PDF)

• J. Crampton and G. Loizou. Two partial orders on the set of antichains. Technical Report BBKCS-00-05, Birkbeck College, University of London, 2000. (PDF)

• J. Crampton, G. Loizou, and G. O'Shea. Evaluating and improving access control. Technical Report BBKCS-99-11, Birkbeck College, University of London, United Kingdom, 1999. (PDF)