Publications

Journal Articles (appeared or accepted)

• [J18] Ninghui Li and Qihua Wang
  Beyond Separation of Duty: An Algebra for Specifying High-level Security Policies
  Accepted to appear in Journal of the ACM (JACM).
  (Paper in PDF)  Supercedes [C06f]
• [J17] Ji-Won Byun, Tiancheng Li, Elisa Bertino, Ninghui Li, and Yonglak Sohn
  Privacy Preserving Incremental Data Dissemination
  Accepted to appear in Journal of Computer Security (JCS).
  (Paper in PDF)  Supercedes [C06c]
• [J16] Somesh Jha, Ninghui Li, Mahesh V. Tripunitara, Qihua Wang, and William H. Winsborough
  Towards Formal Verification of Role-Based Access Control Policies
  Accepted to appear in IEEE Transactions on Dependable and Secure Computing (TDSC).
  (Paper in PDF)  

• [J15] Rui Xue, Ninghui Li, and Jiangtao Li
  Algebraic Construction for Zero-Knowledge Sets
  Journal of Computer Science and Technology (JCST) 23(2): 166-175 (2008).
  (Paper in PDF)
• [J14] Tiancheng Li and Ninghui Li.
  Towards optimal k-anonymization
  Data and Knowledge Engineering. 23(2): 166-175 (2008)
  (Paper in PDF)   Supercedes [C06i]
• [J13] Jiangtao Li, Ninghui Li, and William H. Winsborough
  Automated Trust Negotiation Using Cryptographic Credentials
  Accepted to appear in ACM Transactions on Information and System Security (TISSEC), special issue of selected papers from ACM CCS 2005.
  (Paper in PDF)   Supercedes [C05e]
• [J12] On Mutually-Exclusive Roles and Separation of Duty
  Ninghui Li, Mahesh V. Tripunitara, and Ziad Bizri
  ACM Transactions on Information and Systems Security (TISSEC).  10(2), May 2007.
  (Paper in PDF)   Supercedes [C04e]
• [J11] Purpose Based Access Control for Privacy Protection in Relational Database Systems 
  Ji-won Byun and Ninghui Li
  The VLDB Journal, in press.
  (Paper in PDF)
• [J10] A Semantics-based Approach to Privacy Policies
  Ninghui Li, Ting Yu, and Annie I. Anton
  To appear in the Computer Science and System Engineering Journal.
  (Paper in PDF)  Supercedes [C04f].
• [J09] A Theory for Comparing the Expressive Power of Access Control Models
  Mahesh V. Tripunitara and Ninghui Li
  Journal of Computer Security (JCS), 15(2):231--272, March, 2007
  (Paper in PDF)  Supercedes [C04d]
• [J08] Security Analysis in Role-Based Access Control
  Ninghui Li and Mahesh V. Tripunitara
  ACM Transactions on Information and System Security (TISSEC), 9(4):391--420, November 2006.
  (Paper in PDF)  Supercedes [C04b]
• [J07] OACerts: Oblivious Attribute Certificates
  Jiangtao Li and Ninghui Li
  IEEE Transactions on Dependable and Secure Computing (TDSC).  Volume 3, Number 4, pp.340-352, October 2006.
  (Paper in PDF)   Supercedes [C05c].
• [J06] Safety in Automated Trust Negotiation
  William H. Winsborough and Ninghui Li
  ACM Transactions on Information and System Security (TISSEC), 9(3):352--390, August 2006.
  (Paper in PDF) Supercedes [C04a].
• [J05] Understanding SPKI/SDSI Using First-Order Logic
  Ninghui Li and John C. Mitchell
  International Journal of Information Security. 5(1):48--64, January 2006.
  (Paper in PDF)  Supercedes [C03d]
• [J04] Beyond Proof-of-compliance: Security Analysis in Trust Management
  Ninghui Li, John C. Mitchell, and William H. Winsborough
  Journal of the ACM. 52(3):474--514, May 2005. 
  (Paper in PDF)  Supercedes [C03c].
• [J03] Oblivious Signature-Based Envelope
  Ninghui Li, Wenliang Du, and Dan Boneh.
  Distributed Computing, special issue of selected papers of PODC 2003.
  (Paper in PDF)  Supercedes [C03e]
• [J02] Distributed Credential Chain Discovery in Trust Management.
  Ninghui Li, William H. Winsborough, and John C. Mitchell.
  Journal of Computer Security, volume 11, number 1, pp. 35-86, February 2003.
  (Paper in PDF) Supersedes [C01b]
• [J01] Delegation Logic: A Logic-based Approach to Distributed Authorization.
  Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum.
  ACM Transactions on Information and System Security (TISSEC), volume 6, number 1, pp. 128-171, February 2003.
  (Paper in PDF) Supersedes [C99a, C00a]

Magazine Articles (appeared or accepted)

• [M02] A Critique of the ANSI Standard on Role Based Access Control
  Ninghui Li, Ji-won Byun, and Elisa Bertino
  IEEE Security and Privacy. 5(6):41--49, November 2007.
  (Paper in PDF)
• [M01] A Roadmap for Comprehensive Online Privacy Policy Management
  Annie I. Anton, Elisa Bertino, Ninghui Li, and Ting Yu
  Communications of the ACM. 50(7):109--116, July 2007.
  (Paper in PDF)  

Edited Conference Proceedings

• [B02] Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT)
  Indrashi Ray and Ninghui Li
  ACM Press, 2008.
• [B01] Information and Communications Security, Proceedings of the 8th International Conference (ICICS 2006)
  Peng Ning, Sihan Qing, and Ninghui Li
  LNCS 4307, Springer, 2007.

Book Chapters

• [H01] Privacy-Preserving Database Systems
  Elisa Bertino, Ji-Won Byun, and Ninghui Li
  In Foundations of Security Analysis and Design III, FOSAD 2004/2005 Tutorial Lectures, LNCS 3655, Springer, 2005.
  (Paper in PDF)

Refereed Conference and Workshop Papers

• [C08d] Mining Roles with Semantic Meanings
  Ian Molloy, Hong Chen, Tiancheng Li, Qihua Wang, Ninghui Li, Elisa Bertino, Seraphin Calo, and Jorge Lobo
  In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 21--30, June 2008.
  (Paper in PDF)
• [C08c] Policy Decomposition for Collaborative Access Control
  Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, and Jorge Lobo
  In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 103--112, June 2008.
  (Paper in PDF)
• [C08b] Injector: Mining Background Knowledge for Data Anonymization
  Tiancheng Li and Ninghui Li
  To appear in IEEE International Conference on Data Engineering (ICDE), April 2008.
  (Paper in PDF)
• [C08a] PRECIP: Practical and Retrofittable Confidential Information Protection Against Spyware Surveillance
  XiaoFeng Wang, Zhuowei Li, Jong Youl Choi, Ninghui Li
  To appear in Network & Distributed System Security Symposium, February 2008.
  (Paper in PDF)

• [C07i] On the Correctness Criteria of Fine-Grained Access Control in Relational Databases
  Qihua Wang, Ting Yu, Ninghui Li, Jorge Lobo, Elisa Bertino, Ji-Won Byun and Keith Irwin
  In Proceedings of The 33rd International Conference on Very Large Data Bases (VLDB 2007), September 2007.
  (Paper in PDF)
• [C07h] Satisfiability and Resiliency in Workflow Systems
  Qihua Wang and Ninghui Li
  In Proceedings of the European Symposium on Research in Computer Security (ESORICS), September 2007.
  (Paper in PDF)
• [C07g] Universal Accumulators with Efficient Nonmembership Proofs
  Jiangtai Li, Ninghui Li, and Rui Xue
  In International Conference on Applied Cryptography and Network Security , June 2007.
  (Paper in PDF)
• [C07f] Usable Mandatory Integrity Protection for Operating Systems
  Ninghui Li, Ziqing Mao, and Hong Chen
  In IEEE Symposium on Security and Privacy, May 2007.
  (Paper in PDF)
• [C07e] t-Closeness: Privacy Beyond k-Anonymity and l-Diversity
  Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian
  In International Conference on Data Engineering (ICDE), April 2007.
  (Paper in PDF)
• [C07d] Efficient k-Anonymization using Clustering Techniques
  Ji-Won Byun, Ashish Kamra, Elisa Bertino, and Ninghui Li
  In Internal Conference on Database Systems for Advanced Applications (DASFAA), April 2007.
  (Paper in PDF)
• [C07c]  Administration in Role Based Access Control
  Ninghui Li and Ziqing Mao
  In ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS), March 2007.
  (Paper in PDF)
• [C07b] Direct Static Enforcement of High-level Policies
  Qihua Wang and Ninghui Li
  In ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS), March 2007.
  (Paper in PDF)
• [C07a] Dynamic Virtual Credit Card Numbers
  Ian Molloy, Jiangtao Li, and Ninghui Li
  In International Conference on Financial Cryptography and Data Security (FC), February 2007.
  (Paper in PDF)
• [C06i] Optimal k-Anonymity with Flexible Generalization Schemes through Bottom-up Searching
  Tiancheng Li and Ninghui Li
  In IEEE International Workshop on Privacy Aspects of Data Mining (PADM), December 2006.
  (Paper in PDF)
• [C06h] An Efficient Oblivious Commitment Based Envelope Protocol
  Jiangtao Li and Ninghui Li
  In International Conference on Information and Communications Security (ICICS), Decbember 2006.
  (Paper in PDF)
• [C06g] Distributed Credential Chain Discovery in Trust Management with Parameterized Roles and Constraints (Short Paper)
  Ziqing Mao, Ninghui Li, and William H. Winsborough
  In International Conference on Information and Communications Security (ICICS), December 2006.
  (Paper in PDF)
• [C06f] Beyond Separation of Duty: An Algebra for Specifying High-level Security Policies
  Ninghui Li and Qihua Wang
  In ACM Conference in Computer and Communications Security (CCS), November 2006.
  (Paper in PDF)
• [C06e] Resiliency Policies in Access Control
  Ninghui Li, Mahesh V. Tripunitara, and Qihua Wang
  In ACM Conference in Computer and Communications Security (CCS), November 2006.
  (Paper in PDF)
• [C06d] Achieving Privacy in Mesh Networks
  Xiaoxin Wu and Ninghui Li
  In ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), October 2006.
  (Paper in PDF)
• [C06c] Secure Anonymization for Incremental Datasets
  Ji-Won Byun, Yonglak Sohn, Elisa Bertino, Ninghui Li
  In the Third VLDB Workshop on Secure Data Management (SDM'06), September 2006.
  (Paper in PDF)
• [C06b] Denial of Service Attacks and Defenses in Decentralized Trust Management
  Jiangtao Li, Ninghui Li, Xiaofeng Wang, and Ting Yu
  In the Second International Conference on Security and Privacy in Communication Networks (SecureComm), August 2006.
  (Paper in PDF)
• [C06a] Constraint Generation for Separation of Duty
  Hong Chen and Ninghui Li
  In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT), June 2006.
  (Paper in PDF)
• [C05e] Automated Trust Negotiation Using Cryptographic Credentials
  Jiangtao Li, Ninghui Li, and William H. Winsborough
  In Proceedings of ACM Conference on Computer and Communications Security (CCS), November 2005.
  (Paper in PDF)
• [C05d] Policy-Hiding Access Control in Open Environment (Extended Abstract)
  Jiangtao Li and Ninghui Li
  In Proceedings of ACM Symposium on Principles of Distributed Computing (PODC), July 2005.
  (Paper in PDF)
• [C05c] OACerts: Oblivious Attribute Certificates
  Jiangtao Li and Ninghui Li
  In Proceedings of The Third Applied Cryptography and Network Security conference (ACNS), June 2005.
  (Paper in PDF) Superceded by [J07]
• [C05b] Purpose Based Access Control of Complex Data for Privacy Protection
  Ji-Won Byun, Elisa Bertino, and Ninghui Li
  In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT), June 2005.
  (Paper in PDF)
• [C05a] Safety in Discretionary Access Control.
  Ninghui Li and Mahesh V. Tripunitara
  In Proceedings of IEEE Symposium on Security and Privacy, May 2005.
  (Paper in PDF)

• On a debate about this paper

• [C04g] Securing Java RMI-based Distributed Applications
  Ninghui Li, John C. Mitchell, and Derrick Tong
  In Proceedings of Annual Computer Security Applications Conference (ACSAC), December 2004.
  (Paper in PDF)

• [C04f] A Formal Semantics for P3P
  Ting Yu, Ninghui Li, and Annie Anton
  In Proceedings of ACM Workshop on Secure Web Services (SWS), October 2004.
  (Paper in PDF)  Superceded by [J10].

• [C04e] On Mutually-Exclusive Roles and Separation of Duty
  Ninghui Li, Ziad Bizri, and Mahesh V. Tripunitara
  In Proceedings of ACM Conference on Computer and Communications Security (CCS), October 2004.
  (Paper in PDF)  Superceded by [J12].

• [C04d] Comparing the Expressive Power of Access Control Models
  Mahesh V. Tripunitara and Ninghui Li
  In Proceedings of ACM Conference on Computer and Communications Security (CCS), October 2004.
  (Paper in PDF)  Superceded by [J09]

• [C04c] A Framework for Role-Based Access Control in Group Communication Systems
  Cristina Nita-Rotaru and Ninghui Li
  In Proceedings of 2004 International Workshop on Security in Parallel and Distributed Systems, September 2004.
  (Paper in PDF)

• [C04b] Security Analysis in Role-Based Access Control.
  Ninghui Li and Mahesh V. Tripunitara.
  In Proceedings of the Ninth ACM Symposium on Access Control Models and Techniques (SACMAT 2004), June 2004.
  (Paper in PDF) Superceded by [J09].
• [C04a] Safety in Automated Trust Negotiation.
  William H. Winsborough and Ninghui Li.
  In Proceedings of IEEE Symposium on Security and Privacy, May 2004.
  (Paper in PDF)  Superceded by [J06].
• [C03e] Oblivious Signature-Based Envelope.
  Ninghui Li, Wenliang Du, and Dan Boneh.
  In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing (PODC 2003), Boston, Massachusetts, July 2003. ACM Press, New York, New York, pp. 182--189.
  (Paper in PDF) Superceded by [J03]. 
• [C03d] Understanding SPKI/SDSI Using First-Order Logic
  Ninghui Li and John C. Mitchell.
  In Proceedings of the 16th IEEE Computer Security Foundations Workshop, Pacific Grove, California, June 2003. IEEE Computer Society Press, Los Alamitos, California, pp. 89--103.
  (Paper in PDF)  Superceded by [J05].
• [C03c] Beyond Proof-of-compliance: Safety and Availability Analysis in Trust Management.
  Ninghui Li, William H. Winsborough, and John C. Mitchell.
  In Proceedings of 2003 IEEE Symposium on Security and Privacy, Berkeley, California, May 2003. IEEE Computer Society Press, Los Alamitos, California, pp. 123--139.
  (Paper in PDF) Superceded by [J04].
• [C03b] RT: A Role-based Trust-management Framework.
  Ninghui Li and John C. Mitchell.
  In Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C., April 2003. IEEE Computer Society Press, Los Alamitos, California, pp. 201--212.
  (Paper in PDF)
• [C03a] Datalog with Constraints: A Foundation for Trust-management Languages.
  Ninghui Li and John C. Mitchell.
  In Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages (PADL 2003), New Orleans, Louisiana, January 2003. LNCS 2562, Springer, Berlin, pp. 58--73.
  (Paper in PDF)
• [C02c] Protecting Sensitive Attributes in Automated Trust Negotiation.
  William H. Winsborough and Ninghui Li.
  In Proceedings of ACM Workshop on Privacy in the Electronic Society, Washington, DC, November 2002. Proceedings to be published by ACM Press.
  (Paper in PDF)

• [C02b] Towards Practical Automated Trust Negotiation.
  William H. Winsborough and Ninghui Li.
  In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, California, June 2002. IEEE Computer Society Press, Los Alamitos, California, pp. 92-103.
  (Paper in PDF)
• [C02a] Design of A Role-based Trust-management Framework.
  Ninghui Li, John C. Mitchell, and William H. Winsborough.
  In Proceedings of 2002 IEEE Symposium on Security and Privacy, Berkeley, California, May 2002. IEEE Computer Society Press, Los Alamitos, California, pp. 114-130.
  (Paper in PDF) (Slides in PDF)
• [C01b] Distributed Credential Chain Discovery in Trust Management (Extended Abstract).
  Ninghui Li, William H. Winsborough, and John C. Mitchell.
  In Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS-8), Philadelphia, Pennsylvania, November 2001. ACM Press, New York, New York, pp. 156-165.
  Superseded by [J2].
• [C01a] Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation (Position Paper).
  Ninghui Li and Joan Feigenbaum.
  In Proceedings of the Fifth International Conference on Financial Cryptography (FC'01), Grand Cayman, BWI, February 2001. LNCS 2339, Springer, Berlin, 2002, pp. 166-177.
  (Paper in PDF)
• [C00b] Local Names In SPKI/SDSI.
  Ninghui Li.
  In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW-13), Cambridge, UK, July 2000. IEEE Computer Society Press, Los Alamitos, California, pp. 2-15.
  (Paper in PDF)
• [C00a] A Practically Implementable and Tractable Delegation Logic.
  Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum.
  In Proceedings of the 2000 IEEE Symposium on Security and Privacy, Berkeley, California, May 2000. IEEE Computer Society Press, Los Alamitos, California, pp. 27-42.
  Superseded by [J1].
• [C99a] A Logic-Based Knowledge Representation for Authorization with Delegation (Extended Abstract).
  Ninghui Li, Joan Feigenbaum, and Benjamin N. Grosof.
  In Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999. IEEE Computer Society Press, Los Alamitos, pp. 162-174. Full paper available as IBM Research Report RC21492.
  Superseded by [J1].

Other Papers

• [Thesis] Delegation Logic: A Logic-Based Approach to Distributed Authorization.
  Ph.D. thesis, New York University, September 2000.

• [RTML] RTML: A Role-based Trust-management Markup Language
  Ninghui Li, John C. Mitchell, Yu Qiu, William H. Winsborough, Kent E. Seamons, Michael Halcrow, and Jared Jacobson
  Unpublished manuscript.