Moffett, J.D., C.B. Haley and B. Nuseibeh (2004). Core Security Requirements Artefacts. 2004, Open University, Department of Computing. Report no 2004/24.
Arosha K Bandara, Emil C Lupu, Jonathan Moffett and Alessandra Russo (2004). A Goal-based Approach to Policy Refinement. in IEEE 5th Int Workshop on Policies for Distributed Systems and Networks (POLICY 2004). 2004. IBM Thomas J Watson Research Center, Yorktown Heights, New York.
Charles B. Haley, Robin C. Laney, Jonathan D. Moffett and Bashar Nuseibeh (2004). The Effect of Trust Assumptions on the Elaboration of Security Requirements. in 12th IEEE Int Requirements Engineering Conference (RE04). 2004. Kyoto, Japan.
Schaad, A. and J. Moffett, J. D. (2004). Separation, Review and Supervision Controls in the Context of a Credit Application Process: A Case Study of Organisational Control Principles. in SAC 2004: 19th Annual ACM Symposium on Applied Computing. 2004. Nicosia, Cyprus.
Moffett, J. D. and Nuseibeh, B.A. (2003). A Framework for Security Requirements Engineering. Report YCS 368, Department of Computer Science, University of York.
Kern, A., Schaad, A. and Moffett, J. D. (2003). An Administration Concept for the Enterprise Role-Based Access Control Model. 8th ACM Symposium on Access Control Models and Technologies: SACMAT 2003, Lake Como, Italy, June 2003. ACM Press.
Schaad, A. and J. D. Moffett (2002). A Framework for Organisational Control Principles. 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA, IEEE Press.
Schaad, A. and J. D. Moffett (2002). Delegation of Obligations. Policy2002: Workshop on Policies for Distributed Systems & Networks, Monterey, CA, USA, June 2002.
Kern, A., Kuhlmann, M., Schaad, A. and J. D. Moffett (2002). Observations on the Role Life-Cycle in the Context of Enterprise Security Management. SACMAT 2002: 7th ACM Symposium on Access Control Models and Technologies, Monterey, CA, USA, June 2002. ACM Press.
Schaad, A. and J. D. Moffett (2002). A Lightweight Approach to Specification and Analysis of Role-based Access Control Extensions. SACMAT 2002: 7th ACM Symposium on Access Control Models and Technologies, Monterey, CA, USA, June 2002. ACM Press.
Schaad, A. and J. D. Moffett (2001). The Incorporation of Control Principles into Access Control Policies. Policy2001: Workshop on Policies for Distributed Systems & Networks, Bristol, UK. (Extended abstract).
Schaad, A., J. D. Moffett, et al. (2001). The Role-Based Access Control System of a European Bank: A Case Study and Discussion. SACMAT 2001: 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA, USA. ACM Press.
Evans, R. J. and J. D. Moffett (2000). Derivation of Safety Targets for the Random Failure of Programmable Vehicle Based Systems. in Computer Safety, Reliability and Security: Proceedings of SafeComp2000, Rotterdam, The Netherlands, 24-27 October 2000. (eds.) F. Koornneef and M. van der Meulen, Springer. LNCS 1943: pp 240-249.
Moffett, J. D. and A. J. Vickers (2000). Behavioural Conflicts in a Causal Specification. Automated Software Engineering 7(3): 215-238..
Moffett, J. D. Requirements and Policies. Position paper for Workshop on Policies in Distributed Systems, 15-17 November 1999, HP- Laboratories, Bristol, UK
Moffett, J. D. and E. C. Lupu (1999). The Uses of Role Hierarchies in Access Control. 4th ACM Workshop on Role Based Access Control (RBAC), 27-29 October 1999, George Mason University, Fairfax, VA.
Eames, D. and J. D. Moffett (1999). The Integration of Safety and Security Requirements. Safecomp'99, 27-29 Sept 1999, Toulouse, France.
Moffett, J. D. (1998). Control Principles and Role Hierarchies. 3rd ACM Workshop on Role Based Access Control (RBAC), George Mason University, Fairfax, VA, 22-23 October 1998.
Moffett, J. D., Hall, J.G., Coombes, A.C. & McDermid, J. A. (1996). A Model for a Causal Logic for Requirements Engineering. Journal of Requirements Engineering, 1(1): 27-46. March 1996.
Moffett, J. D. (1995). Distributed Systems Security. In Kent, A. & Williams, J.G. (Eds.), Encyclopaedia of Microcomputers, vol 15. New York: Marcel Dekker Inc.
Moffett, J. D. (1994). Specification of Management Policies and Discretionary Access Control. In M. S. Sloman (Ed.), Network and Distributed Systems Management (pp. 455-479, Chapter 17). Addison-Wesley.
Moffett, J. D., & Clark, J. A. (1994). An Introduction to Security in Distributed Systems. High Integrity Systems, 1(1), 83-92.
Moffett, J. D., & McDermid, J. A. (1994). Policies for Safety-Critical Systems: the Challenge of Formalisation. In 5th IFIP/IEEE Int. Workshop on Distributed Systems: Operations and Management (DSOM'94), Toulouse, France.
Moffett, J. D., & Sloman, M. S. (1994). Policy Conflict Analysis in Distributed System Management. Journal of Organizational Computing, 4(1), 1-22.
Moffett, J. D., Jonscher, D. & McDermid, J. A. (1993). The Policy Obstacle Course: A Framework for Policies Embedded within Distributed Computer Systems. Report: Dept of Computer Science, University of York.
Moffett, J. D., & Sloman, M. S. (1993). User and mechanism views of distributed systems management. Distributed Systems Engineering Journal, 1, 37-47.
Moffett, J. D., & Sloman, M. S. (1993). Policy Hierarchies for Distributed Systems Management. IEEE Journal on Selected Areas in Communication, 11(9), 1404-1414.
Moffett, J. D., & Sloman, M. S. (1991). The Representation of Policies as System Objects. SIGOIS Bulletin, 12(2 and 3), 171-184.
Moffett, J. D. (1990). Delegation of Authority Using Domain Based Access Rules. PhD Thesis. Dept of Computing, Imperial College, University of London.
Moffett, J. D., & Sloman, M. S. (1988). The Source of Authority for Commercial Access Control. IEEE Computer, 1988. 21(2): p. 59-69.
Moffett, J. D. (1979). Database Integrity Checking. Information Privacy, 1979. 1(6): p. 274-275.