Spiessens, Roy, 2005. A Practical Formal Model for Safety Analysis in Capability-Based Systems, in: . Springer Berlin Heidelberg.. https://doi.org/10.1007/11580850_14