A logic of access control

Citation
J. Crampton et al., A logic of access control, COMPUTER J, 44(1), 2001, pp. 54-66
Citations number
27
Categorie Soggetti
Computer Science & Engineering
Journal title
COMPUTER JOURNAL
ISSN journal
00104620 → ACNP
Volume
44
Issue
1
Year of publication
2001
Pages
54 - 66
Database
ISI
SICI code
0010-4620(2001)44:1<54:ALOAC>2.0.ZU;2-F
Abstract
The effectiveness of an access control mechanism in implementing a security policy in a centralized operating system is often weakened because of the large number of possible access rights Involved, informal specification of security policy and a lack of tools for assisting systems administrators. H erein we present a logical foundation for automated tools that assist in de termining which access rights should be granted by reasoning about the effe cts of an access control mechanism on the computations performed by an oper ating system. We demonstrate the practicality and utility of our logical ap proach by showing how it allows us to construct a deductive database capabl e of answering questions about the security of two real-world operating sys tems. We illustrate the application of our techniques by presenting the res ults of an experiment designed to assess how accurately the configuration o f an access control mechanism implements a given security policy.