A logic of access control

The effectiveness of an access control mechanism in implementing a security policy in a centralized operating system is often weakened because of the large number of possible access rights involved, informal specification of security policy and a lack of tools for assisting systems administrators. H erein we present a logical foundation for automated tools that assist in de termining which access rights should be granted by reasoning about the effe cts of an access control mechanism on the computations performed by an oper ating system. We demonstrate the practicality and utility of our logical ap proach by showing how it allows us to construct a deductive database capabl e of answering questions about the security of two real-world operating sys tems. We illustrate the application of our techniques by presenting the res ults of an experiment designed to assess how accurately the configuration o f an access control mechanism implements a given security policy.