A Logic of Access Control

Authors: Crampton J.¹; Loizou G.¹; O'Shea G.²

Source: Computer Journal, Volume 44, Number 2, 2001 , pp. 137-149(13)

Buy & download fulltext article:

Price: $42.29 plus tax (Refund Policy)

Abstract:

The effectiveness of an access control mechanism in implementing a security policy in a centralized operating system is often weakened because of the large number of possible access rights involved, informal specification of security policy and a lack of tools for assisting systems administrators. Herein we present a logical foundation for automated tools that assist in determining which access rights should be granted by reasoning about the effects of an access control mechanism on the computations performed by an operating system. We demonstrate the practicality and utility of our logical approach by showing how it allows us to construct a deductive database capable of answering questions about the security of two real-world operating systems. We illustrate the application of our techniques by presenting the results of an experiment designed to assess how accurately the configuration of an access control mechanism implements a given security policy.

Language: English

Document Type: Original article

Affiliations: 1: Department of Computer Science, Birkbeck College, University of London, Malet Street, London WC1E 7HX, England Email: ccram01@dcs.bbk.ac.uk 2: Microsoft Research Ltd, St George House, 1 Guildhall Street, Cambridge CB2 3NH, England

Publication date: 2001-01-01

More about this publication?

The Computer Journal publishes research papers in a full range of subject areas, as well as regular feature articles and occasional themed issues to enable readers to easily access information outside their direct area of research. The journal provides a complete overview of developments in the field of Computer Science.