Event Systems and Access Control
Logic in Computer Science
2016-08-16 v1 Cryptography and Security
Abstract
We consider the interpretations of notions of access control (permissions, interdictions, obligations, and user rights) as run-time properties of information systems specified as event systems with fairness. We give proof rules for verifying that an access control policy is enforced in a system, and consider preservation of access control by refinement of event systems. In particular, refinement of user rights is non-trivial; we propose to combine low-level user rights and system obligations to implement high-level user rights.
Cite
@article{arxiv.cs/0604081,
title = {Event Systems and Access Control},
author = {Dominique Méry and Stephan Merz},
journal= {arXiv preprint arXiv:cs/0604081},
year = {2016}
}