Over the last decades, we have seen several policy models, including role-based access control and more recently, certificatebase control. These models are based on the important notion "flow relation". In this work, we present a logical language of certificate-based access control. Our model presents the formal method of reasoning for discretionary access and defines logic to express a discretionary policy. We introduce, instead, material implication widely used in mathematics, and we show in a case study its ease in every sense. We find it allows the policy specifications to be interpreted more conveniently by practitioners and implemented in a simple way. Our evaluation shows that policies defined with material implication can be used for creation of the specification of a trust relationships policy and for checking safety of any computer system.
CCS Concepts• Security and privacy~Access control• Security and privacy~Information flow control • Security and privacy~Software security engineering.
XML code: 10002978.10002991.10002993 Security and privacy~Access control 500 10002978.10003006.10011608 Security and privacy~Information flow control 300 10002978.10003022.10003023 Security and privacy~Software security engineering 100 Keywords access control policy languages; access control model; authorization; logic functions; information flow model
INTRODUCTIONMonitoring of access is understood as methods or mechanisms which define whether the request for access to any resource shall be resolved or forbidden. It is known that each distributed access control system should contain an information protection subsystem, which must be based on precisely defined mathematical models for controlling access to this information. In our article we propose the flow-based logic model for interpreting the basic events and properties of the distributed access control systems. Our goal is to develop the logic and the formal language that can be used for making a security policy specification and for checking any computer system security. We can prove some important properties of this logic and show on a case study how our logical language can express some access control policies proposed so far. This can be achieved with introducing certificates. The certificate-based access control is aimed at specifying security policies for access to resources from untrusted sources, e.g. via the Internet. Recently, the work on logic-based access models and certificatebased authorization has been intensified. Formal reasoning techniques on security models and access policy specifications have been presented, e.g. [1 5]. These models are usually based on the modal lo...