“…The first attempts to develop formal theories to define and validate security policies (see, for instance, [16]) have used first-order theorem provers, purpose-built logics, or flow-analysis, but these approaches have limitations (as discussed for instance in [24]). More recently, rewriting techniques have been fruitfully exploited in the context of security protocols (see [6,22,2]), security policies controlling information leakage (see [21]), and access control policies (see [35,12]). Along these lines, rewriting systems appear to be well adapted for providing a semantics for distributed access control mechanisms.…”