Event Systems and Access Control

Dominique Méry and Stephan Merz

Abstract

We consider the interpretations of notions of access control (permissions, interdictions, obligations, and user rights) as run-time properties of information systems specified as event systems with fairness. We give proof rules for verifying that an access control policy is enforced in a system, and consider preservation of access control by refinement of event systems. In particular, refinement of user rights is non-trivial; we propose to combine low-level user rights and system obligations to implement high-level user rights.

Available as: PDF

Reference

@InProceedings{mery:event,
  author = 	 {Dominique M{\'e}ry and Stephan Merz},
  title = 	 {Event Systems and Access Control},
  booktitle = {6th Intl. Workshop Issues in the Theory of Security},
  pages = 	 {40--54},
  year = 	 2006,
  editor = 	 {Dieter Gollmann and Jan J{\"u}rjens},
  address = 	 {Vienna, Austria},
  organization = {IFIP WG 1.7},
  publisher = {Vienna University of Technology}
}