In this paper we show how access control policies can be specified using term rewriting systems and present the corresponding implementation realized using the Tom framework. We focus on two well known models (BellLapadula and McLean) and propose an algorithm that detects potential information leakages, i.e. checks that information can be accessed only by authorized users independently of the a...

From a software design perspective, access control policies are requirements that must be addressed in a design. For example, access control policies are constraints that determine the type of access authorized users have on information resources. In this paper, we show how one can formulate access control policies as a policy model, formulate an access control aspect model that enforces polici...

Role-based access control (RBAC) has been acknowledged as an effective mechanism for specifying and enforcing access control policies. However, it is not always clear how an RBAC policy can be systematically integrated into the system design so as to preserve the desired security requirements. In this paper we propose a representation and a process that supports systematic integration of an acc...

We present a novel static approach to Role-Based Access Control policy enforcement. The static approach we advocate includes a novel design methodology, for applications involving RBAC, which integrates the security requirements into the system’s architecture. We apply this novel methodology to policies restricting calls to methods in Java applications. We present a language to express RBAC pol...

Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To formally and precisely capture the security properties that MAC should adhere to, MAC models are u...

Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little work has been done to evaluate these theoretically interesting systems in practical situations with real users, and few attempts have been made to discover and analyze the accesscontrol policies that users actually want to implement. In this paper we report on a study...

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally diierent from multi-level security (MLS) systems, and the properties of RBAC systems have not been explored formally to the extent that MLS system properties have. This paper explores some aspects of mutual exclusion of roles as...

With the rapid advances in computing and information technologies, traditional access control models have become inadequate terms of capturing fine-grained, expressive security requirements newly emerging applications. An attribute-based (ABAC) model provides a more flexible approach to addressing authorization needs complex dynamic systems. While organizations are interested employing newer mo...

This paper presents a PCIM-based framework for storing and enforcing RBAC (Role Based Access Control) policies in distributed heterogeneous systems. PCIM (Policy Core Information Model) is an information model proposed by IETF. PCIM permits to represent network policies in a standard form, allowing software from different vendors to read the same set of policy rules. This paper describes a PCIM...

This paper presents the way a gigabit NREN (National Research and Education Network) covering the whole country of Benin and that will connect over twenty university centers was built using mainly local unused infrastructures and local permanent staff already paid by the State of Benin (predominantly personnel from the Université d'Abomey-Calavi, UAC, in Benin and from Benin Armed Forces). The ...