Summary: Variations in Access Control Logic
University of California, Santa Cruz
Microsoft Research, Silicon Valley
Abstract. In this paper we investigate the design space of access con-
trol logics. Specifically, we consider several possible axioms for the com-
mon operator says. Some of the axioms come from modal logic and
programming-language theory; others are suggested by ideas from secu-
rity, such as delegation of authority and the Principle of Least Privilege.
We compare these axioms and study their implications.
While access control appears in various guises in many aspects of computer
systems, it is attractive to reduce it, as much as possible, to few central concepts
and rules . The development and use of general logics for access control is an
ongoing effort in this direction. In this paper, we examine and compare several
logics for access control.
The logics that we consider all have the same operators and intended applica-
tions, but they differ in their axioms and rules. They all start from propositional