Skip to Main content Skip to Navigation
Conference papers

Towards a formal specification of access control

Mathieu Jaume 1 Charles Morisset 1
1 SPI - Sémantiques, preuves et implantation
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Access control software must be based on a security policy model as software flaws often come from a lack of precision or some incoherences in the policy model. In this paper, we introduce an abstract framework allowing to define access control policies, in a very concise way, offering to refine specifications through several levels and ending by different possible implementations. Such a framework allows to formally reason about security policies and also to compare them, a point which is rarely approached. As an illustration, we give a formal description of the Bell and LaPadula and the Chinese Wall policies and we briefly sketch how to compare these two policies.
Document type :
Conference papers
Complete list of metadata
Contributor : Lip6 Publications Connect in order to contact the contributor
Submitted on : Friday, August 5, 2016 - 3:11:26 PM
Last modification on : Tuesday, January 12, 2021 - 9:30:02 AM


  • HAL Id : hal-01352113, version 1


Mathieu Jaume, Charles Morisset. Towards a formal specification of access control. Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA'06), Aug 2006, Seattle, Washington, United States. ⟨hal-01352113⟩



Record views