Over the last decades, we have seen several policy models, including role-based access control and more recently, certificate-base control. These models are based on the important notion “flow relation”. In this work, we present a logical language of certificate-based access control. Our model presents the formal method of reasoning for discretionary access and defines logic to express a discretionary policy. We introduce, instead, material implication widely used in mathematics, and we show in a case study its ease in every sense. We find it allows the policy specifications to be interpreted more conveniently by practitioners and implemented in a simple way. Our evaluation shows that policies defined with material implication can be used for creation of the specification of a trust relationships policy and for checking safety of any computer system.
展开▼