Access control with prohibitions and obligations

International audienceMost of access control mechanisms use the matrix model to represent protection states of computer systems. Firstly, we present a variant of the access control matrix model obtained by incorporating explicit prohibitions saying, e.g., that “it is not permitted that subject s performs action a on object o”. Secondly, we present a variant of the access control matrix model obtained by incorporating explicit obligations saying, e.g., that “it is obligatory that subject s performs action a on object o”. We then turn to the question whether the expressive power of the matrix model grows when enriching access control with explicit prohibitions or explicit obligations. In connection with these enriched models, we also discuss the solvable and unsolvable cases of one of the major themes of computer security, namely the classical safety problem for access control matrices