Abstract. Access control languages which support administrative controls, and thus allow the ordinary permissions of a system to change, have traditionally been constructed with first order predicate logic or graph rewriting rules. We introduce a new access control model to implement administrative controls directly in terms of the security properties—we call this Security Property Based Administrative Controls (SPBAC). Administrative approval is required only when a security property is changed (violated) relative to the current configuration. We show that in the case of information flow, and its effects on both integrity and confidentiality, SPBACs are implementable, and the necessary administrative approvals exactly determinable.
Jon A. Solworth, Robert H. Sloan