Algebraic Model for Handling Access Control Policies

Confidentiality of information is an important aspect that developers should take into consideration when building systems. One way to achieve confidentiality is to define access control policies that give authorization rules for allowing users to access resources. In large organizations, managing policies becomes a complex task. Usually, based on the defined policies, developers would need to manipulate policies such as composing them and enforcing predefined security constraints. In this paper, we present an algebraic model for specifying access control policies. It consists of a few number of operators which gives simplicity in specifying policies. The proposed model enables us to specify policies and enforce predefined security constraints. Furthermore, the model allows us to combine policies and analyze their effect on predefined constraints. Furthermore, it enables comparing the sensitivity of objects (e.g. files) and authority of subjects (e.g. users).