A petri-net model of access control mechanisms

摘要

Petri-nets provide a view of systems in terms of conditions and events that is very useful to access control mechanism modeling. Moreover, an access control mechanism for complex control policies can be viewed as several, separate mechanisms, each enforcing a simple policy; such models cooperate to enforce the global system policies. In order to follow this approach it is convenient to model access control mechanisms with Petri-nets. In this paper we identify and model a set of elementary control policies and show how some information system policies such as discretionary access, constrained access, cooperative authorization can be obtained as a combination of these elementary policies. The models obtained are an homogeneous and modular representation of control problems that proved to be advantageous in the implementation phase of our research.