Skip to main content

Implementing access control mechanisms using rewriting techniques

Final Activity Report Summary - RSMC (Implementing access control mechanisms using rewriting techniques)

Term rewriting systems are usually defined through the specification of a set of terms and a set of rewrite rules that are used to ‘reduce’ terms. This simple idea is very powerful, and term rewriting techniques have had deep influence in the development of computational models, specification languages, theorem provers and proof assistants. More recently, rewriting systems have been used as a formal basis for the study of a broad range of security issues.

In this project we focussed on the specification, implementation and validation of security policies. The project general goal was to provide a deep analysis of access control models and policies using rewriting.

We developed access control policies for centralised or distributed systems using a term rewriting framework. In order to do this, we extended the usual notion of rewriting to accommodate distributed code and investigated a theory of access control described in terms of a set of rewrite rules and their reductions.

We applied our framework to the problem of policy combinations via a set of algebraic operators and we showed how to build a global policy which was consistent with its local specifications. Moreover, we took advantage of the existing tools and rewrite techniques to study the properties of the rewrite system, such as termination and confluence which related directly to properties of the access control policy, such as consistency and totality. This was then used as a starting point for the design of a rewrite-based language with access control primitives.