Abstract

Abstract
We define an extension of the category-based access control (CBAC) metamodel to accommodate a general notion of obligation. Since most of the well-known access control models are instances of the CBAC metamodel, we obtain a framework for the study of the interaction between authorisation and obligation, such that properties may be proven of the metamodel that apply to all instances of it. In particular, the extended CBAC metamodel allows security administrators to check whether a policy combining authorisations and obligations is consistent.

Abstract
This short note compares two different methods for exploring type-inhabitation in the simply typed lambda-calculus, highlighting their similarities.

Abstract
We define a framework for the analysis of access control policies that aims at easing the specification and verification tasks for security administrators. We consider policies in the category-based access control model, which has been shown to subsume many of the most well known access control models (e.g., MAC, DAC, RBAC). Using a graphical representation of category-based policies, we show how answers to usual administrator queries can be automatically computed, and properties of access control policies can be checked. We show applications in the context of emergency situations, where our framework can be used to analyse the interaction between access control and emergency management.

Abstract
We present a new type system combining refinement types and the expressiveness of intersection type discipline. The use of such features makes it possible to derive more precise types than in the original refinement system. We have been able to prove several interesting properties for our system (including subject reduction) and developed an inference algorithm, which we proved to be sound.

Abstract
We define a general typed language to deal with the notion of event in the context of access control systems. We distinguish between generic events, which represent the kind of actions that can occur in a system, and specific events, which represent actual occurrences of those kinds of actions. A relation is given associating specific to generic events, as well as a method for obtaining intervals from a history of events. We describe applications in access control systems with obligations.