|About the Book|
This dissertation describes an algebraic framework for automatic construction of mathematical models of programs executing on access-control computer systems. The algebraic model of any program overapproximates the possible behaviors of the program. This dissertation proves that the model can be constructed in polynomial time. The model of a program can be used to define an optimal access control policy for the program, or to evaluate existing policies. Furthermore, this dissertation proves a consistency theorem that characterizes those access-control policies that restrict access to functions and that exhibit corresponding access-control policies restricting access to the data manipulated by those functions. The types of access control to which the model is applied are Role-Based Access Control (RBAC) and Stack-Based Access Control (SBAC).