One of the major problems in the security of computer systems is access control. Its importance is increased in distributed systems. Thus, access control mechanisms in distributed systems are vital, but they are difficult to implement and even more difficult to verify. Building on work on access control in centralized systems, this paper defines a logical calculus that can be used to derive relations between users or resources in distributed computing systems. A logical language for access control lists is developed. An important aspect of this language is theories for deciding whether requests for access to resources are to be granted under a given control framework. Of particular interest is the formal treatment of delegation.
This rather long paper succeeds in giving a good deal of motivation and interesting discussion in a form that is accessible to nonlogicians. Nevertheless, to appreciate the more technical aspects of the paper requires a working knowledge of logic and formal semantics.