Politecnico die Milano, Report No. REPT--86--029, 1986.
Also in: Information Systems, Vol. 13, No. 1, pages 53-63. 1988.
Abstract: An access control mechanism for complex control policies can be viewed as several, separate mechanisms, each enforcing a simple policy; such models cooperate to enforce the global system policies. In order to follow this approach it is convenient to model access control mechanisms with Petri-nets. The authors identify and model a set of elementary control policies and show how some information system policies such as discretionary access, constrained access, and cooperative authorization can be obtained as a combination of these elementary policies.