Access Control, Security, and Trust: A Logical Approach, 1st Edition (Hardback) book cover

Access Control, Security, and Trust

A Logical Approach, 1st Edition

By Shiu-Kai Chin, Susan Beth Older

Chapman and Hall/CRC

352 pages | 93 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781584888628
pub: 2010-07-26

FREE Standard Shipping!


Developed from the authors’ courses at Syracuse University and the U.S. Air Force Research Laboratory, Access Control, Security, and Trust: A Logical Approach equips readers with an access control logic they can use to specify and verify their security designs. Throughout the text, the authors use a single access control logic based on a simple propositional modal logic.

The first part of the book presents the syntax and semantics of access control logic, basic access control concepts, and an introduction to confidentiality and integrity policies. The second section covers access control in networks, delegation, protocols, and the use of cryptography. In the third section, the authors focus on hardware and virtual machines. The final part discusses confidentiality, integrity, and role-based access control.

Taking a logical, rigorous approach to access control, this book shows how logic is a useful tool for analyzing security designs and spelling out the conditions upon which access control decisions depend. It is designed for computer engineers and computer scientists who are responsible for designing, implementing, and verifying secure computer and information systems.


Focusing on the logic of access control, more than on actual computer programming, this volume is designed as a textbook for undergraduates. Each chapter ends with exercises and a concise description of expected learning outcomes. The authors, both in electrical engineering and computer science at Syracuse University, also teach an intensive summer course on access control for hundreds of ROTC cadets. It contains a useful selection of tables and figures, a notation index and a brief bibliography.

SciTech Book News, February 2011

Table of Contents

Access Control, Security, Trust, and Logic

Deconstructing Access Control Decisions

A Logical Approach to Access Control


A Language for Access Control

Sets and Relations



Reasoning about Access Control

Logical Rules

Formal Proofs and Theorems

Soundness of Logical Rules

Basic Concepts

Reference Monitors

Access Control Mechanisms: Tickets and Lists


Security Policies

Confidentiality, Integrity, and Availability

Discretionary Security Policies

Mandatory Security Policies

Military Security Policies

Commercial Policies


Digital Authentication

Public-Key Cryptography

Efficiency Mechanisms

Reasoning about Cryptographic Communications

Certificates, Certificate Authorities, and Trust

Symmetric-Key Cryptography


Simple Delegations

Delegation and Its Properties

A Delegation Example: Simple Checking

Networks: Case Studies

SSL and TLS: Authentication across the Web

Kerberos: Authentication for Distributed Systems

Financial Networks


A Primer on Computer Hardware

Ones and Zeros

Synchronous Design


Virtual Machines and Memory Protection

A Simple Processor

Processors with Memory Segmentation

Controlling Access to Memory and Segmentation Registers

Design of the Virtual Machine Monitor

Access Control Using Descriptors and Capabilities

Address Descriptors and Capabilities

Tagged Architectures

Capability Systems

Access Control Using Lists and Rings

Generalized Addresses

Segment Access Controllers

ACL-Based Access Policy for Memory Accesses

Ring-Based Access Control


Confidentiality and Integrity Policies

Classifications and Categories

Bell–La Padula Model, Revisited

Confidentiality Levels: Some Practical Considerations

Biba’s Strict Integrity, Revisited

Lipner’s Integrity Model

Role-Based Access Control

RBAC Fundamentals

Separation of Duty

Representing RBAC Systems in the Logic

Appendix: Summary of the Access Control Logic


A Summary and Further Reading appear at the end of each chapter.

About the Authors/Editor

Shiu-Kai Chin is a Meredith Professor in the Department of Electrical Engineering and Computer Science at Syracuse University. He is also director of the Center for Information and Systems Assurance and Trust. While at Syracuse, Dr. Chin has received the Outstanding Teacher Award, the Chancellor’s Citation for Outstanding Contributions to the University’s Academic Programs, and the Crouse Hinds Award for Excellence in Education.

Susan Older is an associate professor in the Department of Electrical Engineering and Computer Science at Syracuse University. She is also the program director for the Certificate of Advanced Study in Systems Assurance. Dr. Older’s research interests include programming-language semantics, logics of programs, formal methods, and information-assurance and computer science education.

About the Series

Chapman & Hall/CRC Cryptography and Network Security Series

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Security / General
MATHEMATICS / Combinatorics