Using Traces of Procedure Calls to Reason About Composability

The concept of transformation of access rights wasrecently introduced in the literature by Sandhu. Ithas been previously shown that monotonic transformationsunify a number of diverse access control mechanismssuch as amplification, copy flags, separation ofduties and synergistic authorization. In this paperwe demonstrate the importance and expressive powerof non-monotonic transformations. A formal modelcalled Non-Monotonic Transform (NMT) is defined.A distributed implementation of NMT is proposed usinga client-server architecture. The implementationis remarkably simple and modular in concept. It isbased on access control lists and allows for a varietyof powerful revocation operations.