SACM: Stateful Access Control Model

Access control mechanisms are a fundamental building block in the construction of secure computing environments; however, most of the research in this area has been spent on traditional access control needs. These models were sufficient in classical computing systems such as databases and file systems, but as we continue to find new and innovative ways to utilize mobile computing systems these approaches are becoming in adequate. The primary difference between many of these new policies and traditional policies is the need to maintain state across transactions. An example of such a policy is a printer kiosk that allows printing only if the traveler has not printed more than some n pages. Currently, systems with these types of needs are controlled by ad-hoc, custom designed systems, rather than a generalized access control model that is able to express them. Traditional models also typically lack the ability to dynamically change. That is, traditional rule sets cannot express policies that require rules to be capable of creating new rules, or deleting old rules. The ability to dynamically produce and delete rules allows for an additional degree of state to be stored in the model. In this paper, we present the Stateful Access Control Model (SACM), which is designed specifically for these new paradigms and provides both these new capabilities. It supports usage in traditional centralized systems where access control information is stored on a computer, as well as a new approach where access rules are distributed across mobile devices.