Language Extensions for Specifying Access Control Policies in Programming Languages


TR Number




Journal Title

Journal ISSN

Volume Title


Department of Computer Science, Virginia Polytechnic Institute & State University


The scope rules in programming languages control the sharing of data among program units-e.g., blocks and procedures. Typically, scope rules provide an all-or-nothing kind of access control. A wide range of programming problems exist which require finer access control as well as considerable sophistication for the implementation of access control policies on high-level data objects such as files. This paper presents a number of language extensions that permit the programmer to specify the degree of access control for each abstract object that a program unit can manipulate. An attempt has been made to keep the number of extensions as small as possible and yet allow the user conveniently to specify the access control policies that he desires. Some of the extensions permit access policies to be specified such that access correctness can be completely determined at compile time; other extensions permit policies to be specified that require some access checking to be done at runtime in order to ensure access correctness. The extensions have been developed such that subsets can be selected and implemented in programming languages to provide various access control policies.