This extends work done in the paper A Simple and Expressive Semantic Framework for Policy Composition in Access Control by Glenn Bruns, Daniel S. Dantas, and Michael Huth, published in the ACM workshop on Formal Methods in Security Engineering
https://dl.acm.org/citation.cfm?id=1314439
In previous work, we defined an access control policy as a four-valued predicate that maps accesses to either grant access, deny access, policy generates a conflict, or unspecified action. These correspond to the four elements of the Belnap bilattice. Policy combinators in our language are then specified as functions on this bilattice. We argued that this approach provides a simple and natural semantic framework for policy composition, with a minimal but functionally complete set of policy combinators. The goal was to allow us to define and reason about large, complex access control policies by composing sub-policies, often authored by different people or organizations, into a single global policy.
In the previous work, we left the definition of what constitutes an 'access' purposely vague and did not discuss or define what an a way to implement our policy language. In this paper, we define an access as a Java method call and show that the aspect-oriented programming style using the AspectJ language provides a particularly clear method of implementing and reasoning about our policies and policy combinators. In our system, each base policy, accepting or denying a call to a particular method, is implemented as an aspect that intercepts calls to that method. These aspects that represent subpolicies are themselves intercepted and modified by higher-level aspects to represent the results of policy combinators. Finally, a top-level aspect represents and enforces the global policy."