Current proposals for access control languages cannot specify policies required by specific application scenarios (e.g. a database system to enforce privacy regulations), may also contain design flaws, and are incompatible. In this dissertation, we extend RBAC with new components to meet...