The Three-Phase Policy Enforcement

The enforcement of the advanced security policies is partitioned into three successive phases.

1. Phase one: access control.
   The pre- and request-result conditions are evaluated during this phase and the decision to grant or deny access to the requested object is made.
2. Phase two: execution control.
   The access to the target object is granted, the requested operation is started and the mid-conditions are evaluated during this phase. This phase allows the controlled execution of the requested operation.
3. Phase three: post-execution actions.
   The post-conditions are evaluated during this phase. The specified actions are performed after the operation is finished. We do not call this phase ``post-execution control'', since neither failure nor success of a post-execution action can affect either access decision, or operation execution.