[摘要] This thesis deals with a challenging problem related to the analysis of Access Control systems which depend on time and location against undesirable scenarios such as inconsistency. In particular, this thesis first provides formal algebraic notations for the Access Control specifications in the context of a Spatio- Temporal Role Based Access Control (STRBAC) model. In order to analyse STRBAC specifications to detect inconsistencies and semi-consistencies, this thesis utilises Alloy and Timed Automata. A key challenge is how to automatically generate analysable formalisation such as Alloy and Timed Automata from the specifications. This thesis employs Model-Driven Architecture (MDA) technology to automate the transformation of the STRBAC model to Alloy as well as to Timed Automata and Timed Computation Tree Logic (TCTL). This is accomplished by defining one set of transformation rules for mapping STRBAC features to Alloy features and another set for mapping the features of the STRBAC model to Timed Automata and TCTL features. In addition, we present a comparative study between Alloy and Timed Automata from capability and performance points of view, following which we demonstrate that current Access Control models are not adequate for representing Physical Access Control (PAC) specifications and then discuss some of the limitations of the current models, which we highlight by conducting a case study involving the modelling of an Access Control mechanism used by British Telecom (BT). To overcome such limitations, we present an extension of the STRBAC model which considers the physical aspects of Access Control systems.