An Information-Theoretic Approach to the Access Control Problem