We present EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems. Our language extends Datalog with some carefully designed constructs that allow the introduction and transformation of new relations. For example, these constructs can model the creation of processes and objects, and the modiﬁcation of their security labels at runtime. The information-ﬂow properties of such systems can be analyzed by asking queries in this language. We show that query evaluation in EON can be reduced to decidable query satisﬁability in a fragment of Datalog, and further, under some restrictions, to efﬁcient query evaluation in Datalog. We implement these reductions in our tool, and demonstrate its scope through several case studies. In particular, we study in detail the dynamic access control models of the Windows Vista and Asbestos operating systems. We also automatically prove the security of a webserver running on Asbestos.