Access　control　is　a　core　security　technology　which　has　been　widely　used　in　computer　systems　and　networks　to　protect　sensitive　information　and　critical　resources　and　to　counter　malicious　attacks.　Although　many　access　control　models　have　been　developed　in　the　past,　such　as　discretionary　access　control　(DAC),　mandatory　access　control　(MAC)　and　role-based　access　control　(RBAC),　these　models　are　designed　primarily　as　a　defensive　measure　in　that　they　are　used　for　examining　access　requests　and　making　authorization　decisions　based　on　established　access　control　policies.　As　the　result,　even　after　a　malicious　access　is　identified,　the　requester　can　still　keep　issuing　more　malicious　access　requests　without　much　fear　of　punitive　consequences　from　the　access　control　system　in　subsequent　accesses.　Such　access　control　may　be　acceptable　in　closed　systems　and　networks　but　is　not　adequate　in　open　systems　and　networks　where　the　real　identities　and　other　critical　information　about　requesters　may　not　be　known　to　the　systems　and　networks.　In　this　paper,　we　propose　to　design　pro-active　access　control　so　that　access　control　systems　can　respond　to　malicious　access　pro-actively　to　suit　the　needs　of　open　systems　and　networks.　We　will　first　apply　some　established　principles　in　the　Game　Theory　to　analyze　current　access　control　models　to　identify　the　limitations　that　make　them　inadequate　in　open　systems　and　networks.　To　design　pro-active　access　control　(PAC),　we　incorporate　a　constraint　mechanism　that　includes　feedback　and　evaluation　components　and　show　based　on　the　Game　Theory　how　to　make　such　access　control　respond　to　malicious　access　in　a　pro-active　manner.　We　also　present　a　framework　design　of　PAC　and　demonstrate　through　the　implementation　of　trust-based　access　control　the　feasibility　of　design,　implementation　and　application　of　pro-active　access　control.　Such　kind　of　models　and　mechanisms　can　serve　as　the　foundation　for　the　design　of　access　control　systems　that　will　be　made　more　effective　in　deterring　malicious　attacks　in　open　systems　and　networks.　(C)　2014　Elsevier　Ltd.　All　rights　reserved.