Skip to main content
SpringerLink
Log in

Fibred Security Language

  • Published:
Studia Logica Aims and scope Submit manuscript

Abstract

We study access control policies based on the says operator by introducing a logical framework called Fibred Security Language (FSL) which is able to deal with features like joint responsibility between sets of principals and to identify them by means of first-order formulas. FSL is based on a multimodal logic methodology. We first discuss the main contributions from the expressiveness point of view, we give semantics for the language both for classical and intuitionistic fragment), we then prove that in order to express well-known properties like ‘speaks-for’ or ‘hand-off’, defined in terms of says, we do not need second-order logic (unlike previous approaches) but a decidable fragment of first-order logic suffices. We propose a model-driven study of the says axiomatization by constraining the Kripke models in order to respect desirable security properties, we study how existing access control logics can be translated into FSL and we give completeness for the logic.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi M.: ‘Access Control in a Core Calculus of Dependency’. Electr. Notes Theor. Comput. Sci. 172, 5–31 (2007)

    Article  Google Scholar 

  2. Abadi, M., ‘Variations in Access Control Logic’, in R. van der Meyden, and L. van der Torre, (eds.), DEON, vol. 5076 of LNCS, Springer, 2008, pp. 96–109.

  3. Abadi, M., M. Burrows, B. W. Lampson, and G. D. Plotkin, ‘A Calculus for Access Control in Distributed Systems’, in Adcances in Cryptology (CRYPTO), vol. 576 of LNCS, Springer, 1991, pp. 1–23.

  4. Abadi, M., and T. Wobber, ‘A Logical Account of NGSCB’, in D. de Frutos-Escrig, and M. Núñez, (eds.), Formal Techniques for Networked and Distributed Systems (FORTE), vol. 3235 of LNCS, Springer, 2004, pp. 1–12.

  5. Barker, S., ‘The Next 700 Access Control Models or a Unifying Meta-Model?’, ACM Symposium on Access Control Models and Technologies SACMAT 09 (to appear).

  6. Bauer, L., M. A. Schneider, Edward W. Felten, and A. W. Appel, ‘Access Control on the Web Using Proof-carrying Authorization’, in DARPA Information Survivability Conference and Exposition (DISCEX), IEEE Computer Society, 2003, pp. 117–119.

  7. Becker, M. Y., Cédric Fournet, and Andrew D. Gordon, ‘Design and Semantics of a Decentralized Authorization Language’, in IEEE Computer Security Foundations Symposium (CSF), IEEE Computer Society, 2007, pp. 3–15.

  8. Bertolissi, C., M. Fernández, and S. Barker, ‘Dynamic Event-Based Access Control as Term Rewriting’, in S. Barker, and G.-J. Ahn, (eds.), Data and Applications Security (DBSec), vol. 4602 of LNCS, Springer, 2007, pp. 195–210.

  9. Ceri S., Georg Gottlob, Letizia Tanca: ‘What you Always Wanted to Know About Datalog (And Never Dared to Ask)’. IEEE Trans. Knowl. Data Eng. 1(1), 146–166 (1989)

    Article  Google Scholar 

  10. Dekker M.A.C., Sandro Etalle: ‘Audit-Based Access Control for Electronic Health Records’. Electr. Notes Theor. Comput. Sci. 168, 221–236 (2007)

    Article  Google Scholar 

  11. Ellison, C., B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, ‘SPKI certificate theory’, IETF RFC 2693, (2009).

  12. Gabbay, D. M., ‘Labelled Deductive Systems: Vol. 1’, Oxford University Press, (1996).

  13. Gabbay, D. M., ‘Fibring Logics’, Oxford University Press, (1999).

  14. Garg, D., and M. Abadi, ‘A Modal Deconstruction of Access Control Logics’, in Foundations of Software Science and Computational Structures (FoSSaCS), vol. 4962 of LNCS, Springer, 2008, pp. 216–230.

  15. Garg, D., L. Bauer, Kevin D. Bowers, F. Pfenning, and M. K. Reiter, ‘A Linear Logic of Authorization and Knowledge’, in European Symposium on Research in Computer Security (ESORICS), vol. 4189 of LNCS, Springer, 2006, pp. 297–312.

  16. Giuri, L., and P. Iglio, ‘Role Templates for Content-based Access Control’, in ACM Workshop on Role-Based Access Control, 1997, pp. 153–159.

  17. Gurevich, Y., and I. Neeman, ‘DKAL: Distributed-Knowledge Authorization Language’, in IEEE Computer Security Foundations Symposium (CSF), IEEE Computer Society, 2008, pp. 149–162.

  18. Halpern, J. Y., and V. Weissman, ‘Using First-Order Logic to Reason about Policies’. ACM Trans. Inf. Syst. Secur., 11 (4), 2008.

  19. Kosiyatrakul, T., S. Older, and S.-K. Chin, ‘A Modal Logic for Role-Based Access Control’, in V. Gorodetsky, I. V. Kotenko, and V. A. Skormin, (eds.), MMMACNS, vol. 3685 of LNCS, Springer, 2005, pp. 179–193.

  20. Lampson B.W.: ‘Computer Security in the Real World’. IEEE Computer 37(6), 37–46 (2004)

    Google Scholar 

  21. Lampson B.W., Abadi M., Burrows M., Wobber E.: ‘Authentication in Distributed Systems: Theory and Practice’. ACM Trans. Comput. Syst. 10(4), 265–310 (1992)

    Article  Google Scholar 

  22. Li N., Grosof B.N., Feigenbaum J.: ‘Delegation logic: A Logic-based Approach to Distributed Authorization’. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)

    Article  Google Scholar 

  23. Li, N., and J. C. Mitchell, ‘DATALOG with Constraints: A Foundation for Trust Management Languages’, in V. Dahl, and P. Wadler, (eds.), PADL, vol. 2562 of LNCS, Springer, 2003, pp. 58–73.

  24. Lupu, E., and M. Sloman, ‘Reconciling Role Based Management and Role Based Access Control’, in ACM Workshop on Role-Based Access Control, 1997, pp. 135–141.

  25. Wobber E., Abadi M., Burrows M.: ‘Authentication in the Taos Operating System’. ACM Trans. Comput. Syst. 12(1), 3–32 (1994)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, Università di Torino, C.So Svizzera, 185 - 10149, Torino, Italy

    Guido Boella & Valerio Genovese

  2. Dept. of Computer Science, King’s College London, The Strand, London, WC2A 2LS, UK

    Dov M. Gabbay

  3. Dept. of Computer Science, Bar Ilan University, Ramat Gan, Israel

    Dov M. Gabbay

  4. Faculty of Sciences, Technology and Communication (FSTC), University of Luxembourg, 6, rue Richard Coudenhove - Kalergi, L-1359, Luxembourg, Luxembourg

    Leendert van der Torre

Authors
  1. Guido Boella
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dov M. Gabbay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Valerio Genovese
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Leendert van der Torre
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guido Boella.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Boella, G., Gabbay, D.M., Genovese, V. et al. Fibred Security Language. Stud Logica 92, 395–436 (2009). https://doi.org/10.1007/s11225-009-9201-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11225-009-9201-6

Keywords

Search

Navigation