Abstract
The access control problem in computer security is fundamentally concerned with the ability of system entities to see, make use of, or alter various system resources. We provide a mathematical framework for modelling and reasoning about (distributed) systems with access control. This is based on a calculus of resources and processes together with a Hennessy–Milner-style modal logic, based on the connectives of bunched logic, for which an appropriate correspondence theorem obtains. As a consequence we get a consistent account of both operational behaviour and logical reasoning for systems with access control features. In particular, we are able to introduce a process combinator that describes, as a form of concurrent composition, the action of one agent in the role of another, and provide a logical characterization of this operator via a modality ‘says’. We give a range of examples, including analyses of co-signing, roles, and chains of trust, which illustrates the utility of our mathematical framework.
Similar content being viewed by others
References
Abadi M (2003) Logic in access control. In: Proceedings of LICS’03, pp 228–233
Abadi M, Burrows M, Lampson B, Plotkin G (1993) A calculus for access control in distributed systems. ACM Trans Progrogram Lang Syst 4(15): 706–734
Abadi M, Gordon A (1997) A calculus for cryptographic protocols: the spi calculus. In: Proceedings conference Computer and Communications Security. ACM Press, London, pp 36–47
Baldwin A, Beres Y, Casassa Mont M, Griffin J, Shiu S (2008) Identity analytics: using modeling and simulation to improve data security decision making. Technical Report HPL-2008-188, HP Labs, 2008. http://www.hpl.hp.com/techreports/2008/HPL-2008-188.html
Beautement A, Coles R, Griffin J, Ioannidis C, Monahan B, Pym D, Sasse MA, Wonham M (2008) Modelling the human and technological costs and benefits of USB memory stick security. In: Johnson ME (eds) Managing information risk and the economics of security. Springer, Heidelberg
Beres Y, Griffin J, Shiu S, Heitman M, Markle D, Ventura P (2008) Analysing the performance of security solutions to reduce vulnerability exposure window. In: Proceedings of 2008 annual computer security applications conference (ACSAC). IEEE
Birtwistle G (1979) Demos—discrete event modelling on Simula. Macmillan, New York
Becker MY, Nanz S (2007) A logic for state-modifying authorization policies. In: 12th European symposium on research in computer security (ESORICS), Lecture Notes in Computer Science, vol 4734
Coyne EJ, Feinstein HL, Sandhu R, Youman CE (1996) Role-based access control models. IEEE Comput 29(2): 38–47
Collinson M, Monahan B, Pym D (2008a) Located Demos2k—towards a tool for modelling processes and distributed resources. Technical Report HPL-2008-76, HP Labs, 2008. http://library.hp.com/techpubs/2008/HPL-2008-76.html
Collinson M, Monahan B, Pym D (2008b) A logical and computational theory of located resource. Technical Report HPL-2008-74R1, HP Labs, 2008 (Submitted). http://library.hp.com/techpubs/2008/HPL-2008-74R1.html
Collinson M, Monahan B, Pym D (2008c) An update to located Demos2k. Technical Report HPL-2008-205, HP Labs, 2008. http://library.hp.com/techpubs/2008/HPL-2008-205.html
Collinson M, Pym D (2009) Algebra and logic for resource-based systems modelling. Technical Report HPL-2009-21, HP Labs, 2009 (Submitted). http://library.hp.com/techpubs/2009/HPL-2009-10.html.
Collinson M, Pym D, Tofts C (2007) Errata for formal aspects of computing (2006) 18:495–517 and their consequences. Formal Aspects Comput 19(4):551–554
Demos2k. http://www.demos2k.org
DeTreville J (2002) Binder, a logic-based security language. In: Proceedings of 2002 IEEE symposium on security and privacy, pp 105–113
Guelev DP, Ryan MD, Schobbens P-Y (2004) Model-checking access control policies. In: Seventh information security conference (ISC’04), Lecture Notes in Computer Science, vol 3225. Springer, Heidelberg
Hennessy M, Milner R (1985) Algebraic laws for nondeterminism and concurrency. J ACM 32(1): 137–161
Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood Cliffs
Ishtiaq S, O’Hearn PW (2001) BI as an assertion language for mutable data structures. In: Proceedings of POPL 2001. ACM, London, pp 14–26
Kamoda H, Yamaoka M, Matsuda S, Broda K, Sloman M (2006) Access control policy analysis using free variable tableaux. Information Processing Society of Japan (IPSJ) Digital Courier, vol 2
Lampson B, Abadi M, Burrows M, Wobber E (1992) Authentication in distributed systems: theory and practice. ACM Trans Comput Syst 4(10): 265–310
Lampson BW (1971) Protection. In: Proceedings of fifth Princeton symposium information sciences and systems, pp 437–443
Li N, Wang Q (2008) Beyond separation of duty: An algebra for specifying high-level security policies. J ACM 55(3)
Milner R (1980) A calculus of communicating systems, Lecture Notes in Computer Science, vol 92. Springer, Heidelberg
Milner R (1983) Calculi for synchrony and asynchrony. Theor Comput Sci 25: 267–310
Milner R (1989) Communication and concurrency. Prentice-Hall, Englewood Cliffs
O’Hearn PW (2007) Resources, concurrency and local reasoning. Theor Comput Sci 375(1–3): 271–307
O’Hearn P, Pym D (1999) The logic of bunched implications. Bull Symb Logic 5(2): 215–244
Plotkin GD (2004) Structural operational semantics. J Logic Algebraic Program 60:17–139 (Original manuscript 1981)
Pym D, O’Hearn P, Yang H (2004) Possible worlds and resources: the semantics of BI. Theor Comput Sci 315(1): 257–305
Pym D, Tofts C (2006) A calculus and logic of resources and processes. Formal Aspects Comput 18(4):495–517. Errata in [CPT07]
Pym D, Tofts C (2007) Systems modelling via resources and processes: philosphy, calculus, semantics, and logic. In: Cardelli L, Fiore M, Winskel G (eds) Computation, meaning and logic: articles dedicated to Gordon Plotkin, Electronic Notes in Theoretical Computer Science, vol 107. Elsevier, Amsterdam, pp 545–587. Errata in [CPT07]
Pym D (1999) On bunched predicate logic. In: Proceedings of LICS’99, pp 183–192. IEEE, New York
Pym DJ (2002) The semantics and proof theory of the logic of bunched implications, Applied Logic Series, vol 26. Kluwer, Dordrecht. Errata at: http://www.cs.bath.ac.uk/~pym/BI-monograph-errata.pdf
Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: Proceedings of LICS’02. IEEE, New York, pp 55–74
Ryan P, Schneider S, Goldsmith M, Lowe G, Roscoe B (2001) The modelling and analysis of security protocols. Addison-Wesley, Reading
Schneider S (1996) Security properties and CSP. In: IEEE symposium on security and privacy, pp 174–187
Scedrov A, Mitchell JC, Ramanathan A, Teague V (2006) A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols. Theor Comput Scie 353: 118–164
Saltzer JH, Shroeder MD (1975) The protection of information in computer systems. Proc IEEE 63(9): 1278–1308
Stirling C (2001) Modal and temporal properties of processes. Springer, Heidelberg
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by J.V. Tucker
An erratum to this article can be found at http://dx.doi.org/10.1007/s00165-010-0155-2
Rights and permissions
About this article
Cite this article
Collinson, M., Pym, D. Algebra and logic for access control. Form Asp Comp 22, 83–104 (2010). https://doi.org/10.1007/s00165-009-0107-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-009-0107-x