Abstract
We present a new modal access control logic, ACL + , to specify, reason about and enforce access control policies. The logic includes new modalities for permission, control, and ratification to overcome some limits of current access control logics. We present a Hilbert-style proof system for ACL + and a sound and complete Kripke semantics for it. We exploit the Kripke semantics to define Seq-ACL + : a sound, complete and cut-free sequent calculus for ACL + , implying that ACL + is at least semi-decidable. We point at a Prolog implementation of Seq-ACL + and discuss possible extensions of ACL + with axioms for subordination between principals.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Logic in access control. In: Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science (LICS), pp. 228–233 (2003)
Abadi, M.: Variations in Access Control Logic. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 96–109. Springer, Heidelberg (2008)
Abadi, M.: Logic in access control (tutorial notes). In: Proceedings of the 9th International School on Foundations of Security Analysis and Design (FOSAD), pp. 145–165 (2009)
Basin, D., D’Agostino, M., Gabbay, D.M., Matthews, S., Viganó, L.: Labelled Deduction. Springer, Heidelberg (2000)
Bauer, L.: Access Control for the Web via Proof-Carrying Authorization. Ph.D. thesis, Princeton University (2003)
Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J., Rutenbar, P.: Device-Enabled Authorization in the Grey System. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 431–445. Springer, Heidelberg (2005)
Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: Design and semantics of a decentralized authorization language. Journal of Computer Security 18(4), 619–665 (2010)
Boella, G., Gabbay, D.M., Genovese, V., van der Torre, L.: Fibred security language. Studia Logica 92(3), 395–436 (2009)
Dinesh, N., Joshi, A.K., Lee, I., Sokolsky, O.: Permission to speak: A logic for access control and conformance. Journal of Logic and Algebraic Programming 80(1), 50–74 (2011)
Garg, D.: Principal centric reasoning in constructive authorization logic. In: Informal Proceedings of Intuitionistic Modal Logic and Application (IMLA) (2008), Full version available as Carnegie Mellon Technical Report CMU-CS-09-120
Garg, D., Abadi, M.: A Modal Deconstruction of Access Control Logics. In: Amadio, R.M. (ed.) FOSSACS 2008. LNCS, vol. 4962, pp. 216–230. Springer, Heidelberg (2008)
Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW), pp. 283–293 (2006)
Garg, D., Pfenning, F.: A proof-carrying file system. In: Proceedings of the 31st IEEE Symposium on Security and Privacy, Oakland, pp. 349–364 (2010)
Genovese, V., Giordano, L., Gliozzi, V., Pozzato, G.L.: A constructive conditional logic for access control: A preliminary report. In: Proceedings of the 19th European Conference on Artificial Intelligence (ECAI), pp. 1073–1074 (2010)
Genovese, V., Giordano, L., Gliozzi, V., Pozzato, G.L.: Logics for access control: A conditional approach. In: Informal Proceedings of the 1st Workshop on Logic in Security (LIS), pp. 78–92 (2010)
Genovese, V., Giordano, L., Gliozzi, V., Pozzato, G.L.: A Conditional Constructive Logic for Access Control and its Sequent Calculus. In: Brünnler, K., Metcalfe, G. (eds.) TABLEAUX 2011. LNCS, vol. 6793, pp. 164–179. Springer, Heidelberg (2011)
Gurevich, Y., Neeman, I.: Logic of infons: The propositional case. ACM Transactions on Computational Logic 12(2), 1–28 (2011)
Lampson, B.W., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)
Negri, S.: Proof analysis in modal logic. Journal of Philosophical Logic 34, 507–544 (2005)
Negri, S., von Plato, J.: Proof Analysis. Cambridge University Press (2011)
Schneider, F.B., Walsh, K., Sirer, E.G.: Nexus Authorization Logic (NAL): Design rationale and applications. ACM Transcations on Information and System Security 14(1), 1–28 (2011)
Wobber, E., Abadi, M., Burrows, M.: Authentication in the taos operating system. ACM Transactions on Computer Systems 12(1), 3–32 (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Genovese, V., Garg, D. (2012). New Modalities for Access Control Logics: Permission, Control and Ratification. In: Meadows, C., Fernandez-Gago, C. (eds) Security and Trust Management. STM 2011. Lecture Notes in Computer Science, vol 7170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29963-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-29963-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29962-9
Online ISBN: 978-3-642-29963-6
eBook Packages: Computer ScienceComputer Science (R0)