Skip to main content

Fibred Security Language

Abstract

We study access control policies based on the says operator by introducing a logical framework called Fibred Security Language (FSL) which is able to deal with features like joint responsibility between sets of principals and to identify them by means of first-order formulas. FSL is based on a multimodal logic methodology. We first discuss the main contributions from the expressiveness point of view, we give semantics for the language both for classical and intuitionistic fragment), we then prove that in order to express well-known properties like ‘speaks-for’ or ‘hand-off’, defined in terms of says, we do not need second-order logic (unlike previous approaches) but a decidable fragment of first-order logic suffices. We propose a model-driven study of the says axiomatization by constraining the Kripke models in order to respect desirable security properties, we study how existing access control logics can be translated into FSL and we give completeness for the logic.

This is a preview of subscription content, access via your institution.

References

  1. 1.

    Abadi M.: ‘Access Control in a Core Calculus of Dependency’. Electr. Notes Theor. Comput. Sci. 172, 5–31 (2007)

    Article  Google Scholar 

  2. 2.

    Abadi, M., ‘Variations in Access Control Logic’, in R. van der Meyden, and L. van der Torre, (eds.), DEON, vol. 5076 of LNCS, Springer, 2008, pp. 96–109.

  3. 3.

    Abadi, M., M. Burrows, B. W. Lampson, and G. D. Plotkin, ‘A Calculus for Access Control in Distributed Systems’, in Adcances in Cryptology (CRYPTO), vol. 576 of LNCS, Springer, 1991, pp. 1–23.

  4. 4.

    Abadi, M., and T. Wobber, ‘A Logical Account of NGSCB’, in D. de Frutos-Escrig, and M. Núñez, (eds.), Formal Techniques for Networked and Distributed Systems (FORTE), vol. 3235 of LNCS, Springer, 2004, pp. 1–12.

  5. 5.

    Barker, S., ‘The Next 700 Access Control Models or a Unifying Meta-Model?’, ACM Symposium on Access Control Models and Technologies SACMAT 09 (to appear).

  6. 6.

    Bauer, L., M. A. Schneider, Edward W. Felten, and A. W. Appel, ‘Access Control on the Web Using Proof-carrying Authorization’, in DARPA Information Survivability Conference and Exposition (DISCEX), IEEE Computer Society, 2003, pp. 117–119.

  7. 7.

    Becker, M. Y., Cédric Fournet, and Andrew D. Gordon, ‘Design and Semantics of a Decentralized Authorization Language’, in IEEE Computer Security Foundations Symposium (CSF), IEEE Computer Society, 2007, pp. 3–15.

  8. 8.

    Bertolissi, C., M. Fernández, and S. Barker, ‘Dynamic Event-Based Access Control as Term Rewriting’, in S. Barker, and G.-J. Ahn, (eds.), Data and Applications Security (DBSec), vol. 4602 of LNCS, Springer, 2007, pp. 195–210.

  9. 9.

    Ceri S., Georg Gottlob, Letizia Tanca: ‘What you Always Wanted to Know About Datalog (And Never Dared to Ask)’. IEEE Trans. Knowl. Data Eng. 1(1), 146–166 (1989)

    Article  Google Scholar 

  10. 10.

    Dekker M.A.C., Sandro Etalle: ‘Audit-Based Access Control for Electronic Health Records’. Electr. Notes Theor. Comput. Sci. 168, 221–236 (2007)

    Article  Google Scholar 

  11. 11.

    Ellison, C., B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, ‘SPKI certificate theory’, IETF RFC 2693, (2009).

  12. 12.

    Gabbay, D. M., ‘Labelled Deductive Systems: Vol. 1’, Oxford University Press, (1996).

  13. 13.

    Gabbay, D. M., ‘Fibring Logics’, Oxford University Press, (1999).

  14. 14.

    Garg, D., and M. Abadi, ‘A Modal Deconstruction of Access Control Logics’, in Foundations of Software Science and Computational Structures (FoSSaCS), vol. 4962 of LNCS, Springer, 2008, pp. 216–230.

  15. 15.

    Garg, D., L. Bauer, Kevin D. Bowers, F. Pfenning, and M. K. Reiter, ‘A Linear Logic of Authorization and Knowledge’, in European Symposium on Research in Computer Security (ESORICS), vol. 4189 of LNCS, Springer, 2006, pp. 297–312.

  16. 16.

    Giuri, L., and P. Iglio, ‘Role Templates for Content-based Access Control’, in ACM Workshop on Role-Based Access Control, 1997, pp. 153–159.

  17. 17.

    Gurevich, Y., and I. Neeman, ‘DKAL: Distributed-Knowledge Authorization Language’, in IEEE Computer Security Foundations Symposium (CSF), IEEE Computer Society, 2008, pp. 149–162.

  18. 18.

    Halpern, J. Y., and V. Weissman, ‘Using First-Order Logic to Reason about Policies’. ACM Trans. Inf. Syst. Secur., 11 (4), 2008.

  19. 19.

    Kosiyatrakul, T., S. Older, and S.-K. Chin, ‘A Modal Logic for Role-Based Access Control’, in V. Gorodetsky, I. V. Kotenko, and V. A. Skormin, (eds.), MMMACNS, vol. 3685 of LNCS, Springer, 2005, pp. 179–193.

  20. 20.

    Lampson B.W.: ‘Computer Security in the Real World’. IEEE Computer 37(6), 37–46 (2004)

    Google Scholar 

  21. 21.

    Lampson B.W., Abadi M., Burrows M., Wobber E.: ‘Authentication in Distributed Systems: Theory and Practice’. ACM Trans. Comput. Syst. 10(4), 265–310 (1992)

    Article  Google Scholar 

  22. 22.

    Li N., Grosof B.N., Feigenbaum J.: ‘Delegation logic: A Logic-based Approach to Distributed Authorization’. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)

    Article  Google Scholar 

  23. 23.

    Li, N., and J. C. Mitchell, ‘DATALOG with Constraints: A Foundation for Trust Management Languages’, in V. Dahl, and P. Wadler, (eds.), PADL, vol. 2562 of LNCS, Springer, 2003, pp. 58–73.

  24. 24.

    Lupu, E., and M. Sloman, ‘Reconciling Role Based Management and Role Based Access Control’, in ACM Workshop on Role-Based Access Control, 1997, pp. 135–141.

  25. 25.

    Wobber E., Abadi M., Burrows M.: ‘Authentication in the Taos Operating System’. ACM Trans. Comput. Syst. 12(1), 3–32 (1994)

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Guido Boella.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Boella, G., Gabbay, D.M., Genovese, V. et al. Fibred Security Language. Stud Logica 92, 395 (2009). https://doi.org/10.1007/s11225-009-9201-6

Download citation

Keywords

  • Logic
  • Fibring
  • Access Control
  • Language-based Security
  • Trust Management