We study access control policies based on the says operator by introducing a logical framework called Fibred Security Language (FSL) which is able to deal with features like joint responsibility between sets of principals and to identify them by means of first-order formulas. FSL is based on a multimodal logic methodology. We first discuss the main contributions from the expressiveness point of view, we give semantics for the language both for classical and intuitionistic fragment), we then prove that in order to express well-known properties like ‘speaks-for’ or ‘hand-off’, defined in terms of says, we do not need second-order logic (unlike previous approaches) but a decidable fragment of first-order logic suffices. We propose a model-driven study of the says axiomatization by constraining the Kripke models in order to respect desirable security properties, we study how existing access control logics can be translated into FSL and we give completeness for the logic.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Price includes VAT (USA)
Tax calculation will be finalised during checkout.
Abadi M.: ‘Access Control in a Core Calculus of Dependency’. Electr. Notes Theor. Comput. Sci. 172, 5–31 (2007)
Abadi, M., ‘Variations in Access Control Logic’, in R. van der Meyden, and L. van der Torre, (eds.), DEON, vol. 5076 of LNCS, Springer, 2008, pp. 96–109.
Abadi, M., M. Burrows, B. W. Lampson, and G. D. Plotkin, ‘A Calculus for Access Control in Distributed Systems’, in Adcances in Cryptology (CRYPTO), vol. 576 of LNCS, Springer, 1991, pp. 1–23.
Abadi, M., and T. Wobber, ‘A Logical Account of NGSCB’, in D. de Frutos-Escrig, and M. Núñez, (eds.), Formal Techniques for Networked and Distributed Systems (FORTE), vol. 3235 of LNCS, Springer, 2004, pp. 1–12.
Barker, S., ‘The Next 700 Access Control Models or a Unifying Meta-Model?’, ACM Symposium on Access Control Models and Technologies SACMAT 09 (to appear).
Bauer, L., M. A. Schneider, Edward W. Felten, and A. W. Appel, ‘Access Control on the Web Using Proof-carrying Authorization’, in DARPA Information Survivability Conference and Exposition (DISCEX), IEEE Computer Society, 2003, pp. 117–119.
Becker, M. Y., Cédric Fournet, and Andrew D. Gordon, ‘Design and Semantics of a Decentralized Authorization Language’, in IEEE Computer Security Foundations Symposium (CSF), IEEE Computer Society, 2007, pp. 3–15.
Bertolissi, C., M. Fernández, and S. Barker, ‘Dynamic Event-Based Access Control as Term Rewriting’, in S. Barker, and G.-J. Ahn, (eds.), Data and Applications Security (DBSec), vol. 4602 of LNCS, Springer, 2007, pp. 195–210.
Ceri S., Georg Gottlob, Letizia Tanca: ‘What you Always Wanted to Know About Datalog (And Never Dared to Ask)’. IEEE Trans. Knowl. Data Eng. 1(1), 146–166 (1989)
Dekker M.A.C., Sandro Etalle: ‘Audit-Based Access Control for Electronic Health Records’. Electr. Notes Theor. Comput. Sci. 168, 221–236 (2007)
Ellison, C., B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, ‘SPKI certificate theory’, IETF RFC 2693, (2009).
Gabbay, D. M., ‘Labelled Deductive Systems: Vol. 1’, Oxford University Press, (1996).
Gabbay, D. M., ‘Fibring Logics’, Oxford University Press, (1999).
Garg, D., and M. Abadi, ‘A Modal Deconstruction of Access Control Logics’, in Foundations of Software Science and Computational Structures (FoSSaCS), vol. 4962 of LNCS, Springer, 2008, pp. 216–230.
Garg, D., L. Bauer, Kevin D. Bowers, F. Pfenning, and M. K. Reiter, ‘A Linear Logic of Authorization and Knowledge’, in European Symposium on Research in Computer Security (ESORICS), vol. 4189 of LNCS, Springer, 2006, pp. 297–312.
Giuri, L., and P. Iglio, ‘Role Templates for Content-based Access Control’, in ACM Workshop on Role-Based Access Control, 1997, pp. 153–159.
Gurevich, Y., and I. Neeman, ‘DKAL: Distributed-Knowledge Authorization Language’, in IEEE Computer Security Foundations Symposium (CSF), IEEE Computer Society, 2008, pp. 149–162.
Halpern, J. Y., and V. Weissman, ‘Using First-Order Logic to Reason about Policies’. ACM Trans. Inf. Syst. Secur., 11 (4), 2008.
Kosiyatrakul, T., S. Older, and S.-K. Chin, ‘A Modal Logic for Role-Based Access Control’, in V. Gorodetsky, I. V. Kotenko, and V. A. Skormin, (eds.), MMMACNS, vol. 3685 of LNCS, Springer, 2005, pp. 179–193.
Lampson B.W.: ‘Computer Security in the Real World’. IEEE Computer 37(6), 37–46 (2004)
Lampson B.W., Abadi M., Burrows M., Wobber E.: ‘Authentication in Distributed Systems: Theory and Practice’. ACM Trans. Comput. Syst. 10(4), 265–310 (1992)
Li N., Grosof B.N., Feigenbaum J.: ‘Delegation logic: A Logic-based Approach to Distributed Authorization’. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)
Li, N., and J. C. Mitchell, ‘DATALOG with Constraints: A Foundation for Trust Management Languages’, in V. Dahl, and P. Wadler, (eds.), PADL, vol. 2562 of LNCS, Springer, 2003, pp. 58–73.
Lupu, E., and M. Sloman, ‘Reconciling Role Based Management and Role Based Access Control’, in ACM Workshop on Role-Based Access Control, 1997, pp. 135–141.
Wobber E., Abadi M., Burrows M.: ‘Authentication in the Taos Operating System’. ACM Trans. Comput. Syst. 12(1), 3–32 (1994)
About this article
Cite this article
Boella, G., Gabbay, D.M., Genovese, V. et al. Fibred Security Language. Stud Logica 92, 395 (2009). https://doi.org/10.1007/s11225-009-9201-6
- Access Control
- Language-based Security
- Trust Management