A Linear Logic of Authorization and Knowledge

  • Deepak Garg
  • Lujo Bauer
  • Kevin D. Bowers
  • Frank Pfenning
  • Michael K. Reiter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)


We propose a logic for specifying security policies at a very high level of abstraction. The logic accommodates the subjective nature of affirmations for authorization and knowledge without compromising the objective nature of logical inference. In order to accurately model consumable authorizations and resources, we construct our logic as a modal enrichment of linear logic. We show that the logic satisfies cut elimination, which is a proof-theoretic expression of its soundness. We also demonstrate that the logic is amenable to meta-reasoning about specifications expressed in it through several examples.


Time Slot Inference Rule Policy Rule Linear Logic Form Registrar 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: Personal communicationGoogle Scholar
  2. 2.
    Abadi, M.: Logic in access control. In: Proceedings of the 18th Annual Symposium on Logic in Computer Science (LICS 2003), Ottawa, Canada, June 2003, pp. 228–233. IEEE Computer Society Press, Los Alamitos (2003)CrossRefGoogle Scholar
  3. 3.
    Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A core calculus of dependency. In: Conference Record of the 26th Sympoisum on Principles Of Programming Languages (POPL 1999), San Antonio, Texas, pp. 147–160. ACM Press, New York (1999)Google Scholar
  4. 4.
    Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)CrossRefGoogle Scholar
  5. 5.
    Andreoli, J.-M.: Logic programming with focusing proofs in linear logic. Journal of Logic and Computation 2(3), 297–347 (1992)CrossRefMathSciNetMATHGoogle Scholar
  6. 6.
    Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: Tsudik, G. (ed.) Proceedings of the 6th Conference on Computer and Communications Security, Singapore, November 1999, pp. 52–62. ACM Press, New York (1999)CrossRefGoogle Scholar
  7. 7.
    Bauer, L.: Access Control for the Web via Proof-Carrying Authorization. PhD thesis, Princeton University (November 2003)Google Scholar
  8. 8.
    Bauer, L., Bowers, K.D., Pfenning, F., Reiter, M.K.: Consumable credentials in logic-based access control. Technical Report CMU-CYLAB-06-002, Carnegie Mellon University (February 2006)Google Scholar
  9. 9.
    Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6(1), 71–127 (2003)CrossRefGoogle Scholar
  10. 10.
    Bistarelli, S., Cervesato, I., Lenzini, G., Martinelli, F.: Relating Multiset Rewriting and Process Algebras for Security Protocol Analysis. Journal of Computer Security 13, 3–47 (2005)Google Scholar
  11. 11.
    Chang, B.-Y.E., Chaudhuri, K., Pfenning, F.: A judgmental analysis of linear logic. Extended version available as Technical Report CMU-CS-03-131R (submitted) (December 2003)Google Scholar
  12. 12.
    Crampton, J., Loizou, G., O’ Shea, G.: A logic of access control. The Computer Journal 44(1), 137–149 (2001)CrossRefMATHGoogle Scholar
  13. 13.
    De Treville, J.: Binder, a logic-based security language. In: Abadi, M., Bellovin, S. (eds.) Proceedings of the 2002 Symposium on Security and Privacy (S&P 2002), Berkeley, California, May 2002, pp. 105–113. IEEE Computer Society Press, Los Alamitos (2002)CrossRefGoogle Scholar
  14. 14.
    Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW 19). IEEE Computer Society Press, Los Alamitos (to appear, 2006) Google Scholar
  15. 15.
    Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)CrossRefGoogle Scholar
  16. 16.
    Li, N., Mitchell, J.C.: DATALOG with constraints: A foundation for trust management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    López, P., Pfenning, F., Polakow, J., Watkins, K.: Monadic concurrent linear logic programming. In: Proceedings of the 7th International Symposium on Principles and Practice of Declarative Programming (PPDP 2005), Lisbon, Portugal (2005)Google Scholar
  18. 18.
    Pfenning, F.: Structural cut elimination I. Intuitionistic and classical logic. Information and Computation 157(1/2), 84–141 (2000)CrossRefMathSciNetMATHGoogle Scholar
  19. 19.
    Rueß, H., Shankar, N.: Introducing Cyberlogic. In: Proceedings of the 3rd Annual High Confidence Software and Systems Conference, Baltimore, Maryland (April 2003)Google Scholar
  20. 20.
    van der Hoek, W., Verbrugge, R.: Epistemic logic: A survey. Game Theory and Applications 8, 53–94 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Deepak Garg
    • 1
  • Lujo Bauer
    • 1
  • Kevin D. Bowers
    • 1
  • Frank Pfenning
    • 1
  • Michael K. Reiter
    • 1
  1. 1.Carnegie Mellon University 

Personalised recommendations