Abstract
We propose a logic for specifying security policies at a very high level of abstraction. The logic accommodates the subjective nature of affirmations for authorization and knowledge without compromising the objective nature of logical inference. In order to accurately model consumable authorizations and resources, we construct our logic as a modal enrichment of linear logic. We show that the logic satisfies cut elimination, which is a proof-theoretic expression of its soundness. We also demonstrate that the logic is amenable to meta-reasoning about specifications expressed in it through several examples.
This work is supported by grants N0014-04-1-0724 of the Office of Naval Research, DAAD19-02-1-0389 of the Army Research Office and CNS-0433540 of the National Science Foundation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M.: Personal communication
Abadi, M.: Logic in access control. In: Proceedings of the 18th Annual Symposium on Logic in Computer Science (LICS 2003), Ottawa, Canada, June 2003, pp. 228–233. IEEE Computer Society Press, Los Alamitos (2003)
Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A core calculus of dependency. In: Conference Record of the 26th Sympoisum on Principles Of Programming Languages (POPL 1999), San Antonio, Texas, pp. 147–160. ACM Press, New York (1999)
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)
Andreoli, J.-M.: Logic programming with focusing proofs in linear logic. Journal of Logic and Computation 2(3), 297–347 (1992)
Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: Tsudik, G. (ed.) Proceedings of the 6th Conference on Computer and Communications Security, Singapore, November 1999, pp. 52–62. ACM Press, New York (1999)
Bauer, L.: Access Control for the Web via Proof-Carrying Authorization. PhD thesis, Princeton University (November 2003)
Bauer, L., Bowers, K.D., Pfenning, F., Reiter, M.K.: Consumable credentials in logic-based access control. Technical Report CMU-CYLAB-06-002, Carnegie Mellon University (February 2006)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6(1), 71–127 (2003)
Bistarelli, S., Cervesato, I., Lenzini, G., Martinelli, F.: Relating Multiset Rewriting and Process Algebras for Security Protocol Analysis. Journal of Computer Security 13, 3–47 (2005)
Chang, B.-Y.E., Chaudhuri, K., Pfenning, F.: A judgmental analysis of linear logic. Extended version available as Technical Report CMU-CS-03-131R (submitted) (December 2003)
Crampton, J., Loizou, G., O’ Shea, G.: A logic of access control. The Computer Journal 44(1), 137–149 (2001)
De Treville, J.: Binder, a logic-based security language. In: Abadi, M., Bellovin, S. (eds.) Proceedings of the 2002 Symposium on Security and Privacy (S&P 2002), Berkeley, California, May 2002, pp. 105–113. IEEE Computer Society Press, Los Alamitos (2002)
Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW 19). IEEE Computer Society Press, Los Alamitos (to appear, 2006)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)
Li, N., Mitchell, J.C.: DATALOG with constraints: A foundation for trust management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)
López, P., Pfenning, F., Polakow, J., Watkins, K.: Monadic concurrent linear logic programming. In: Proceedings of the 7th International Symposium on Principles and Practice of Declarative Programming (PPDP 2005), Lisbon, Portugal (2005)
Pfenning, F.: Structural cut elimination I. Intuitionistic and classical logic. Information and Computation 157(1/2), 84–141 (2000)
Rueß, H., Shankar, N.: Introducing Cyberlogic. In: Proceedings of the 3rd Annual High Confidence Software and Systems Conference, Baltimore, Maryland (April 2003)
van der Hoek, W., Verbrugge, R.: Epistemic logic: A survey. Game Theory and Applications 8, 53–94 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garg, D., Bauer, L., Bowers, K.D., Pfenning, F., Reiter, M.K. (2006). A Linear Logic of Authorization and Knowledge. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds) Computer Security – ESORICS 2006. ESORICS 2006. Lecture Notes in Computer Science, vol 4189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11863908_19
Download citation
DOI: https://doi.org/10.1007/11863908_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44601-9
Online ISBN: 978-3-540-44605-7
eBook Packages: Computer ScienceComputer Science (R0)