Results 1  10
of
30
Reasoning about the consequences of authorization policies in a linear epistemic logic
, 2009
"... Authorization policies are not standalone objects: they are used to selectively permit actions that change the state of a system. Thus, it is desirable to have a framework for reasoning about the semantic consequences of policies. To this end, we extend a rewriting interpretation of linear logic w ..."
Abstract

Cited by 21 (7 self)
 Add to MetaCart
(Show Context)
Authorization policies are not standalone objects: they are used to selectively permit actions that change the state of a system. Thus, it is desirable to have a framework for reasoning about the semantic consequences of policies. To this end, we extend a rewriting interpretation of linear logic with connectives for modeling affirmation, knowledge, and possession. To cleanly confine semantic effects to the rewrite sequence, we introduce a monad. The result is a richly expressive logic that elegantly integrates policies and their effects. After presenting this logic and its metatheory, we demonstrate its utility by proving properties that relate a simple file system’s policies to their semantic consequences.
SecurityTyped Programming within DependentlyTyped Programming
"... Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensi ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensitive resource to be accompanied by a proof. The securitytyped languages described in the literature, such as Aura and PCML5, have been presented as new, standalone language designs. In this paper, we instead show how to embed a securitytyped programming language within an existing dependently typed programming language, Agda. This languagedesign strategy allows us to inherit both the metatheoretic results, such as type safety, and the implementation of the host language. Our embedding consists of the following ingredients: First, we represent the syntax and proofs of an authorization logic, Garg and Pfenning’s BL0, using dependent types. Second, we implement a proof search procedure, based on a focused sequent calculus, to ease the burden of constructing proofs. Third, we define an indexed monad of computations on behalf of a principal, with proofcarrying primitive operations. Our work shows that a dependently typed language can be used to prototype a securitytyped language, and contributes to the growing body of literature on using dependently typed languages to construct domainspecific type systems. 1
Proof search in an authorization logic
, 2009
"... We consider the problem of proof search in an expressive authorization logic that contains a “says ” modality and an ordering on principals. After a description of the proof system for the logic, we identify two fragments that admit complete goaldirected and saturating proof search strategies. A sm ..."
Abstract

Cited by 12 (7 self)
 Add to MetaCart
We consider the problem of proof search in an expressive authorization logic that contains a “says ” modality and an ordering on principals. After a description of the proof system for the logic, we identify two fragments that admit complete goaldirected and saturating proof search strategies. A smaller fragment is then presented, which supports both goaldirected and saturating search, and has a sound and complete translation to firstorder logic. We conclude with a brief description of our implementation of goaldirected search. This work was supported partially by the iCAST project sponsored by the National Science Council,
Propositional primal logic with disjunction
 J. of Logic and Computation
"... Abstract Gurevich and Neeman introduced Distributed Knowledge Authorization Language (DKAL). The world of DKAL consists of communicating principals computing their own knowledge in their own states. DKAL is based on a new logic of information, the socalled infon logic, and its efficient subsystem ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Abstract Gurevich and Neeman introduced Distributed Knowledge Authorization Language (DKAL). The world of DKAL consists of communicating principals computing their own knowledge in their own states. DKAL is based on a new logic of information, the socalled infon logic, and its efficient subsystem called primal logic. In this paper we simplify Kripkean semantics of primal logic and study various extensions of it in search to balance expressivity and efficiency. On the prooftheoretic side we develop cutfree Gentzenstyle sequent calculi for the original primal logic and its extensions.
PrincipalCentric Reasoning in Constructive Authorization Logic
, 2008
"... We present an authorization logic DTL0 that explicitly relativizes reasoning to beliefs of principals. The logic assumes that principals are conceited in their beliefs. We describe the natural deduction system, sequent calculus, Hilbertstyle axiomatization, and Kripke semantics of the logic. We pro ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
We present an authorization logic DTL0 that explicitly relativizes reasoning to beliefs of principals. The logic assumes that principals are conceited in their beliefs. We describe the natural deduction system, sequent calculus, Hilbertstyle axiomatization, and Kripke semantics of the logic. We prove several metatheoretic results including cutelimination, and soundness and completeness for the Kripke semantics. We also present translations from several other authorization logics into DTL0, and describe formal connections between DTL0 and the modal logic constructive S4.
Logic in Access Control (Tutorial Notes)
"... Access control is central to security in computer systems. Over the years, there have been many efforts to explain and to improve access control, sometimes with logical ideas and tools. This paper is a partial survey and discussion of the role of logic in access control. It considers logical found ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Access control is central to security in computer systems. Over the years, there have been many efforts to explain and to improve access control, sometimes with logical ideas and tools. This paper is a partial survey and discussion of the role of logic in access control. It considers logical foundations for access control and their applications, in particular in languages for security policies. It focuses on some specific logics and their properties. It is intended as a written counterpart to a tutorial given at the 2009 International School on Foundations of Security Analysis and Design.
Macaroons: Cookies with contextual caveats for decentralized authorization in the Cloud
 In NDSS
, 2014
"... Abstract—Controlled sharing is fundamental to distributed systems; yet, on the Web, and in the Cloud, sharing is still based on rudimentary mechanisms. More flexible, decentralized cryptographic authorization credentials have not been adopted, largely because their mechanisms have not been increment ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Abstract—Controlled sharing is fundamental to distributed systems; yet, on the Web, and in the Cloud, sharing is still based on rudimentary mechanisms. More flexible, decentralized cryptographic authorization credentials have not been adopted, largely because their mechanisms have not been incrementally deployable, simple enough, or efficient enough to implement across the relevant systems and devices. This paper introduces macaroons: flexible authorization credentials for Cloud services that support decentralized delegation between principals. Macaroons are based on a construction that uses nested, chained MACs (e.g., HMACs [43]) in a manner that is highly efficient, easy to deploy, and widely applicable. Although macaroons are bearer credentials, like Web cookies, macaroons embed caveats that attenuate and contextually confine when, where, by who, and for what purpose a target service should authorize requests. This paper describes macaroons and motivates their design, compares them to other credential systems, such as cookies and SPKI/SDSI [14], evaluates and measures a prototype implementation, and discusses practical security and application considerations. In particular, it is considered how macaroons can enable more finegrained authorization in the Cloud, e.g., by strengthening mechanisms like OAuth2 [17], and a formalization of macaroons is given in authorization logic. I.
G.L.: A constructive conditional logic for access control: a preliminary report
 Proceedings of ECAI 2010 (19th European Conference on Artificial Intelligence
"... Abstract. We define an Intuitionistic Conditional Logic for Access Control called CICL. The logic CICL is based on a conditional language allowing principals to be defined as arbitrary formulas and it includes few uncontroversial axioms of access control logics. We provide an axiomatization and a Kr ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We define an Intuitionistic Conditional Logic for Access Control called CICL. The logic CICL is based on a conditional language allowing principals to be defined as arbitrary formulas and it includes few uncontroversial axioms of access control logics. We provide an axiomatization and a Kripke model semantics for the logic CICL, prove that the axiomatization is sound and complete with respect to the semantics, and define a sound, complete and cutfree labelled sequent calculus for it. 1
D.: Constructing cut free sequent systems with context restrictions based on classical or intuitionistic logic
"... Abstract. We consider a general format for rules for not necessarily normal modal logics based on classical or intuitionistic propositional logic and provide relatively simple local conditions ensuring a generic cut elimination for such rule sets. The rule format encompasses e.g. rules for the boole ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We consider a general format for rules for not necessarily normal modal logics based on classical or intuitionistic propositional logic and provide relatively simple local conditions ensuring a generic cut elimination for such rule sets. The rule format encompasses e.g. rules for the boolean connectives and transitive modal logics such as S4 or its constructive version. We also adapt the method of constructing suitable rule sets by saturation to the intuitionistic setting and provide a criterium for translating axioms for intuitionistic modal logics into sequent rules. Examples include constructive modal logics and conditional logic VA. 1
G.L.: A conditional constructive logic for access control and its sequent calculus
 Tableaux 2011. Lecture Notes in Artificial Intelligence (LNAI
, 2011
"... Abstract. In this paper we study the applicability of constructive conditional logics as a general framework to define decision procedures in access control logics. To this purpose, we formalize the assertion A says φ, whose intended meaning is that principal A says that φ, as a conditional implicat ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we study the applicability of constructive conditional logics as a general framework to define decision procedures in access control logics. To this purpose, we formalize the assertion A says φ, whose intended meaning is that principal A says that φ, as a conditional implication. We introduce CondACL, which is a conservative extension of the logic ICL recently introduced by Garg and Abadi. We identify the conditional axioms needed to capture the basic properties of the “says ” operator and to provide a proper definition of boolean principals. We provide a Kripke model semantics for the logic and we prove that the axiomatization is sound and complete with respect to the semantics. Moreover, we define a sound, complete, cutfree and terminating sequent calculus for CondACL, which allows us to prove that the logic is decidable. We argue for the generality of our approach by presenting canonical properties of some further well known access control axioms. The identification of canonical properties provides the possibility to craft access control logics that adopt any combination of axioms for which canonical properties exist. 1