Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
A Calculus for Access Control in Distributed Systems
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Non-Interference in Constructive Authorization Logic
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A sequent calculus and a theorem prover for standard conditional logics
ACM Transactions on Computational Logic (TOCL)
Alpaca: extensible authorization for distributed services
Proceedings of the 14th ACM conference on Computer and communications security
Variations in Access Control Logic
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
Operational Semantics for DKAL: Application and Analysis
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Dynamic event-based access control as term rewriting
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
A modal deconstruction of access control logics
FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
A constructive conditional logic for access control: a preliminary report
Proceedings of the 2010 conference on ECAI 2010: 19th European Conference on Artificial Intelligence
Modal Access Control LogicAxiomatization, Semantics and FOL Theorem Proving
Proceedings of the 2010 conference on STAIRS 2010: Proceedings of the Fifth Starting AI Researchers' Symposium
New modalities for access control logics: permission, control and ratification
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Logics for security and privacy
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
| Hi-index | 0.00 |
In this paper we study the applicability of constructive conditional logics as a general framework to define decision procedures in access control logics. To this purpose, we formalize the assertion A says φ, whose intended meaning is that principal A says that φ, as a conditional implication. We introduce CondACL, which is a conservative extension of the logic ICL recently introduced by Garg and Abadi. We identify the conditional axioms needed to capture the basic properties of the "says" operator and to provide a proper definition of boolean principals. We provide a Kripke model semantics for the logic and we prove that the axiomatization is sound and complete with respect to the semantics. Moreover, we define a sound, complete, cut-free and terminating sequent calculus for CondACL, which allows us to prove that the logic is decidable. We argue for the generality of our approach by presenting canonical properties of some further well known access control axioms. The identification of canonical properties provides the possibility to craft access control logics that adopt any combination of axioms for which canonical properties exist.