New modalities for access control logics: permission, control and ratification

Authors:
Valerio Genovese;Deepak Garg
Affiliations:
University of Luxembourg, Luxembourg,University of Torino, Italy;Max Planck Institute for Software Systems, Germany
Venue:
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Year:
2011

Citing 16
Cited 2

Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
Authentication in the Taos operating system

ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Labelled deduction

Labelled deduction
Logic in Access Control

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Access control for the web via proof-carrying authorization

Access control for the web via proof-carrying authorization
Non-Interference in Constructive Authorization Logic

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Variations in Access Control Logic

DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
Logic in Access Control (Tutorial Notes)

Foundations of Security Analysis and Design V
A modal deconstruction of access control logics

FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
SecPAL: Design and semantics of a decentralized authorization language

Journal of Computer Security - Digital Identity Management (DIM 2007)
A Proof-Carrying File System

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
A constructive conditional logic for access control: a preliminary report

Proceedings of the 2010 conference on ECAI 2010: 19th European Conference on Artificial Intelligence
Logic of infons: The propositional case

ACM Transactions on Computational Logic (TOCL)
Nexus authorization logic (NAL): Design rationale and applications

ACM Transactions on Information and System Security (TISSEC)
A conditional constructive logic for access control and its sequent calculus

TABLEAUX'11 Proceedings of the 20th international conference on Automated reasoning with analytic tableaux and related methods
Device-enabled authorization in the grey system

ISC'05 Proceedings of the 8th international conference on Information Security

Logics for security and privacy

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Noninterference in a predicative polymorphic calculus for access control

Computer Languages, Systems and Structures

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a new modal access control logic, ACL+, to specify, reason about and enforce access control policies. The logic includes new modalities for permission, control, and ratification to overcome some limits of current access control logics. We present a Hilbert-style proof system for ACL+ and a sound and complete Kripke semantics for it. We exploit the Kripke semantics to define Seq-ACL+: a sound, complete and cut-free sequent calculus for ACL+, implying that ACL+ is at least semi-decidable. We point at a Prolog implementation of Seq-ACL+ and discuss possible extensions of ACL+ with axioms for subordination between principals.