Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Information and Computation
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Access control for the web via proof-carrying authorization
Access control for the web via proof-carrying authorization
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Non-Interference in Constructive Authorization Logic
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Access Control in a Core Calculus of Dependency
Electronic Notes in Theoretical Computer Science (ENTCS)
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Linear logic and imperative programming
Linear logic and imperative programming
An Authorization Logic With Explicit Time
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Paralocks: role-based information flow control and beyond
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Distributed programming with distributed authorization
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
We present the design, proof theory and metatheory of a logic for representing and reasoning about authorization policies. A salient feature of the logic, BL, is its support for system state in the form of interpreted predicates, upon which authorization policies often rely. In addition, BL includes Abadi et al.'s “says” connective and explicit time. BL is illustrated through a case study of policies for sharing sensitive information created in the US intelligence community. We discuss design choices in the interaction between state and other features of BL and validate BL's proof theory by proving standard metatheoretic properties like admissibility of cut.