Results 1  10
of
13
SecurityTyped Programming within DependentlyTyped Programming
"... Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensi ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensitive resource to be accompanied by a proof. The securitytyped languages described in the literature, such as Aura and PCML5, have been presented as new, standalone language designs. In this paper, we instead show how to embed a securitytyped programming language within an existing dependently typed programming language, Agda. This languagedesign strategy allows us to inherit both the metatheoretic results, such as type safety, and the implementation of the host language. Our embedding consists of the following ingredients: First, we represent the syntax and proofs of an authorization logic, Garg and Pfenning’s BL0, using dependent types. Second, we implement a proof search procedure, based on a focused sequent calculus, to ease the burden of constructing proofs. Third, we define an indexed monad of computations on behalf of a principal, with proofcarrying primitive operations. Our work shows that a dependently typed language can be used to prototype a securitytyped language, and contributes to the growing body of literature on using dependently typed languages to construct domainspecific type systems. 1
Reasoning about the consequences of authorization policies in a linear epistemic logic
, 2009
"... Authorization policies are not standalone objects: they are used to selectively permit actions that change the state of a system. Thus, it is desirable to have a framework for reasoning about the semantic consequences of policies. To this end, we extend a rewriting interpretation of linear logic w ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
Authorization policies are not standalone objects: they are used to selectively permit actions that change the state of a system. Thus, it is desirable to have a framework for reasoning about the semantic consequences of policies. To this end, we extend a rewriting interpretation of linear logic with connectives for modeling affirmation, knowledge, and possession. To cleanly confine semantic effects to the rewrite sequence, we introduce a monad. The result is a richly expressive logic that elegantly integrates policies and their effects. After presenting this logic and its metatheory, we demonstrate its utility by proving properties that relate a simple file system’s policies to their semantic consequences.
Proof search in an authorization logic
, 2009
"... We consider the problem of proof search in an expressive authorization logic that contains a “says ” modality and an ordering on principals. After a description of the proof system for the logic, we identify two fragments that admit complete goaldirected and saturating proof search strategies. A sm ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
We consider the problem of proof search in an expressive authorization logic that contains a “says ” modality and an ordering on principals. After a description of the proof system for the logic, we identify two fragments that admit complete goaldirected and saturating proof search strategies. A smaller fragment is then presented, which supports both goaldirected and saturating search, and has a sound and complete translation to firstorder logic. We conclude with a brief description of our implementation of goaldirected search. This work was supported partially by the iCAST project sponsored by the National Science Council,
Logic in Access Control (Tutorial Notes)
"... Abstract. Access control is central to security in computer systems. Over the years, there have been many efforts to explain and to improve access control, sometimes with logical ideas and tools. This paper is a partial survey and discussion of the role of logic in access control. It considers logic ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract. Access control is central to security in computer systems. Over the years, there have been many efforts to explain and to improve access control, sometimes with logical ideas and tools. This paper is a partial survey and discussion of the role of logic in access control. It considers logical foundations for access control and their applications, in particular in languages for security policies. It focuses on some specific logics and their properties. It is intended as a written counterpart to a tutorial given at the 2009 International School on Foundations of Security Analysis and Design. 1
PrincipalCentric Reasoning in Constructive Authorization Logic
, 2008
"... We present an authorization logic DTL0 that explicitly relativizes reasoning to beliefs of principals. The logic assumes that principals are conceited in their beliefs. We describe the natural deduction system, sequent calculus, Hilbertstyle axiomatization, and Kripke semantics of the logic. We pro ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
We present an authorization logic DTL0 that explicitly relativizes reasoning to beliefs of principals. The logic assumes that principals are conceited in their beliefs. We describe the natural deduction system, sequent calculus, Hilbertstyle axiomatization, and Kripke semantics of the logic. We prove several metatheoretic results including cutelimination, and soundness and completeness for the Kripke semantics. We also present translations from several other authorization logics into DTL0, and describe formal connections between DTL0 and the modal logic constructive S4.
G.L.: A constructive conditional logic for access control: a preliminary report
 Proceedings of ECAI 2010 (19th European Conference on Artificial Intelligence
"... Abstract. We define an Intuitionistic Conditional Logic for Access Control called CICL. The logic CICL is based on a conditional language allowing principals to be defined as arbitrary formulas and it includes few uncontroversial axioms of access control logics. We provide an axiomatization and a Kr ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract. We define an Intuitionistic Conditional Logic for Access Control called CICL. The logic CICL is based on a conditional language allowing principals to be defined as arbitrary formulas and it includes few uncontroversial axioms of access control logics. We provide an axiomatization and a Kripke model semantics for the logic CICL, prove that the axiomatization is sound and complete with respect to the semantics, and define a sound, complete and cutfree labelled sequent calculus for it. 1
Nexus Authorization Logic (NAL): . . .
, 2011
"... Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says ” and “speaks for” operators. NAL enables authorization of access requests to depend on (i) the source ..."
Abstract
 Add to MetaCart
Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says ” and “speaks for” operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a suite of documentviewer applications was implemented to run on the Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts that a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text.
Nexus Authorization Logic (NAL): Design . . .
"... Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics based on “says and “speaksfor” operators, enabling within a single framework request authorization to depend on (i) the sourc ..."
Abstract
 Add to MetaCart
Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics based on “says and “speaksfor” operators, enabling within a single framework request authorization to depend on (i) the source or pedigree of the requester, (ii) the outcome of performing an analysis on the requester, or (iii) the use of trusted software to encapsulate or modify the requester. Prototype documentviewer applications that enforce integrity and confidentiality of document contents—all implemented on the Nexus operating system—illustrate the convenience and expressive power of this approach to authorization.
New Modalities for Access Control Logics: Permission, Control and Ratification
"... Abstract. We present a new modal access control logic, ACL +, to specify, reason about and enforce access control policies. The logic includes new modalities for permission, control, and ratification to overcome some limits of current access control logics. We present a Hilbertstyle proof system fo ..."
Abstract
 Add to MetaCart
Abstract. We present a new modal access control logic, ACL +, to specify, reason about and enforce access control policies. The logic includes new modalities for permission, control, and ratification to overcome some limits of current access control logics. We present a Hilbertstyle proof system for ACL + and a sound and complete Kripke semantics for it. We exploit the Kripke semantics to define SeqACL +: a sound, complete and cutfree sequent calculus for ACL +, implying that ACL + is at least semidecidable. We point at a Prolog implementation of SeqACL + and discuss possible extensions of ACL + with axioms for subordination between principals. 1
of Authorization Policies in a Linear Epistemic Logic
"... Abstract. Authorization policies are not standalone objects: they are used to selectively permit actions that change the state of a system. Thus, it is desirable to have a framework for reasoning about the semantic consequences of policies. To this end, we extend a rewriting interpretation of linea ..."
Abstract
 Add to MetaCart
Abstract. Authorization policies are not standalone objects: they are used to selectively permit actions that change the state of a system. Thus, it is desirable to have a framework for reasoning about the semantic consequences of policies. To this end, we extend a rewriting interpretation of linear logic with connectives for modeling affirmation, knowledge, and possession. To cleanly confine semantic effects to the rewrite sequence, we introduce a monad. The result is a richly expressive logic that elegantly integrates policies and their effects. After presenting this logic and its metatheory, we demonstrate its utility by proving properties that relate a simple file system’s policies to their semantic consequences. 1