Abstract
In this paper we study the applicability of constructive conditional logics as a general framework to define decision procedures in access control logics. To this purpose, we formalize the assertion A says φ, whose intended meaning is that principal A says that φ, as a conditional implication. We introduce \(\textsf{Cond}_{\rm ACL}\), which is a conservative extension of the logic ICL recently introduced by Garg and Abadi. We identify the conditional axioms needed to capture the basic properties of the “says” operator and to provide a proper definition of boolean principals. We provide a Kripke model semantics for the logic and we prove that the axiomatization is sound and complete with respect to the semantics. Moreover, we define a sound, complete, cut-free and terminating sequent calculus for \(\textsf{Cond}_{\rm ACL}\), which allows us to prove that the logic is decidable. We argue for the generality of our approach by presenting canonical properties of some further well known access control axioms. The identification of canonical properties provides the possibility to craft access control logics that adopt any combination of axioms for which canonical properties exist.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M.: Variations in Access Control Logic. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 96–109. Springer, Heidelberg (2008)
Abadi, M., Burrows, M., Lampson, B.W., Plotkin, G.D.: A calculus for access control in distributed systems. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 1–23. Springer, Heidelberg (1992)
Abadi, M., Burrows, M., Lampson, B.W., Plotkin, G.D.: A calculus for access control in distributed systems. ACM Trans. on Progr. Languages and Systems 15(4), 706–734 (1993)
Becker, M.Y., Fournet, C., Gordon, A.D.: Design and semantics of a decentralized authorization language. In: IEEE Comp. Security Foundations Symp (CSF), pp. 3–15 (2007)
Bertolissi, C., Fernández, M., Barker, S.: Dynamic event-based access control as term rewriting. In: Barker, S., Gail-Joon, A. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 96–109. Springer, Heidelberg (2007)
Boella, G., Gabbay, D., Genovese, V., van der Torre, L.: Fibred security language. Studia Logica 92(3), 395–436 (2009)
DeTreville, J.: Binder, a logic-based security language. In: IEEE Symposium on Security and Privacy, pp. 105–113 (2002)
Enderton, H.B.: A Mathematical Introduction to Logic, 2nd edn. Academic Press, New York (2000)
Gabbay, D.M.: Fibring Logics. Oxford University Press, Oxford (1999)
Garg, D.: Principal centric reasoning in constructive authorization logic. In: IMLA (2008)
Garg, D., Abadi, M.: A modal deconstruction of access control logics. In: Amadio, R.M. (ed.) FOSSACS 2008. LNCS, vol. 4962, pp. 216–230. Springer, Heidelberg (2008)
Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: CSFW-19, pp. 283–296 (2006)
Genovese, V., Giordano, L., Gliozzi, V., Pozzato, G.L.: A constructive conditional logic for access control: a preliminary report. In: Proc. of ECAI 2010. Frontiers in Artificial Intelligence and Applications, vol. 215, pp. 1073–1074. IOS Press, Amsterdam (2010)
Genovese, V., Rispoli, D., Gabbay, D.M., van der Torre, L.: Modal Access Control Logic: Axiomatization, Semantics and FOL Theorem Proving. In: Proc. of STAIRS 2010. Frontiers in Artificial Intelligence and Applications, vol. 222, pp. 114–126. IOS Press, Amsterdam (2010)
Gurevich, Y., Roy, A.: Operational semantics for DKAL: Application and analysis. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2009. LNCS, vol. 5695, pp. 149–158. Springer, Heidelberg (2009)
Hudelmaier, J.: An \(\mathcal{O}\)(n log n)-space decision procedure for intuitionistic propositional logic. Journal of Logic and Computation 3(1), 63–75 (1993)
Lampson, B.W., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Trans. on Computer Systems 10(4), 265–310 (1992)
Lesniewski-Laas, C., Ford, B., Strauss, J., Morris, R., Kaashoek, M.F.: Alpaca: extensible authorization for distributed services. In: Proc. of ACM CCS 2007, pp. 432–444 (2007)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)
Negri, S.: Proof analysis in modal logic. J. of Philosophical Logic 34, 507–544 (2005)
Nute, D.: Topics in Conditional Logic. Reidel, Dordrecht (1980)
Olivetti, N., Pozzato, G.L., Schwind, C.B.: A Sequent Calculus and a Theorem Prover for Standard Conditional Logics. ACM Transactions on Computational Logics 8(4) (2007)
Troelstra, A.S., van Dalen, D.: Constructivism in Mathematics: An Introduction (1988)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Genovese, V., Giordano, L., Gliozzi, V., Pozzato, G.L. (2011). A Conditional Constructive Logic for Access Control and Its Sequent Calculus. In: Brünnler, K., Metcalfe, G. (eds) Automated Reasoning with Analytic Tableaux and Related Methods. TABLEAUX 2011. Lecture Notes in Computer Science(), vol 6793. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22119-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-22119-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22118-7
Online ISBN: 978-3-642-22119-4
eBook Packages: Computer ScienceComputer Science (R0)