Skip to main content
SpringerLink
Log in

Labeled Goal-Directed Search in Access Control Logic

  • Conference paper
Security and Trust Management (STM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7783))

Included in the following conference series:

Abstract

We describe a sound, complete, and terminating procedure for goal-directed proof search in \(\text{BL}_{\text{sf}}^{\textsf{G}}\), an expressive fragment of a recently presented access control logic, BLsf. \(\text{BL}_{\text{sf}}^{\textsf{G}}\) is more expressive than many other Datalog-based access control logics that also have very efficient decision procedures, and our search procedure finds proofs of authorization quickly in practice. We also extend our search procedure to find missing credentials when a requested authorization does not hold and discuss an implementation of our techniques in an extension of the Unix file synchronization program rsync.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M.: Logic in access control. In: Proceedings of the IEEE Symposium on Logic in Computer Science (LICS), pp. 228–233 (2003)

    Google Scholar 

  2. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems (TOPLAS) 15(4), 706–734 (1993)

    Article  Google Scholar 

  3. Avijit, K., Datta, A., Harper, R.: Distributed programming with distributed authorization. In: Proceedings of the ACM SIGPLAN Workshop on Types in Language Design and Implementation (TLDI), pp. 27–38 (2010)

    Google Scholar 

  4. Bauer, L.: Access Control for the Web via Proof-Carrying Authorization. Ph.D. thesis, Princeton University (2003)

    Google Scholar 

  5. Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J., Rutenbar, P.: Device-enabled authorization in the grey system. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 431–445. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: Design and semantics of a decentralized authorization language. Journal of Computer Security 18(4), 619–665 (2010)

    Google Scholar 

  7. Becker, M.Y., Russo, A., Sultana, N.: Foundation of logic-based trust management. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 161–175 (2012)

    Google Scholar 

  8. DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 105–113 (2002)

    Google Scholar 

  9. Garg, D.: Proof Theory for Authorization Logic and Its Application to a Practical File System. Ph.D. thesis, Carnegie Mellon University (2009)

    Google Scholar 

  10. Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW), pp. 283–293 (2006)

    Google Scholar 

  11. Garg, D., Pfenning, F.: A proof-carrying file system. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 349–364 (2010)

    Google Scholar 

  12. Genovese, V., Rispoli, D., Gabbay, D.M., van der Torre, L.: Modal access control logic: Axiomatization, semantics and FOL theorem proving. In: Proceedings of the Fifth Starting AI Researchers’ Symposium (STAIRS), pp. 114–126 (2010)

    Google Scholar 

  13. Genovese, V., Garg, D., Rispoli, D.: Labeled goal-directed search in access control logic (2012), Technical Report. Online at http://www.mpi-sws.org/~dg/

  14. Genovese, V., Garg, D., Rispoli, D.: Labeled sequent calculi for access control logics: Countermodels, saturation and abduction. In: Proceedings of the 25th IEEE Symposium on Computer Security Foundations (CSF), pp. 139–153 (2012)

    Google Scholar 

  15. Gurevich, Y., Neeman, I.: Logic of infons: The propositional case. ACM Transactions on Programming Languages and Systems (TOPLAS) 12(2) (2011)

    Google Scholar 

  16. Jia, L., Vaughan, J.A., Mazurak, K., Zhao, J., Zarko, L., Schorr, J., Zdancewic, S.: Aura: A programming language for authorization and audit. In: Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP), pp. 27–38 (2008)

    Google Scholar 

  17. Miller, D., Nadathur, G., Pfenning, F., Scedrov, A.: Uniform proofs as a foundation for logic programming. Annals of Pure and Applied Logic 51, 125–157 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  18. Negri, S.: Proof analysis in modal logic. Journal of Philosophical Logic 34, 507–544 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  19. Pimlott, A., Kiselyov, O.: Soutei, a logic-based trust-management system. In: Hagiya, M. (ed.) FLOPS 2006. LNCS, vol. 3945, pp. 130–145. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  20. Schneider, F.B., Walsh, K., Sirer, E.G.: Nexus Authorization Logic (NAL): Design rationale and applications. ACM Transactions on Information and System Security (TISSEC) 14(1), 1–28 (2011)

    Article  Google Scholar 

  21. Swamy, N., Chen, J., Fournet, C., Strub, P.Y., Bhargavan, K., Yang, J.: Secure distributed programming with value-dependent types. In: Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP), pp. 266–278 (2011)

    Google Scholar 

  22. Viganò, L.: A framework for non-classical logics. Ph.D. thesis, Universität des Saarlandes (1997), also available as the book Labelled non-classical logics. Springer (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Luxembourg, Luxembourg

    Valerio Genovese

  2. University of Torino, Torino, Italy

    Valerio Genovese & Daniele Rispoli

  3. MPI-SWS, Kaiserslautern and Saarbrücken, Germany

    Deepak Garg

Authors
  1. Valerio Genovese
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Deepak Garg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniele Rispoli
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, University of Oslo, P.O.Box 1080, 0316, Blindern, Oslo, Norway

    Audun Jøsang

  2. Dipartimento di Informatica, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, CR, Italy

    Pierangela Samarati

  3. National Research Center(CNR), Institute of Informatics and Telematics(IIT), Via G. Moruzzi, 1, 56124, Pisa, Italy

    Marinella Petrocchi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Genovese, V., Garg, D., Rispoli, D. (2013). Labeled Goal-Directed Search in Access Control Logic. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds) Security and Trust Management. STM 2012. Lecture Notes in Computer Science, vol 7783. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38004-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38004-4_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38003-7

  • Online ISBN: 978-3-642-38004-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation