An Authorization Logic With Explicit Time

DeYoung, Henry; Garg, Deepak; Pfenning, Frank

doi:10.1109/csf.2008.15

Cited by 24 publications

(8 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our approach requires small and relatively straightforward changes to the inference rules of a logic, and we believe would be applicable to a variety of logics other than the one we showed here. Recently, various new authorization logics have been developed [16], [13], [15]. We plan to investigate general principles and methods for extending the syntax and proof rules of different logics with constraints in a manner similar to what we have shown in this paper.…”

Section: Discussion and Future Workmentioning

confidence: 99%

“…We first define context to be a list of formulas and constraint formulas (lines 2-5), and then define operations on the context, e.g., for looking up a formula (lines 7-8). Next, we define logical connectives (lines [10][11][12][13][14]. Finally, we define the set of sequent rules.…”

Section: Related Workmentioning

confidence: 99%

“…These efforts resulted in various firstorder classical logics, each of which describes a comprehensive but not exhaustive set of useful access-control scenarios [5], [18], [24], [25], and more powerful higher-order logics that served as a tool for defining simpler, applicationspecific ones [4], [6], [23]. Researchers have recently started to examine constructive authorization logics [16], about which they have proved meta-properties such as soundness and non-interference, as well as logics that reason about linearity and time [15], [13].…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Constraining Credential Usage in Logic-Based Access Control

Bauer

Jia

Sharma

2010

2010 23rd IEEE Computer Security Foundations Symposium

View full text Add to dashboard Cite

Abstract-Authorization logics allow concise specification of flexible access-control policies, and are the basis for logic-based access-control systems. In such systems, resource owners issue credentials to specify policies, and the consequences of these policies are derived using logical inference rules. Proofs in authorization logics can serve as capabilities for gaining access to resources.Because a proof is derived from a set of credentials possibly issued by different parties, the issuer of a specific credential may not be aware of all the proofs that her credential may make possible. From this credential issuer's standpoint, the policy expressed in her credential may thus have unexpected consequences. To solve this general problem, we propose a system in which credentials can specify constraints on how they are to be used. We show how to modularly extend wellstudied authorization logics to support the specification and enforcement of such constraints. A novelty of our design is that we allow the constraints to be arbitrary well-behaved functions over authorization proofs. Since all the information about an access is contained in the proofs, this makes it possible to express many interesting constraints. We study the formal properties of such a system, and give examples of constraints.

show abstract

Section: Discussion and Future Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Constraining Credential Usage in Logic-Based Access Control

Bauer

Jia

Sharma

2010

2010 23rd IEEE Computer Security Foundations Symposium

View full text Add to dashboard Cite

show abstract

“…Temporal extensions of our logics, e.g. like [18], will allow to check whether a promise is violated in a given trace (e.g. the deadline passed).…”

Section: Related Workmentioning

confidence: 99%

A Calculus of Contracting Processes

Bartoletti

Zunino

2010

2010 25th Annual IEEE Symposium on Logic in Computer Science

123

View full text Add to dashboard Cite

We propose a formal theory of contract-based computing. We model contracts as formulae in an intuitionistic logic extended with a "contractual" form of implication. Decidability holds for our logic: this allows us to mechanically infer the rights and the duties deriving from any set of contracts. We embed our logic in a core calculus of contracting processes, which combines features from concurrent constraints and calculi for multiparty sessions, while subsuming several idioms for concurrency.

show abstract

“…To clearly specify access-control policies and reason about them formally, researchers have developed authorization logics [5,11,13,1,2]. In logic-based access-control systems, logical proofs constructed using access-control policies serve as capabilities for accessing resources.…”

Section: Introductionmentioning

confidence: 99%

Encoding information flow in AURA

Jia

Zdancewic

2009

SIGPLAN Not.

View full text Add to dashboard Cite

Two of the main ways to protect security-sensitive resources in computer systems are to enforce access-control policies and information-flow policies. In this paper, we show how to enforce information-flow policies in AURA, which is a programming language for access control. When augmented with this mechanism for enforcing information-flow polices, AURA can further improve the security of reference monitors that implement access control.We show how to encode security types and lattices of security labels using AURA's existing constructs for authorization logic. We prove a noninterference theorem for this encoding. We also investigate how to use expressive accesscontrol policies specified in authorization logic as the policies for information declassification.

show abstract

An Authorization Logic With Explicit Time

Cited by 24 publications

References 30 publications

Constraining Credential Usage in Logic-Based Access Control

Constraining Credential Usage in Logic-Based Access Control

A Calculus of Contracting Processes

Encoding information flow in AURA

Contact Info

Product

Resources

About