Principal-Centric Reasoning in Constructive Authorization Logic
نویسنده
چکیده
We present an authorization logic that is quite similar to constructive modal S4. The logic assumes that principals are conceited in their beliefs. We describe the sequent calculus, Hilbert-style axiomatization, and Kripke semantics of the logic. A distinguishing characteristic of the sequent calculus is that hypothetical reasoning is relativized to beliefs of principals. We prove several meta-theoretic results including cut-elimination, and soundness and completeness for the Kripke semantics.
منابع مشابه
Access control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملFrom Primal Infon Logic with Individual Variables to Datalog
The logic core of Distributed Knowledge Authorization Logic, DKAL, is constructive logic with a quotation construct said. This logic is known as the logic of infons. The primal fragment of infon logic is amenable to linear time decision algorithms when policies and queries are ground. In the presence of policies with variables and implicit universal quantification, but no functions of positive ...
متن کاملAuthorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing (Full Version)
In this paper, we propose a methodology for incremental security policy specification at varying levels of abstraction while maintaining strict equivalence with respect to authorization state. We specifically consider the recently proposed group-centric secure information sharing (g-SIS) domain. The current specification for g-SIS authorization policy is stateless in the sense that it solely fo...
متن کاملAuthorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing
In this paper, we propose a methodology for incremental security policy specification at varying levels of abstraction while maintaining strict equivalence with respect to authorization state. We specifically consider the recently proposed group-centric secure information sharing (g-SIS) domain. The current specification for g-SIS authorization policy is stateless in the sense that it solely fo...
متن کاملReasoning about the Consequences of Authorization Policies in a Linear Epistemic Logic
Authorization policies are not stand-alone objects: they are used to selectively permit actions that change the state of a system. Thus, it is desirable to have a framework for reasoning about the semantic consequences of policies. To this end, we extend a rewriting interpretation of linear logic with connectives for modeling affirmation, knowledge, and possession. To cleanly confine semantic e...
متن کامل