Using first-order logic to reason about policies

@article{Halpern2003UsingFL,
  title={Using first-order logic to reason about policies},
  author={Joseph Y. Halpern and Vicky Weissman},
  journal={16th IEEE Computer Security Foundations Workshop, 2003. Proceedings.},
  year={2003},
  pages={187-201}
}
A policy describes the conditions under which an action is permitted or forbidden. We show that a fragment of (multi-sorted) first-order logic can be used to represent and reason about policies. Because we use first-order logic, policies have a clear syntax and semantics. We show that further restricting the fragment results in a language that is still quite expressive yet is also tractable. More precisely, questions about entailment, such as 'May Alice access the file?', can be answered in… 

Figures from this paper

Reasoning about authorization policies

TLDR
This dissertation uses formal methods to ensure that policies written in certain languages are unambiguous and to provide provably correct algorithms for reasoning about policies, and shows that a fragment of first-order logic can be used to represent and reason about policies.

Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis

  • G. BrunsM. Huth
  • Computer Science
    2008 21st IEEE Computer Security Foundations Symposium
  • 2008
TLDR
This work defines a query language in which policy analysis questions can be phrased, and establishes expressiveness results showing that all data independent policies can be expressed in the policy language.

Formal Reasoning about Fine-Grained Access Control Policies

TLDR
This work proposes a novel, toolsupported methodology, which consists in transforming the aforementioned questions about FGAC policies into satisfiability problems in first-order logic, and reports on the experience using the Z3 Satisfiability Modulo Theory (SMT) solver for automatically checking the satisfiability of the firstorder formulas generated by the tool implementing the methodology.

A simple and expressive semantic framework for policy composition in access control

TLDR
This work defines an access controlpolicy as a four-valued predicate that maps accesses to either grant, deny, conflict, or unspecified, and proposes a basic query language that can reduce important analyses to checks of policy refinement.

Specifying and Reasoning About Dynamic Access-Control Policies

TLDR
This work describes the subtle interplay between logical and state-based methods, particularly in the presence of three-valued policies, and defines a notion of policy equivalence that is especially useful for modular reasoning.

Towards a Policy Language for Humans and Computers

TLDR
Rosetta is a language for reasoning about policies called Rosetta that is essentially a fragment of English, and it can prove whether a permission follows from a set of Rosetta policies in polynomial time.

Sophisticated Access Control via SMT and Logical Frameworks

TLDR
By leveraging the programmability of the underlying logical framework, the system provides exceptionally flexible ways of resolving conflicts and composing policies, and shows that the system subsumes FIA (Fine-grained Integration Algebra), an algebra recently developed for the purpose of integrating complex policies.

Access control policy combining: theory meets practice

TLDR
A policy combining language PCL, which can succinctly and precisely express a variety of PCAs, which is based on automata theory and linear constraints, and is more expressive than existing approaches.

A logic for state-modifying authorization policies

TLDR
A logic for specifying policies where access requests can have effects on the authorization state is presented, which gives rise to a goal-oriented algorithm for finding minimal sequences that lead to a specified target authorization state.

A Formal Framework for Policy Analysis

TLDR
A formal, logical framework for the representation and analysis of an expressive class of authorization and obligation policies, using a species of abductive, constraint logic programming to analyse for the holding of a number of interesting properties of policies.
...

References

SHOWING 1-10 OF 120 REFERENCES

Towards a Policy Language for Humans and Computers

TLDR
Rosetta is a language for reasoning about policies called Rosetta that is essentially a fragment of English, and it can prove whether a permission follows from a set of Rosetta policies in polynomial time.

A Logic Programming Approach to Conflict Resolution in Policy Management

TLDR
A framework for detecting action connicts and nding resolutions to these connicts is introduced, axiomatically using logic programs, in which policies are formulated as sets of ECA rules.

A logic for reasoning about security

TLDR
A formal framework for specifying and reasoning about security policies, and for verifying that system designs adhere to such policies, is developed and the combination of policies is addressed.

Understanding SPKI/SDSI using first-order logic

TLDR
It is proved that the FOL semantics of SPKI/SDSI is equivalent to the string rewriting semantics used by SDSI designers, for all queries associated with the rewriting semantics.

An access control model supporting periodicity constraints and temporal reasoning

TLDR
An access control model in which periodic temporal intervals are associated with authorizations is presented, which provides a high degree of flexibility and supports the specification of several protection requirements that cannot be expressed in traditional access control models.

Delegation logic: A logic-based approach to distributed authorization

TLDR
D1LP provides a concept of proof-of-compliance that is founded on well-understood principles of logic programming and knowledge representation, and provides a logical framework for studying delegation.

Permissions and Obligations

TLDR
A language for describing actions is developed, and the concepts of permission and obligation are defined in terms of these action descriptions, from which a number of intuitively plausible inferences are derived.

A logical reconstruction of SPKI

TLDR
This work shows how a Logic of Local Name Containment that has a clear semantics and was shown to completely characterize SDSI name resolution can be extended to deal with a number of key features of SPKI, including revocation, expiry dates, and tuple reduction.

DATALOG with Constraints: A Foundation for Trust Management Languages

TLDR
The class of linearly decomposable unary constraint domains are defined, it is proved that DATALOG extended with constraints in any combination of such constraint domains is tractable, and it is shown that permissions associated with structured resources fall into this class.

Flexible support for multiple access control policies

TLDR
A unified framework that can enforce multiple access control policies within a single system and be enforced by the same security server is presented, based on a language through which users can specify security policies to be enforced on specific accesses.
...