A framework for linear authorization logics

Abstract Linear authorization logics (LALs) are logics based on linear logic that can be used for modeling effect-based authentication policies. LALs have been used in the context of the Proof-Carrying Authorization framework, where formal proofs must be constructed in order for a principal to gain access to some resource elsewhere. This paper investigates the complexity of the provability problem, that is, determining whether a formula is provable in a linear authorization logic. We show that the multiplicative propositional fragment of LAL is already undecidable in the presence of two principals. On the other hand, we also identify a first-order fragment of LAL for which provability is PSPACE-complete. Finally, we argue by example that the latter fragment is natural and can be used in practice.

[1]  Lujo Bauer,et al.  Consumable Credentials in Linear-Logic-Based Access-Control Systems , 2007, NDSS.

[2]  Martín Abadi,et al.  A Modal Deconstruction of Access Control Logics , 2008, FoSSaCS.

[3]  Narciso Martí-Oliet,et al.  The Maude System , 1999, RTA.

[4]  Vincent Danos,et al.  The Structure of Exponentials: Uncovering the Dynamics of Linear Logic Proofs , 1993, Kurt Gödel Colloquium.

[5]  Max I. Kanovich,et al.  Bounded memory Dolev-Yao adversaries in collaborative systems , 2014, Inf. Comput..

[6]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[7]  Max I. Kanovich,et al.  Policy Compliance in Collaborative Systems , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[8]  Elaine Pimentel,et al.  An extended framework for specifying and reasoning about proof systems , 2016, J. Log. Comput..

[9]  Carolyn L. Talcott,et al.  A Rewriting Framework for Activities Subject to Regulations , 2012, RTA.

[10]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[11]  Elaine Pimentel,et al.  A General Proof System for Modalities in Concurrent Constraint Programming , 2013, CONCUR.

[12]  Andre Scedrov,et al.  Relating state-based and process-based concurrency through linear logic (full-version) , 2009, Inf. Comput..

[13]  JEAN-MARC ANDREOLI,et al.  Logic Programming with Focusing Proofs in Linear Logic , 1992, J. Log. Comput..

[14]  Max I. Kanovich,et al.  Collaborative Planning with Confidentiality , 2011, Journal of Automated Reasoning.

[15]  F. Pfenning,et al.  Reasoning about the Consequences of Authorization Policies in a Linear Epistemic Logic , 2009 .

[16]  Frank Pfenning,et al.  Non-interference in constructive authorization logic , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[17]  Bruno Guillaume,et al.  Vector addition tree automata , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[18]  John C. Mitchell,et al.  Multiset rewriting and the complexity of bounded security protocols , 2004, J. Comput. Secur..

[19]  M. Nivat Fiftieth volume of theoretical computer science , 1988 .

[20]  Michael Mendler,et al.  Propositional Lax Logic , 1997, Inf. Comput..

[21]  Martín Abadi Access Control in a Core Calculus of Dependency , 2007, Electron. Notes Theor. Comput. Sci..

[22]  Dale Miller,et al.  Algorithmic specifications in linear logic with subexponentials , 2009, PPDP '09.

[23]  Natarajan Shankar,et al.  Decision problems for propositional linear logic , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[24]  Patrick Lincoln,et al.  Linear logic , 1992, SIGA.

[25]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[26]  Dale Miller,et al.  From Proofs to Focused Proofs: A Modular Proof of Focalization in Linear Logic , 2007, CSL.

[27]  Deepak Garg Principal-Centric Reasoning in Constructive Authorization Logic , 2009 .

[28]  Martín Abadi Logic in Access Control (Tutorial Notes) , 2009, FOSAD.

[29]  M. Minsky Recursive Unsolvability of Post's Problem of "Tag" and other Topics in Theory of Turing Machines , 1961 .

[30]  Peter Schroeder-Heister,et al.  Rules of definitional reflection , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[31]  Max I. Kanovich,et al.  Bounded Memory Protocols and Progressing Collaborative Systems , 2013, ESORICS.

[32]  Frank Pfenning,et al.  A judgmental reconstruction of modal logic , 2001, Mathematical Structures in Computer Science.

[33]  Dale Miller,et al.  Focusing and Polarization in Intuitionistic Logic , 2007, CSL.

[34]  Lujo Bauer,et al.  A Linear Logic of Authorization and Knowledge , 2006, ESORICS.

[35]  Dale Miller,et al.  A formal framework for specifying sequent calculus proof systems , 2013, Theor. Comput. Sci..

[36]  Elaine Pimentel,et al.  Specifying Proof Systems in Linear Logic with Subexponentials , 2010, LSFA.

[37]  Helmut Schwichtenberg,et al.  Basic proof theory , 1996, Cambridge tracts in theoretical computer science.

[38]  Vivek Nigam On the Complexity of Linear Authorization Logics , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[39]  Vivek Nigam,et al.  Exploiting non-canonicity in the sequent calculus , 2009 .

[40]  Kaustuv Chaudhuri,et al.  On the Expressivity of Two Refinements of Multiplicative Exponential Linear Logic , 2009 .

[41]  Walter J. Savitch,et al.  Relationships Between Nondeterministic and Deterministic Tape Complexities , 1970, J. Comput. Syst. Sci..

[42]  Dale Miller,et al.  A Framework for Proof Systems , 2010, Journal of Automated Reasoning.