On the Complexity of Linear Authorization Logics

Linear authorization logics (LAL) are logics based on linear logic that can be used for modeling effect-based authentication policies. LAL has been used in the context of the Proof-Carrying Authorization framework, where formal proofs are constructed in order for a principal to gain access to some resource elsewhere. This paper investigates the complexity of the provability problem, that is, determining whether a linear authorization logic formula is provable or not. We show that the multiplicative propositional fragment of LAL is already undecidable in the presence of two principals. On the other hand, we also identify a first-order fragment of LAL for which provability is PSPACE-complete. Finally, we argue by example that the latter fragment is natural and can be used in practice.

[1]  Max I. Kanovich,et al.  Bounded memory Dolev-Yao adversaries in collaborative systems , 2014, Inf. Comput..

[2]  Max I. Kanovich,et al.  Policy Compliance in Collaborative Systems , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[3]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[4]  Andre Scedrov,et al.  Relating state-based and process-based concurrency through linear logic (full-version) , 2009, Inf. Comput..

[5]  Max I. Kanovich,et al.  Collaborative Planning with Confidentiality , 2011, Journal of Automated Reasoning.

[6]  Martín Abadi Logic in Access Control (Tutorial Notes) , 2009, FOSAD.

[7]  M. Minsky Recursive Unsolvability of Post's Problem of "Tag" and other Topics in Theory of Turing Machines , 1961 .

[8]  Dale Miller,et al.  Algorithmic specifications in linear logic with subexponentials , 2009, PPDP '09.

[9]  Patrick Lincoln,et al.  Linear logic , 1992, SIGA.

[10]  John C. Mitchell,et al.  Multiset rewriting and the complexity of bounded security protocols , 2004, J. Comput. Secur..

[11]  Martín Abadi,et al.  A Modal Deconstruction of Access Control Logics , 2008, FoSSaCS.

[12]  Lujo Bauer,et al.  Consumable Credentials in Linear-Logic-Based Access-Control Systems , 2007, NDSS.

[13]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[14]  Kaustuv Chaudhuri,et al.  On the Expressivity of Two Refinements of Multiplicative Exponential Linear Logic , 2009 .

[15]  F. Pfenning,et al.  Reasoning about the Consequences of Authorization Policies in a Linear Epistemic Logic , 2009 .

[16]  Bruno Guillaume,et al.  Vector addition tree automata , 2004, LICS 2004.

[17]  Michael Mendler,et al.  Propositional Lax Logic , 1997, Inf. Comput..

[18]  Lujo Bauer,et al.  A Linear Logic of Authorization and Knowledge , 2006, ESORICS.

[19]  Dale Miller,et al.  A formal framework for specifying sequent calculus proof systems , 2013, Theor. Comput. Sci..

[20]  Frank Pfenning,et al.  Non-interference in constructive authorization logic , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[21]  Bruno Guillaume,et al.  Vector addition tree automata , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[22]  Walter J. Savitch,et al.  Relationships Between Nondeterministic and Deterministic Tape Complexities , 1970, J. Comput. Syst. Sci..

[23]  Vincent Danos,et al.  The Structure of Exponentials: Uncovering the Dynamics of Linear Logic Proofs , 1993, Kurt Gödel Colloquium.