Computer Security Policies and Deontic Logic

With respect to condentiality, a computer security policy denes what information stored in a computer users have the permission to know. We propose to express these policies with an epistemic and deontic logic. In this context, con-dentiality is dened by the formula KA' ! RA' that could be read \if A knows ' then A should have the permission to know '". We provide a new possible-worlds semantics for the RA operator that depends on the security policy to be modeled. Finally, we express within our framework three examples of security policies.

[1]  Frédéric Cuppens,et al.  A definition of secure dependencies using the logic of security , 1991, Proceedings Computer Security Foundations Workshop IV.

[2]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[3]  Paul F. Syverson The use of logic in the analysis of cryptographic protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  J. Armstrong Knowledge and Belief , 1953 .

[5]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[6]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[7]  M. Sato A Study of Kripke-type Models for Some Modal Logics by Gentzen's Sequential Method , 1977 .

[8]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Pierre Bieber,et al.  A logic of communication in hostile environment , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[10]  Paul F. Syverson Formal semantics for logics of cryptographic protocols , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[11]  Martín Abadi,et al.  Authentication: A Practical Study in Belief and Action , 1988, TARK.

[12]  Teresa F. Lunt Aggregation and inference: facts and fallacies , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[13]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[14]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[15]  Glenn H. MacEwen,et al.  A logic for reasoning about security , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[16]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.