An Authorization Logic With Explicit Time

We present an authorization logic that permits reasoning with explicit time. Following a proof-theoretic approach, we study the meta-theory of the logic, including cut elimination. We also demonstrate formal connections to proof-carrying authorization's existing approach for handling time and comment on the enforceability of our logic in the same framework. Finally, we illustrate the expressiveness of the logic through examples, including those with complex interactions between time, authorization, and mutable state.

[1]  Frank Pfenning,et al.  Logic: An Authorization Logic with Explicit Time , 2008 .

[2]  Max I. Kanovich,et al.  Specifying Real-Time Finite-State Systems in Linear Logic , 1998, COTIC.

[3]  Zohar Manna,et al.  Reasoning in Interval Temporal Logic , 1983, Logic of Programs.

[4]  P. Martin-Lof,et al.  ON THE MEANINGS OF THE LOGICAL CONSTANTS AND THE JUSTIFICATIONS OF THE LOGICAL LAWS(Logic and the Foundations of Mathematics) , 1986 .

[5]  Frank Pfenning,et al.  Non-interference in constructive authorization logic , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[6]  Limin Jia Linear logic and imperative programming , 2008 .

[7]  Rohit Chadha,et al.  A Hybrid Intuitionistic Logic: Semantics and Decidability , 2006, J. Log. Comput..

[8]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[9]  G. Gentzen Untersuchungen über das logische Schließen. I , 1935 .

[10]  Benjamin C. Pierce,et al.  Local type inference , 2000, TOPL.

[11]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[12]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[13]  Michael J. Maher,et al.  Constraint Logic Programming: A Survey , 1994, J. Log. Program..

[14]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[15]  Thom W. Frühwirth,et al.  Temporal Annotated Constraint Logic Programming , 1996, J. Symb. Comput..

[16]  Patrick Blackburn,et al.  Representation, Reasoning, and Relational Structures: a Hybrid Logic Manifesto , 2000, Log. J. IGPL.

[17]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[18]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[19]  Bor-Yuh Evan Chang,et al.  A judgmental analysis of linear logic , 2003 .

[20]  M. E. Szabo,et al.  The collected papers of Gerhard Gentzen , 1969 .

[21]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[22]  Frank Pfenning,et al.  Using Constrained Intuitionistic Linear Logic for Hybrid Robotic Planning Problems , 2007, Proceedings 2007 IEEE International Conference on Robotics and Automation.

[23]  Frank Pfenning,et al.  A judgmental reconstruction of modal logic , 2001, Mathematical Structures in Computer Science.

[24]  Andrew W. Appel,et al.  Access control for the web via proof-carrying authorization , 2003 .

[25]  J. Van Leeuwen,et al.  Handbook of theoretical computer science - Part A: Algorithms and complexity; Part B: Formal models and semantics , 1990 .

[26]  Rick Reed,et al.  SDL 2001: Meeting UML , 2001, Lecture Notes in Computer Science.

[27]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[28]  Oleg Kiselyov,et al.  Soutei, a Logic-Based Trust-Management System , 2006, FLOPS.

[29]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[30]  Lujo Bauer,et al.  A Linear Logic of Authorization and Knowledge , 2006, ESORICS.

[31]  Access control in a core calculus of dependency , 2006, ICFP '06.

[32]  Jason Reed Hybridizing a Logical Framework , 2007, Electron. Notes Theor. Comput. Sci..

[33]  Robert Tappan Morris,et al.  Alpaca: extensible authorization for distributed services , 2007, CCS '07.

[34]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[35]  Patrick Lincoln,et al.  Linear logic , 1992, SIGA.

[36]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[37]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[38]  Lujo Bauer,et al.  Distributed proving in access-control systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[39]  Jerry den Hartog,et al.  Audit-based compliance control , 2007, International Journal of Information Security.

[40]  Lujo Bauer,et al.  Device-Enabled Authorization in the Grey System ¶ , 2006 .

[41]  Joxan Jaffar,et al.  Constraint logic programming , 1987, POPL '87.

[42]  Frank Pfenning,et al.  Efficient resource management for linear logic proof search , 1996, Theor. Comput. Sci..

[43]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[44]  Michael Mendler,et al.  Propositional Lax Logic , 1997, Inf. Comput..

[45]  Kevin D. Bowers,et al.  Consumable Credentials in Logic-Based Access-Control Systems , 2006 .

[46]  Lujo Bauer,et al.  Consumable Credentials in Linear-Logic-Based Access-Control Systems , 2007, NDSS.

[47]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[48]  Martín Abadi,et al.  Explicit substitutions , 1989, POPL '90.

[49]  Limin Jia,et al.  Evidence-Based Audit , 2008, 2008 21st IEEE Computer Security Foundations Symposium.