DKAL 2 — A Simplified and Improved Authorization Language

Knowledge and information are central notions in DKAL, a logic based authorization language for decentralized systems, the most expressive among such languages in the literature. Pieces of information are called infons. Here we present DKAL 2, a surprisingly simpler version of the language that expresses new important scenarios (in addition to the old ones) and that is built around a natural logic of infons. Trust became definable, and its properties, postulated earlier as DKAL house rules, are now proved. In fact, none of the house rules postulated earlier is now needed. We identify also a most practical fragment of DKAL where the query derivation problem is solved in linear time. Note (added on May 11, 2009) In the meantime, we made the following notational changes. 1. Function put of type Info→Speech is renamed to implied. The new notation makes it obvious that (p implied x) is weaker than (p said x). 2. The conjunction of infons x, y is denoted as x∧y rather than x+y. While the latter notation made sense in the original algebraic approach, it is not natural in the logic approach.

[1]  Robert Paige,et al.  Using Multiset Discrimination to Solve Language Processing Problems Without Hashing , 1995, Theor. Comput. Sci..

[2]  P. Gács,et al.  Algorithms , 1992 .

[3]  Sebastian Nanz,et al.  The Role of Abduction in Declarative Authorization Policies , 2008, PADL.

[4]  G. Mints A Short Introduction to Intuitionistic Logic , 2000 .

[5]  Saul A. Kripke,et al.  Semantical Analysis of Intuitionistic Logic I , 1965 .

[6]  Yuri Gurevich,et al.  Operational Semantics for DKAL: Application and Analysis , 2009, TrustBus.

[7]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[8]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[9]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[10]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[11]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[13]  Yuri Gurevich,et al.  DKAL: Distributed-Knowledge Authorization Language , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[14]  Jean Bacon,et al.  Access Control in Distributed Systems , 2004 .

[15]  Richard Statman,et al.  Intuitionistic Propositional Logic is Polynomial-Space Complete , 1979, Theor. Comput. Sci..

[16]  Y. Gurevich,et al.  The Infon Logic , 2009 .

[17]  Andreas Blass,et al.  Two Forms of One Useful Logic: Existential Fixed Point Logic and Liberal Datalog , 2008, Bull. EATCS.

[18]  Ninghui Li,et al.  Beyond proof-of-compliance: safety and availability analysis in trust management , 2003, 2003 Symposium on Security and Privacy, 2003..

[19]  Martín Abadi,et al.  Towards a Declarative Language and System for Secure Networking , 2007, NetDB.