Skip to main content
SpringerLink
Log in

Variations in Access Control Logic

  • Conference paper
Deontic Logic in Computer Science (DEON 2008)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 5076))

Included in the following conference series:

Abstract

In this paper we investigate the design space of access control logics. Specifically, we consider several possible axioms for the common operator says. Some of the axioms come from modal logic and programming-language theory; others are suggested by ideas from security, such as delegation of authority and the Principle of Least Privilege. We compare these axioms and study their implications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M.: Logic in access control. In: Proceedings of the Eighteenth Annual IEEE Symposium on Logic in Computer Science, pp. 228–233 (2003)

    Google Scholar 

  2. Abadi, M.: Access control in a core calculus of dependency. Electronic Notes in Theoretical Computer Science 172, 5–31 (2007); Computation, Meaning, and Logic: Articles dedicated to Gordon Plotkin

    Article  MathSciNet  Google Scholar 

  3. Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A core calculus of dependency. In: Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pp. 147–160 (January 1999)

    Google Scholar 

  4. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)

    Article  Google Scholar 

  5. Bauer, L., Garriss, S., Reiter, M.K.: Distributed proving in access-control systems. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp. 81–95 (May 2005)

    Google Scholar 

  6. Becker, M.Y., Fournet, C., Gordon, A.D.: Design and semantics of a decentralized authorization language. In: 20th IEEE Computer Security Foundations Symposium, pp. 3–15 (2007)

    Google Scholar 

  7. Cardelli, L.: Type systems. In: Tucker, A.B. (ed.) The Computer Science and Engineering Handbook, ch.103, pp. 2208–2236. CRC Press, Boca Raton (1997)

    Google Scholar 

  8. Cirillo, A., Jagadeesan, R., Pitcher, C., Riely, J.: Do as I SaY! programmatic access control with explicit identities. In: 20th IEEE Computer Security Foundations Symposium, pp. 16–30 (July 2007)

    Google Scholar 

  9. DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 105–113 (May 2002)

    Google Scholar 

  10. Fairtlough, M., Mendler, M.: Propositional lax logic. Information and Computation 137(1), 1–33 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  11. Fournet, C., Gordon, A.D., Maffeis, S.: A type discipline for authorization in distributed systems. In: 20th IEEE Computer Security Foundations Symposium, pp. 31–45 (2007)

    Google Scholar 

  12. Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: 19th IEEE Computer Security Foundations Workshop, pp. 283–296 (2006)

    Google Scholar 

  13. Girard, J.-Y.: Interprétation Fonctionnelle et Elimination des Coupures de l’Arithmétique d’Ordre Supérieur. Thèse de doctorat d’état, Université Paris VII (June 1972)

    Google Scholar 

  14. Gurevich, Y., Neeman, I.: DKAL: Distributed-knowledge authorization language. Technical Report MSR-TR-2007-116, Microsoft Research (August 2007)

    Google Scholar 

  15. Hughes, G.E., Cresswell, M.J.: An Introduction to Modal Logic. Methuen Inc., New York (1968)

    Google Scholar 

  16. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)

    Article  Google Scholar 

  17. Lampson, B.W.: Protection. In: Proceedings of the 5th Princeton Conference on Information Sciences and Systems, pp. 437–443 (1971)

    Google Scholar 

  18. Lampson, B.W.: Computer security in the real world. IEEE Computer 37(6), 37–46 (2004)

    Google Scholar 

  19. Lesniewski-Laas, C., Ford, B., Strauss, J., Kaashoek, M.F., Morris, R.: Alpaca: extensible authorization for distributed services. In: 14th ACM Conference on Computer and Communications Security, pp. 432–444 (2007)

    Google Scholar 

  20. Li, N., Grosof, B.N., Feigenbaum: Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security 6(1), 128–171 (2003)

    Article  Google Scholar 

  21. Moggi, E.: Notions of computation and monads. Information and Control 93(1), 55–92 (1991)

    MATH  MathSciNet  Google Scholar 

  22. Saltzer, J.H., Schroeder, M.D.: The protection of information in computer system. Proceedings of the IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  23. Tse, S., Zdancewic, S.: Translating dependency into parametricity. Journal of Functional Programming (to appear)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research, University of California, Santa Cruz, Silicon Valley,  

    Martín Abadi

Authors
  1. Martín Abadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Ron van der Meyden Leendert van der Torre

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abadi, M. (2008). Variations in Access Control Logic. In: van der Meyden, R., van der Torre, L. (eds) Deontic Logic in Computer Science. DEON 2008. Lecture Notes in Computer Science(), vol 5076. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70525-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-70525-3_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-70524-6

  • Online ISBN: 978-3-540-70525-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation