ScholarlyCommons

Title

Permission to Speak: A Logic for Access Control and Conformance

Author(s)

Nikhil Dinesh, University of PennsylvaniaFollow
Aravind Joshi, University of PennsylvaniaFollow
Insup Lee, University of PennsylvaniaFollow
Oleg Sokolsky, University of PennsylvaniaFollow

Date of this Version

2010

Document Type

Journal Article

Recommended Citation

Nikhil Dinesh, Aravind Joshi, Insup Lee, and Oleg Sokolsky, "Permission to Speak: A Logic for Access Control and Conformance", Journal of Logic and Algebraic Programming 80(1), 50-74. January 2010. http://dx.doi.org/10.1016/j.jlap.2009.12.002

Abstract

Formal languages for policy have been developed for access control and conformance checking. In this paper, we describe a formalism that combines features that have been developed for each application. From access control, we adopt the use of a saying operator. From conformance checking, we adopt the use of operators for obligation and permission. The operators are combined using an axiom that permits a principal to speak on behalf of another. The combination yields benefits to both applications. For access control, we overcome the problematic interaction between hand-off and classical reasoning. For conformance, we obtain a characterization of legal power by nesting saying with obligation and permission.

The axioms result in a decidable logic. We integrate the axioms into a logic programming approach, which lets us use quantification in policies while preserving decidability of access control decisions. Conformance checking, in the presence of nested obligations and permissions, is shown to be decidable. Non-interference is characterized using reachability via permitted statements.

Subject Area

CPS Formal Methods

Publication Source

Journal of Logic and Algebraic Programming

Volume

80

Issue

1

Start Page

50

Last Page

74

DOI

10.1016/j.jlap.2009.12.002

Copyright/Permission Statement

NOTICE: This is the author’s version of a work that was accepted for publication in the Journal of Logic and Algebraic Programming. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms, may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in the Journal of Logic and Algebraic Programming, Volume 80, Issue 1, January 2011, DOI: 10.1016/j.jlap.2009.12.002

Keywords

Access control; Conformance; Modal logic; Deontic logic