4 research outputs found
Belief Semantics of Authorization Logic
Authorization logics have been used in the theory of computer security to
reason about access control decisions. In this work, a formal belief semantics
for authorization logics is given. The belief semantics is proved to subsume a
standard Kripke semantics. The belief semantics yields a direct representation
of principals' beliefs, without resorting to the technical machinery used in
Kripke semantics. A proof system is given for the logic; that system is proved
sound with respect to the belief and Kripke semantics. The soundness proof for
the belief semantics, and for a variant of the Kripke semantics, is mechanized
in Coq
Model Checking Social Network Models
A social network service is a platform to build social relations among people
sharing similar interests and activities. The underlying structure of a social
networks service is the social graph, where nodes represent users and the arcs
represent the users' social links and other kind of connections. One important
concern in social networks is privacy: what others are (not) allowed to know
about us. The "logic of knowledge" (epistemic logic) is thus a good formalism
to define, and reason about, privacy policies. In this paper we consider the
problem of verifying knowledge properties over social network models (SNMs),
that is social graphs enriched with knowledge bases containing the information
that the users know. More concretely, our contributions are: i) We prove that
the model checking problem for epistemic properties over SNMs is decidable; ii)
We prove that a number of properties of knowledge that are sound w.r.t. Kripke
models are also sound w.r.t. SNMs; iii) We give a satisfaction-preserving
encoding of SNMs into canonical Kripke models, and we also characterise which
Kripke models may be translated into SNMs; iv) We show that, for SNMs, the
model checking problem is cheaper than the one based on standard Kripke models.
Finally, we have developed a proof-of-concept implementation of the
model-checking algorithm for SNMs.Comment: In Proceedings GandALF 2017, arXiv:1709.0176
First-Order Logic for Flow-Limited Authorization
We present the Flow-Limited Authorization First-Order Logic (FLAFOL), a logic
for reasoning about authorization decisions in the presence of information-flow
policies. We formalize the FLAFOL proof system, characterize its
proof-theoretic properties, and develop its security guarantees. In particular,
FLAFOL is the first logic to provide a non-interference guarantee while
supporting all connectives of first-order logic. Furthermore, this guarantee is
the first to combine the notions of non-interference from both authorization
logic and information-flow systems. All theorems in this paper are proven in
Coq.Comment: Coq code can be found at https://github.com/FLAFOL/flafol-co