Chao-jing TANG,Zhi-yong LU,Chao FENG

DOI: https://doi.org/10.3969/j.issn.0372-2112.2014.06.022

2014-01-01

Abstract:This paper proposes a logic for verifying security protocols in the computational model ,which can describe the computation and communication actions precisely .We present a cryptographically sound proof system on the logic and can formalize the various security properties for encryption algorithms directly .During the research ,several unsoundness of the formalization with the computational protocol compositional logic in prior work is discovered ,and corresponding solutions are proposed .By proving the security properties for the Needham-Schroeder-Lowe protocol ,the power of the logic is demonstrated .Being different from most of the current verification approaches ,this logic reasons about the security of protocols from the security of cryptographic algorithms forwardly ,and is both easy to use and cryptographically sound .

Jason Crampton,Charles Morisset

DOI: https://doi.org/10.48550/arXiv.1204.2342

2014-07-31

Abstract:There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be specified. In this paper, we develop a formal characterization of the features of an access control model that imposes few restrictions of this nature. Our characterization is intended to be a generic framework for access control, from which we may derive access control models and reason about the properties of those models. In this paper, we consider the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems. XACML, an XML-based language and architecture for attribute-based access control, is neither monotonic nor complete. Using our framework, we define attribute-based access control models, in the style of XACML, that are, respectively, monotonic and complete.

Cryptography and Security,Logic in Computer Science

Chen Zhao,NuerMaimaiti Heilili,Shengping Liu,Zuoquan Lin

2005-01-01

Abstract:Role-Based Access Control (RBAC) has been recognized as a strategy which reduces the cost and complexity of security administration in large-scale networked applications. A general family of RBAC models called RBAC96 was proposed by Sandhu et al. [1], which formally deflnes the relations among user, role and permission using the notion of set membership. Constraints is an important aspect of RBAC, which impose restrictions on acceptable conflgurations of the difierent components of RBAC. Nevertheless, it was discussed informally in the RBAC96 model. There has been some efiorts to present a logical framework for the access control models. Most of these works are based on flrst-order logic or its extensions. However, excessively rich expressiveness may bring on complex computation and confusion. We present a novel formalization of RBAC using a description logic approach. Compared with flrst-order logic, DLs achieve a better tradeofi between the computational complexity of reasoning and the expressiveness of the language. We choose the DL language ALC to represent core and hierarchical RBAC, and ALCQ that extends ALC by qualifled number restrictions to express RBAC constraints, including separation of duty and role cardinality. Based on our logical framework it is feasible to reason about RBAC and check the consistency of RBAC with constraints via a DL reasoner(e.g. RACER).

Peng Liu,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/WI.2005.2

2005-01-01

Abstract:Although several access control policies have been proposed for securing access to resources, they focused on security of distributed environments that were rather static. Nowadays distributed environment becomes open and dynamic. In this paper, we propose a formal language for access control policies in open and dynamic environment. The language is based on description logic program and generalized courteous logic program supporting classical negation, prioritized conflict handling and mutual exclusion constraints. The language allows the specification of positive and negative authorization, privilege delegation and revocation, prioritized conflict resolution and mutual authorization exclusions.

Xin Sun,Xishun Zhao,Livio Robaldo

DOI: https://doi.org/10.1016/j.future.2017.01.028

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:In this paper we study the complexity of deontic logics grounded on norm-based semantics and apply norm-based deontic logic to access control. Four principal norm-based deontic logics have been proposed so far: imperative logic, input/output logic, deontic default logic and deontic defeasible logic. We present the readers that imperative logic is complete for the 2ed level of the polynomial hierarchy and deontic default logic is located in the 3ed level of the polynomial hierarchy. We then show how it is possible to impose restrictions to imperative logic such that the complexity goes down to be tractable, allowing the logic to be used in practical applications. We focus on a specific application: access control.

Roberta Calegari,Giovanni Ciatto,Viviana Mascardi,Andrea Omicini

DOI: https://doi.org/10.1007/s10458-020-09478-3

2020-10-19

Abstract:Abstract Precisely when the success of artificial intelligence (AI) sub-symbolic techniques makes them be identified with the whole AI by many non-computer-scientists and non-technical media, symbolic approaches are getting more and more attention as those that could make AI amenable to human understanding. Given the recurring cycles in the AI history, we expect that a revamp of technologies often tagged as “classical AI”—in particular, logic-based ones—will take place in the next few years. On the other hand, agents and multi-agent systems (MAS) have been at the core of the design of intelligent systems since their very beginning, and their long-term connection with logic-based technologies , which characterised their early days, might open new ways to engineer explainable intelligent systems . This is why understanding the current status of logic-based technologies for MAS is nowadays of paramount importance. Accordingly, this paper aims at providing a comprehensive view of those technologies by making them the subject of a systematic literature review (SLR). The resulting technologies are discussed and evaluated from two different perspectives: the MAS and the logic-based ones.

automation & control systems,computer science, artificial intelligence

Chao Feng,Yuebing Chen,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/iccsit.2010.5565119

2010-01-01

Abstract:This paper presents a logic for signature-based security protocols. We propose an object-oriented model for the execution of security protocols, where protocol roles are modeled as classes and the programs executed by them are modeled as member functions. Unlike most of the formal verification logics, our logic is closer to the cryptography used in security protocols, and can formalize and utilize the different security levels of public-key signature schemes. We demonstrate the power of the logic by verifying the standard signature-based challenge-response protocol using signature algorithms with different security notions.

Andrew K. Hirsch,Michael R. Clarkson

DOI: https://doi.org/10.48550/arXiv.1302.2123

2013-08-04

Abstract:Authorization logics have been used in the theory of computer security to reason about access control decisions. In this work, a formal belief semantics for authorization logics is given. The belief semantics is proved to subsume a standard Kripke semantics. The belief semantics yields a direct representation of principals' beliefs, without resorting to the technical machinery used in Kripke semantics. A proof system is given for the logic; that system is proved sound with respect to the belief and Kripke semantics. The soundness proof for the belief semantics, and for a variant of the Kripke semantics, is mechanized in Coq.

Logic in Computer Science,Cryptography and Security

Gao Yanyu,Li Shenghong,Xue zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.03.022

2006-01-01

Abstract:This paper gives an improved model of "Role Based Access Control System Integrating Rating". The new model has advantages of both Role-based logic and Rating logic, and it implements the standardization and unification of policy management and access validation by the introduction of XACML, therefore, it implements the perfect integration of two logic on the basis of role definition.

Karolina Bataityte,Vassil Vassilev,Olivia Jo Gill

DOI: https://doi.org/10.1007/978-3-030-49161-1_31

2020-01-01

Abstract:Modelling of knowledge and actions in AI has advanced over the years but it is still a challenging topic due to the infamous frame problem, the inadequate formalization and the lack of automation. Some problems in cyber security such as logical vulnerability, risk assessment, policy validation etc. still require formal approach. In this paper we present the foundations of a new formal framework to address these challenges. Our approach is based on three-level formalisation: ontological, logical and analytical levels. Here we are presenting the first two levels which allow to model the security policies and provide a practical solution to the frame problem by efficient utilization of parameters as side effects. Key concepts are the situations, actions, events and rules. Our framework has potential use for analysis of a wide range of transactional systems within the financial, commercial and business domains and further work will include analytical level where we can perform vulnerability analysis of the model.

Mark Brown

DOI: https://doi.org/10.1007/s13389-013-0058-2

2013-04-06

Journal of Cryptographic Engineering

Abstract:Formal specifications, models and their accompanying proofs have long been promoted as setting the highest standard for program verification. But computer security remains threatened by covert channels, subliminal channels, side channels, fault injections, bypass, protocol attacks, and subversion despite rigorous application of formal methods. We advance the thesis that there exist several hierarchically ordered and adjacent sciences, notations, and security requirements analyses which must each be addressed to achieve comprehensive security. We support this thesis from a survey of relevant models of communications security. We argue that a taxonomy of security concerns consisting of levels called “Epochs” provides a comprehensive framework for identifying, locating, and analyzing security requirements and assumptions and gives sense to the effective use of formal methods.

computer science, theory & methods

Y Lee,XY Chen,XQ Tong,JZ Luo

DOI: https://doi.org/10.1109/tencon.2002.1181249

2002-01-01

Abstract:The security of communication protocols needs to be considered in a distributed network system, and the formal analysis is one of most important methods in evaluating the security of a protocol. However there is a lack of effective formal analysis tools in analyzing the security of a protocol. In this paper we raise a formal logic used for analyzing security of a protocol, the Select Accept Dynamic Logic. and describe successfully the attack act to the communication protocols - the TMN (Tatebayashi et al. (1990)) protocol and the Needham-Schroeder (1978) protocol - with this logic. The Select Accept Dynamic Logic will provide a new effective tool for the analysis of protocols.

Marcos Cramer,Pieter Van Hertum,Bart Bogaerts,Marc Denecker

2023-06-05

Abstract:In this paper we define and study a multi-agent extension of autoepistemic logic (AEL) called distributed autoepistemic logic (dAEL). We define the semantics of dAEL using approximation fixpoint theory, an abstract algebraic framework that unifies different knowledge representation formalisms by describing their semantics as fixpoints of semantic operators. We define 2- and 3-valued semantic operators for dAEL. Using these operators, approximation fixpoint theory allows us to define a class of semantics for dAEL, each based on different intuitions that are well-studied in the context of AEL. We define a mapping from dAEL to AEL and identify the conditions under which the mapping preserves semantics, and furthermore argue that when it does not, the dAEL semantics is more desirable than the AEL-induced semantics since dAEL manages to contain inconsistencies. The development of dAEL has been motivated by an application in the domain of access control. We explain how dAEL can be fruitfully applied to this domain and discuss how well-suited the different semantics are for the application in access control.

Logic in Computer Science

Li Ma,Lixin Tao,Keke Gai,Yong Zhong

DOI: https://doi.org/10.1002/cpe.3893

2016-01-01

Concurrency and Computation Practice and Experience

Abstract:SummaryCurrent rapid increasing implementations in data diversity, autonomy, and dynamic privilege management, fine‐grained access controls in social networks have resulted in various challenges in applying existing access control models. The intercrossing relations lead to the complex access control system, which often brings risks when the system is updated or expanded. The implementations of cloud computing has further complicate the access controls due to multiple tenancies and service providers. We focus on this issue and propose a new social network access control model using logical authorization language, named as RuleSN, which can be efficiently used in cloud systems. This model provides high performance of authorization expressiveness and flexibility that can effectively describe relations of User to User (U2U), User to Resource (U2R), Resource to Resource (R2R) and attributes of users and resources. First, this paper elaborates the formal definitions of the RuleSN model. Second, we describe the model's authorization specification and verification policies and explain the syntax and semantics of the authorization language. Finally, the implementation, application, and expressiveness of the model discussed by examples. Copyright © 2016 John Wiley & Sons, Ltd.

Lirong Dai,Kendra Cooper

2007-01-01

Abstract:There has been a growing interest in investigating methodologies to support the development of secure sys- tems in the software engineering research community. Re- cently, much attention has been focused on the modelling and analysis of security properties for systems at the soft- ware architecture design level. The potential benefits of this architecture level work are substantial: security flaws can be detected and removed earlier in the software de- velopment life-cycle. This reduces development time, re- duces development cost, and improves the quality of the resulting system. As a result of this attention, a wide variety of approaches have been proposed in the literature. At this point, a sur- vey for researchers involved in the problem of systemat- ically modelling and analyzing software architecture de- sign that have security properties would be of value to the community. This paper presents such a survey; it includes a discussion of semi-formal, formal, integrated semi-formal and formal, and aspect-oriented approaches. Comparison criteria are defined including: the kinds of notations used to model the security properties (e.g., Petri nets, temporal logic, etc.), whether the approach supports the manual or automated analysis of security properties, the specific security property modelled (e.g., authenti- cation, role-based access control, etc.), and the kind of example system that has been used to illustrate the ap- proach (information, distributed, etc.).

Yuxin Deng,Yuan Feng

DOI: https://doi.org/10.1016/j.tcs.2022.02.017

IF: 1.002

2022-01-01

Theoretical Computer Science

Abstract:We investigate the formal semantics of a simple imperative language that has both classical and quantum constructs. More specifically, we provide an operational semantics, a denotational semantics and two Hoare-style proof systems: an abstract one and a concrete one. The two proof systems are satisfaction-based, as inspired by the program logics of Barthe et al for probabilistic programs. The abstract proof system turns out to be sound and relatively complete, while the concrete one is sound only.

Rui Zhang,Alessandro Artale,Fausto Giunchiglia,Bruno Crispo

2009-01-01

Abstract:Relation Based Access Control (RelBAC) is an access control model designed for the new scenarios of access control onWeb 2.0. Under this model, we discuss in this paper how to formalize with Description Logics the typical authorization problems of access control together with the enforcement of an important security property: Separation of Duties (SoD) and some high level security policies about the composition of those subjects on which to separate the duties.

Tomas Kulik,Brijesh Dongol,Peter Gorm Larsen,Hugo Daniel Macedo,Steve Schneider,Peter Würtz Vinther Tran-Jørgensen,Jim Woodcock

DOI: https://doi.org/10.48550/arXiv.2109.01362

2021-09-03

Abstract:In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety critical systems and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends and directions of research within this field.

Formal Languages and Automata Theory,Cryptography and Security

Cataldo Basile,Gabriele Gatti,Francesco Settanni

2024-05-06

Abstract:Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer for enforcing security policies, which includes an Information Model that depicts the basic concepts related to rules (i.e., conditions, actions, events) and policies (i.e., conditions' evaluation, resolution strategies, default actions), and a Data Model that covers the capabilities needed to describe different types of filtering and channel protection controls. Following state-of-the-art design patterns, the model allows for generating abstract versions of the security controls' languages and a model-driven approach for translating abstract policies into device-specific configuration settings. By validating its effectiveness in real-world scenarios, we show that SCM enables the automation of different and complex security tasks, i.e., accurate and granular security control comparison, policy refinement, and incident response. Lastly, we present opportunities for extensions and integration with other frameworks and models.

Cryptography and Security

Luo Xing,Wang Wei,Shi Bole

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.02.024

2007-01-01

Abstract:In this paper,we proposed a formal security database system access model including a multilevel relation model and a element-level authorization.We extended sandhu's MLR model by giving a new explanation of how the database represents the real world.Under new semantic model,the data-borrow operation was strengthened.Further more,with the support of element-level authorization,user privilege management of database system could be more reasonable.