Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
A Logic for State-Modifying Authorization Policies

Moritz Y. Becker and Sebastian Nanz

Abstract

We present a logic for specifying policies where access requestsfl can have effects on the authorization state. The logic is semanticallyfl defined by a mapping to Transaction Logic. Using this approach,fl updates to the state are factored out of the resource guard, thus enhancing maintainability and facilitating more expressive policies that take the history of access requests into account. We also present a sound and complete proof system for reasoning about sequences of access requests.fl This gives rise to a goal-oriented algorithm for finding minimal sequencesfl that lead to a specified target authorization state.

Details

Publication typeInproceedings
Published in12th European Symposium on Research in Computer Security (ESORICS), LNCS 4734
> Publications > A Logic for State-Modifying Authorization Policies