A Logic for State-Modifying Authorization Policies

Moritz Y. Becker and Sebastian Nanz


We present a logic for specifying policies where access requestsfl

can have effects on the authorization state. The logic is semanticallyfl

defined by a mapping to Transaction Logic. Using this approach,fl

updates to the state are factored out of the resource guard, thus enhancing maintainability and facilitating more expressive policies that take the history of access requests into account. We also present a sound and complete proof system for reasoning about sequences of access requests.fl

This gives rise to a goal-oriented algorithm for finding minimal sequencesfl

that lead to a specified target authorization state.


Publication typeInproceedings
Published in12th European Symposium on Research in Computer Security (ESORICS), LNCS 4734
> Publications > A Logic for State-Modifying Authorization Policies