Abstract :
This paper presents a language, based on transaction logic, for specifying dynamic authorisation policies, i.e., rules governing actions that may depend on and update the authorisation state. The language is more expressive than previous dynamic authorisation languages, featuring conditional bulk insertions and retractions of authorisation facts, non-monotonic negation, and nested action definitions with transactional execution semantics. Two complementary policy analysis methods are also presented, one based on AI planning for verifying reachability properties in finite domains, and the second based on automated theorem proving, for checking policy invariants that hold for all sequences of actions and in arbitrary, including infinite, domains. The combination of both methods can analyse a wide range of security properties, including safety, availability and containment.
Keywords :
authorisation; formal specification; formal verification; planning (artificial intelligence); theorem proving; AI planning; authorisation facts retractions; automated theorem proving; checking policy invariants; complementary policy analysis methods; conditional bulk insertions; dynamic authorisation policy specification; nested action definitions; nonmonotonic negation; reachability property verification; security properties; transaction logic; transactional execution semantics; Access control; Artificial intelligence; Authorization; Availability; Computer security; Failure analysis; Logic; Monitoring; Reachability analysis; Safety; access control; authorization; policy analysis;
