Using First-Order Logic to Reason about Policies
Logic in Computer Science
2007-05-23 v3 Cryptography and Security
Abstract
A policy describes the conditions under which an action is permitted or forbidden. We show that a fragment of (multi-sorted) first-order logic can be used to represent and reason about policies. Because we use first-order logic, policies have a clear syntax and semantics. We show that further restricting the fragment results in a language that is still quite expressive yet is also tractable. More precisely, questions about entailment, such as `May Alice access the file?', can be answered in time that is a low-order polynomial (indeed, almost linear in some cases), as can questions about the consistency of policy sets.
Cite
@article{arxiv.cs/0601034,
title = {Using First-Order Logic to Reason about Policies},
author = {Joseph Y. Halpern and Vicky Weissman},
journal= {arXiv preprint arXiv:cs/0601034},
year = {2007}
}
Comments
39 pages, earlier version in Proceedings of the Sixteenth IEEE Computer Security Foundations Workshop, 2003, pp. 187-201