Using First-Order Logic to Reason about Policies
计算机科学中的逻辑
2007-05-23 v3 密码学与安全
摘要
A policy describes the conditions under which an action is permitted or forbidden. We show that a fragment of (multi-sorted) first-order logic can be used to represent and reason about policies. Because we use first-order logic, policies have a clear syntax and semantics. We show that further restricting the fragment results in a language that is still quite expressive yet is also tractable. More precisely, questions about entailment, such as `May Alice access the file?', can be answered in time that is a low-order polynomial (indeed, almost linear in some cases), as can questions about the consistency of policy sets.
引用
@article{arxiv.cs/0601034,
title = {Using First-Order Logic to Reason about Policies},
author = {Joseph Y. Halpern and Vicky Weissman},
journal= {arXiv preprint arXiv:cs/0601034},
year = {2007}
}
备注
39 pages, earlier version in Proceedings of the Sixteenth IEEE Computer Security Foundations Workshop, 2003, pp. 187-201