Using First-Order Logic to Reason about Policies
Abstract
A policy describes the conditions under which an action is permitted or forbidden. We show that a fragment of (multi-sorted) first-order logic can be used to represent and reason about policies. Because we use first-order logic, policies have a clear syntax and semantics. We show that further restricting the fragment results in a language that is still quite expressive yet is also tractable. More precisely, questions about entailment, such as `May Alice access the file?', can be answered in time that is a low-order polynomial (indeed, almost linear in some cases), as can questions about the consistency of policy sets.
- Publication:
-
arXiv e-prints
- Pub Date:
- January 2006
- DOI:
- arXiv:
- arXiv:cs/0601034
- Bibcode:
- 2006cs........1034H
- Keywords:
-
- Computer Science - Logic in Computer Science;
- Computer Science - Cryptography and Security;
- H.2.7;
- K.4.4
- E-Print:
- 39 pages, earlier version in Proceedings of the Sixteenth IEEE Computer Security Foundations Workshop, 2003, pp. 187-201