Ninghui Li (Purdue University) 2 nd Int’l Summer School in Computation Logic June 17, 2004 Logic and Logic Programming in Distributed Access Control (Part.

Slides:



Advertisements
Similar presentations
Completeness and Expressiveness
Advertisements

Complexity Classes: P and NP
Theory of Computation CS3102 – Spring 2014 A tale of computers, math, problem solving, life, love and tragic death Nathan Brunelle Department of Computer.
CSE 311 Foundations of Computing I
2005conjunctive-ii1 Query languages II: equivalence & containment (Motivation: rewriting queries using views)  conjunctive queries – CQ’s  Extensions.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Lecture 11: Datalog Tuesday, February 6, Outline Datalog syntax Examples Semantics: –Minimal model –Least fixpoint –They are equivalent Naive evaluation.
CPSC 504: Data Management Discussion on Chandra&Merlin 1977 Laks V.S. Lakshmanan Dept. of CS UBC.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Timed Automata.
Logic.
CSCI 4325 / 6339 Theory of Computation Zhixiang Chen Department of Computer Science University of Texas-Pan American.
Copyright © Cengage Learning. All rights reserved.
1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 
CS21 Decidability and Tractability
Complexity 11-1 Complexity Andrei Bulatov Space Complexity.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Finite Automata Great Theoretical Ideas In Computer Science Anupam Gupta Danny Sleator CS Fall 2010 Lecture 20Oct 28, 2010Carnegie Mellon University.
Introduction to Computability Theory
1 Introduction to Computability Theory Lecture5: Context Free Languages Prof. Amos Israeli.
Reducibility A reduction is a way of converting one problem into another problem in such a way that a solution to the second problem can be used to solve.
Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.
NP-Complete Problems Problems in Computer Science are classified into
Lecture 18 NFA’s with -transitions –NFA- ’s Formal definition Simplifies construction –LNFA- –Showing LNFA  is a subset of LNFA and therefore a subset.
Ninghui Li (Purdue University) Logic and Logic Programming in Distributed Access Control (Part One) Ninghui Li Department of Computer Science and CERIAS.
Automata & Formal Languages, Feodor F. Dragan, Kent State University 1 CHAPTER 5 Reducibility Contents Undecidable Problems from Language Theory.
Normal forms for Context-Free Grammars
CS5371 Theory of Computation Lecture 4: Automata Theory II (DFA = NFA, Regular Language)
1 Completeness and Complexity of Bounded Model Checking.
CS5371 Theory of Computation Lecture 8: Automata Theory VI (PDA, PDA = CFG)
Grammars, Languages and Finite-state automata Languages are described by grammars We need an algorithm that takes as input grammar sentence And gives a.
CS1502 Formal Methods in Computer Science Lecture Notes 10 Resolution and Horn Sentences.
Propositional Logic Reasoning correctly computationally Chapter 7 or 8.
Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila
1 CD5560 FABER Formal Languages, Automata and Models of Computation Lecture 7 Mälardalen University 2010.
Complexity and Computability Theory I Lecture #13 Instructor: Rina Zviel-Girshin Lea Epstein Yael Moses.
DECIDABILITY OF PRESBURGER ARITHMETIC USING FINITE AUTOMATA Presented by : Shubha Jain Reference : Paper by Alexandre Boudet and Hubert Comon.
1 Unit 1: Automata Theory and Formal Languages Readings 1, 2.2, 2.3.
Review Byron Gao. Overview Theory of computation: central areas: Automata, Computability, Complexity Computability: Is the problem solvable? –solvable.
Pushdown Automata (PDAs)
Learning Automata and Grammars Peter Černo.  The problem of learning or inferring automata and grammars has been studied for decades and has connections.
Steffen Staab Advanced Data Modeling 1 of 32 WeST Häufungspunkte Bifurkation: x n+1 = r x n (1-x n ) Startwert x 0 = 0,25.
Advanced Topics in Propositional Logic Chapter 17 Language, Proof and Logic.
Slide 1 Propositional Definite Clause Logic: Syntax, Semantics and Bottom-up Proofs Jim Little UBC CS 322 – CSP October 20, 2014.
Week 10Complexity of Algorithms1 Hard Computational Problems Some computational problems are hard Despite a numerous attempts we do not know any efficient.
Ninghui Li (Purdue University) 2 nd Int’l Summer School in Computation Logic June 17, 2004 Logic and Logic Programming in Distributed Access Control (Part.
1 CD5560 FABER Formal Languages, Automata and Models of Computation Lecture 11 Midterm Exam 2 -Context-Free Languages Mälardalen University 2005.
Automated reasoning with propositional and predicate logics Spring 2007, Juris Vīksna.
 2005 SDU Lecture13 Reducibility — A methodology for proving un- decidability.
© Copyright 2008 STI INNSBRUCK Intelligent Systems Propositional Logic.
1 Reasoning with Infinite stable models Piero A. Bonatti presented by Axel Polleres (IJCAI 2001,
2/1/20161 Computer Security Foundational Results.
Chapter 8 Properties of Context-free Languages These class notes are based on material from our textbook, An Introduction to Formal Languages and Automata,
1 Section 6.2 Propositional Calculus Propositional calculus is the language of propositions (statements that are true or false). We represent propositions.
CSCI 4325 / 6339 Theory of Computation Zhixiang Chen Department of Computer Science University of Texas-Pan American.
Finite Automata Great Theoretical Ideas In Computer Science Victor Adamchik Danny Sleator CS Spring 2010 Lecture 20Mar 30, 2010Carnegie Mellon.
Donghyun (David) Kim Department of Mathematics and Computer Science North Carolina Central University 1 Chapter 5 Reducibility Some slides are in courtesy.
The Church-Turing Thesis Chapter Are We Done? FSM  PDA  Turing machine Is this the end of the line? There are still problems we cannot solve:
Lecture 9: Query Complexity Tuesday, January 30, 2001.
MA/CSSE 474 Theory of Computation Universal Turing Machine Church-Turing Thesis Delayed due dates for HWs See updated schedule page. No class meeting.
Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,
From Classical Proof Theory to P vs. NP
NP-Completeness Yin Tat Lee
Summary.
Lecture 10: Query Complexity
Computer Security Foundations
Beyond Proof-of-compliance: Security Analysis in Trust Management
Instructor: Aaron Roth
Instructor: Aaron Roth
Presentation transcript:

Ninghui Li (Purdue University) 2 nd Int’l Summer School in Computation Logic June 17, 2004 Logic and Logic Programming in Distributed Access Control (Part Two) Ninghui Li Department of Computer Science and CERIAS Purdue University

2 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Security Analysis in Trust Management Publications:  Li, Mitchell & Winsborough: “Beyond Proof-of-Compliance: Security Analysis in Trust Management”, JACM Conference version in SSP 2003.

3 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) The Abstract Security Analysis Problem Given an initial state P,  a query Q,  and a rule R that restricts how states can change (defines reachability among states); Ask  Is Q possible? (existential) whether  reachable P’ s.t. P’  Q  Is Q necessary?(universal) whether  reachable P’, P’  Q

4 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Statements in RT 0 = RT[ ,  ] Type-1: K.r  K 1  mem[K.r]  {K 1 }  K HR.manager  K Alice Type-2: K.r  K 1.r 1  mem[K.r]  mem[K 1.r 1 ]  K SSO.admin  K HR.manager

5 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Statements in RT[ ,  ] Type-3: K.r  K.r 1.r 2  Let mem[K.r 1 ] be {K 1, K 2, , K n } mem[K.r]  mem[K 1.r 2 ]  mem[K 2.r 2 ]    mem[K n.r 2 ]  K SSO.delegAccess  K SSO.admin.access Type-4: K.r  K 1.r 1  K 2.r 2  mem[K.r]  mem[K 1.r 2 ]  mem[K 2.r 2 ]  K SSO.access  K SSo.delegAccess  K HR.employee

6 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) The Query Q Form-1:mem[K.r]  {K 1, ,K n } ? Form-2: {K 1, ,K n }  mem[K.r] ? Form-3: mem[K 1.r 1 ]  mem[K.r] ?

7 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) The Semantic Relation  A statement  a Datalog rule  K.r  K 2  m(K, r, K 2 )  K.r  K 1.r 1  m(K, r, z) :- m(K 1, r 1, z)  … A state P  a Datalog program SP[P]  mem[K.r]  { K’ | m(K,r,K’) is in the minimal Herbrand model of SP[P] }

8 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Example Queries & Answers 1. K SSO.access  K SSO.admin 2. K SSO.admin  K HR.manager 3. K HR.employee  K HR.manager 4. K HR.manager  K Alice 5. K HR.employee  K David mem[K SSO.access]  {K David }? No {K Alice, K David }  mem[K SSO.employee]? Yes mem[K HR.employee]  mem[K SSO.access]? Yes

9 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) The Restriction Rule R R=(G,S)  G is a set of growth-restricted roles if K.r  G, then cannot add “K.r   ”  S is a set of shrink-restricted roles if K.r  S, then cannot remove “K.r   ” Motivation:  Definitions of roles that are not under one’s control may change

10 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Sample Analysis Queries Simple safety (existential form-1):  Is mem[K.r]  {K 1 } possible? Simple availability (universal form-1):  Is mem[K.r]  {K 1 } necessary? Bounded safety (universal form-2):  Is {K 1, ,K n }  mem[K.r] necessary? Containment (universal form-3):  Is mem[K 1.r 1 ]  mem[K.r] necessary?

11 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Security Analysis: Usage Cases Guarantee safety and availability properties of an access control system:  Properties one wants to guarantee are encoded in a set of queries & desirable answers  R represents how much control one has parts not under one’s control may change in R parts under one’s control are considered fixed in R  Before making changes, one can use analysis to guarantee properties are not violated

12 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) An Example 1. K SSO.access  K SSO.admin 2. K SSO.access  K SSO.delegAccess  K HR.employee 3. K SSO.admin  K HR.manager 4. K SSO.delegAccess  K SSO.admin.access 5. K HR.employee  K HR.manager 6. K HR.employee  K HR.engineer 7. K HR.manager  K Alice 8. K Alice.access  K Bob Legend:fixed can grow, can shrink

13 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) A Simple Availability Query Query: Is mem[K SSO.access]  {K Alice } necessary? Answer:Yes. (Available) Why:Statments 1, 3, and 7 cannot be removed

14 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) A Simple Safety Query Query: Is mem[K SSO.access]  {K Eve } possible? Answer:Yes. (Unsafe) Why:Both K HR.engineer and K Alice.access may grow.

15 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) A Containment Analysis Query about Safety Query: Is mem[K HR.employee]  mem[K SSO.access] necessary? Answer: Yes. (Safe) Why: K SSO.access and K SSO.admin cannot grow and Statement 5 cannot be removed.

16 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) An Containment Analysis Query about Availability Query: Is mem[K SSO.access]  mem[K HR.manager] necessary? Answer: Yes. (Available) Why: Statements 1 and 3 cannot be removed

17 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Answering Form-1 and Form-2 Queries: Intuitions (1) RT[ ,  ] is monotonic  more statements derive more role memberships Form-1 queries are monotonic  mem[K.r]  {K1, ,Kn}  universal form-1 queries can be answered by considering a lower-bound (minimum) state  existential form-1 queries can be answered by considering an upper-bound (maximal) state

18 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Answering Form-1 and Form-2 Queries: Intuitions (2) Form-2 queries are anti-monotonic  {K1, ,Kn}  mem[K.r]  universal form-2 queries can be answered by considering the upper-bound state  existential form-1 queries can be answered by considering the lower-bound state Given P and R, the lower-bound state uniquely exists, we denote it P| R  it can be reached by removing all removable statements

19 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) The Lower-Bound Program LB(P,R) For each K.r  K 1 in P| R, add lb(K, r, K 1 ) For each K.r  K 1.r 1 in P| R, add lb(K, r, ?Z) :- lb(K 1, r 1, ?Z) For each K.r  K.r 1.r 2 in P| R, add lb(K, r, ?Z) :- lb(K, r 1, ?Y), lb(?Y, r 2, ?Z) For each K.r  K 1.r 1  K 2.r 2 in P| R, add lb(K, r, ?Z) :- lb(K 1, r 1, ?Z), lb(K 2, r 2, ?Z)

20 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Using the Lower-Bound Program To answer whether a form-1 query mem[K.r]  {K 1, ,K n } is necessary,  check whether LB(P,R) |= lb(K,r,K 1 )  lb(K,r,K n ) To answer whether a form-2 query {K 1, ,K n }  mem[K.r] is possible  check whether {K 1, ,K n }  { Z | LB(P,R) |= lb(K,r,Z) }

21 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) The Upper-Bound Program UB(P,R) Add ub(T, ?r, ?Z) For each K.r that can grow, add ub(K, r, ?Z) For each K.r  K 1 in P, addub(K, r, K 1 ) For each K.r  K 1.r 1 in P, add ub(K, r, ?Z) :- ub(K 1, r 1, ?Z) For each K.r  K.r 1.r 2 in P, add ub(K, r, ?Z) :- ub(K, r 1, ?Y), ub(?Y, r 2, ?Z) For each K.r  K 1.r 1  K 2.r 2 in P, add ub(K, r, ?Z) :- ub(K 1, r 1, ?Z), ub(K 2, r 2, ?Z)

22 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Using the Upper-Bound Program A form-1 query mem[K.r]  {K 1, ,K n } is possible iff. any of the following is true,  K.r is not growth restricted  up(K,r,T) is true  UB(P,R) |= ub(K,r,K 1 )  ub(K,r,K n ) A form-2 query {K 1, ,K n }  mem[K.r] is necessary iff.  {K 1, ,K n }  { Z | UB(P,R) |= ub(K,r,Z) }

23 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) What about Form-3 Queries? Form-3:mem[K 1.r 1 ]  mem[K.r] Neither monotonic nor anti-monotonic  cannot use the minimal state or the maximal state Difficulty: adding new members to K.r may affect K 1.r 1 We only consider analysis asking whether mem[K 1.r 1 ]  mem[K.r] is necessary  we call this containment analysis

24 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Complexity Results for Containment Analysis RT[]: just type 1 and 2 statements  containment analysis is in PTIME RT[  ]: type 1, 2, and 4 statements  containment analysis is coNP-complete RT[  ]: type 1, 2, and 3 statements  containment analysis is PSPACE-complete  remains PSPACE-complete without shrinking  coNP-complete without growing RT[ ,  ]: decidable in coNEXP

25 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Containment Analysis in RT[] Two cases that X.u contains K.r 1. the containment is forced by statements in P and cannot be removed 2. the containment is caused by nonexistence of statements  e.g., when no statement defines K.r and K.r cannot grow, K.r is always empty, and thus is contained in every role  direct translation of this intuition into a positive logic program does not work  e.g., P={“K.r  K 1.r 1 ”, “K 1.r 1  K.r”, “K.r  K 2 ”, “X.u  K 2 ”}, both K.r and K 1.r 1 are fixed, does X.u contain K.r?

26 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) The Containment Program for RT[]: BCP(P,R) Starts from LB(P,R) Add fc(?X,?u,?X,?u) For each K.r  K 1.r 1 in P| R, add fc(K,r,?Z,?w) :- fc(K 1,r 1,?Z,?w) For each K.r that can grow, add nc(?X,?u,K,r) :- ~ fc(?X,?u,K,r) For each K.r  K 1 in P s.t. K.r can’t grow, add nc(?X,?u,K,r) :- ~ fc(?X,?u,K,r), ~ lb(?X,?u,K 1 ) For each K.r  K 1.r 1 in P s.t. K.r can’t grow, add nc(?X,?u,K,r) :- ~ fc(?X,?u,K,r), nc(?X,?u,K 1,r 1 )

27 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Solving Containment Analysis in RT[] Using Negation BCP(P,R) is stratified  we use the perfect model semantics Theorem: BCP(P,R) |= nc(X,u, K,r) is true iff. X.u does not contain K.r

28 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Containment Analysis in RT[  ] is coNP- complete It is in coNP, because a counter example can be found by considering just one new principal That it is coNP-hard is shown by reducing the monotone 3-SAT problem to it  intersection is conjunction,  a role may be defined by multiple statements (implicit disjunction)  containment equivalent to determining validity of formulas like  1   2 where  1  are  2 positive propositional formulas

29 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Containment Analysis in RT[  ] First consider the case that no shrinking is allowed in R View statements as rewriting rules  K.r  K 1 K r to K 1  K.r  K 1.r 1 K r toK 1 r 1  K.r  K.r 1.r 2 K r toK r 1 r 2 A string has the form K r 1 r 2 r 3 r 4 Lemma 0: SP[P] proves m(K,r, K 1 ) iff. the string K r rewrites into K 1 using P

30 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) RT[  ] and Pushdown Systems r Stack: State: K u1u1 u2u2... Apply the rewriting rule: K r to K r 1 r 2 r2r2 Stack: State: K u1u1 u2u2... r1r1 A string corresponds to a configuration “rewrites into” equivalent to “reaches”

31 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Characteristic Set of a Role Given P and R (shrinking forbidden), define:  strs P [K.r] = sets of strings K r rewrites to   R = the set consisting of all principals in P all strings K 1 r 1 r 2 r 3 r 4 where K 1 appears in P and K 1 r 1 is g-unrestricted   P,R [K.r] = strs P [K.r]   R each string K 1 r 1 r 2 r 3 r 4 in  P,R [K.r] is a distinct way of adding a member to K.r Lemma 1: Given P, R, X.u, K.r, mem[X.u]  mem[K.r] is necessary iff.  P,R [X.u]   P,R [K.r]

32 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Lemma 2: Lemma 2: Given P, R (shrinking forbidden), and K.r,  P,R [K.r] is recognized by an NFA that has size poly in |P|+|R| Proof:  P,R [K.r] = strs P [K.r]   R  strs P [K.r] is recognized by a poly-size NFA Bouajjani, Esparza & Maler: “Reachability Analysis of Pushdown Automata: Application to Model-Checking”, CONCUR’97   R is recognized by a poly-size NFA   P,R [K.r] is recognized by a poly-size NFA

33 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Containment Analysis in RT[  ] is in PSPACE Theorem: Given P, R (shrinking forbidden), X.u, K.r, determining whether mem[X.u]  mem[K.r] is necessary is in PSPACE  follows from Lemma 1 and 2 and the fact that determining containment of languages accepted by NFA’s is in PSPACE

34 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Containment Analysis in RT[  ] is PSPACE-hard Theorem: Given P, R (shrinking forbidden), X.u, K.r, determining whether mem[X.u]  mem[K.r] is necessary is PSPACE-hard  Reducing determining containment of languages over the alphabet {0,1} that are defined by right- linear grammars to the problem.

35 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Proof of PSPACE-hardness From grammar to P:  N 1 ::= N 2 1K.N 1 = K.N 2.r 1  N 2 ::= 0K.N 2 = K 1.r 0 The restriction rule R:  all K.N i ’s, K.r i ’s, and K 1.N i ’s are g-restricted  other roles, i.e., K 1.r 0 and K 1.r 1, are growth unrestricted Language[N 1 ] maps to  P,R [K.N 1 ]  N 1 generates 1010 iff. K 1.r 1.r 0.r 1.r 0  P,R [K.N 1 ]

36 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Theorem (shrinking allowed) Given P, R (shrinking allowed), X.u, K.r, determining whether mem[X.u]  mem[K.r] is necessary is in PSPACE  For every subset of P that can be obtained by legally removing statements in P, run the algorithm that does not allow shrinking

37 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Containment Analysis in RT[   ] Theorem: Given P (in RT[   ]), R, X.u, K.r, determining whether mem[X.u]  mem[K.r] is necessary is in coNEXP  although infinitely many new principals and statements may be added, if a counter example exists, then a counter example of size exponential in P exists  if two new principals have the same memberships in all roles appearing in P, then the two principals can be collapsed into one

38 2 nd Int’l Summer School in Computation Logic June 17, 2004 Ninghui Li (Purdue University) Summary of Complexities for Containment Analysis Type-1 and 2: PTIME Type-1, 2, and 3: PSPACE-complete Type-1, 2, and 4: coNP-complete Type-1, 2, 3, and 4: PSPACE-hard, coNEXP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.