Access Hoare Logic
Arnold Beckmann, Anton Setzer
TL;DR
The paper tackles the limitation of standard Hoare logic in expressing access security properties by introducing access Hoare logic (aHl), which reasons from postconditions to preconditions using triples of the form $\langle P\rangle C \langle Q\rangle$. It develops a direct calculus for aHl, proves its soundness and completeness, and connects it to classical Hoare logic through the relationship between weakest and strongest preconditions. The authors illustrate the approach with three concrete examples—electronic keys, Bitcoin scripts, and a key-list access check—to show how aHl captures necessary conditions for secure access. The work lays groundwork for formal verification of access-control properties and suggests implications for tooling and future research, including intuitionistic considerations and potential applications to smart contracts and security-sensitive code.
Abstract
Following Hoare's seminal invention, later called Hoare logic, to reason about correctness of computer programs, we advocate a related but fundamentally different approach to reason about access security of computer programs such as access control. We define the formalism, which we denote access Hoare logic, and present examples which demonstrate its usefulness and fundamental difference to Hoare logic. We prove soundness and completeness of access Hoare logic, and provide a link between access Hoare logic and standard Hoare logic.