A Case Study in Decentralized, Dynamic, Policy-Based, Authorization and Trust Management - Automated Software Distribution for Airplanes

We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study to specify and reason about dynamic, ad-hoc trust relationships between airlines and contractors of suppliers of software that has to be loaded into airplanes.

[1]  Yuri Gurevich,et al.  DKAL 2 — A Simplified and Improved Authorization Language , 2009 .

[2]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[3]  Sid Stamm,et al.  Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL , 2010 .

[4]  Joseph Y. Halpern,et al.  A formal foundation for XrML , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[5]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[6]  Richard Robinson,et al.  Formal Security Analysis of Electronic Software Distribution Systems , 2008, SAFECOMP.

[7]  Joseph Y. Halpern,et al.  A Formal Foundation for XrML , 2004, CSFW.

[8]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[9]  Hao Wang,et al.  Weighted Pushdown Systems and Trust-Management Systems , 2006, TACAS.

[10]  David Clark,et al.  Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[11]  Ninghui Li,et al.  Understanding SPKI/SDSI using first-order logic , 2005, International Journal of Information Security.

[12]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[13]  Andrew D. Gordon,et al.  SecPAL: Design and semantics of a decentralized authorization language , 2010, J. Comput. Secur..

[14]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Luca Viganò Automated validation of trust and security of service-oriented architectures with the AVANTSSAR platform , 2012, 2012 International Conference on High Performance Computing & Simulation (HPCS).

[16]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[17]  Yuri Gurevich,et al.  DKAL: Distributed-Knowledge Authorization Language , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[18]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).