Publication


A Case Study in Decentralized, Dynamic, Policy-Based, Authorization and Trust Management - Automated Software Distribution for Airplanes

6th International Workshop on Security and Trust Management (STM 2010)


Author(s): Peter Hartmann, Monika Maidl, David von Oheimb, Richard Robinson
Year: 2010
Publisher: Springer
Editors: Jorge Cuellar, Javier Lopez
Keywords:Authorization, trust management, security tokens, logic, software distribution
Abstract: We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study to specify and reason about dynamic, ad-hoc trust relationships between airlines and contractors of suppliers of software that has to be loaded into airplanes.


Copyright © 2010 Boeing, Siemens, and FH Landshut
Preprint
Slides

BibTeX entry:

@inproceedings{STM10-Siemens-FHLandshut-Boeing, author = {Peter Hartmann and Monika Maidl and Oheimb, David von and Richard Robinson}, title = {A Case Study in Decentralized, Dynamic, Policy-Based, Authorization and Trust Management -- Automated Software Distribution for Airplanes}, booktitle = {Prof. of 6th International Workshop on Security and Trust Management (STM 2010)}, editor = {Jorge Cuellar and Javier Lopez}, publisher = {Springer}, series = {LNCS}, volume = {6710}, pages = {68--83}, year = 2010, note = {\url{http://ddvo.net/papers/STM2010.html}}, abstract = { We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study to specify and reason about dynamic, ad-hoc trust relationships between airlines and contractors of suppliers of software that has to be loaded into airplanes. } }