Abstract
We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study to specify and reason about dynamic, ad-hoc trust relationships between airlines and contractors of suppliers of software that has to be loaded into airplanes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The WS-*, SAML and XACML standards are, http://www.oasis-open.org/specs/
Microsoft Corporation: Introducing Windows CardSpace, http://msdn.microsoft.com/en-us/library/aa480189.aspx
Soghoian, C., Stamm, S.: Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL. (under submission)
Maidl, M., von Oheimb, D., Hartmann, P., Robinson, R.: Formal security analysis of electronic software distribution systems. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 415–428. Springer, Heidelberg (2008)
Nigriny, J., Phaltankar, K.: Identity Assurance in Commercial Aviation Facilitated Through a Trusted Third Party Hub. White paper of CertiPath, http://www.certipath.com/white-papers.htm
Becker, M., Fournet, C., Gordon, A.: SecPAL: Design and Semantics of a Decentralized Authorization Language. In: 20th IEEE Computer Security Foundations Symposium, pp. 3–15. IEEE Press, New York (2007)
SecPAL homepage, http://research.microsoft.com/en-us/projects/SecPAL/
Li, N., Mitchell, J.C.: DATALOG with constraints: A foundation for trust management languages. In: Dahl, V. (ed.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)
IBM Corporation and Microsoft Corporation: Security in a Web Services World: A Proposed Architecture and Roadmap (2002), http://www.ibm.com/developerworks/library/specification/ws-secmap/
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)
DeTreville, J.: Binder, a logic-based security language. In: IEEE Symposium on Security and Privacy, pp. 105–113. IEEE Press, New York (2002)
Li, N., Grosof, B., Feigenbaum, J.: Delegation Logic. ACM Trans. on Information and System Security (TISSEC) 6(1), 128–171 (2003)
Becker, M., Sewell, P.: Cassandra: Flexible trust management, Applied to Electronic Health Records. In: 17th IEEE Computer Security Foundations Workshop (CSFW). IEEE Press, New York (2004)
Halpern, J.Y., Weissmann, V.: A formal foundation of XrML. In: 17th IEEE Computer Security Foundations Workshop (CSFW). IEEE Press, New York (2004)
Li, N., Mitchell, J.C.: Understanding SPKI/SDSI using first-order logic. In: 16th IEEE Computer Security Foundations Workshop (CSFW), pp. 89–103. IEEE Press, New York (2003)
Jha, S., Schwoon, S., Wang, H., Reps, T.: Weighted Pushdown Systems and Trust-Management Systems. In: Hermanns, H. (ed.) TACAS 2006. LNCS, vol. 3920, pp. 1–26. Springer, Heidelberg (2006)
Gurevich, Y., Neeman, I.: DKAL: Distributed-Knowledge Authorization Language. In: 21th IEEE Computer Security Foundations Workshop (CSFW), pp. 149–162. IEEE Press, New York (2008)
Gurevich, Y., Neeman, I.: A Simplified and Improved Authorization Language. Microsoft Research Tech Report (February 2009), http://research.microsoft.com/en-us/um/people/gurevich/dkal.htm
EU-funded project AVANTSSAR: Automated Validation of Trust and Security of Service-oriented Architectures, http://avantssar.eu/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hartmann, P., Maidl, M., von Oheimb, D., Robinson, R. (2011). A Case Study in Decentralized, Dynamic, Policy-Based, Authorization and Trust Management – Automated Software Distribution for Airplanes. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-22444-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22443-0
Online ISBN: 978-3-642-22444-7
eBook Packages: Computer ScienceComputer Science (R0)