Abstract
Over-the-air (OTA) updates in aviation and industrial systems need reliable and secure access control to stop unauthorized actions during software updates. This study developed a zero-trust OTA access control framework using the Open Policy Agent (OPA) and a context-based verification module. The system checked each access request in real time using user, device, and session data. Tests were done in both aviation and industrial cloud setups with more than 10,000 access requests under different load conditions. The results showed an average policy delay of 4.3 ms, a false rejection rate of 0.6%, and an 85% decrease in unauthorized access compared with a standard role-based control model. These results show that the proposed zero-trust system improves OTA security while keeping low delay and steady operation. The framework can be used in secure software updates for safety-critical and industrial systems, but further large-scale and long-term testing is needed to confirm its stability and performance.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright (c) 2026 Yuna Kim1, Carlos M. Ortega2, Sophie L. Nguyen3, Elena V. Petrova4 (Author)