A flexible security architecture to support third-party applications on mobile devices

Authors:
Lieven Desmet;Wouter Joosen;Fabio Massacci;Katsiaryna Naliuka;Pieter Philippaerts;Frank Piessens;Dries Vanoverberghe
Affiliations:
Katholieke Universiteit Leuven, Leuven, Belgium;Katholieke Universiteit Leuven, Leuven, Belgium;Università di Trento, Trento, Italy;Università di Trento, Trento, Italy;Katholieke Universiteit Leuven, Leuven, Belgium;Katholieke Universiteit Leuven, Leuven, Belgium;Katholieke Universiteit Leuven, Leuven, Belgium
Venue:
Proceedings of the 2007 ACM workshop on Computer security architecture
Year:
2007

Citing 8
Cited 11

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The design and implementation of a certifying compiler

PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
A type system for expressive security policies

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
IRM Enforcement of Java Stack Inspection

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
The inlined reference monitor approach to security policy enforcement

The inlined reference monitor approach to security policy enforcement
Composing security policies with polymer

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Certified In-lined Reference Monitoring on .NET

Proceedings of the 2006 workshop on Programming languages and analysis for security

Security-by-contract on the .NET platform

Information Security Tech. Report
Simulating midlet's security claims with automata modulo theory

Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Game theoretic approach to location sharing with privacy in a community-based mobile safety application

Proceedings of the 11th international symposium on Modeling, analysis and simulation of wireless and mobile systems
Verifying compliance of trusted programs

SS'08 Proceedings of the 17th conference on Security symposium
Security-By-Contract for the Future Internet

Future Internet --- FIS 2008
Defending against sensor-sniffing attacks on mobile phones

Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds
The S3MS.NET Run Time Monitor

Electronic Notes in Theoretical Computer Science (ENTCS)
Provably correct inline monitoring for multithreaded Java-like programs

Journal of Computer Security - EU-Funded ICT Research on Trust and Security
CRePE: context-related policy enforcement for android

ISC'10 Proceedings of the 13th international conference on Information security
A specification based intrusion detection framework for mobile phones

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Semantically rich application-centric security in Android

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

The problem of supporting the secure execution of potentially malicious third-party applications has received a considerable amount of attention in the past decade. In this paper we describe a security architecture for mobile devices that supports the flexible integration of a variety of advanced technologies for such secure execution of applications, including run-time monitoring, static verification and proof-carrying code. The architecture also supports the execution of legacy applications that have not been developed to take advantage of our architecture, though it can provide better performance and additional services for applications that are architecture-aware.The proposed architecture has been implemented on a Windows Mobile device with the .NET Compact Framework. It offers a substantial security benefit compared to the standard (state-of-practice) security architecture of such devices, even for legacy applications.