Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The design and implementation of a certifying compiler
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Certified In-lined Reference Monitoring on .NET
Proceedings of the 2006 workshop on Programming languages and analysis for security
A flexible security architecture to support third-party applications on mobile devices
Proceedings of the 2007 ACM workshop on Computer security architecture
Security enforcement aware software development
Information and Software Technology
Security-By-Contract for the Future Internet
Future Internet --- FIS 2008
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Electronic Notes in Theoretical Computer Science (ENTCS)
Detection of images with adult content for parental control on mobile devices?
Mobility '09 Proceedings of the 6th International Conference on Mobile Technology, Application & Systems
Provably correct inline monitoring for multithreaded Java-like programs
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Infringo ergo sum: when will software engineering support infringements?
Proceedings of the FSE/SDP workshop on Future of software engineering research
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Can we support applications' evolution in multi-application smart cards by security-by-contract?
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
MockDroid: trading privacy for application functionality on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Constroid: data-centric access control for android
Proceedings of the 27th Annual ACM Symposium on Applied Computing
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
AdSplit: separating smartphone advertising from applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Information Security Tech. Report
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
| Hi-index | 0.00 |
Over the last few years, the success of GPS-enabled PDAs has finally instigated a breakthrough of mobile devices. Many people now already have a device that can connect to the Internet and run untrusted code, typically a cell-phone or PDA. Having such a large interconnected and powerful computing base presents some new security issues. In order to counter new threats, the traditional security architectures need to be overhauled to support a new and more flexible way of securely executing mobile code. This article describes the concept of security-by-contract (SxC) and its implementation on the .NET platform. This new model allows users to guarantee that an untrusted application remains within the boundaries of acceptable behavior, as defined by the user herself. A number of different techniques will be presented that can be employed to enforce this behavior. In order to support the SxC paradigm, some new steps can be introduced in the application development process. In addition to building an application, developers can create an application contract and securely bind this contract to the application. The application deployment process supports legacy applications developed without such contracts, but it can support more advanced enforcement technologies for those applications that are SxC-aware.