Matching Policies with Security Claims of Mobile Applications

Authors:
Nataliia Bielova;Marco Dalla Torre;Nicola Dragoni;Ida Siahaan
Affiliations:
-;-;-;-
Venue:
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Year:
2008

Citing 0
Cited 4

Simulating midlet's security claims with automata modulo theory

Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Security-By-Contract for the Future Internet

Future Internet --- FIS 2008
A self-protecting and self-healing framework for negotiating services and trust in autonomic communication systems

Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward Trustworthy Web Services - Approaches, Weaknesses and Trust-By-Contract Framework

WI-IAT '09 Proceedings of the 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology - Volume 03

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Security-by-Contract (SxC) framework has been recently proposed to address the trust relationship problem of the current security model adopted for mobile devices. The key idea of SxC (similar to the one of Model-Carrying Code) is to augment mobile code with a claim on its security behavior (a contract) that could be matched against a mobile platform policy before downloading the code. The rational is that, thanks to SxC, a digital signature does not just certify the origin of the code but also bind together the code with a contract. In this paper we address one of the key issue of the SxC paradigm, namely the contract-policy matching problem, proposing a prototype for matching policies with security claims of mobile applications. This result can be considered a key step towards the achievement of the SxC main goal: provide a semantics for digital signatures on mobile code, thus being a step in the transition from trusted code to trustworthy code.