Memory-efficient algorithms for the verification of temporal properties
Formal Methods in System Design - Special issue on computer-aided verification: general methods
Theoretical Computer Science
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
SAFKASI: a security mechanism for language-based systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Smart Card Security and Applications, Second Edition
Smart Card Security and Applications, Second Edition
.NET framework security
Writing Secure Code
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
The Ins and Outs of IT Outsourcing
IT Professional
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
History-Dependent Automata
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A model-checking verification environment for mobile processes
ACM Transactions on Software Engineering and Methodology (TOSEM)
Finite state machines for strings over infinite alphabets
ACM Transactions on Computational Logic (TOCL)
Online testing with model programs
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
A flexible security architecture to support third-party applications on mobile devices
Proceedings of the 2007 ACM workshop on Computer security architecture
Execution monitoring enforcement under memory-limitation constraints
Information and Computation
Security-by-contract on the .NET platform
Information Security Tech. Report
Matching Policies with Security Claims of Mobile Applications
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Simulating midlet's security claims with automata modulo theory
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
A Caller-Side Inline Reference Monitor for an Object-Oriented Intermediate Language
FMOODS '08 Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Security enforcement aware software development
Information and Software Technology
Security-by-contract: toward a semantics for digital signatures on mobile code
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
| Hi-index | 0.00 |
With the advent of the next generation java servlet on the smartcard, the Future Internet will be composed by web servers and clients silently yet busily running on high end smart cards in our phones and our wallets. In this brave new world we can no longer accept the current security model where programs can be downloaded on our machines just because they are vaguely "trusted". We want to know what they do in more precise details. We claim that the Future Internet needs the notion of security-by-contract : In a nutshell, a contract describes the security relevant interactions that the smart internet application could have with the smart devices hosting them. Compliance with contracts should verified at development time, checked at depolyment time and contracts should be accepted by the platform before deployment and possibly their enforcement guaranteed, for instance by in-line monitoring. In this paper we describe the challenges that must be met in order to develop a security-by-contract framework for the Future Internet and how security research can be changed by it.