Security-by-contract: toward a semantics for digital signatures on mobile code

Authors:
N. Dragoni;F. Massacci;K. Naliuka;I. Siahaan
Affiliations:
Department of Information and Communication Technologies, University of Trento, Italy;Department of Information and Communication Technologies, University of Trento, Italy;Department of Information and Communication Technologies, University of Trento, Italy;Department of Information and Communication Technologies, University of Trento, Italy
Venue:
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Year:
2007

Citing 14
Cited 18

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model-Carrying Code (MCC): a new paradigm for mobile-code security

Proceedings of the 2001 workshop on New security paradigms
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation

Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Managing System and Active-Content Integrity

Computer
Java Security: Present and Near Future

IEEE Micro
Fair Simulation Relations, Parity Games, and State Space Reduction for Büchi Automata

ICALP '01 Proceedings of the 28th International Colloquium on Automata, Languages and Programming,
Small Progress Measures for Solving Parity Games

STACS '00 Proceedings of the 17th Annual Symposium on Theoretical Aspects of Computer Science
Fair Simulation

CONCUR '97 Proceedings of the 8th International Conference on Concurrency Theory
A Hierarchy of Polynomial-Time Computable Simulations for Automata

CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Checking for Language Inclusion Using Simulation Preorders

CAV '91 Proceedings of the 3rd International Workshop on Computer Aided Verification
A Decision Algorithm for Full Propositional Temporal Logic

CAV '93 Proceedings of the 5th International Conference on Computer Aided Verification
Model-carrying code: a practical approach for safe execution of untrusted applications

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The design and implementation of a certifying compiler

ACM SIGPLAN Notices - Best of PLDI 1979-1999
Efficient monitoring of safety properties

International Journal on Software Tools for Technology Transfer (STTT) - Special section on tools and algorithms for the construction and analysis of systems

Security-by-contract for web services

Proceedings of the 2007 ACM workshop on Secure web services
ConSpec -- A Formal Language for Policy Specification

Electronic Notes in Theoretical Computer Science (ENTCS)
Simulating midlet's security claims with automata modulo theory

Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
ConSpec – A formal language for policy specification

Science of Computer Programming
Security-By-Contract for the Future Internet

Future Internet --- FIS 2008
Do You Really Mean What You Actually Enforced?

Formal Aspects in Security and Trust
A self-protecting and self-healing framework for negotiating services and trust in autonomic communication systems

Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward Trustworthy Web Services - Approaches, Weaknesses and Trust-By-Contract Framework

WI-IAT '09 Proceedings of the 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology - Volume 03
Provably correct inline monitoring for multithreaded Java-like programs

Journal of Computer Security - EU-Funded ICT Research on Trust and Security
On-device control flow verification for Java programs

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Software assumptions failure tolerance: role, strategies, and visions

Architecting dependable systems VII
Can we support applications' evolution in multi-application smart cards by security-by-contract?

WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Load time security verification

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
SC2: secure communication over smart cards how to secure off-card matching in security-by-contract for open multi-application smart cards

FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Java card architecture for autonomous yet secure evolution of smart cards applications

NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Dependability in dynamic, evolving and heterogeneous systems: the connect approach

Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
Transforming commodity security policies to enforce Clark-Wilson integrity

Proceedings of the 28th Annual Computer Security Applications Conference
Using security policies to automate placement of network intrusion prevention

ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the overall lifecycle of mobile code in the setting of security-by-contract, describe a tentative structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code.