Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model-Carrying Code (MCC): a new paradigm for mobile-code security
Proceedings of the 2001 workshop on New security paradigms
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Java Security: Present and Near Future
IEEE Micro
Fair Simulation Relations, Parity Games, and State Space Reduction for Büchi Automata
ICALP '01 Proceedings of the 28th International Colloquium on Automata, Languages and Programming,
Small Progress Measures for Solving Parity Games
STACS '00 Proceedings of the 17th Annual Symposium on Theoretical Aspects of Computer Science
CONCUR '97 Proceedings of the 8th International Conference on Concurrency Theory
A Hierarchy of Polynomial-Time Computable Simulations for Automata
CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Checking for Language Inclusion Using Simulation Preorders
CAV '91 Proceedings of the 3rd International Workshop on Computer Aided Verification
A Decision Algorithm for Full Propositional Temporal Logic
CAV '93 Proceedings of the 5th International Conference on Computer Aided Verification
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The design and implementation of a certifying compiler
ACM SIGPLAN Notices - Best of PLDI 1979-1999
Efficient monitoring of safety properties
International Journal on Software Tools for Technology Transfer (STTT) - Special section on tools and algorithms for the construction and analysis of systems
Security-by-contract for web services
Proceedings of the 2007 ACM workshop on Secure web services
ConSpec -- A Formal Language for Policy Specification
Electronic Notes in Theoretical Computer Science (ENTCS)
Simulating midlet's security claims with automata modulo theory
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
ConSpec – A formal language for policy specification
Science of Computer Programming
Security-By-Contract for the Future Internet
Future Internet --- FIS 2008
Do You Really Mean What You Actually Enforced?
Formal Aspects in Security and Trust
Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward Trustworthy Web Services - Approaches, Weaknesses and Trust-By-Contract Framework
WI-IAT '09 Proceedings of the 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology - Volume 03
Provably correct inline monitoring for multithreaded Java-like programs
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
On-device control flow verification for Java programs
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Software assumptions failure tolerance: role, strategies, and visions
Architecting dependable systems VII
Can we support applications' evolution in multi-application smart cards by security-by-contract?
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Load time security verification
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Java card architecture for autonomous yet secure evolution of smart cards applications
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Dependability in dynamic, evolving and heterogeneous systems: the connect approach
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Using security policies to automate placement of network intrusion prevention
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
In this paper we propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the overall lifecycle of mobile code in the setting of security-by-contract, describe a tentative structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code.