Matching Policies with Security Claims of Mobile Applications

Author

Bielova, Nataliia ; Torre, Marco Dalla ; Dragoni, Nicola ; Siahaan, Ida

Author_Institution

Univ. of Trento, Trento

fYear

2008

Firstpage

128

Lastpage

135

Abstract

The security-by-contract (SxC) framework has been recently proposed to address the trust relationship problem of the current security model adopted for mobile devices. The key idea of SxC (similar to the one of model-carrying code) is to augment mobile code with a claim on its security behavior (a contract,) that could be matched against a mobile platform policy before downloading the code. The rational is that, thanks to SxC, a digital signature does not just certify the origin of the code but also bind together the code with a contract. In this paper we address one of the key issue of the SxC paradigm, namely the contract-policy matching problem, proposing a prototype for matching policies with security claims of mobile applications. This result can be considered a key step towards the achievement of the SxC main goal: provide a semantics for digital signatures on mobile code, thus being a step in the transition from trusted code to trustworthy code.

Keywords

codes; digital signatures; mobile computing; security of data; augment mobile code; digital signatures; model-carrying code; security-by-contract; Access protocols; Application software; Availability; Contracts; Digital signatures; Mobile handsets; Prototypes; Security; automata modulo theory; contract-policy matching; security for mobile code; security-by-contract;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2008. ARES 08. Third International Conference on

Conference_Location

Barcelona

Print_ISBN

978-0-7695-3102-1

Type

conf

DOI

10.1109/ARES.2008.96

Filename

4529330