Title :
Matching Policies with Security Claims of Mobile Applications
Author :
Bielova, Nataliia ; Torre, Marco Dalla ; Dragoni, Nicola ; Siahaan, Ida
Author_Institution :
Univ. of Trento, Trento
Abstract :
The security-by-contract (SxC) framework has been recently proposed to address the trust relationship problem of the current security model adopted for mobile devices. The key idea of SxC (similar to the one of model-carrying code) is to augment mobile code with a claim on its security behavior (a contract,) that could be matched against a mobile platform policy before downloading the code. The rational is that, thanks to SxC, a digital signature does not just certify the origin of the code but also bind together the code with a contract. In this paper we address one of the key issue of the SxC paradigm, namely the contract-policy matching problem, proposing a prototype for matching policies with security claims of mobile applications. This result can be considered a key step towards the achievement of the SxC main goal: provide a semantics for digital signatures on mobile code, thus being a step in the transition from trusted code to trustworthy code.
Keywords :
codes; digital signatures; mobile computing; security of data; augment mobile code; digital signatures; model-carrying code; security-by-contract; Access protocols; Application software; Availability; Contracts; Digital signatures; Mobile handsets; Prototypes; Security; automata modulo theory; contract-policy matching; security for mobile code; security-by-contract;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.96
