

Matching Policies with Security Claims of Mobile Applications

14 years 9 months ago
Matching Policies with Security Claims of Mobile Applications
The Security-by-Contract (S×C) framework has been recently proposed to address the trust relationship problem of the current security model adopted for mobile devices. The key idea of S×C (similar to the one of Model-Carrying Code) is to augment mobile code with a claim on its security behavior (a contract) that could be matched against a mobile platform policy before downloading the code. The rational is that, thanks to S×C, a digital signature does not just certify the origin of the code but also bind together the code with a contract. In this paper we address one of the key issue of the S×C paradigm, namely the contract-policy matching problem, proposing a prototype for matching policies with security claims of mobile applications. This result can be considered a key step towards the achievement of the S×C main goal: provide a semantics for digital signatures on mobile code, thus being a step in the transition from trusted code to trustworthy code.
Nataliia Bielova, Marco Dalla Torre, Nicola Dragon
Added 31 May 2010
Updated 31 May 2010
Type Conference
Year 2008
Authors Nataliia Bielova, Marco Dalla Torre, Nicola Dragoni, Ida Siahaan
Comments (0)