Extending security-by-contract with quantitative trust on mobile devices

CISIS 2010 - The 4th International Conference on Complex, Intelligent and Software Intensive Systems

Volumn , Issue , 2010, Pages 872-877

  Costa, Gabriele ^a   Dragoni, Nicola ^b   Lazouski, Aliaksandr ^a   Martinelli, Fabio ^c   Massacci, Fabio ^d   Matteucci, Ilaria ^c  

^a UNIVERSITY OF PISA   (Italy)

^b TECHNICAL UNIVERSITY OF DENMARK   (Denmark)

^c IIT CNR   (Italy)

^d UNIVERSITY OF TRENTO   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATIC MANAGEMENT; MOBILE APPLICATIONS; RUN-TIME CONFIGURATION; RUNTIME ENVIRONMENTS; SECURITY ASSURANCE; SECURITY POLICY; TRUST LEVEL; TRUST MANAGEMENT;

MOBILE DEVICES;

COMPUTER SOFTWARE;

EID: 77952682763     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CISIS.2010.33     Document Type: Conference Paper

References (19)

1. N. Dragoni, F. Martinelli, F. Massacci, P. Mori, C. Schaefer, T. Walter, and E. Vetillard, "Security-by-contract (SxC) for software and services of mobile systems," in At your service - Service-Oriented Computing from an EU Perspective. MIT Press, 2008.
2. L. Desmet, W. Joosen, F. Massacci, P. Philippaerts, F. Piessens, I. Siahaan, and D. Vanoverberghe, "Security-by-contract on the .net platform," vol. 13, no. 1. Oxford, UK, UK: Elsevier Advanced Technology Publications, 2008, pp. 25-32.
3. P. Greci, F. Martinelli, and I. Matteucci, "A framework for contract-policy matching based on symbolic simulations for securing mobile device application," in ISoLA, 2008, pp. 221-236.
4. A. Castrucci, F. Martinelli, P. Mori, and F. Roperti, "Enhancing java me security support with resource usage monitoring," in ICICS, 2008, pp. 256-266.
5. G. Costa, F. Martinelli, P. Mori, C. Schaefer, and T. Walter, "Runtime monitoring for next generation java me platform," Computers & Security, July 2009.
6. F. B. Schneider, K. Walsh, and E. G. Sirer, "Nexus authorization logic (nal): Design rationale and applications," Cornell Computing and Information Science Technical Report, Tech. Rep., 2009.
7. D. Fais, M. Colombo, and A. Lazouski, "An implementation of role-base trust management extended with weights on mobile devices," Electronic Notes in Theoretical Computer Science, vol. 244, pp. 53-65, 2009, proceedings of the 4th International Workshop on Security and Trust Management (STM 2008).
8. N. Li, J. C. Mitchell, and W. H. Winsborough, "Design of a role-based trust management framework," in Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 2002, pp. 114-130.
9. N. Dragoni, F. Massacci, and K. Naliuka, "Security-by-contract(SxC) for mobile systems- or how to download software on your mobile without regretting it." Position Papers for W3C Workshop on Security for Access to Device APIs from the Web, December 2008.
10. R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. C. DuVarney, "Model-carrying code: a practical approach for safe execution of untrusted applications," in SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles, 2003, pp. 15-28.
11. H. Koshutanski, F. Martinelli, P. Mori, L. Borz, and A. Vaccarelli, "A fine grained and x.509 based access control system for globus," in OTM. Springer, 2006, pp. 1336-1350.
12. M. Colombo, F. Martinelli, P. Mori, M. Petrocchi, and A. Vaccarelli, "Fine grained access control with trust and reputation management for globus," in OTM Conferences (2), 2007, pp. 1505-1515.
13. H. Koshutanski, A. Lazouski, F. Martinelli, and P. Mori, "Enhancing grid security by fine-grained behavioral control and negotiation-based authorization," Int. J. Inf. Sec., vol. 8, no. 4, pp. 291-314, 2009.
14. J. Liu and V. Issarny, "An incentive compatible reputation mechanism for ubiquitous computing environments," Int. J. Inf. Secur., vol. 6, no. 5, pp. 297-311, 2007.
15. L. Gong, "Java Security: Present and Near Future," IEEE Micro, vol. 17, no. 3, pp. 14-19, 1997.
16. L. Gong and G. Ellison, Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation. Pearson Education, 2003.
17. N. Dragoni, F. Massacci, T. Walter, and C. Schaefer, "What the heck is this application doing? - a security-by-contract architecture for pervasive services," to appear in Computers & Security, Elsevier.
18. G. C. Necula, "Proof-carrying code," in Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL '97), Jan. 1997, pp. 106-119.
19. R. Sekar, C. R. Ramakrishnan, I. V. Ramakrishnan, and S. A. Smolka, "Model-Carrying Code (MCC): a New Paradigm for Mobile-Code Security," in NSPW '01: Proceedings of the 2001 Workshop on New security paradigms. New York, NY, USA: ACM Press, 2001, pp. 23-30.