Security-by-Contract-with-Trust for Mobile Devices

Abstract : Security-by-Contract (S×C) is a paradigm providing security assurances for mobile applications. In this work, we present the an extension of S×C, called Security-by-Contract-with-Trust (S×C×T). Indeed, we enrich the S×C architecture by integrating a trust model and adding new modules and configurations for managing contracts. Indeed, at deploy-time, our system decides the run-time configuration depending on the credentials of the contract provider. The run-time environment can both enforce a security policy and monitor the declared contract. According to the actual behaviour of the running program our architecture updates the trust level associated with the contract provider. We also present a possible application of our framework in the scenario of a mobile application marketplace, e.g., Apple AppStore, Cydia, Android Market, that, nowadays, are considered as one of the most attractive e-commerce activity for both mobile application developers and industries of mobile devices. Since the number of applications increases, Mobile Applications Marketplace (MAMp) sets up recommendation systems that rank and highlight mobile applications by category, social activity, etc. The S×C×T framework we propose is applied in this scenario for providing security on cus- tomers' mobile devices as well as help Mobile Applications Marketplaces to enhance their recommendation systems with security feedback. The main advantage of this method is an automatic management of the level of trust of software and contract releasers and a unified way for dealing with both security and trust.
Type de document :
Article dans une revue
Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications (JoWUA), (JoWUA), 2010, 1 (4), pp.75-91
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00549662
Contributeur : Rachid Saadi <>
Soumis le : mercredi 12 janvier 2011 - 07:00:10
Dernière modification le : mercredi 29 novembre 2017 - 15:06:57
Document(s) archivé(s) le : lundi 5 novembre 2012 - 16:16:26

Fichier

37-115-1-PB.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00549662, version 1

Collections

Citation

Gabriele Costa, Aliaksandr Lazouski, Fabio Martinelli, Ilaria Matteucci, Valérie Issarny, et al.. Security-by-Contract-with-Trust for Mobile Devices. Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications (JoWUA), (JoWUA), 2010, 1 (4), pp.75-91. 〈inria-00549662〉

Partager

Métriques

Consultations de la notice

300

Téléchargements de fichiers

274