Matching in security-by-contract for mobile code
| Autor: | Katsiaryna Naliuka, Fabio Massacci, Nataliia Bielova, Nicola Dragoni, Ida Siahaan |
|---|---|
| Rok vydání: | 2009 |
| Předmět: |
Run-time monitor
Source code Logic Semantics (computer science) Computer science media_common.quotation_subject Mobile computing Code Access Security Computer security computer.software_genre Theoretical Computer Science Security-by-contract Mobile code Computational Theory and Mathematics Digital signature Security Code (cryptography) Key (cryptography) Mobile agent computer Software media_common |
| Zdroj: | The Journal of Logic and Algebraic Programming. 78:340-358 |
| ISSN: | 1567-8326 |
| DOI: | 10.1016/j.jlap.2009.02.013 |
| Popis: | We propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract.We provide a description of the workflow for the deployment and execution of mobile code in the setting of security-by-contract, describe a structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue.We also describe the prototype for matching policies with security claims of mobile applications that we have currently implemented.We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect