TY - JOUR
T1 - Extending Security-by-Contract with Quantitative Trust on Mobile Devices
AU - Costa, Gabriele
AU - Lazouski, Aliaksandr
AU - Martinelli, Fabio
AU - Matteucci, Ilaria
AU - Issarny, Valerie
AU - Saadi, Rachid
AU - Dragoni, Nicola
AU - Massacci, Fabio
PY - 2010
Y1 - 2010
N2 - Security-by-Contract (S×C) is a paradigm providing security assurances for mobile applications.
In this work, we present the an extension of S×C, called Security-by-Contract-with-Trust (S×C×T).
Indeed, we enrich the S×C architecture by integrating a trust model and adding new modules and
configurations for managing contracts. Indeed, at deploy-time, our system decides the run-time
configuration depending on the credentials of the contract provider. The run-time environment can
both enforce a security policy and monitor the declared contract. According to the actual behaviour
of the running program our architecture updates the trust level associated with the contract provider.
We also present a possible application of our framework in the scenario of a mobile application
marketplace, e.g., Apple AppStore, Cydia, Android Market, that, nowadays, are considered as one
of the most attractive e-commerce activity for both mobile application developers and industries
of mobile devices. Since the number of applications increases, Mobile Applications Marketplace
(MAMp) sets up recommendation systems that rank and highlight mobile applications by category,
social activity, etc.
The S×C×T framework we propose is applied in this scenario for providing security on customers’
mobile devices as well as help Mobile Applications Marketplaces to enhance their recommendation
systems with security feedback.
The main advantage of this method is an automatic management of the level of trust of software
and contract releasers and a unified way for dealing with both security and trust.
AB - Security-by-Contract (S×C) is a paradigm providing security assurances for mobile applications.
In this work, we present the an extension of S×C, called Security-by-Contract-with-Trust (S×C×T).
Indeed, we enrich the S×C architecture by integrating a trust model and adding new modules and
configurations for managing contracts. Indeed, at deploy-time, our system decides the run-time
configuration depending on the credentials of the contract provider. The run-time environment can
both enforce a security policy and monitor the declared contract. According to the actual behaviour
of the running program our architecture updates the trust level associated with the contract provider.
We also present a possible application of our framework in the scenario of a mobile application
marketplace, e.g., Apple AppStore, Cydia, Android Market, that, nowadays, are considered as one
of the most attractive e-commerce activity for both mobile application developers and industries
of mobile devices. Since the number of applications increases, Mobile Applications Marketplace
(MAMp) sets up recommendation systems that rank and highlight mobile applications by category,
social activity, etc.
The S×C×T framework we propose is applied in this scenario for providing security on customers’
mobile devices as well as help Mobile Applications Marketplaces to enhance their recommendation
systems with security feedback.
The main advantage of this method is an automatic management of the level of trust of software
and contract releasers and a unified way for dealing with both security and trust.
M3 - Journal article
SN - 2093-5374
VL - 1
SP - 75
EP - 91
JO - Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)
JF - Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)
IS - 4
ER -