Matching in security-by-contract for mobile code

N. Bielova, N. Dragoni, F. Massacci, K. Naliuka, I. Siahaan

Research output: Contribution to JournalArticleAcademicpeer-review

Abstract

We propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the workflow for the deployment and execution of mobile code in the setting of security-by-contract, describe a structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue.We also describe the prototype for matching policies with security claims of mobile applications that we have currently implemented. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code. © 2009.
Original languageEnglish
Pages (from-to)340-358
JournalJournal of Logic and Algebraic Programming
Volume78
Issue number5
DOIs
Publication statusPublished - May 2009
Externally publishedYes

Fingerprint

Dive into the research topics of 'Matching in security-by-contract for mobile code'. Together they form a unique fingerprint.

Cite this