Matching in security-by-contract for mobile code

N. Bielova; N. Dragoni; F. Massacci; K. Naliuka; I. Siahaan

doi:10.1016/j.jlap.2009.02.013

Matching in security-by-contract for mobile code

N. Bielova
, N. Dragoni
, F. Massacci
, K. Naliuka
, I. Siahaan

Research output: Contribution to Journal › Article › Academic › peer-review

Abstract

We propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the workflow for the deployment and execution of mobile code in the setting of security-by-contract, describe a structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue.We also describe the prototype for matching policies with security claims of mobile applications that we have currently implemented. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code. © 2009.

Original language	English
Pages (from-to)	340-358
Journal	Journal of Logic and Algebraic Programming
Volume	78
Issue number	5
DOIs	https://doi.org/10.1016/j.jlap.2009.02.013
Publication status	Published - May 2009
Externally published	Yes

Access to Document

10.1016/j.jlap.2009.02.013

Persistent URL (handle)

Persistent link

Cite this

@article{55e54cdf716c4087943db55961e73b21,

title = "Matching in security-by-contract for mobile code",

abstract = "We propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the workflow for the deployment and execution of mobile code in the setting of security-by-contract, describe a structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue.We also describe the prototype for matching policies with security claims of mobile applications that we have currently implemented. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code. {\textcopyright} 2009.",

author = "N. Bielova and N. Dragoni and F. Massacci and K. Naliuka and I. Siahaan",

year = "2009",

month = may,

doi = "10.1016/j.jlap.2009.02.013",

language = "English",

volume = "78",

pages = "340--358",

journal = "Journal of Logic and Algebraic Programming",

issn = "1567-8326",

publisher = "Elsevier Inc.",

number = "5",

}

TY - JOUR

T1 - Matching in security-by-contract for mobile code

AU - Bielova, N.

AU - Dragoni, N.

AU - Massacci, F.

AU - Naliuka, K.

AU - Siahaan, I.

PY - 2009/5

Y1 - 2009/5

N2 - We propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the workflow for the deployment and execution of mobile code in the setting of security-by-contract, describe a structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue.We also describe the prototype for matching policies with security claims of mobile applications that we have currently implemented. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code. © 2009.

AB - We propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the workflow for the deployment and execution of mobile code in the setting of security-by-contract, describe a structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue.We also describe the prototype for matching policies with security claims of mobile applications that we have currently implemented. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code. © 2009.

UR - https://www.scopus.com/pages/publications/67349233081

UR - https://www.scopus.com/pages/publications/67349233081#tab=citedBy

U2 - 10.1016/j.jlap.2009.02.013

DO - 10.1016/j.jlap.2009.02.013

M3 - Article

SN - 1567-8326

VL - 78

SP - 340

EP - 358

JO - Journal of Logic and Algebraic Programming

JF - Journal of Logic and Algebraic Programming

IS - 5

ER -

Matching in security-by-contract for mobile code

Abstract

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this