TY - GEN
T1 - Security-by-contract for the future internet
AU - Massacci, F.
AU - Piessens, F.
AU - Siahaan, I.
PY - 2009
Y1 - 2009
N2 - With the advent of the next generation java servlet on the smartcard, the Future Internet will be composed by web servers and clients silently yet busily running on high end smart cards in our phones and our wallets. In this brave new world we can no longer accept the current security model where programs can be downloaded on our machines just because they are vaguely "trusted". We want to know what they do in more precise details.We claim that the Future Internet needs the notion of security-by-contract:In a nutshell, a contract describes the security relevant interactions that the smart internet application could have with the smart devices hosting them. Compliance with contracts should verified at development time, checked at depolyment time and contracts should be accepted by the platform before deployment and possibly their enforcement guaranteed, for instance by in-line monitoring.In this paper we describe the challenges that must be met in order to develop a security-by-contract framework for the Future Internet and how security research can be changed by it.© Springer-Verlag Berlin Heidelberg 2009.
AB - With the advent of the next generation java servlet on the smartcard, the Future Internet will be composed by web servers and clients silently yet busily running on high end smart cards in our phones and our wallets. In this brave new world we can no longer accept the current security model where programs can be downloaded on our machines just because they are vaguely "trusted". We want to know what they do in more precise details.We claim that the Future Internet needs the notion of security-by-contract:In a nutshell, a contract describes the security relevant interactions that the smart internet application could have with the smart devices hosting them. Compliance with contracts should verified at development time, checked at depolyment time and contracts should be accepted by the platform before deployment and possibly their enforcement guaranteed, for instance by in-line monitoring.In this paper we describe the challenges that must be met in order to develop a security-by-contract framework for the Future Internet and how security research can be changed by it.© Springer-Verlag Berlin Heidelberg 2009.
U2 - 10.1007/978-3-642-00985-3_3
DO - 10.1007/978-3-642-00985-3_3
M3 - Conference contribution
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 29
EP - 43
BT - Future Internet - FIS 2008 - First Future Internet Symposium, FIS 2008, Revised Selected Papers
T2 - 1st Future Internet Symposium, FIS 2008
Y2 - 29 September 2008 through 30 September 2008
ER -