Towards practical security monitors of UML policies for mobile applications

F. Massacci; K. Naliuka

doi:10.1109/ARES.2008.191

Towards practical security monitors of UML policies for mobile applications

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

There is increasing demand for running interacting applications in a secure and controllable way on mobile devices. Such demand is not fully supported by the Java/.NET security model based on trust domains nor by current security monitors or language-based security approaches. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two. © 2008 IEEE.

Original language	English
Title of host publication	ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings
Pages	1112-1119
DOIs	https://doi.org/10.1109/ARES.2008.191
Publication status	Published - 2008
Externally published	Yes
Event	3rd International Conference on Availability, Security, and Reliability, ARES 2008 - , Spain Duration: 4 Mar 2008 → 7 Mar 2008

Publication series

Name	ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

Conference

Conference	3rd International Conference on Availability, Security, and Reliability, ARES 2008
Country/Territory	Spain
Period	4/03/08 → 7/03/08

Access to Document

10.1109/ARES.2008.191

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{61648b0dc98f4c98b93f954fe5debbcb,

title = "Towards practical security monitors of UML policies for mobile applications",

abstract = "There is increasing demand for running interacting applications in a secure and controllable way on mobile devices. Such demand is not fully supported by the Java/.NET security model based on trust domains nor by current security monitors or language-based security approaches. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two. {\textcopyright} 2008 IEEE.",

author = "F. Massacci and K. Naliuka",

year = "2008",

doi = "10.1109/ARES.2008.191",

language = "English",

series = "ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings",

pages = "1112--1119",

booktitle = "ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings",

note = "3rd International Conference on Availability, Security, and Reliability, ARES 2008 ; Conference date: 04-03-2008 Through 07-03-2008",

}

Massacci, F & Naliuka, K 2008, Towards practical security monitors of UML policies for mobile applications. in ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings. ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings, pp. 1112-1119, 3rd International Conference on Availability, Security, and Reliability, ARES 2008, Spain, 4/03/08. https://doi.org/10.1109/ARES.2008.191

Towards practical security monitors of UML policies for mobile applications. / Massacci, F.; Naliuka, K.
ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings. 2008. p. 1112-1119 (ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Towards practical security monitors of UML policies for mobile applications

AU - Massacci, F.

AU - Naliuka, K.

PY - 2008

Y1 - 2008

N2 - There is increasing demand for running interacting applications in a secure and controllable way on mobile devices. Such demand is not fully supported by the Java/.NET security model based on trust domains nor by current security monitors or language-based security approaches. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two. © 2008 IEEE.

AB - There is increasing demand for running interacting applications in a secure and controllable way on mobile devices. Such demand is not fully supported by the Java/.NET security model based on trust domains nor by current security monitors or language-based security approaches. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two. © 2008 IEEE.

U2 - 10.1109/ARES.2008.191

DO - 10.1109/ARES.2008.191

M3 - Conference contribution

T3 - ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

SP - 1112

EP - 1119

BT - ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

T2 - 3rd International Conference on Availability, Security, and Reliability, ARES 2008

Y2 - 4 March 2008 through 7 March 2008

ER -

Towards practical security monitors of UML policies for mobile applications

Abstract

Publication series

Conference

Access to Document

Persistent URL (handle)

Fingerprint

Cite this