What the heck is this application doing? - A security-by-contract architecture for pervasive services

N. Dragoni; F. Massacci; T. Walter; C. Schaefer

doi:10.1016/j.cose.2009.06.005

What the heck is this application doing? - A security-by-contract architecture for pervasive services

N. Dragoni, F. Massacci, T. Walter, C. Schaefer

Research output: Contribution to Journal › Article › Academic › peer-review

Abstract

Future pervasive environments are characterized by non-fixed architectures made of users and ubiquitous computers. They will be shaped by pervasive client downloads, i.e. new (untrusted) applications will be dynamically downloaded to make a better use of the computational power available in the ubiquitous computing environment. To address the challenges of this paradigm we propose the notion of security-by-contract (S × C), as in programming-by-contract, based on the notion of a mobile contract that a pervasive download carries with itself. It describes the relevant security features of the application and the relevant security interactions with its computing environment. The contract can be used to check it against the device policy for compliance. In this paper we describe the S × C concepts, the S × C architecture and implementation and sketch some interaction modalities of the S × C paradigm. © 2009 Elsevier Ltd. All rights reserved.

Original language	English
Pages (from-to)	566-577
Journal	Computers and Security
Volume	28
Issue number	7
DOIs	https://doi.org/10.1016/j.cose.2009.06.005
Publication status	Published - Oct 2009
Externally published	Yes

Access to Document

10.1016/j.cose.2009.06.005

Persistent URL (handle)

Persistent link

Cite this

@article{3f77891f6d7d4c5da1026393678556a4,

title = "What the heck is this application doing? - A security-by-contract architecture for pervasive services",

abstract = "Future pervasive environments are characterized by non-fixed architectures made of users and ubiquitous computers. They will be shaped by pervasive client downloads, i.e. new (untrusted) applications will be dynamically downloaded to make a better use of the computational power available in the ubiquitous computing environment. To address the challenges of this paradigm we propose the notion of security-by-contract (S × C), as in programming-by-contract, based on the notion of a mobile contract that a pervasive download carries with itself. It describes the relevant security features of the application and the relevant security interactions with its computing environment. The contract can be used to check it against the device policy for compliance. In this paper we describe the S × C concepts, the S × C architecture and implementation and sketch some interaction modalities of the S × C paradigm. {\textcopyright} 2009 Elsevier Ltd. All rights reserved.",

author = "N. Dragoni and F. Massacci and T. Walter and C. Schaefer",

year = "2009",

month = oct,

doi = "10.1016/j.cose.2009.06.005",

language = "English",

volume = "28",

pages = "566--577",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "Elsevier Ltd",

number = "7",

}

TY - JOUR

T1 - What the heck is this application doing? - A security-by-contract architecture for pervasive services

AU - Dragoni, N.

AU - Massacci, F.

AU - Walter, T.

AU - Schaefer, C.

PY - 2009/10

Y1 - 2009/10

N2 - Future pervasive environments are characterized by non-fixed architectures made of users and ubiquitous computers. They will be shaped by pervasive client downloads, i.e. new (untrusted) applications will be dynamically downloaded to make a better use of the computational power available in the ubiquitous computing environment. To address the challenges of this paradigm we propose the notion of security-by-contract (S × C), as in programming-by-contract, based on the notion of a mobile contract that a pervasive download carries with itself. It describes the relevant security features of the application and the relevant security interactions with its computing environment. The contract can be used to check it against the device policy for compliance. In this paper we describe the S × C concepts, the S × C architecture and implementation and sketch some interaction modalities of the S × C paradigm. © 2009 Elsevier Ltd. All rights reserved.

AB - Future pervasive environments are characterized by non-fixed architectures made of users and ubiquitous computers. They will be shaped by pervasive client downloads, i.e. new (untrusted) applications will be dynamically downloaded to make a better use of the computational power available in the ubiquitous computing environment. To address the challenges of this paradigm we propose the notion of security-by-contract (S × C), as in programming-by-contract, based on the notion of a mobile contract that a pervasive download carries with itself. It describes the relevant security features of the application and the relevant security interactions with its computing environment. The contract can be used to check it against the device policy for compliance. In this paper we describe the S × C concepts, the S × C architecture and implementation and sketch some interaction modalities of the S × C paradigm. © 2009 Elsevier Ltd. All rights reserved.

UR - https://www.scopus.com/pages/publications/70349452100

UR - https://www.scopus.com/inward/citedby.url?scp=70349452100&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2009.06.005

DO - 10.1016/j.cose.2009.06.005

M3 - Article

SN - 0167-4048

VL - 28

SP - 566

EP - 577

JO - Computers and Security

JF - Computers and Security

IS - 7

ER -

What the heck is this application doing? - A security-by-contract architecture for pervasive services

Abstract

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this