Extending Security-by-Contract with Quantitative Trust on Mobile Devices

Søgeord

DTU Informatics

Technical University of Denmark

Technical University of Denmark

Education

MSc degree programme

DTU Informatics bookshop

Research

Algorithms and Logic

Cognitive Systems

Dynamical Systems

Image Analysis & Computer Graphics

Language-Based Technology

Mathematical Statistics

Scientific Computing

Software Engineering

Research centers

Industrial collaboration

Industrial collaboration

Public sector consultancy

Advanced Technology Foundation Projects

Continuing education

Model-based Software Engineering Center

Software Development Center

Statistical Consulting Center

About DTU Informatics

About DTU Informatics

Facts about DTU Informatics

Getting to DTU Informatics

Information material

Find the expert

Alumni association (in Danish)

News

News Archive at DTU Informatics

Calendar at DTU Informatics

	Research areas

	Algorithms and Logic

	Cognitive Systems

	Data Analysis

	Dynamical Systems

	Embedded Systems Engineering


	People
	Projects
	Publications
	Research
	Teaching

	Image Analysis & Computer Graphics

	Language-Based Technology

	Mathematical Statistics

	Scientific Computing

	Software Engineering

	Research centers

	Publications

Title:

Extending Security-by-Contract with Quantitative Trust on Mobile Devices

Type:

Journal articleJournal article

Participant(s):

Forfatter: Costa, Gabriele

Technical University of Denmark

Forfatter: Lazouski, Aliaksandr

Technical University of Denmark

Forfatter: Martinelli, Fabio

Technical University of Denmark

Forfatter: Matteucci, Ilaria

Technical University of Denmark

Forfatter: Issarny, Valerie

Technical University of Denmark

Forfatter: Saadi, Rachid

Technical University of Denmark

Author: Dragoni, Nicola (Cwisno: 53257)

Technical University of Denmark

Email:

Forfatter: Massacci, Fabio

Technical University of Denmark

Abstract:

Security-by-Contract (S×C) is a paradigm providing security assurances for mobile applications. In this work, we present the an extension of S×C, called Security-by-Contract-with-Trust (S×C×T). Indeed, we enrich the S×C architecture by integrating a trust model and adding new modules and configurations for managing contracts. Indeed, at deploy-time, our system decides the run-time configuration depending on the credentials of the contract provider. The run-time environment can both enforce a security policy and monitor the declared contract. According to the actual behaviour of the running program our architecture updates the trust level associated with the contract provider. We also present a possible application of our framework in the scenario of a mobile application marketplace, e.g., Apple AppStore, Cydia, Android Market, that, nowadays, are considered as one of the most attractive e-commerce activity for both mobile application developers and industries of mobile devices. Since the number of applications increases, Mobile Applications Marketplace (MAMp) sets up recommendation systems that rank and highlight mobile applications by category, social activity, etc. The S×C×T framework we propose is applied in this scenario for providing security on customers’ mobile devices as well as help Mobile Applications Marketplaces to enhance their recommendation systems with security feedback. The main advantage of this method is an automatic management of the level of trust of software and contract releasers and a unified way for dealing with both security and trust.

Published:

in journal: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (ISSN: 2093-5374), vol: 1, issue: 4, pages: 75-91, 2010

See the publication in DTU Orbit

See the publication in DTU Orbit

Matematiktorvet

DTU - Building 303B

DK-2800 Kgs. Lyngby

Tel +45 4525 3031

EAN 5798000428515