论文信息 - A flexible security architecture to support third-party applications on mobile devices

A flexible security architecture to support third-party applications on mobile devices

The problem of supporting the secure execution of potentially malicious third-party applications has received a considerable amount of attention in the past decade. In this paper we describe a security architecture for mobile devices that supports the flexible integration of a variety of advanced technologies for such secure execution of applications, including run-time monitoring, static verification and proof-carrying code. The architecture also supports the execution of legacy applications that have not been developed to take advantage of our architecture, though it can provide better performance and additional services for applications that are architecture-aware.The proposed architecture has been implemented on a Windows Mobile device with the .NET Compact Framework. It offers a substantial security benefit compared to the standard (state-of-practice) security architecture of such devices, even for legacy applications.

[1] Fabio Massacci,et al. Multi-session Security Monitoring for Mobile Code , 2006 .

[2] Kevin W. Hamlen,et al. Certified In-lined Reference Monitoring on .NET , 2006, PLAS '06.

[3] Daniel C. DuVarney,et al. Model-carrying code: a practical approach for safe execution of untrusted applications , 2003, SOSP '03.

[4] George C. Necula,et al. The design and implementation of a certifying compiler , 1998, PLDI.

[5] David E. Evans,et al. Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[6] Úlfar Erlingsson,et al. The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .

[7] Úlfar Erlingsson,et al. IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.

[9] David Walker,et al. A type system for expressive security policies , 2000, POPL '00.

[10] Katsiaryna Naliuka,et al. ConSpec - A Formal Language for Policy Specification , 2008, Electron. Notes Theor. Comput. Sci..

[11] Lujo Bauer,et al. Composing security policies with polymer , 2005, PLDI '05.

[12] Paul Clements,et al. ATAM: Method for Architecture Evaluation , 2000 .