论文信息 - A Framework for Contract-Policy Matching Based on Symbolic Simulations for Securing Mobile Device Application

A Framework for Contract-Policy Matching Based on Symbolic Simulations for Securing Mobile Device Application

There is a growing interest on programming models based on the notion of contract. In particular, in the security realm one could imagine the situation where either downloaded code or software service exposes their security-relevant behavior in a contract (that must to be fulfilled). Assuming to have already a mechanism to ensure that the program/service adheres to the contract, it just remains to check that the contract matches with the user security policy. We refer to this testing procedure as contract-policy matching.

Fabio Martinelli | Ilaria Matteucci | Paolo Greci

[1] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.

[2] Fabio Massacci,et al. Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code , 2007, EuroPKI.

[3] Anna Ingólfsdóttir,et al. A Symbolic Approach to Value-Passing Processes , 2001, Handbook of Process Algebra.

[4] Wouter Joosen,et al. Security-by-contract on the .NET platform , 2008, Inf. Secur. Tech. Rep..

[5] Matthew Hennessy,et al. Symbolic Bisimulations , 1995, Theor. Comput. Sci..

[6] Fabio Martinelli,et al. Through Modeling to Synthesis of Security Automata , 2007, STM.

[7] Ilaria Matteucci,et al. Automated Synthesis of Enforcing Mechanisms for Security Properties in a Timed Setting , 2007, ICS@SYNASC.

[8] Robin Milner,et al. Communicating and mobile systems - the Pi-calculus , 1999 .

[9] Katsiaryna Naliuka,et al. ConSpec - A Formal Language for Policy Specification , 2008, Electron. Notes Theor. Comput. Sci..

[10] Fabio Martinelli,et al. An Approach for the Specification, Verification and Synthesis of Secure Systems , 2007, VODCA@FOSAD.

[11] Úlfar Erlingsson,et al. SASI enforcement of security policies: a retrospective , 1999, NSPW '99.