A Framework for Contract-Policy Matching Based on Symbolic Simulations for Securing Mobile Device Application
作者: Paolo Greci , Fabio Martinelli , Ilaria Matteucci
DOI: 10.1007/978-3-540-88479-8_16
关键词:
摘要: There is a growing interest on programming models based the notion of contract. In particular, in security realm one could imagine situation where either downloaded code or software service exposes their security-relevant behavior contract (that must to be fulfilled). Assuming have already mechanism ensure that program/service adheres contract, it just remains check matches with user policy. We refer this testing procedure as contract-policy matching.
springer.com
sci-hub.st 参考文章(13)
N. Dragoni, F. Massacci, K. Naliuka, I. Siahaan, Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code Public Key Infrastructure. pp. 297- 312 ,(2007) , 10.1007/978-3-540-73408-6_21
Robin Milner, Communicating and Mobile Systems: the Pi-Calculus ,(1999)
Anna Ingólfsdóttir, Huimin Lin, A Symbolic Approach to Value-Passing Processes Handbook of Process Algebra. pp. 427- 478 ,(2001) , 10.1016/B978-044482830-9/50025-4
Lieven Desmet, Wouter Joosen, Fabio Massacci, Pieter Philippaerts, Frank Piessens, Ida Siahaan, Dries Vanoverberghe, Security-by-contract on the .NET platform Information Security Technical Report. ,vol. 13, pp. 25- 32 ,(2008) , 10.1016/J.ISTR.2008.02.001
Úlfar Erlingsson, Fred B. Schneider, SASI enforcement of security policies: a retrospective new security paradigms workshop. pp. 87- 95 ,(1999) , 10.1145/335169.335201
Fred B. Schneider, Enforceable security policies ACM Transactions on Information and System Security. ,vol. 3, pp. 30- 50 ,(2000) , 10.1145/353323.353382
Fabio Martinell, Ilaria Matteucci, Through Modeling to Synthesis of Security Automata Electronic Notes in Theoretical Computer Science. ,vol. 179, pp. 31- 46 ,(2007) , 10.1016/J.ENTCS.2006.08.029
Ilaria Matteucci, Automated Synthesis of Enforcing Mechanisms for Security Properties in a Timed Setting Electronic Notes in Theoretical Computer Science. ,vol. 186, pp. 101- 120 ,(2007) , 10.1016/J.ENTCS.2007.03.025
Irem Aktug, Katsiaryna Naliuka, ConSpec -- A Formal Language for Policy Specification Electronic Notes in Theoretical Computer Science. ,vol. 197, pp. 45- 58 ,(2008) , 10.1016/J.ENTCS.2007.10.013
Fabio Martinelli, Ilaria Matteucci, An Approach for the Specification, Verification and Synthesis of Secure Systems Electronic Notes in Theoretical Computer Science. ,vol. 168, pp. 29- 43 ,(2007) , 10.1016/J.ENTCS.2006.12.003