Security-by-contract on the .NET platform
作者: Lieven Desmet , Wouter Joosen , Fabio Massacci , Pieter Philippaerts , Frank Piessens
DOI: 10.1016/J.ISTR.2008.02.001
关键词:
摘要: Over the last few years, success of GPS-enabled PDAs has finally instigated a breakthrough mobile devices. Many people now already have device that can connect to Internet and run untrusted code, typically cell-phone or PDA. Having such large interconnected powerful computing base presents some new security issues. In order counter threats, traditional architectures need be overhauled support more flexible way securely executing code. This article describes concept security-by-contract (SxC) its implementation on .NET platform. model allows users guarantee an application remains within boundaries acceptable behavior, as defined by user herself. A number different techniques will presented employed enforce this behavior. SxC paradigm, steps introduced in development process. addition building application, developers create contract bind application. The deployment process supports legacy applications developed without contracts, but it advanced enforcement technologies for those are SxC-aware.
core.ac.uk
kuleuven.be
acm.org
elsevier.com
sci-hub.se 参考文章(13)
Lieven Desmet, Wouter Joosen, Fabio Massacci, Katsiaryna Naliuka, Pieter Philippaerts, Frank Piessens, Dries Vanoverberghe, A flexible security architecture to support third-party applications on mobile devices workshop on computer security architecture. pp. 19- 28 ,(2007) , 10.1145/1314466.1314470
George C. Necula, Proof-carrying code symposium on principles of programming languages. pp. 106- 119 ,(1997) , 10.1145/263699.263712
George C. Necula, Peter Lee, The design and implementation of a certifying compiler programming language design and implementation. ,vol. 33, pp. 333- 344 ,(1998) , 10.1145/277650.277752
Dries Vanoverberghe, Frank Piessens, Security enforcement aware software development Information & Software Technology. ,vol. 51, pp. 1172- 1185 ,(2009) , 10.1016/J.INFSOF.2008.01.009
Irem Aktug, Katsiaryna Naliuka, ConSpec – A formal language for policy specification Science of Computer Programming. ,vol. 74, pp. 2- 12 ,(2008) , 10.1016/J.SCICO.2008.09.004
Úlfar Erlingsson, Fred B. Schneider, The inlined reference monitor approach to security policy enforcement Cornell University. ,(2004)
Lujo Bauer, Jay Ligatti, David Walker, Composing security policies with polymer programming language design and implementation. ,vol. 40, pp. 305- 314 ,(2005) , 10.1145/1064978.1065047
U. Erlingsson, F.B. Schneider, IRM enforcement of Java stack inspection ieee symposium on security and privacy. pp. 246- 255 ,(2000) , 10.1109/SECPRI.2000.848461
R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar, Daniel C. DuVarney, Model-carrying code: a practical approach for safe execution of untrusted applications symposium on operating systems principles. ,vol. 37, pp. 15- 28 ,(2003) , 10.1145/1165389.945448
Kevin W. Hamlen, Greg Morrisett, Fred B. Schneider, Certified In-lined Reference Monitoring on .NET Proceedings of the 2006 workshop on Programming languages and analysis for security - PLAS '06. pp. 7- 16 ,(2006) , 10.1145/1134744.1134748