Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code

  • Conference paper
Public Key Infrastructure (EuroPKI 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4582))

Included in the following conference series:

Abstract

In this paper we propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the overall life-cycle of mobile code in the setting of security-by-contract, describe a tentative structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code.

Research partly supported by the project EU-IST-STREP-S3MS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Building bug-free O-O software: An introduction to Design by Contract(TM). Availabe at http://archive.eiffel.com/doc/manuals/technology/contract/

  2. Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (2000)

    Google Scholar 

  3. Dill, D.L., Hu, A.J., Wong-Toi, H.: Checking for Language Inclusion Using Simulation Relations. In: Larsen, K.G., Skou, A. (eds.) CAV 1991. LNCS, vol. 575, pp. 329–341. Springer, Heidelberg (1992)

    Google Scholar 

  4. Etessami, K.: A hierarchy of polynomial-time computable simulations for automata. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 131–144. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Etessami, K., Wilke, T., Schuller, R.: Fair Simulation Relations, Parity Games, and State Space Reduction for Buchi Automata. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 694–707. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Gong, L.: Java Security: Present and Near Future. IEEE Micro 17(3), 14–19 (1997)

    Article  Google Scholar 

  7. Gong, L., Ellison, G.: Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation. Pearson Education (2003)

    Google Scholar 

  8. Havelund, K., Rosu, G.: Efficient monitoring of safety properties. Software Tools for Tech. Transfer (2004)

    Google Scholar 

  9. Henzinger, T., Kupferman, O., Rajamani, S.: Fair Simulation. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 273–287. Springer, Heidelberg (1997)

    Google Scholar 

  10. Jurdzinski, M.: Small Progress Measures for Solving Parity Games. In: Reichel, H., Tison, S. (eds.) STACS 2000. LNCS, vol. 1770, pp. 290–301. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. Kesten, Y., Manna, Z., McGuire, H., Pnueli, A.: A decision algorithm for full propositional temporal logic. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 97–109. Springer, Heidelberg (1993)

    Google Scholar 

  12. Michener, J.R., Acar, T.: Managing System and Active-Content Integrity. IEEE Computer 33(7), 108–110 (2000)

    Google Scholar 

  13. Moses, T.: eXtensible Access Control Markup Language (XACML) version 1.0. Technical report, OASIS (2003)

    Google Scholar 

  14. Necula, G.C.: Proof-Carrying Code. In: POPL 1997: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, New York, NY, USA, 1997, pp. 106–119. ACM Press, New York (1997)

    Chapter  Google Scholar 

  15. Necula, G.C., Lee, P.: The Design and Implementation of a Certifying Compiler. SIGPLAN Not. 39(4), 612–625 (2004)

    Article  Google Scholar 

  16. Sekar, R., Ramakrishnan, C.R., Ramakrishnan, I.V., Smolka, S.A.: Model-Carrying Code (MCC): a New Paradigm for Mobile-Code Security. In: NSPW 2001: Proceedings of the 2001 Workshop on New security paradigms, New York, NY, USA, 2001, pp. 23–30. ACM Press, New York (2001)

    Chapter  Google Scholar 

  17. Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-Carrying Code: a Practical Approach for Safe Execution of Untrusted Applications. ACM SIGOPS Operating Systems Review 37(5), 15–28 (2003)

    Article  Google Scholar 

  18. Le Sommer, N.: Towards Dynamic Resource Contractualisation for Software Components. In: Emmerich, W., Wolf, A.L. (eds.) CD 2004. LNCS, vol. 3083, pp. 129–143. Springer, Heidelberg (2004)

    Google Scholar 

  19. Wallach, D.S., Felten, E.W.: Understanding Java Stack Inspection. In: IEEE Symposium on Security and Privacy (1998)

    Google Scholar 

  20. Zobel, A., Simoni, C., Piazza, D., Nuez, X., Rodriguez, D.: Business case and security requirements. Public Deliverable D5.1.1, EU Project S3MS (October 2006), Report available at http://www.s3ms.org

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication Technologies, University of Trento, Italy

    N. Dragoni, F. Massacci, K. Naliuka & I. Siahaan

Authors
  1. N. Dragoni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. F. Massacci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. K. Naliuka
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. I. Siahaan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Javier Lopez Pierangela Samarati Josep L. Ferrer

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I. (2007). Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code. In: Lopez, J., Samarati, P., Ferrer, J.L. (eds) Public Key Infrastructure. EuroPKI 2007. Lecture Notes in Computer Science, vol 4582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73408-6_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73408-6_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73407-9

  • Online ISBN: 978-3-540-73408-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation