Security for mobile devices is a problem of capital importance, especially due to new threats coming from malicious applications. Though several security solutions have already been proposed, security requirements have been always considered as binary: Allow or deny. We argue that a more realistic vision of security can be given using probabilistic and quantitative requirements. In this paper, we introduce a probabilistic description of the behavior of an application that a user is going to execute. We also allow the definition of finer grained user security requirements, by introducing probabilistic clause modifiers. Later, we present a probabilistic version of the Security-by-Contract framework to guarantee probabilistic security requirements.
Enforcing mobile application security through probabilistic contracts
Martinelli F;Matteucci I;Saracino A;Sgandurra D
2014
Abstract
Security for mobile devices is a problem of capital importance, especially due to new threats coming from malicious applications. Though several security solutions have already been proposed, security requirements have been always considered as binary: Allow or deny. We argue that a more realistic vision of security can be given using probabilistic and quantitative requirements. In this paper, we introduce a probabilistic description of the behavior of an application that a user is going to execute. We also allow the definition of finer grained user security requirements, by introducing probabilistic clause modifiers. Later, we present a probabilistic version of the Security-by-Contract framework to guarantee probabilistic security requirements.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
