Security and Trust offer two different prospectives on the problem of the correct interaction among software components. For many aspects, they represent complementary viewpoints. Moreover, in the study of the verification of non-functional properties of programs they represent a mainstream. Several security aspects, e.g., access control, could be based also on trust and, vice versa, trust models could update the level of trust of a (component of a ) system according to the satisfaction of a particular security policies. According to that, here we present the Security-by-Contract-with-Trust framework, S×C×T for short. It has been developed considering a system platform that has to execute an application whose developer is unknown in such a way that security policies set on it are not violated. The S×C×T mechanism is driven by both security and trust aspects. It is based of three main concepts: the application code, the application contract, and the system security policy The level of trust we consider measures the adherence of the application code to its contract, i.e., if the code respects its contract then the application is trusted, otherwise its level of trust decreases. According to the level of trust of the application, S×C×T decides if check the contract against the policies and if the answer is positive, execute the application just monitoring its contract, or directly enforce the security policy set on the platform. In order to better describe how the proposed mechanism works, we present its application to a mobile application marketplace scenarios. In this way we are also able to show its possible advantages in terms of performances and modularity.
Security and Trust
F Martinelli;I Matteucci;
2011
Abstract
Security and Trust offer two different prospectives on the problem of the correct interaction among software components. For many aspects, they represent complementary viewpoints. Moreover, in the study of the verification of non-functional properties of programs they represent a mainstream. Several security aspects, e.g., access control, could be based also on trust and, vice versa, trust models could update the level of trust of a (component of a ) system according to the satisfaction of a particular security policies. According to that, here we present the Security-by-Contract-with-Trust framework, S×C×T for short. It has been developed considering a system platform that has to execute an application whose developer is unknown in such a way that security policies set on it are not violated. The S×C×T mechanism is driven by both security and trust aspects. It is based of three main concepts: the application code, the application contract, and the system security policy The level of trust we consider measures the adherence of the application code to its contract, i.e., if the code respects its contract then the application is trusted, otherwise its level of trust decreases. According to the level of trust of the application, S×C×T decides if check the contract against the policies and if the answer is positive, execute the application just monitoring its contract, or directly enforce the security policy set on the platform. In order to better describe how the proposed mechanism works, we present its application to a mobile application marketplace scenarios. In this way we are also able to show its possible advantages in terms of performances and modularity.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
