By Topic

Automatic Generation and Enforcement of Security Contract for Pervasive Application

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Ying Jin ; Coll. of Comput. Sci. & Technol., Jilin Univ., Changchun ; Zepeng Li ; Da Wei ; Lei Liu

Pervasive computing is providing its usability and scope in almost every aspect nowadays. In order to make better use of pervasive services in nomadic devices, pervasive client download might be needed, which would result in serious security problems due to executing untrusted applications. Recently Security-by-Contract has been proposed to address this problem, where an application is required to come with the contract containing a description of the relevant security features while mobile platform will match the contract with its own policy. In this paper a compositional approach to specifying security contract is introduced in the form of extended context free grammar. Then a framework for automatic generation and enforcement of security contract has been presented for Java platform. The main contributions of this paper include: (1) formal definition of security contract is given in the terms of security related operations and the relationship among arguments of these operation; (2) static analysis is utilized to automatically generate security contract for Java source program. The security contract of a Java program can be composed from those of all the methods it invokes; (3) runtime enforcement has been applied to security contracts and achieved by implementing execution monitor in JVM.

Published in:

Embedded and Ubiquitous Computing, 2008. EUC '08. IEEE/IFIP International Conference on  (Volume:2 )

Date of Conference:

17-20 Dec. 2008