Skip to Main Content
With the emergence of support for third-party applications on mobile devices such as cell phones and PDA's, support for setting application security policies is also built into these devices. While this can significantly increase security for end-users, it also significantly complicates the task of building useful and reliable applications for these devices. Different devices will set different policies, and violations of the policy will lead to security exceptions or even immediate abortion of the application potentially leaving it in an inconsistent state. This paper addresses this issue in the context of application security policies specified by means of security automata, and enforced by means of run-time monitoring. We propose a language element, the check block, that developers can use to make their applications more security monitor-aware. At run-time, a check block will query the security policy enforced by the monitor to make sure that the body of the block will not lead to policy-violations. At compile time, a static check ensures that the generated runtime check is adequate. We present a formalization of the static and dynamic semantics of the check block, and we outline how it can be implemented on top of C# or Java.