ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A flexible security architecture to support third-party applications on mobile devices
Full text PdfPdf (615 KB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 2007 ACM workshop on Computer security architecture table of contents
Fairfax, Virginia, USA
SESSION: Technical paper session 1: hardware environments table of contents
Pages: 19 - 28  
Year of Publication: 2007
ISBN:978-1-59593-890-9
Authors
Lieven Desmet  Katholieke Universiteit Leuven, Leuven, Belgium
Wouter Joosen  Katholieke Universiteit Leuven, Leuven, Belgium
Fabio Massacci  Università di Trento, Trento, Italy
Katsiaryna Naliuka  Università di Trento, Trento, Italy
Pieter Philippaerts  Katholieke Universiteit Leuven, Leuven, Belgium
Frank Piessens  Katholieke Universiteit Leuven, Leuven, Belgium
Dries Vanoverberghe  Katholieke Universiteit Leuven, Leuven, Belgium
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 21,   Downloads (12 Months): 174,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1314466.1314470
What is a DOI?

ABSTRACT

The problem of supporting the secure execution of potentially malicious third-party applications has received a considerable amount of attention in the past decade. In this paper we describe a security architecture for mobile devices that supports the flexible integration of a variety of advanced technologies for such secure execution of applications, including run-time monitoring, static verification and proof-carrying code. The architecture also supports the execution of legacy applications that have not been developed to take advantage of our architecture, though it can provide better performance and additional services for applications that are architecture-aware.The proposed architecture has been implemented on a Windows Mobile device with the .NET Compact Framework. It offers a substantial security benefit compared to the standard (state-of-practice) security architecture of such devices, even for legacy applications.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
I. Aktug and K. Naliuka. ConSpec -- a formal language for policy specification. In Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM2007), September 2007 (accepted).
2
Lujo Bauer , Jay Ligatti , David Walker, Composing security policies with polymer, Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, June 12-15, 2005, Chicago, IL, USA
 
3
N. Dragoni, F. Massacci, K. Naliuka, R. Sebastiani, I. Siahaan, T. Quillinan, I. Matteucci, and C. Schaefer. S3ms deliverable d2.1.4- methodologies and tools for contract matching, April 2007.
 
4
Ulfar Erlingsson , Fred B. Schneider, The inlined reference monitor approach to security policy enforcement, Cornell University, Ithaca, NY, 2004
 
5
Ulfar Erlingsson , Fred B. Schneider, IRM Enforcement of Java Stack Inspection, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.246, May 14-17, 2000
 
6
D. Evans and A. Twyman. Flexible policy-directed code safety. In IEEE Symposium on Security and Privacy, pages 32--45, 1999.
7
Kevin W. Hamlen , Greg Morrisett , Fred B. Schneider, Certified In-lined Reference Monitoring on .NET, Proceedings of the 2006 workshop on Programming languages and analysis for security, June 10-10, 2006, Ottawa, Ontario, Canada  [doi>10.1145/1134744.1134748]
 
8
R. Kazman, M. Klein, and P. Clements. Atam: Method for architecture evaluation. Technical Report CMU/SEI-2000-TR-004, CMU/SEI, August 2000.
 
9
F. Massacci and K. Naliuka. Multi-session security monitoring for mobile code. Technical Report DIT-06-067, UNITN, 2006.
 
10
MSDN. Windows mobile 5.0 application security. http://msdn2.microsoft.com/en-us/library/ms839681.aspx, May 2005.
11
George C. Necula, Proof-carrying code, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.106-119, January 15-17, 1997, Paris, France  [doi>10.1145/263699.263712]
12
George C. Necula , Peter Lee, The design and implementation of a certifying compiler, Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation, p.333-344, June 17-19, 1998, Montreal, Quebec, Canada
 
13
B. Ray. Symbian signing is no protection from spyware. http://www.theregister.co.uk/2007/05/23/symbian_signed_spyware/, May 2007.
 
14
S3MS. Security of software and services for mobile systems. http://www.s3ms.org/, 2007.
15
Fred B. Schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.30-50, Feb. 2000  [doi>10.1145/353323.353382]
 
16
R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. DuVarney. Model-carrying code: A practical approach for safe execution of untrusted applications, 2003.
 
17
D. Vanoverberghe, F. Piessens, T. Quillinan, F. Martinelli, and P. Mori. S3ms deliverable d4.1.0/d4.2.0 -- run-time compliance state of the art, November 2006.
18
David Walker, A type system for expressive security policies, Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.254-267, January 19-21, 2000, Boston, MA, USA  [doi>10.1145/325694.325728]

CITED BY  4
Sandra Rueda , Dave King , Trent Jaeger, Verifying compliance of trusted programs, Proceedings of the 17th conference on Security symposium, p.321-334, July 28-August 01, 2008, San Jose, CA
Lieven Desmet , Wouter Joosen , Fabio Massacci , Pieter Philippaerts , Frank Piessens , Ida Siahaan , Dries Vanoverberghe, Security-by-contract on the .NET platform, Information Security Tech. Report, v.13 n.1, p.25-32, January, 2008
Fabio Massacci , Ida S. R. Siahaan, Simulating midlet's security claims with automata modulo theory, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Hua Liu , Bhaskar Krishnamachari , Murali Annavaram, Game theoretic approach to location sharing with privacy in a community-based mobile safety application, Proceedings of the 11th international symposium on Modeling, analysis and simulation of wireless and mobile systems, October 27-31, 2008, Vancouver, British Columbia, Canada

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls


General Terms:
Design, Security


Keywords:
mobile code, security architecture

Collaborative Colleagues:
Lieven Desmet: colleagues
Wouter Joosen: colleagues
Fabio Massacci: colleagues
Katsiaryna Naliuka: colleagues
Pieter Philippaerts: colleagues
Frank Piessens: colleagues
Dries Vanoverberghe: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player