There is increasing demand for running multiple times a number of interacting applications in a secure and controllable way on mobile devices. Such demand is not supported by the Java/.NET security models based on trust domains nor by current security monitors or language-based security approaches. Trust domains don’t allow for interactions while language-based security doesn’t support enough customizable policies. A careful analysis of the security requirements in the booming domain of mobile games reveals that most practical security requirements can be represented with an enhanced notion of pure past temporal Logic augmented with the intuitive notion of session. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two. In this paper we show a refined formal model for capturing the notion of session and the correctness and completeness of the monitoring algorithm for security policies expressed in 2D-LTL.

Multi-session Security Monitoring for Mobile Code / Massacci, Fabio; Naliuka, Katsiaryna. - ELETTRONICO. - (2006), pp. 1-36.

Multi-session Security Monitoring for Mobile Code

Massacci, Fabio;Naliuka, Katsiaryna
2006-01-01

Abstract

There is increasing demand for running multiple times a number of interacting applications in a secure and controllable way on mobile devices. Such demand is not supported by the Java/.NET security models based on trust domains nor by current security monitors or language-based security approaches. Trust domains don’t allow for interactions while language-based security doesn’t support enough customizable policies. A careful analysis of the security requirements in the booming domain of mobile games reveals that most practical security requirements can be represented with an enhanced notion of pure past temporal Logic augmented with the intuitive notion of session. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two. In this paper we show a refined formal model for capturing the notion of session and the correctness and completeness of the monitoring algorithm for security policies expressed in 2D-LTL.
2006
Trento
Università degli Studi di Trento - Dipartimento di Informatica e Telecomunicazioni
Multi-session Security Monitoring for Mobile Code / Massacci, Fabio; Naliuka, Katsiaryna. - ELETTRONICO. - (2006), pp. 1-36.
Massacci, Fabio; Naliuka, Katsiaryna
File in questo prodotto:
File Dimensione Formato  
multisession-monitors_report.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 561.45 kB
Formato Adobe PDF
561.45 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/358025
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact