There is increasing demand for running interacting applications in a secure and controllable way on mobile devices. Such demand is not fully supported by the Java/.NET security model based on trust domains nor by current security monitors or language-based security approaches. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two. © 2008 IEEE.
Towards Practical Security Monitors of UML Policies for Mobile Applications
Massacci, Fabio;Naliuka, Katsiaryna
2008-01-01
Abstract
There is increasing demand for running interacting applications in a secure and controllable way on mobile devices. Such demand is not fully supported by the Java/.NET security model based on trust domains nor by current security monitors or language-based security approaches. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two. © 2008 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
