Abstract
The Java Micro Edition platform (JME), a Java enabled technology, provides the Mobile Information Device Profile (MIDP) standard that facilitates applications development and specifies a security model for the controlled access to sensitive resources of the device. The model builds upon the notion of protection domain, which in turn can be grasped as a set of permissions. An alternative model has been proposed that extends MIDP’s by introducing permissions with multiplicities and adding flexibility to the way in which permissions are granted by the user of the device and used by the applications running on it. This paper presents a framework, formalized using the proof-assistant Coq, suitable for defining and comparing the access control policies that can be enforced by (variants of) those security models and to prove desirable properties they should satisfy. The proofs of some of those properties are also stated and discussed in this work.
This work was partially funded by the Project PDT 63/118 STEVE, DINACYT, Uruguay.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bartoletti, M., Degano, P., Ferrari, G.-L.: Static analysis for stack inspection. Design and Implementation of Programming Languages 54 (2001)
Besson, F., Dufay, G., Jensen, T.: A formal model of access control for mobile interactive devices. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 110–126. Springer, Heidelberg (2006)
Besson, F., Jensen, T., Le Métayer, D., Thorn, T.: Model ckecking security properties of control flow graphs. Journal of Computer Security 9, 217–250 (2001)
Coquand, T., Huet, G.: The Calculus of Constructions. In: Information and Computation, vol. 76, pp. 95–120. Academic Press, London (1988)
Coquand, T., Paulin-Mohring, C.: Inductively defined types. In: Martin-Löf, P., Mints, G. (eds.) COLOG 1988. LNCS, vol. 417, pp. 50–66. Springer, Heidelberg (1990)
JSR 118 Expert Group. Mobile information device profile for java 2 micro edition. version 2.0. Technical report, Sun Microsystems, Inc. and Motorola, Inc. (2002)
JSR 37 Expert Group. Mobile information device profile for java 2 micro edition. version 1.0. Technical report, Sun Microsystems, Inc. (2000)
Jensen, T., Le Métayer, D., Thorn, T.: Verification of control flow based security properties. In: Proc. of the 20th IEEE Symp. on Security and Privacy, pp. 89–103. IEEE Computer Society, New York (1999)
Roushani, R., Betarte, G., Luna, C.: A Certified Access Controller for JME-MIDP 2.0 enabled Mobile Devices. In: I Chilean Workshop on Formal Methods, Punta Arenas, Chile. IEEE Computer Society, Los Alamitos (2008) (to be published)
Sun Microsystems, Inc. Java Platform Micro Edition (last accessed October 2008), http://java.sun.com/javame/index.jsp
The Coq Development Team. The Coq Proof Assistant Reference Manual – Version V8.1 (2006)
Zanella Béguelin, S., Betarte, G., Luna, C.: A formal specification of the MIDP 2.0 security model. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 220–234. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Crespo, J.M., Betarte, G., Luna, C. (2009). A Framework for the Analysis of Access Control Models for Interactive Mobile Devices. In: Berardi, S., Damiani, F., de’Liguoro, U. (eds) Types for Proofs and Programs. TYPES 2008. Lecture Notes in Computer Science, vol 5497. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02444-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-02444-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02443-6
Online ISBN: 978-3-642-02444-3
eBook Packages: Computer ScienceComputer Science (R0)