Security-By-Contract for the Future Internet

  • Fabio Massacci
  • Frank Piessens
  • Ida Siahaan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5468)

Abstract

With the advent of the next generation java servlet on the smartcard, the Future Internet will be composed by web servers and clients silently yet busily running on high end smart cards in our phones and our wallets. In this brave new world we can no longer accept the current security model where programs can be downloaded on our machines just because they are vaguely “trusted”. We want to know what they do in more precise details.

We claim that the Future Internet needs the notion of security-by-contract: In a nutshell, a contract describes the security relevant interactions that the smart internet application could have with the smart devices hosting them. Compliance with contracts should verified at development time, checked at depolyment time and contracts should be accepted by the platform before deployment and possibly their enforcement guaranteed, for instance by in-line monitoring.

In this paper we describe the challenges that must be met in order to develop a security-by-contract framework for the Future Internet and how security research can be changed by it.

Keywords

Model Check Smart Card Security Policy Security State Security Research 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Aktug, I., Naliuka, K.: Conspec - a formal language for policy specification. In: Proc. of the 1st Workshop on Run Time Enforcement for Mobile and Distributed Systems, REM 2007 (2007)Google Scholar
  3. 3.
    Atkinson, B., Della-Libera, G., Hada, S., Hondo, M., Hallam-Baker, P., Klein, J., LaMacchia, B., Leach, P., Manferdelli, J., Maruyama, H., Nadalin, A., Nagaratnam, N., Prafullchandra, H., Shewchuk, J., Simon, D.: Web Services Security. Microsoft, IBM, VeriSign, 1st edn (April 2002) (October 25, 2005), http://www-128.ibm.com/developerworks/webservices/library/ws-secure/
  4. 4.
    Bauer, L., Ligatti, J., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Int. J. of Inform. Sec. 4(1-2), 2–16 (2005)CrossRefGoogle Scholar
  5. 5.
    Bielova, N., Dalla Torre, M., Dragoni, N., Siahaan, I.: Matching policies with security claims of mobile applications. In: Proc. of the 3rd Int. Conf. on Availability, Reliability and Security (ARES 2008). IEEE Press, Los Alamitos (2008)Google Scholar
  6. 6.
    Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (2000)Google Scholar
  7. 7.
    Courcoubetis, C., Vardi, M.Y., Wolper, P., Yannakakis, M.: Memory-efficient algorithms for the verification of temporal properties. Formal Methods in Sys. Design 1(2-3), 275–288 (1992)CrossRefMATHGoogle Scholar
  8. 8.
    Dam, M., Lundblad, A.: A proof carrying code framework for inlined reference monitors in Java bytecode (submitted, 2008)Google Scholar
  9. 9.
    Della-Libera, G., Gudgin, M., Hallam-Bakerand, P., Hondo, M., Granqvist, H., Kaler, C., Maruyama, H., McIntosh, M., Nadalin, A., Nagaratnam, N., Philpott, R., Prafullchandra, H., Shewchuk, J., Walter, D., Zolfonoon, R.: Web Services Security Policy Language. IBM and Microsoft and RSA Security and VeriSign (2005)Google Scholar
  10. 10.
    Desmet, L., Joosen, W., Massacci, F., Philippaerts, P., Piessens, F., Siahaan, I., Vanoverberghe, D.: Security-by-contract on the.net platform. Information Security Technical Report 13(1), 25–32 (2008)CrossRefGoogle Scholar
  11. 11.
    Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code. In: López, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol. 4582, pp. 297–312. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: WNSP: New Security Paradigms Workshop. ACM Press, New York (2000)Google Scholar
  13. 13.
    Erlingsson, U., Schneider, F.B.: IRM enforcement of Java stack inspection. In: IEEE Symposium on Security and Privacy, pp. 246–255 (2000)Google Scholar
  14. 14.
    Ferrari, G.L., Gnesi, S., Montanari, U., Pistore, M.: A model-checking verification environment for mobile processes. ACM Trans. Softw. Eng. Methodol. 12(4), 440–473 (2003)CrossRefGoogle Scholar
  15. 15.
    Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security: Architecture, Api Design, and Implementation. Addison-Wesley Professional, Reading (2003)Google Scholar
  16. 16.
    Goth, G.: The ins and outs of it outsourcing. IT Professional 1, 11–14 (1999)Google Scholar
  17. 17.
    Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. TOPLAS 28(1), 175–205 (2006)CrossRefGoogle Scholar
  18. 18.
    Handy, C.: Trust and the virtual organization. Harvard Business Review 73, 40–50 (1995)Google Scholar
  19. 19.
    Hendry, M.: Smart Card Security and Applications, 2nd edn. Artech House (2001)Google Scholar
  20. 20.
    Howard, M., LeBlanc, D.: Writing Secure Code, 2nd edn. Microsoft Press, Redmond (2002)Google Scholar
  21. 21.
    Kaminski, M., Francez, N.: Finite-memory automata. Theor. al Comp. Sci. 134(2), 329–363 (1994)MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    Karabulut, Y., Kerschbaum, F., Massacci, F., Robinson, P., Yautsiukhin, A.: Security and trust in it business outsourcing: a manifesto. In: Etalle, S., Samarati, P. (eds.) Proceedings of STM 2006. ENTCS. Elsevier, Amsterdam (2006)Google Scholar
  23. 23.
    Karjoth, G., Pfitzmann, B., Schunter, M., Waidner, M.: Service-oriented Assurance - Comprehensive Security by Explicit Assurances. In: Proc. of QoP 2005 (2005)Google Scholar
  24. 24.
    LaMacchia, B., Lange, S.:NET Framework security. Addison Wesley, Reading (2002)Google Scholar
  25. 25.
    Massacci, F., Siahaan, I.: Matching midlet’s security claims with a platform security policy using automata modulo theory. In: Proc. of The 12th Nordic Workshop on Secure IT Systems, NordSec 2007 (2007)Google Scholar
  26. 26.
    Massacci, F., Siahaan, I.S.R.: Simulating midlet’s security claims with automata modulo theory. In: Proc. of the 2008 workshop on Prog. Lang. and analysis for security, pp. 1–9. ACM, New York (2008)Google Scholar
  27. 27.
    Montanari, U., Pistore, M.: History-dependent automata. Technical Report TR-98-11, Dip. Informatica, University of Pisa, 5 (1998)Google Scholar
  28. 28.
    Necula, G.C.: Proof-carrying code. In: Proc. of the 24th ACM SIGPLAN-SIGACT Symp. on Princ. of Prog. Lang, pp. 106–119. ACM Press, New York (1997)Google Scholar
  29. 29.
    CNET Networks. Channel 4’s 4od: Tv on demand, at a price. Crave Webzine (January 2007)Google Scholar
  30. 30.
    Neven, F., Schwentick, T., Vianu, V.: Finite state machines for strings over infinite alphabets. TOCL 5(3), 403–435 (2004)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Schneider, F.B.: Enforceable security policies. TISSEC 3(1), 30–50 (2000)CrossRefGoogle Scholar
  32. 32.
    Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: Proc. of the 19th ACM Symp. on Operating Sys. Princ., pp. 15–28. ACM Press, New York (2003)Google Scholar
  33. 33.
    Smans, J., Jacobs, B., Piessens, F.: Static verification of code access security policy compliance of.net applications. Journal of Object Technology 5(3), 35–58 (2006)CrossRefGoogle Scholar
  34. 34.
    Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement under memory-limitation constraints. Inform. and Comp. 206(2-4), 158–184 (2007)MathSciNetCrossRefMATHGoogle Scholar
  35. 35.
    Vanoverberghe, D., Philippaerts, P., Desmet, L., Joosen, W., Piessens, F., Naliuka, K., Massacci, F.: A flexible security architecture to support third-party applications on mobile devices. In: Proc. of the 1st ACM Comp. Sec. Arch. Workshop (2007)Google Scholar
  36. 36.
    Vanoverberghe, D., Piessens, F.: A caller-side inline reference monitor for an object-oriented intermediate language. In: Barthe, G., de Boer, F.S. (eds.) FMOODS 2008. LNCS, vol. 5051, pp. 240–258. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  37. 37.
    Vanoverberghe, D., Piessens, F.: Security enforcement aware software development. Information and Software Technology (2008), doi:10.1016/j.infsof.2008.01.009Google Scholar
  38. 38.
    Veanes, M., Campbell, C., Schulte, W., Tillmann, N.: Online testing with model programs. In: ESEC/FSE-13: Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering, pp. 273–282. ACM, New York (2005)CrossRefGoogle Scholar
  39. 39.
    Wallach, D.S., Appel, A.W., Felten, E.W.: Safkasi: a security mechanism for language-based systems. ACM Trans. Softw. Eng. Methodol. 9(4), 341–378 (2000)CrossRefGoogle Scholar
  40. 40.
    Yee, B.S.: A sanctuary for mobile agents. In: Vitek, J., Jensen, C.D. (eds.) Secure Internet Programming. LNCS, vol. 1603, pp. 261–273. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Fabio Massacci
    • 1
  • Frank Piessens
    • 2
  • Ida Siahaan
    • 1
  1. 1.Università di TrentoItaly
  2. 2.Katholieke Universiteit LeuvenBelgium

Personalised recommendations