User Tools
security-by-contract_for_mobile_and_smart_card
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
security-by-contract_for_mobile_and_smart_card [2013/03/26 10:09] olga.gadyatskaya@unitn.it [Software] |
security-by-contract_for_mobile_and_smart_card [2021/01/29 10:58] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Security-by-Contract for Mobiles and Smart Cards ====== | ====== Security-by-Contract for Mobiles and Smart Cards ====== | ||
| - | Among the [[research_activities|research topics]] of the [[start|Security Group]] we focus on here on checking that an application satisfies a security property by running a checker on a mobile phone or even smaller devices. It looks like a doomed enterprise, as everybody knows that static analyzers are slow, memory-hungry and utterly useless for anything but off-line verification of specifications (rarely code). However, we were able to achieve a lot. | + | Among the [[research_activities|research topics]] of the [[start|Security Group]] we focus here on checking that an application satisfies a security property by running a checker on a mobile phone or even smaller devices. It looks like a doomed enterprise, as everybody knows that static analyzers are slow, memory-hungry and utterly useless for anything but off-line verification of specifications (rarely code). However, we were able to achieve a lot. |
| Our idea, dubbed the //Security-by-Contract// approach, is that a checker could verify on the fly whether an application would respect the security policy of a mobile phone application at download time, e.g. you could forbid the possibility of sending silent SMSs or making phone calls to premium numbers. If the application didn’t meet your constraints you would inoculate it with your policy monitoring algorithm. In this way the phone should not trust anybody, no market place, no security ratings, etc. It could just trust itself. Of course you always have the Android's alternative of having the user clicking yes on accepting a Manifest that she doesn't understand, and where the guidelines for developers are to ask all permissions possible, even if you don't need them. | Our idea, dubbed the //Security-by-Contract// approach, is that a checker could verify on the fly whether an application would respect the security policy of a mobile phone application at download time, e.g. you could forbid the possibility of sending silent SMSs or making phone calls to premium numbers. If the application didn’t meet your constraints you would inoculate it with your policy monitoring algorithm. In this way the phone should not trust anybody, no market place, no security ratings, etc. It could just trust itself. Of course you always have the Android's alternative of having the user clicking yes on accepting a Manifest that she doesn't understand, and where the guidelines for developers are to ask all permissions possible, even if you don't need them. | ||
| + | |||
| + | ==== Themes ==== | ||
| + | |||
| + | Within the main stream project we covered a number of themes. | ||
| + | |||
| + | * Security for Android phones (ongoing) | ||
| + | * Load-time security checking for Java smart cards | ||
| + | * Load-time checking and run-time monitoring for .NET and Java Phones | ||
| + | |||
| In 2006 in the [[S3MS]] project we proved it worked on many different mobile phones (Java and .NET) equipped with the system. It was the start of a long standing collaboration with [[http://www.cs.kuleuven.be/~frank|Frank Piessens]] from KUL. | In 2006 in the [[S3MS]] project we proved it worked on many different mobile phones (Java and .NET) equipped with the system. It was the start of a long standing collaboration with [[http://www.cs.kuleuven.be/~frank|Frank Piessens]] from KUL. | ||
| Line 20: | Line 29: | ||
| Currently we are researching how to apply the load time checks on Android and other novel mobile platforms. The load time checks are appropriate for mobile platforms: the users typically expect that installation of an app will take some time, while they will not tolerate the delays introduced by run-time monitoring in the execution of their favorite apps. In the same time, during load time we can already effectively disable some vulnerabilities in the app code, such as reducing the number of permissions granted to the app to the permissions actually required in the code. | Currently we are researching how to apply the load time checks on Android and other novel mobile platforms. The load time checks are appropriate for mobile platforms: the users typically expect that installation of an app will take some time, while they will not tolerate the delays introduced by run-time monitoring in the execution of their favorite apps. In the same time, during load time we can already effectively disable some vulnerabilities in the app code, such as reducing the number of permissions granted to the app to the permissions actually required in the code. | ||
| - | ==== Themes ==== | ||
| - | |||
| - | Within the main stream project we covered a number of themes. | ||
| - | |||
| - | * Security for Android phones (ongoing) | ||
| - | * Load-time security checking for Java smart cards | ||
| - | * Load-time checking and run-time monitoring for .NET and Java Phones | ||
| ==== People ==== | ==== People ==== | ||
| Line 33: | Line 35: | ||
| * Nicola Dragoni | * Nicola Dragoni | ||
| - | * Olga Gadyatskaya | + | * Olga Gadyatskaya (active) |
| * Ida Siahaan | * Ida Siahaan | ||
| * Marco De La Torre | * Marco De La Torre | ||
| - | * Fabio Massacci - the leader of the project. Contact Fabio via email [[name.surname@unitn.it]] | + | * Fabio Massacci (active) |
| * Katsyarina Naliuka | * Katsyarina Naliuka | ||
| - | * Anton Philippov | + | * Anton Philippov (active) |
| ==== Projects ==== | ==== Projects ==== | ||
| Line 58: | Line 60: | ||
| ==== Publications ==== | ==== Publications ==== | ||
| **SxC for Java Card:** | **SxC for Java Card:** | ||
| + | * O.Gadyatskaya and F.Massacci: Controlling Application Interactions on the Novel Smart Cards with Security-by-Contract. In //Proceedings of HATS-2012 Summer School//, Springer {{:research_activities:security-by-contract_for_mobile_and_smart_card:gady-mass-hats2012.pdf|PDF}} | ||
| * O.Gadyatskaya, F.Massacci and E.Lostal: // Extended Abstract: Embeddable Security-by-Contract Verifier for Java Card. // In BYTECODE-2012, Tallinn, Estonia, 2012. {{:research_activities:security-by-contract_for_mobile_and_smart_card:gady-mass-lost-bytecode-2012.pdf|PDF}} | * O.Gadyatskaya, F.Massacci and E.Lostal: // Extended Abstract: Embeddable Security-by-Contract Verifier for Java Card. // In BYTECODE-2012, Tallinn, Estonia, 2012. {{:research_activities:security-by-contract_for_mobile_and_smart_card:gady-mass-lost-bytecode-2012.pdf|PDF}} | ||
| * O. Gadyatskaya, F. Massacci and E. Lostal: // Load Time Security Verification.// In Proceedings of International Conference on Information Systems Security (ICISS 2011), Kolkata, India, vol. LNCS 7093 pp. 250-264, Springer.{{:research_activities:security-by-contract_for_mobile_and_smart_card:gady-mass-lost-iciss-2011.pdf|PDF}} | * O. Gadyatskaya, F. Massacci and E. Lostal: // Load Time Security Verification.// In Proceedings of International Conference on Information Systems Security (ICISS 2011), Kolkata, India, vol. LNCS 7093 pp. 250-264, Springer.{{:research_activities:security-by-contract_for_mobile_and_smart_card:gady-mass-lost-iciss-2011.pdf|PDF}} | ||
security-by-contract_for_mobile_and_smart_card.1364288958.txt.gz · Last modified: 2021/01/29 10:58 (external edit)
Page Tools
