Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code
نویسندگان
چکیده
In this paper we propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the overall lifecycle of mobile code in the setting of security-by-contract, describe a tentative structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the contract-policy matching issue. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code.
منابع مشابه
Matching in security-by-contract for mobile code
We propose the notion of security-by-contract, a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the workflow for the deployment and execution of mobile code in the setting of security-by-contract, descri...
متن کاملRealization of Legal Requirements on Digital Signatures in Electronic Commerce
Some very fundamental obstacles inhibit, or at least slow down the success and growth of Electronic Commerce. These are, among others, the lack of real comfortable and secure payment systems, as well as a lack of a trustworthy environment for business transactions. However, these requirements can not be put into practice without digital signatures. Digital signatures may be used in any of the p...
متن کاملSecurity-By-Contract for the Future Internet
With the advent of the next generation java servlet on the smartcard, the Future Internet will be composed by web servers and clients silently yet busily running on high end smart cards in our phones and our wallets. In this brave new world we can no longer accept the current security model where programs can be downloaded on our machines just because they are vaguely “trusted”. We want to know...
متن کاملProtecting Mobile Agents Against Malicious Hosts
A key element of any mobile code based distributed system are the security mechanisms available to protect (a) the host against potentially hostile actions of a code fragment under execution and (b) the mobile code against tampering attempts by the executing host. Many techniques for the first problem (a) have been developed. The second problem (b) seems to be much harder: It is the general bel...
متن کاملSecurity of mobile agents: a new concept of the integrity protection
The recent developments in the mobile technology (mobile phones, middleware) created a need for new methods of protecting the code transmitted through the network. The proposed mechanisms not only secure the compiled program, but also the data, that can be gathered during its"journey". The oldest and the simplest methods are more concentrated on integrity of the code itself and on the detection...
متن کامل