The Security-by-Contract is a paradigm developed to offer a secure environment in which mobile applications can be executed by respecting the security policies of interest. Especially in the Android Apps marketplace, establishing precisely the expected secure app behavior is typically a complex operation that is prone to approximations. Hence, it is worth considering extensions of purely functional approaches that allow the security relevant actions to be quantitatively assessed. This also opens the possibility to balance the application of (expensive) enforcement mechanisms with the security guarantees. With these objectives in view, in this paper we define a probabilistic extension of the Security-by-Contract model, and we show its impact in real-world scenarios through the analysis of several practical Android applications.

On Probabilistic Application Compliance

ALDINI, ALESSANDRO;
2016

Abstract

The Security-by-Contract is a paradigm developed to offer a secure environment in which mobile applications can be executed by respecting the security policies of interest. Especially in the Android Apps marketplace, establishing precisely the expected secure app behavior is typically a complex operation that is prone to approximations. Hence, it is worth considering extensions of purely functional approaches that allow the security relevant actions to be quantitatively assessed. This also opens the possibility to balance the application of (expensive) enforcement mechanisms with the security guarantees. With these objectives in view, in this paper we define a probabilistic extension of the Security-by-Contract model, and we show its impact in real-world scenarios through the analysis of several practical Android applications.
2016
978-1-5090-3205-1
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11576/2642583
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact