Title :
Towards Practical Security Monitors of UML Policies for Mobile Applications
Author :
Massacci, Fabio ; Naliuka, Katsiaryna
Author_Institution :
Univ. of Trento, Trento
Abstract :
There is increasing demand for running interacting applications in a secure and controllable way on mobile devices. Such demand is not fully supported by the Java/.NET security model based on trust domains nor by current security monitors or language-based security approaches. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since getting all three at once is impossible, we advocate a logical language, 2D-LTL a bi-dimensional temporal logic fit for multiple sessions and for which efficient monitoring algorithms can be given, and a graphical language based on standard UML sequence diagrams with a tight correspondence between the two.
Keywords :
Java; Unified Modeling Language; mobile computing; security of data; temporal logic; visual languages; Java/.NET security model; UML policies; bidimensional temporal logic; graphical language; language-based security; logical language; mobile applications; Access control; Batteries; Certification; Formal languages; Logic devices; Monitoring; Permission; Security; Smart phones; Unified modeling language; policy enforcement; policy languages; runtime monitoring;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.191
