Security of Software and Services of Mobile Systems
S3MS DIT-PRJ-05-137
Homepage http://www.S3MS.org
Status NOT active project
Status NOT active project
DISI role Coordinator
Project type Research Project
Dimension International
Acquisition date 2005-12-01
Start date 2006-03-01
End date 2008-02-28
SAP code 40101065
Project details
Project astract The objective of S3MS is to create a framework and a technological solution for trusted<br/>deployment and execution of communicating mobile applications in heterogeneous environments.<br/>S3MS would enable the opening of the software market of nomadic devices (from smart phones to<br/>PDA) to trusted third party applications beyond the sandbox model, without the burden of<br/>roaming trust infrastructure but without compromising security and privacy requirements.<br/>A contract-based security mechanism will lie at the core of the framework. A contract is a claim<br/>by a mobile application on the interaction with relevant security and privacy features of a mobile<br/>platform. This contract should be published by applications, understood by devices and all<br/>stakeholders (users, mobile operators, developers, platform developers, etc.). The contract should<br/>be negotiated, and enforced during development, at time of delivery and loading, and during<br/>execution of the application by the mobile platform.<br/>The new paradigm will not replace, but enhance today's security mechanism, and will<br/>provide a flexible, simple and scalable security and privacy protection mechanism for future<br/>mobile systems. It will allow a network operator and a user to decide what an application is<br/>allowed to do, prevent bad code from running, and allow good code to be easily designed and<br/>deployed.<br/>The new paradigm of security-by-contract affects the entire life cycle of mobile<br/>applications and services: Contracts must be accommodated in high level design of security and<br/>privacy requirements of applications and mobile platforms, programming languages for the<br/>formulation of contracts must be developed, compilers must be modified to produce executable<br/>contracts for a piece of software, loaders must be aware of the static contract information that can<br/>be checked at load time, and runtime systems must be equipped with the mechanisms needed to<br/>ensure that the contracts are fulfilled during execution.
Keywords Security-by-contract, Mobile Platform, Secure Services, Nomadic Devices, Mobile Security
Fundings 2400000 €
Partners
- DIT - UniTN
- Create-Net
- F.A.S.T.
- KTH
- APIF MOVIQUITY
- Omnys S.r.l.
- SINTEF
- Trusted Logic
- Vrije Universiteit Amsterdam
- DoCoMo
- Katholieke Universiteit Leuven
- France Telecom Espana
DISI Sub-project details
Project astract The objective of S3MS is to create a framework and a technological solution for trusted<br/>deployment and execution of communicating mobile applications in heterogeneous environments.<br/>S3MS would enable the opening of the software market of nomadic devices (from smart phones to<br/>PDA) to trusted third party applications beyond the sandbox model, without the burden of<br/>roaming trust infrastructure but without compromising security and privacy requirements.<br/>A contract-based security mechanism will lie at the core of the framework. A contract is a claim<br/>by a mobile application on the interaction with relevant security and privacy features of a mobile<br/>platform. This contract should be published by applications, understood by devices and all<br/>stakeholders (users, mobile operators, developers, platform developers, etc.). The contract should<br/>be negotiated, and enforced during development, at time of delivery and loading, and during<br/>execution of the application by the mobile platform.<br/>The new paradigm will not replace, but enhance today's security mechanism, and will<br/>provide a flexible, simple and scalable security and privacy protection mechanism for future<br/>mobile systems. It will allow a network operator and a user to decide what an application is<br/>allowed to do, prevent bad code from running, and allow good code to be easily designed and<br/>deployed.<br/>The new paradigm of security-by-contract affects the entire life cycle of mobile<br/>applications and services: Contracts must be accommodated in high level design of security and<br/>privacy requirements of applications and mobile platforms, programming languages for the<br/>formulation of contracts must be developed, compilers must be modified to produce executable<br/>contracts for a piece of software, loaders must be aware of the static contract information that can<br/>be checked at load time, and runtime systems must be equipped with the mechanisms needed to<br/>ensure that the contracts are fulfilled during execution.
Keywords Security-by-contract, Mobile Platform, Secure Services, Nomadic Devices, Mobile Security
Fundings 401588 €
Manager Fabio Massacci
Participating RP