security by contract toward a semantics for digital
play

Security-by-Contract: Toward a Semantics for Digital Signatures on - PowerPoint PPT Presentation

Jun 12, 2023 •486 likes •841 views

Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code* N. Dragoni, F . Massacci, K. Naliuka and I. Siahaan Department of Information and Communication Technologies University of Trento, ITALY dragoni@dit.unitn.it

  1. Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code* N. Dragoni, F . Massacci, K. Naliuka and I. Siahaan Department of Information and Communication Technologies University of Trento, ITALY dragoni@dit.unitn.it EUROPKI’07 - Mallorca, Balearic Islands, Spain * Research partly supported by the project EU-IST-STREP-S3MS (http://www.s3ms.org)

  2. 30/06/2007 EUROPKI’07 Nicola Dragoni Talk Outline ๏ Introduction ๏ Security-By-Contract Framework ๏ Stakeholders ๏ Contract and Policy ๏ Application/Service Life-Cycle ๏ Contract-Policy Matching ๏ Problem ๏ Algorithm 2

  3. 30/06/2007 EUROPKI’07 Nicola Dragoni Lack of Applications for Mobile Devices • Mobile devices are increasingly popular and powerful • Yet, the growth in computing power of nomadic devices has not been supported by a comparable growth in available software • For instance, on high-end mobile phones we cannot even remotely find the amount of third party software that was available on our old PC 3

  4. 30/06/2007 EUROPKI’07 Nicola Dragoni A Reason: Security Model for Mobile Code • One of the reasons for this lack of applications is also the security model adopted for mobile phones. • The current security model approach (for instance, the JAVA MIDP 2.0) is based on trust relationships: mobile code is run if its origin is trusted . • This essentially boils down to mobile code is accepted if it is digitally signed by a trusted party . • The level of trust of the “trusted party” determines the privileges of the code by essentially segregating it into an appropriate trust domain. 4

  5. 30/06/2007 EUROPKI’07 Nicola Dragoni Trust Relationship Problem (1) The problem with trust relationship, i.e. digital signatures on mobile code, is twofold: 1. At first we can only reject or accept the signature. This means that interoperability in a domain is either total or not existing: an application from a not-so-trusted source can be denied network access, but it cannot be denied access to a specific protocol, or to a specific domain. • E.g. if a payment service is available on a platform and an application for paying parking meters is loaded, the user cannot block the application from performing large payments. 2. The second (and major) problem, is that there is no semantics attached to the signature. This is a problem for both code producers and consumers. 5

  6. 30/06/2007 EUROPKI’07 Nicola Dragoni Trust Relationship Problem (2) • From the point of view of the code consumers, they must essentially accept the code “as-is” without the possibility of making informed decisions. • One might well trust SuperGame Inc. to provide excellent games and yet might decide to rule out games that keep playing while the battery fells below 20%. At present such choice is not possible. • From the point of view of the code producers, they produce code with unbounded liability. They cannot declare which security actions the code will do. By signing the code they essentially declare that they did it. 6

  7. 30/06/2007 EUROPKI’07 Nicola Dragoni Trust Relationship Problem (2) • From the point of view of the code consumers, they must essentially accept the code “as-is” without the possibility of making informed decisions. • One might well trust SuperGame Inc. to provide excellent games and yet might decide to rule out games that keep playing while the battery fells below 20%. At present such choice is not possible. • From the point of view of the code producers, they produce code with unbounded liability. They cannot declare which security actions the code will do. By signing the code they essentially declare that they did it. The consequence is that injecting an application in the mobile market is a time consuming operation as developers must essentially convince the operators that their code will not do anything harmful. 6

  8. 30/06/2007 EUROPKI’07 Nicola Dragoni SxC Framework: Stakeholders The Security-by-Contract framework is essentially shaped by three groups of stakeholders: 1. mobile operator 2. service provider and/or developer 3. mobile user 7

  9. 30/06/2007 EUROPKI’07 Nicola Dragoni SxC Framework: Contract The mobile code developers are responsible to provide a description of the security behavior that their code provides. 8

  10. 30/06/2007 EUROPKI’07 Nicola Dragoni SxC Framework: Contract The mobile code developers are responsible to provide a description of the security behavior that their code provides. Contract: a contract is a formal complete and correct specification of the behavior of an application for what concerns relevant security actions (Virtual Machine API Calls, Operating System Calls). What’s in a code’s contract? ➡ security features of application ➡ (security) interactions with its host platform ➡ proof-of-compliance that code satisfies contract 8

  11. 30/06/2007 EUROPKI’07 Nicola Dragoni SxC Framework: Contract The mobile code developers are responsible to provide a description of the security behavior that their code provides. Contract: a contract is a formal complete and correct specification of the behavior of an application for what concerns relevant security actions (Virtual Machine API Calls, Operating System Calls). What’s in a code’s contract? ➡ security features of application ➡ (security) interactions with its host platform ➡ proof-of-compliance that code satisfies contract By signing the code the developer certifies that the code complies with the stated claims on its security-relevant behavior. 8

  12. 30/06/2007 EUROPKI’07 Nicola Dragoni SxC Framework: Policy On the other side we can see that users and mobile phone operators are interested that all codes that are deployed on their platform are secure. In other words they must declare their security policy. Policy: a policy is a formal complete specification of the acceptable behavior of applications to be executed on the platform for what concerns relevant security actions (Virtual Machine API Calls, Operating System Calls). What’s in a platform’s policy? ➡ platform contractual requirements on application ➡ fine-grained resource control (e.g. silently initiate a phone call or send a SMS) ➡ memory usage, secure and insecure web connections, user privacy protection 9

  13. 30/06/2007 EUROPKI’07 Nicola Dragoni How a Contract/Policy Should Look Like? 1. The application sends no more than a number messages in each session 2. The application only loads each image from the network once 3. The delay between two periodic invocations of the MIDlet is at least T 4. The application does not initiate calls to international numbers 5. The application only uses files whose name matches a given pattern 6. The application does not send MMS messages 7. The application connects only to its origin domain 8. The application must close all files that it opens 9. The application only receives SMS messages on a specific port ... 10

  14. 30/06/2007 EUROPKI’07 Nicola Dragoni Application/Service Life Cycle (1) A contract should be negotiated and enforced during development, at time of delivery and loading, and during execution of the application by the mobile platform. Phases of the application/ service life-cycle in which the contract-based security paradigm is present. 11

  15. 30/06/2007 EUROPKI’07 Nicola Dragoni Application/Service Life Cycle (2) In order to guarantee that an application complies with its desired contract (or the policy requested on a particular platform) we should consider the stage where such enforcement can be done. Development Deployment Execution (I) At design and (II) After design but (III) When (IV) During the development time before shipping downloading the execution of the the application application application 12

  16. 30/06/2007 EUROPKI’07 Nicola Dragoni Application/Service Life Cycle (2) In order to guarantee that an application complies with its desired contract (or the policy requested on a particular platform) we should consider the stage where such enforcement can be done. Development Deployment Execution (I) At design and (II) After design but (III) When (IV) During the development time before shipping downloading the execution of the the application application application ‣ Enforcing at level (I) can be achieved by appropriate design rules and require developer support 12

  17. 30/06/2007 EUROPKI’07 Nicola Dragoni Application/Service Life Cycle (2) In order to guarantee that an application complies with its desired contract (or the policy requested on a particular platform) we should consider the stage where such enforcement can be done. Development Deployment Execution (I) At design and (II) After design but (III) When (IV) During the development time before shipping downloading the execution of the the application application application ‣ Enforcing at level (I) can be achieved by appropriate design rules and require developer support ‣ (II) and (III) can be carried out through (automatic) verification techniques. Such verifications can take place ‣ before downloading (static verification by developers and operators followed by a contract coming with a trusted signature ) or ‣ as a combination of pre and post-loading operations (e.g., through in-line monitors and proof carrying code) 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Semantics 1 / 21 Outline What is semantics? Denotational semantics Semantics of naming What

Semantics 1 / 21 Outline What is semantics? Denotational semantics Semantics of naming What

Semantics 1 / 21 Outline What is semantics? Denotational semantics Semantics of naming What is semantics? 2 / 21 What is the meaning of a program? Recall: aspects of a language syntax : the structure of its programs semantics : the

551 views • 21 slides
Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital

Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital

Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital Contract Signing Use digital signatures to sign a pre-agreed contract over a computer network Potentially useful for e-commerce Why it is not simple:

1.08k views • 27 slides
Parts of a Contract Syntax - Method signature Method name Parameter list Return type Semantics

Parts of a Contract Syntax - Method signature Method name Parameter list Return type Semantics

Parts of a Contract Syntax - Method signature Method name Parameter list Return type Semantics - Comments Preconditions: requirements placed on the caller Postconditions: what the method modifies and/or returns 1 Contract Example

85 views • 8 slides
Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou Security Consultant Smart contract audits Nmap/Ncrack contributor Certs: OSCE, OSCP, OSWP Blockchain Basics Front Running

642 views • 30 slides
Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

410 views • 19 slides
Digital Security Training A digital training brought to you by RSAT Security in partnership with

Digital Security Training A digital training brought to you by RSAT Security in partnership with

Digital Security Training A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security Week 6 Week 2 Responsible

190 views • 18 slides
Smart Contract Security Florian Tramr Nicolas Kokkalis Agenda Smart Contract

Smart Contract Security Florian Tramr Nicolas Kokkalis Agenda Smart Contract

Smart Contract Security Florian Tramr Nicolas Kokkalis Agenda Smart Contract Verification Why? More examples of bugs! How? Beyond bugs in code: networks, miners and incentives Attacks by miners: reorder, delay,

405 views • 24 slides
DIGITAL PATHOLOGY UPDATE A. Malham DIGITAL PATHOLOGY TIMELINE Philips awarded contract

DIGITAL PATHOLOGY UPDATE A. Malham DIGITAL PATHOLOGY TIMELINE Philips awarded contract

DIGITAL PATHOLOGY UPDATE A. Malham DIGITAL PATHOLOGY TIMELINE Philips awarded contract 05/07/17. Install of DP equipment to NHS GGC and Lothian during10/17. DP pilot commences 8/03/18 NHS GGC and 01/05/18 NHS Lothian. In 11/18

411 views • 8 slides
Digital Leave No One Behind Platform Virtual session on Digital Security civic --- 24th of

Digital Leave No One Behind Platform Virtual session on Digital Security civic --- 24th of

Gigi Pasco Ong-Alok - COC Nederland Digital Leave No One Behind Platform Virtual session on Digital Security civic --- 24th of March Space Why talk about digital civic space and digital rights? and Case Study: Digital space in the

418 views • 9 slides
Operational Semantics 1 / 14 Outline What is semantics? Operational Semantics What is

Operational Semantics 1 / 14 Outline What is semantics? Operational Semantics What is

Operational Semantics 1 / 14 Outline What is semantics? Operational Semantics What is semantics? 2 / 14 What is the meaning of a program? Recall: aspects of a language syntax : the structure of its programs semantics : the meaning of

588 views • 14 slides
Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication Integrity Non-repudiation CA (Certification Authority) Issue digital certificates (via digital signature) Publish/Distribute digital

491 views • 13 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
Semantics so far in course Lexical Semantics, Distributions, Previous semantics lectures

Semantics so far in course Lexical Semantics, Distributions, Previous semantics lectures

11/13/18 Semantics so far in course Lexical Semantics, Distributions, Previous semantics lectures discussed Predicate-Argument Structure, and composing meanings of parts to produce the correct global sentence meaning Frame Semantic Parsing

460 views • 14 slides
Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS ROCK CK S STEVENS, KEVIN HALLIDAY, MICHELLE MAZUREK // UNIV IVERSIT ITY O OF M MARYLAND JOSIAH DYKSTRA, JAMES CHAPMAN, ALEX FARMER //

290 views • 27 slides
Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

LASER Workshop 2020 Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards Rock Stevens , Kevin Halliday, Michelle Mazurek / / University of Maryland Josiah Dykstra, James Chapman, Alexander F armer

345 views • 22 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
EDUCATIONAL INSTITUTION SAFETY Presented by: Zaharuddin bin Haji Abdul Rahman, Inspector

EDUCATIONAL INSTITUTION SAFETY Presented by: Zaharuddin bin Haji Abdul Rahman, Inspector

EDUCATIONAL INSTITUTION SAFETY Presented by: Zaharuddin bin Haji Abdul Rahman, Inspector (Non-Industry) PAST ACCIDENTS / INCIDENTS SCHOOL RELATED ACCIDENTS LOCALLY 2011 Sekolah Rendah Mabohai Reversing Car hit 2015 and killed 2

355 views • 16 slides
OpenStreetMap Mapathon Mapping pedestrian crossings with Pic4Review 1 Rally De Leon Data Team

OpenStreetMap Mapathon Mapping pedestrian crossings with Pic4Review 1 Rally De Leon Data Team

OpenStreetMap Mapathon Mapping pedestrian crossings with Pic4Review 1 Rally De Leon Data Team Member OpenStreetMap User ID: Rally Sidewalk Advocate 2 OpenStreetMap Wikipedia of maps Open & Free Anybody can edit and improve the map

435 views • 24 slides
1875 Praise Him! Praise Him! Jesus, Our Blessed Redeemer! 1869 Redeemed, How I Love to

1875 Praise Him! Praise Him! Jesus, Our Blessed Redeemer! 1869 Redeemed, How I Love to

I Am Thine, O Lord (Draw Me Nearer) 1875 Praise Him! Praise Him! Jesus, Our Blessed Redeemer! 1869 Redeemed, How I Love to Proclaim It! 1882 To God Be the Glory 1875 The Lion of Judah 1880 Blessed

891 views • 66 slides
How do we interact with culture (the world)? IN but not OF LEARN AND FILTER This weeks

How do we interact with culture (the world)? IN but not OF LEARN AND FILTER This weeks

How do we interact with culture (the world)? IN but not OF LEARN AND FILTER This weeks message: The Tolerance Narrative: What we need is tolerance. The Narrative : We need to accept any thought, unless we dont like that

843 views • 29 slides
Classes, Objects & References The Challenges of Complexity Complexity of Agent-Based Model

Classes, Objects & References The Challenges of Complexity Complexity of Agent-Based Model

Classes, Objects & References The Challenges of Complexity Complexity of Agent-Based Model development is a major barrier to effective delivery of value Complexity leads to models that are late, over budget, and of substandard

918 views • 36 slides
BREEDING SANDWORMS: HOW TO FUZZ YOUR WAY OUT OF ADOBE READER X'S SANDBOX Who we are Research

BREEDING SANDWORMS: HOW TO FUZZ YOUR WAY OUT OF ADOBE READER X'S SANDBOX Who we are Research

BREEDING SANDWORMS: HOW TO FUZZ YOUR WAY OUT OF ADOBE READER X'S SANDBOX Who we are Research and Analysis: Zhenhua(Eric) Liu Vulnerability Researcher zhliu@fortinet.com Contributor and Editor: Guillaume Lovet Sr Manager of Fortinet's

646 views • 52 slides
Overview of the PEBBL and PICO Projects: Massively Parallel Branch and Bound Jonathan Eckstein

Overview of the PEBBL and PICO Projects: Massively Parallel Branch and Bound Jonathan Eckstein

Overview of the PEBBL and PICO Projects: Massively Parallel Branch and Bound Jonathan Eckstein Business School and RUTCOR Rutgers University Joint work with a large team, mostly from Sandia National Laboratories, and in particular William E.

507 views • 28 slides
Spark Overview / High-level Architecture Indexing from Spark Reading data from Solr + term

Spark Overview / High-level Architecture Indexing from Spark Reading data from Solr + term

Spark Overview / High-level Architecture Indexing from Spark Reading data from Solr + term vectors & Spark SQL Document Matching user since 2010, committer since April 2014, work for SolrCloud features and bin/solr! Release manager

569 views • 22 slides

More recommend