IIT Home Page CNR Home Page

EU project - Security of Software Services of Mobile Systems (S3MS)

Contracting: CREATE-NET (Center for REsearch And Telecommunication Experimentation for NETworked communities)

Type: Progetto internazionale

Trustworthy and Secure Future Internet

The objective of S3MS is to create a framework and a technological solution for trusted deployment and execution of communicating mobile applications in heterogeneous environments. S3MS would enable the opening of the software market of nomadic devices (from smart phones to PDA) to trusted third party applications beyond the sandbox model, without the burden of roaming trust infrastructure but without compromising security and privacy requirements. A contract-based security mechanism will lie at the core of the framework. A contract is a claim by a mobile application on the interaction with relevant security and privacy features of a mobile platform. This contract should be published by applications, understood by devices and all stakeholders (users, mobile operators, developers, platform developers, etc.). The contract should be negotiated, and enforced during development, at time of delivery and loading, and during execution of the application by the mobile platform. The new paradigm will not replace, but enhance today’s security mechanism, and will provide a flexible, simple and scalable security and privacy protection mechanism for future mobile systems. It will allow a network operator and a user to decide what an application is allowed to do, prevent bad code from running, and allow good code to be easily designed and deployed. The new paradigm of security-by-contract affects the entire life cycle of mobile applications and services: Contracts must be accommodated in high level design of security and privacy requirements of applications and mobile platforms, programming languages for the formulation of contracts must be developed, compilers must be modified to produce executable contracts for a piece of software, loaders must be aware of the static contract information that can be checked at load time, and runtime systems must be equipped with the mechanisms needed to ensure that the contracts are fulfilled during execution.

From 01/03/2006 to 28/02/2008

Note: VI Framework Programme, IIT is Third Part in this project