IIT Home Page CNR Home Page

Enforcing Private Policy via Security-by-Contract. Special Issue “Identity and Privacy Management

This work aims to investigate how the Security-by-Contract (SxC)paradigm, developed for providing security assurances to mobileapplications, can be used for guaranteeing the security ofcommunicating systems composed by several, heterogeneous components.These components need to communicate with each other by establishingdirect, point to point connections. Direct connections can involvecomponents sharing no common communication protocols and need asuitable interface. Enablers are in charge of providing thesecommunication interfaces. Each component has a local security policycomposing a public and a private part. When a communication between twocomponents has to be established, each component asks the enabler toprovide a communication interface that respects its public policy. Weexploit the Security-by-Contract approach for assuring that theapplication implementing the communication interface is always safe,i.e., it satisfies the security policies set by components. Moreover,we present an extension of the Security-by-Contract for dealing withtrust. Trust management is useful when one of the involved actors isconsidered to be potentially untrusted and the others want to measureits trust level.
UPGRADE , 2010

IIT authors:

Gabriele Costa

Foto di Gabriele Costa

Type: Article in non-ISI Journal with international referees
Field of reference: Information Technology and Communication Systems