IIT Home Page CNR Home Page

EU project - Security of Software Services of Mobile Systems (S3MS)

Contraente: CREATE-NET (Center for REsearch And Telecommunication Experimentation for NETworked communities)

Tipo: Progetto internazionale

Trustworthy and Secure Future Internet

The objective of S3MS is to create a framework and a technological solution for trusted
deployment and execution of communicating mobile applications in heterogeneous environments.
S3MS would enable the opening of the software market of nomadic devices (from smart phones to
PDA) to trusted third party applications beyond the sandbox model, without the burden of
roaming trust infrastructure but without compromising security and privacy requirements.
A contract-based security mechanism will lie at the core of the framework. A contract is a claim
by a mobile application on the interaction with relevant security and privacy features of a mobile
platform. This contract should be published by applications, understood by devices and all
stakeholders (users, mobile operators, developers, platform developers, etc.). The contract should
be negotiated, and enforced during development, at time of delivery and loading, and during
execution of the application by the mobile platform.
The new paradigm will not replace, but enhance today’s security mechanism, and will
provide a flexible, simple and scalable security and privacy protection mechanism for future
mobile systems. It will allow a network operator and a user to decide what an application is
allowed to do, prevent bad code from running, and allow good code to be easily designed and
The new paradigm of security-by-contract affects the entire life cycle of mobile
applications and services: Contracts must be accommodated in high level design of security and
privacy requirements of applications and mobile platforms, programming languages for the
formulation of contracts must be developed, compilers must be modified to produce executable
contracts for a piece of software, loaders must be aware of the static contract information that can
be checked at load time, and runtime systems must be equipped with the mechanisms needed to
ensure that the contracts are fulfilled during execution.


Dal 01/03/2006 al 28/02/2008

Note: VI Framework Programme, IIT is Third Part in this project