On Probabilistic Application Compliance

Antonio La Marra, Fabio Martinelli, Andrea Saracino, Alessandro Aldini
2016 2016 IEEE Trustcom/BigDataSE/ISPA  
The Security-by-Contract is a paradigm developed to offer a secure environment in which mobile applications can be executed by respecting the security policies of interest. Especially in the Android Apps marketplace, establishing precisely the expected secure app behavior is typically a complex operation that is prone to approximations. Hence, it is worth considering extensions of purely functional approaches that allow the security relevant actions to be quantitatively assessed. This also
more » ... the possibility to balance the application of (expensive) enforcement mechanisms with the security guarantees. With these objectives in view, in this paper we define a probabilistic extension of the Security-by-Contract model, and we show its impact in realworld scenarios through the analysis of several practical Android applications.
doi:10.1109/trustcom.2016.0283 dblp:conf/trustcom/MarraMSA16 fatcat:ldk4auwfjjeilmanuyjxfln4wm