Introducing probabilities in contract-based approaches for mobile application security

Abstract

Security for mobile devices is a problem of capital importance, especially due to new threats coming from malicious applications. This has been proved by the increasing interest of the research community on the topic of security on mobile devices. Several security solutions have been recently proposed, to address the uprising threats coming from malicious applications. However, several mechanisms may result not flexible enough, hard to apply, or too coarse grained, e.g. several critics have been raised against the Android permission system. We argue that, it is possible to obtain more flexible security tools and finer grained security requirements by introducing probability measurements. In this paper we discuss how to introduce probabilistic clauses into the Security-by-Contract and the Security-by-Contract-with-Trust frameworks, revising the main building blocks and providing tools to write probabilistic contracts and policies. A proof-of-concept implementation on Android system has also been presented. © 2014 Springer-Verlag Berlin Heidelberg.