Security-by-Contract-With-Trust for Mobile Devices
Security-by-Contract (S?C) is a paradigm providing security assurances for mobile applications. In this paper, the authors present the an extension of S?C, called Security-by-Contract-with-Trust (S?C?T). Indeed, they enrich the S?C architecture by integrating a trust model and adding new modules and configurations for managing contracts. Indeed, at deploy-time, their system decides the run-time configuration depending on the credentials of the contract provider. The run-time environment can both enforce a security policy and monitor the declared contract. According to the actual behavior of the running program their architecture updates the trust level associated with the contract provider.