Security by Contract on the .NET Platform

Over the last few years, the success of GPS-enabled PDAs has finally instigated a breakthrough of mobile devices. Many people now already have a device that can connect to the internet and run untrusted code, typically a cell-phone or PDA. Having such a large interconnected and powerful computing base presents some new security issues. In order to counter new threats, the traditional security architectures need to be overhauled to support a new and more flexible way of securely executing mobile code. This paper describes the concept of Security-by-Contract (SxC) and its implementation on the .NET platform. This new model allows users to guarantee that an untrusted application remains within the boundaries of acceptable behavior, as defined by the user herself.