Enforcing Private Policy via Security-by-Contract

This work aims to investigate how the Security-by-Contract (SxC)paradigm, developed for providing security assurances to mobileapplications, can be used for guaranteeing the security ofcommunicating systems composed by several, heterogeneous components.These components need to communicate with each other by establishingdirect, point to point connections. Direct connections can involvecomponents sharing no common communication protocols and need asuitable interface. Enablers are in charge of providing thesecommunication interfaces. Each component has a local security policycomposing a public and a private part. When a communication between twocomponents has to be established, each component asks the enabler toprovide a communication interface that respects its public policy. Weexploit the Security-by-Contract approach for assuring that theapplication implementing the communication interface is always safe,i.e., it satisfies the security policies set by components. Moreover,we present an extension of the Security-by-Contract for dealing withtrust. Trust management is useful when one of the involved actors isconsidered to be potentially untrusted and the others want to measureits trust level.