Risk-based Declassification and Endorsement in Mobile Computing
Declassification and endorsement can efficiently improve the usability of mobile applications,some declassify and endorse operations in practice,however,are often ad-hoc and nondeterministic,as a result,these operations might be insecure.To improve the security of these operations in mobile applications,one has to explicitly define ”who can Declassify/endorse information?”,”what information can be declassified/endorsed?” And ”when/where is operations declassify/endorse performed?”.In our work,we focus on the problem ”when are these operations performed?”.To solve the above problem,from a new perspective of risk assessments,we propose the Risk-Based Typed Security π(πRBTS)for modelling declassification and endorsement in mobile computing.Intuitively,when relaxing confidentiality policies and/or integrity policies,we respectively assess risks brought by performing these two relaxes.If these risks are acceptable,the declassification and/or endorsement operations are permitted; Otherwise,they are denied.Because risk assessments have explicit security conditions and results,our approach solves the problem of the ad-hoc and nondeterministic semantics and builds a bridge between risk assessments and declassification/endorsement.
Declassification Endorsement Risk assessment Mobile Computing π-calculus
Lihua YIN Ruiguang LI Yunchuan GUO
Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100
国内会议
武汉
英文
93-104
2015-05-26(万方平台首次上网日期,不代表论文的发表时间)