Abstract—This paper proposes and details the notion of trust by policy adherence (TBPA), meaning that code can be certified on the basis of its security-related behaviors rather than its origins and integrity. We describe the overall life cycle of code in this setting, and propose a detailed method whereby a program’s policy adherence can be verified. We suggest enforcing security policies over code by means of aspect-oriented programming (AOP). Based on the characteristics of AOP programs, we model security policies and a verification process using alternating temporal logic. This method can be used to verify whether a given program complies with a wide range of security policies, including both safety and liveness policies. It can also ve...
Abstract: Proof-carrying code approaches aim at the safe execution of untrusted code by having the c...
The base class library of the.NET Framework makes extensive use of the Code Access Security system t...
In the domain of security policy enforcement, the concerns of application developers are almost comp...
Proof-checking code for compliance to safety policies potentially enables a product-oriented approac...
Assuring that a given code is faithfully executed with defined parameters and constraints on an un-t...
Explicit or implicit, enforced or not, safety policies are ubiquitous in software systems. In the ma...
In this paper, we present an approach revolving around aspect-oriented software development (AOSD) f...
Proof carrying code is a general methodology for certifying that the execution of an untrusted mobil...
Given a client/server application, how can the server entrust the integrity of the remote client, al...
International audienceThe secure deployment of an application requires the definition of the securit...
This article considers the question of how we may trust automatically generated program code. The co...
Abstract: As Internet connectivity grows executing untrusted code becomes an increasingly serious th...
The Aspect-Oriented Programming paradigm has been advocated for modularisation of cross-cutting conc...
The construction of secure software is a notoriously difficult task. The abstract security requireme...
The lifecycle mismatch between vehicles and their IT system poses a problem for the automotive indus...
Abstract: Proof-carrying code approaches aim at the safe execution of untrusted code by having the c...
The base class library of the.NET Framework makes extensive use of the Code Access Security system t...
In the domain of security policy enforcement, the concerns of application developers are almost comp...
Proof-checking code for compliance to safety policies potentially enables a product-oriented approac...
Assuring that a given code is faithfully executed with defined parameters and constraints on an un-t...
Explicit or implicit, enforced or not, safety policies are ubiquitous in software systems. In the ma...
In this paper, we present an approach revolving around aspect-oriented software development (AOSD) f...
Proof carrying code is a general methodology for certifying that the execution of an untrusted mobil...
Given a client/server application, how can the server entrust the integrity of the remote client, al...
International audienceThe secure deployment of an application requires the definition of the securit...
This article considers the question of how we may trust automatically generated program code. The co...
Abstract: As Internet connectivity grows executing untrusted code becomes an increasingly serious th...
The Aspect-Oriented Programming paradigm has been advocated for modularisation of cross-cutting conc...
The construction of secure software is a notoriously difficult task. The abstract security requireme...
The lifecycle mismatch between vehicles and their IT system poses a problem for the automotive indus...
Abstract: Proof-carrying code approaches aim at the safe execution of untrusted code by having the c...
The base class library of the.NET Framework makes extensive use of the Code Access Security system t...
In the domain of security policy enforcement, the concerns of application developers are almost comp...