Abstract
This paper describes the design of LoPSiL, a language for specifying location-dependent security and privacy policies. Policy- specification languages like LoPSiL are domain-specific programming languages intended to simplify the tasks of specifying and enforcing sound security policies on untrusted (i.e., potentially insecure) software. As far as we are aware, LoPSiL is the first imperative policy-specification language to provide abstractions specifically tailored to location-dependent policies for mobile-device applications. We have implemented a proof-of-concept compiler that inputs a LoPSiL policy P and a mobile-device application program A and outputs a new application program A′ equivalent to A, except that A′ contains inlined enforcement code that ensures that A′ satisfies P at runtime. We report our experiences using this compiler to design and implement several policies for mobile-device applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anisetti, M., Ardagna, C., Bellandi, V., Damiani, E.: Openambient: A Pervasive Access Control Architecture. In: Schmidt, A., Kreutzer, M., Accorsi, R. (eds.) Long-Term and Dynamical Aspects of Information Security: Emerging Trends in Information and Communication Security. Nova Science Publisher, Bombay (2007)
Ardagna, C., Cremonini, M., Damiani, E., di Vimercati, S., Samarati, P.: Supporting Location-based Conditions in Access Control Policies. In: Symposium on Information, Computer and Communications Security (2006)
The AspectJ Project, http://www.eclipse.org/aspectj/
Bauer, L., Ligatti, J., Walker, D.: Composing Expressive Run-time Security Policies. ACM Transactions on Software Engineering and Methodology (to appear)
Bauer, L., Ligatti, J., Walker, D.: Composing Security Policies with Polymer. In: ACM Conference on Programming Language Design and Implementation (2005)
Bauer, L., Ligatti, J., Walker, D.: Types and Effects for Non-interfering Program Monitors. In: Okada, M., Pierce, B., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) Software Security—Theories and Systems. Springer, Heidelberg (2003)
Bhatti, R., Damiani, M., Bettis, D., Bertino, E.: Policy Mapper: Administering Location-based Access-control Policies. IEEE Internet Computing 12(2), 38–45 (2008)
Byte Code Engineering Library, http://jakarta.apache.org/bcel/
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)
Edjlali, G., Acharya, A., Chaudhary, V.: History-based Access Control for Mobile Code. In: ACM Conference on Computer and Communications Security (1998)
Erlingsson, Ú., Schneider, F.: IRM Enforcement of Java Stack Inspection. In: IEEE Symposium on Security and Privacy (2000)
Evans, D., Twyman, A.: Flexible Policy-directed Code Safety. In: IEEE Symposium on Security and Privacy (1999)
eXtensible Access Control Markup Language (XACML) version 2.0, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
GPSLib4J v0.1, http://gpslib4j.sourceforge.net/
The Java ME Platform - the Most Ubiquitous Application Platform for Mobile Devices, http://java.sun.com/javame/index.jsp
Jeffery, C., Zhou, W., Templer, K., Brazell, M.: A Lightweight Architecture for Program Execution Monitoring. In: Program Analysis for Software Tools and Engineering (PASTE), pp. 67–74. ACM Press, New York (1998)
Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.: An Overview of AspectJ. In: Knudsen, J.L. (ed.) ECOOP 2001. LNCS, vol. 2072, p. 327. Springer, Heidelberg (2001)
Ligatti, J., Bauer, L., Walker, D.: Enforcing Non-safety Security Policies with Program Monitors. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)
Ligatti, J., Bauer, L., Walker, D.: Run-time Enforcement of Nonsafety Policies. ACM Transactions on Information and System Security 12(3), 1–41 (2009)
LoPSiL Implementation, http://www.cse.usf.edu/~ligatti/projects/runtime/LoPSiL.zip
Robinson, W.: Monitoring Software Requirements Using Instrumented Code. In: Proceedings of the 35th Annual Hawaii International Conference on System Sciences, p. 276.2 (2002)
Schmidt, A., Kuntze, N., Abendroth, J.: Trust for Location-based Authorisation. In: Wireless Communications and Networking Conference, pp. 3163–3168 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Ligatti, J., Rickey, B., Saigal, N. (2009). LoPSiL: A Location-Based Policy-Specification Language. In: Schmidt, A.U., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04434-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-04434-2_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04433-5
Online ISBN: 978-3-642-04434-2
eBook Packages: Computer ScienceComputer Science (R0)