A SUPPORTING TOOL TO IDENTIFY BOTH SATISFIED REQUIREMENTS AND TOLERANT THREATS FOR A JAVA MOBILE CODE APPLICATION

Haruhiko Kaiya, Kouta Sasaki, Chikanobu Ogawa, Kenji Kaijiri

Abstract

A mobile code application can be easily integrated by using existing software components, thus it is one of the promising ways to develop software efficiently. However, using a mobile code application sometimes follows harmful effects on valuable resources of users because malicious codes in such an application can be activated. Therefore, users of mobile code applications have to identify both benefits and risks by the applications and to decide which benefits should be gotten and which risks should be tolerated. In this paper, we introduce a tool to support such users. By using this tool, the users can identify security related functions embedded in each mobile code automatically. The users can also relate these functions to each benefit or risk. By defining a security policy for mobile codes, some functions are disabled, thus some benefits and risks are also disabled. By adjusting the security policy, the users can make decision about the benefits and the risks.

References

  1. Sun Microsystems, Inc. (1998). Java Security Architecture (JDK1.2). Version 1.0.
  2. Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L., and Lutz, R. (2002). A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System. Requirements Engineering, 7(4):207 - 220.
  3. Kaiya, H., Sasaki, K., Maebashi, Y., and Kaijiri, K. (2003). Trade-off Analysis between Security Policies for Java Mobile Codes and Requirements for Java Application. In 11th IEEE International Requirements Engineering Conference, pages 357-358.
  4. Kato, K. and Oyama, Y. (2003). SoftwarePot: An Encapsulated Transferable File System for Secure Software Circulation. Lecture Notes in Computer Science, 2609:112 - 132.
  5. Sindre, G. and Opdahl, A. L. (2005). Eliciting security requirements with misuse cases. Requirements Engineering, 10(1):34 - 44.
  6. van Lamsweerde, A. (2004). Elaborating Security Requirements by Construction of Intentional Anti-Models. In Proceedings of ICSE'04, pages 148-157.
Download


Paper Citation


in Harvard Style

Kaiya H., Sasaki K., Ogawa C. and Kaijiri K. (2006). A SUPPORTING TOOL TO IDENTIFY BOTH SATISFIED REQUIREMENTS AND TOLERANT THREATS FOR A JAVA MOBILE CODE APPLICATION . In Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-972-8865-43-6, pages 444-448. DOI: 10.5220/0002445604440448


in Bibtex Style

@conference{iceis06,
author={Haruhiko Kaiya and Kouta Sasaki and Chikanobu Ogawa and Kenji Kaijiri},
title={A SUPPORTING TOOL TO IDENTIFY BOTH SATISFIED REQUIREMENTS AND TOLERANT THREATS FOR A JAVA MOBILE CODE APPLICATION},
booktitle={Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2006},
pages={444-448},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002445604440448},
isbn={978-972-8865-43-6},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - A SUPPORTING TOOL TO IDENTIFY BOTH SATISFIED REQUIREMENTS AND TOLERANT THREATS FOR A JAVA MOBILE CODE APPLICATION
SN - 978-972-8865-43-6
AU - Kaiya H.
AU - Sasaki K.
AU - Ogawa C.
AU - Kaijiri K.
PY - 2006
SP - 444
EP - 448
DO - 10.5220/0002445604440448