S-Mobile: Security of software and services for mo bile systems (VIT.7627)

The objective of S-Mobile is to create a framework and technological solutions for trusted deployment and execution of mobile applications in heterogeneous environments.

While today the development of third party applications for mobile platforms (i.e. mobile phones, cars, etc.) is tightly controlled by single entities (i.e. telecom operators, mainly due to security risks), there is a need to open the software market of nomadic devices (from smart phones to PDA, from RFID systems to cars) to third party applications with a higher degree of assurance.

S-Mobile will make this possible by extending the existing security model beyond the sandbox model and by integrating mechanisms for trust management and credentials negotiation.

A licence-based security mechanism will lie at the core of the framework. A licence will be associated to each application stating in detail what are the capabilities needed to be executed. A licence is a fine-grained claim done by a mobile application regarding the interaction with relevant security and privacy features of a mobile platform. This licence should be published by applications, understood by devices and all stakeholders (users, mobile operators, developers, platform developers, etc.). The licence should be enforced at time of delivery and loading, and during execution of the application by the mobile platform.

The resulting new paradigm will not replace, but enhance existing security mechanisms, and will provide a flexible, simple and scalable security and privacy protection mechanism for future mobile systems. It will allow a network operator and a user to decide what an application is allowed to do, prevent bad code from running, and allow good code to be easily designed and deployed.