Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers

Research Article

LoPSiL: A Location-Based Policy-Specification Language

Download
400 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-04434-2_23,
        author={Jay Ligatti and Billy Rickey and Nalin Saigal},
        title={LoPSiL: A Location-Based Policy-Specification Language},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={5},
        keywords={Policy-specification languages location-dependent policies mobile devices security and privacy},
        doi={10.1007/978-3-642-04434-2_23}
    }
    
  • Jay Ligatti
    Billy Rickey
    Nalin Saigal
    Year: 2012
    LoPSiL: A Location-Based Policy-Specification Language
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-04434-2_23
Jay Ligatti1,*, Billy Rickey1,*, Nalin Saigal1,*
  • 1: University of South Florida
*Contact email: ligatti@cse.usf.edu, brickey@cse.usf.edu, nsaigal@cse.usf.edu

Abstract

This paper describes the design of LoPSiL, a language for specifying location-dependent security and privacy policies. Policy- specification languages like LoPSiL are domain-specific programming languages intended to simplify the tasks of specifying and enforcing sound security policies on untrusted (i.e., potentially insecure) software. As far as we are aware, LoPSiL is the first imperative policy-specification language to provide abstractions specifically tailored to location-dependent policies for mobile-device applications. We have implemented a proof-of-concept compiler that inputs a LoPSiL policy and a mobile-device application program and outputs a new application program ′ equivalent to , except that ′ contains inlined enforcement code that ensures that ′ satisfies at runtime. We report our experiences using this compiler to design and implement several policies for mobile-device applications.