S3MS (Security of Software and Services for Mobile Systems) is a European research project focused on the security issue of mobile systems.
In the coming years, quantity and quality of e-services for and on mobile devices will increase, hence creating a great business opportunity for services and applications developers. Already now, many people use over the air services for pre-provisioned services such as e-mail, schedule and contact synchronization. Mobile devices will become more powerful (a smart phone has more computing power than a PC of 15 years ago), so that smart-phones will become common shared platforms to run different applications.
While security and dependability issues are increasingly important for all computers, this is particularly true for nomadic devices such as phones. These issues become major when a user, or a corporation using mobile software to empower its workforce, wants to run on the same device many interoperating and communicating applications from different parties, each with its own security and privacy requirements.
The objective of S3MS is to create a framework and a technological solution for trusted deployment and execution of communicating mobile applications in heterogeneous environments. In the vision of the project, the key innovation component is the notion of security-by-contract, a mobile contract that an application carries with itself. Loosely speaking, a contract contains a description of the relevant features of the application and the relevant interactions with its host platform. A mobile platform could specify platform contractual requirements, a mobile policy, which should be matched by the application’s contract. Among the relevant features, one can list fine-grained resource control (e.g. silently initiate a phone call or send an SMS), memory usage, secure and insecure web connections, user privacy protection, confidentiality of application data, constraints on access from other applications already on the platform. And the user can set such features.