MODEL-DRIVEN SECURITY FOR TRUSTED SYSTEMS

Security management in information societies is becoming extremely challenging where the resources are open and ubiquitous. The policies of the classified object change with its usage depending on the environment and its internal states. A classified object will have many stakeholders, with varying number of rights over it, all along its life. The relationship of stakeholders with objects is of our prime interest, where the object will be derived and/or distributed in its original form. In this contribution, we have classified stakeholders and objects, while concentrating on the specification for objects' usage at the stakeholder end. This will allow us to deploy our tools in an emulated environment, where these high level specifications will transform, to platform independent administrative policies and administer the emulation in a dynamic manner. This work will further lead us to investigate and provide tooling support for more granular semantically integrated control for stakeholders on their objects in a ubiquitous environment. We have concentrated on resources focusing the mobile platforms, taking Android as our case study. We base our work on top of recognized standards like that provided by Trusted Computing Group's Mobile Phone Working Group. It allows us to use the strong service oriented business model available in information based societies.