Threat-Based Declassification and Endorsement for Mobile Computing

Declassification and endorsement can efficiently improve the usability of mobile applications. However, both declassify and endorse operations in practice are often ad-hoc and nondeterministic, thus, being insecure. From a new perspective of threat assessments, we propose the Threat-based typed security p-calculus (π^TBTS) to model declassification and endorsement in mobile computing. Intuitively, when relaxing confidentiality policies and/or integrity policies, we respectively assess threats brought by performing these two relaxes. If these threats are acceptable, the declassification and/or endorsement operations are permitted; Otherwise, they are denied. The proposed assessments have explicit security conditions, results and less open parameters, so our approach solves the problem of the ad-hoc and nondeterministic semantics and builds a bridge between threat assessments and declassification/endorsement.