Abstract
Ubiquitous applications and services combined with mobile business applications define a challenging context for security and trust. Besides the basic security requirements for controlled access, confidentiality, data integrity and accountability, it is essential to know whether devices surrounding a user are trusted and to distribute application tasks between those devices. We propose a development framework that combines security policies, certificates and an enforcement protocol as a solution to provide security and trust in ubiquitous applications and services. Security policies define the constraints when, how and which mobile devices can be use in a mobile business application. Enforcement of policies makes use of certificates, defined for users and devices, which determine delegable application tasks and trustworthiness of devices. Our proposed framework is flexible — can be dynamically changed, is adaptable — can be dynamically extended, and is scalable — policies and certificates are evaluated on demand and in a distributed fashion.