The massive adoption of mobile computing platforms creates the urgent need for secure application execution on such platforms. Unfortunately, today's mobile platforms do not support strong security solutions equivalent to smartcards in set-top boxes or to dongles to reliably control licensing terms. Furthermore, many of these mobile devices are shared for professional and private applications, and are thus intrinsically hard to control and secure.
Michael Zunke, chief technology officer of SafeNet's Software Monetization Business Unit states that "Security is ever more essential as an enabler for the sustainable innovation of mobile applications and services. Security solutions based on custom hardware security components like dongles and smart cards are not a natural fit for these mobile environments. The industry therefore needs a comprehensive security framework in which software protection is the key ingredient."
According to Brecht Wyseur, NAGRA's security architect, the big challenge in the next years will be to increase the security level of software solutions to allow for both cost effective deployment and long-term renewability, either stand-alone or in combination with a hardware root of trust.
Hence, more research is needed to come up with a solution that is strong enough to be a viable solution for an increasing number of applications in which privacy and security are essential. The ASPIRE project will create the ASPIRE software security framework which will develop, combine and integrate five different types of software protection techniques into one easy to use framework. It will deliver comprehensive, effective security metrics and a decision support system to assist the software developer.
"The integrated tool chain will allow service providers to automatically protect the assets in their mobile applications with the best local and network-based protection techniques," notes Bjorn De Sutter, coordinator of the project, adding that "ASPIRE will make mobile software more trustworthy by leveraging the available network connection and by developing a layered security approach of strong protections. We will also make it measurable by developing practical, validated attack and protection models and practical metrics."
Cite This Page: