Carleton University
Technical Report TR-11-06
April 25, 2011
Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems
Abstract
Application markets providing one-click software installation have become common to smartphones and are emerging on desktop platforms. Until recently, each platform has had only one market; however, social and economic pressures have resulted in multiple-market ecosystems. Multi-market environments limit, and in some cases eliminate, valuable security characteristics provided by the market model, including kill switches and developer name consistency (integrity). We outline a novel approach to retaining single-market security semantics while enabling the flexibility and independence of a multi-market environment. We propose Stratus as an abstract, security-enhancing, application installation model that leverages information from a configurable set of security information sources. Information source content ranges from simple statistics to expert ratings for a specific application domain. The Stratus approach provides valuable decision-making criteria useful not only for smartphone users, but technology consumers as a whole, as new and existing computing environments, including for desktop software, converge on a market-like model for software installation.