Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Supporting reconfigurable security policies for mobile programs
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Checking secure interactions of smart card applets: extended version
Journal of Computer Security - Special issue on ESORICS 2000
Confidentiality for Mobile Code: The Case of a Simple Payment Protocol
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Java bytecode verification for secure information flow
ACM SIGPLAN Notices
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Towards a unifying view on security contracts
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Which security policy for multiplication smart cards?
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Embedding verifiable information flow analysis
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
An information flow verifier for small embedded systems
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
On-device control flow verification for Java programs
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Can we support applications' evolution in multi-application smart cards by security-by-contract?
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Load time security verification
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Java card architecture for autonomous yet secure evolution of smart cards applications
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
JCSI: A tool for checking secure information flow in Java Card applications
Journal of Systems and Software
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
Hi-index | 0.00 |
In the multiapplicative context of smart cards, a strict control of underlying information flow between applications is highly desired. In this paper we propose a model to improve information flow usability in such systems by limiting the overhead for adding information flow security to a Java Virtual Machine. We define a domain specific language for defining security policies describing the allowed information flow inside the card. The applications are certified at loading time with respect to information flow security policies. We illustrate our approach on the LoyaltyCard, a multiapplicative smart card involving four loyalty applications sharing fidelity points.