Applet verification strategies for RAM-constrained devices

  • Authors:

  • Nils Maltesson;David Naccache;Elena Trichina;Christophe Tymen

  • Affiliations:

  • Lund Institute of Technology, Lund, Sweden;Gemplus Card International, Issy-les-Moulineaux, France;University of Kuopio, Department of Computer Science and Applied Mathematics, Kuopio, Finland;Gemplus Card International, Issy-les-Moulineaux, France

  • Venue:
  • ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
  • Year:
  • 2002

Quantified Score

Hi-index 0.00

Visualization

Abstract

While bringing considerable flexibility and extending the horizons of mobile computing, mobile code raises major security issues. Hence, mobile code, such as Java applets, needs to be analyzed before execution. The byte-code verifier checks low-level security properties that ensure that the downloaded code cannot bypass the virtual machine's security mechanisms. One of the statically ensured properties is type safety. The type-inference phase is the overwhelming resource-consuming part of the verification process. This paper addresses the RAM bottleneck met while verifying mobile code in memory-constrained environments such as smart-cards. We propose to modify classic type-inference in a way that significantly reduces memory consumption. Our algorithm is inspired by bit-slice data processing and consists in running the verifier on each variable in turn. In other words, instead of running the fix-point calculation algorithm once on M variables, we re-launch the algorithm M/l times, verifying each time only l variables. Parameter l can then be tuned to suit the RAM resources available on board whereas M/l upper-bounds the computational effort (expressed in re-runs of the usual fix-point calculation algorithm). The resulting RAM economy, as experimented on a number of popular applets, is around 40%.