Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bytecode verification on Java smart cards
Software—Practice & Experience
Compositional Verification of Secure Applet Interactions
FASE '02 Proceedings of the 5th International Conference on Fundamental Approaches to Software Engineering
The PACAP Prototype: A Tool for Detecting Java Card Illegal Flow
JavaCard '00 Revised Papers from the First International Workshop on Java on Smart Cards: Programming and Security
Checking secure interactions of smart card applets: extended version
Journal of Computer Security - Special issue on ESORICS 2000
From Stack Inspection to Access Control: A Security Analysis for Libraries
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
CMV: automatic verification of complete mediation for java virtual machines
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Compositional verification of sequential programs with procedures
Information and Computation
On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
An information flow verifier for small embedded systems
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Security-by-contract: toward a semantics for digital signatures on mobile code
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Load time security verification
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
| Hi-index | 0.00 |
While mobile devices have become ubiquitous and generally multi-application capable, their operating systems provide few high level mechanisms to protect services offered by application vendors against potentially hostile applications coexisting on the device. In this paper, we tackle the issue of controlling application interactions including collusion in Java-based systems running on open, constrained devices such as smart cards or mobile phones. We present a model specially designed to be embedded in constrained devices to verify on-device at loading-time that interactions between applications abide by the security policies of each involved application without resulting in run-time computation overheads; this model deals with application (un)installations and policy changes in an incremental fashion. We sketch the application of our approach and its security enhancements on a multi-application use case for GlobalPlatform/Java Card smart cards.