Orchestrating security and system engineering for evolving systems
ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
Load time security verification
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
JCSI: A tool for checking secure information flow in Java Card applications
Journal of Systems and Software
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
Hi-index | 0.00 |
Applications on multi-application smart cards contain sensitive data and can exchange information. Thus a major concern is that these applications should not exchange data unless permitted by their respective policy. As modern smart cards allow post-issuance installation and removal of applications, traditional approaches for information flow analysis are not suitable. We suggest the Security-by-Contract approach for loading time application certification on the card, that will enable the stakeholders with the means to ensure the compliance of every update of the card with their security policy. We describe an extension of the card security architecture to deal with verification for different types of updates and present a Java Card prototype implementation of the Policy Checker with performance measurements.