Load time security verification

Authors:
Olga Gadyatskaya;Eduardo Lostal;Fabio Massacci
Affiliations:
DISI, University of Trento, Italy;DISI, University of Trento, Italy;DISI, University of Trento, Italy
Venue:
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Year:
2011

Citing 8
Cited 1

Verification of a Formal Security Model for Multiapplicative Smart Cards

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Checking secure interactions of smart card applets: extended version

Journal of Computer Security - Special issue on ESORICS 2000
Java bytecode verification for secure information flow

ACM SIGPLAN Notices
Which security policy for multiplication smart cards?

WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On-device control flow verification for Java programs

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
A Load Time Policy Checker for Open Multi-application Smart Cards

POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
Security-by-contract: toward a semantics for digital signatures on mobile code

EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice

Load time code validation for mobile phone Java Cards

Journal of Information Security and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Modern multi-application smart cards can be an integrated environment where applications from different providers are loaded on the fly and collaborate in order to facilitate lives of the cardholders. This initiative requires an embedded verification mechanism to ensure that all applications on the card respect the application interactions policy. The Security-by-Contract approach for loading time verification consists of two phases. During the first phase the loaded code is verified to be compliant with the supplied contract. Then, during the second phase the contract is matched with the smart card security policy. The paper focuses on the first phase and describes an algorithm for static analysis of the loaded bytecode on Java Card. The paper also reports about implementation of this algorithm that can be embedded on a real smart card.