SC2: secure communication over smart cards how to secure off-card matching in security-by-contract for open multi-application smart cards

Authors:
Nicola Dragoni;Eduardo Lostal;Davide Papini;Javier Fabra
Affiliations:
DTU Informatics, Technical University of Denmark, Denmark;DTU Informatics, Technical University of Denmark, Denmark;DTU Informatics, Technical University of Denmark, Denmark;DIIS, University of Zaragoza, Spain
Venue:
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Year:
2011

Citing 14
Cited 0

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sanctuary for mobile agents

Secure Internet programming
Java Card Technology for Smart Cards: Architecture and Programmer's Guide

Java Card Technology for Smart Cards: Architecture and Programmer's Guide
Bytecode verification on Java smart cards

Software—Practice & Experience
Cryptography and Network Security: Principles and Practice

Cryptography and Network Security: Principles and Practice
A Study on the Optimization of Class File for Java Card Platform

ICOIN '02 Revised Papers from the International Conference on Information Networking, Wireless Communications Technologies and Network Applications-Part I
Model-carrying code: a practical approach for safe execution of untrusted applications

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Interactive Theorem Proving and Program Development

Interactive Theorem Proving and Program Development
Static validation of security protocols

Journal of Computer Security
Security-by-contract on the .NET platform

Information Security Tech. Report
On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Certified memory usage analysis

FM'05 Proceedings of the 2005 international conference on Formal Methods
Can we support applications' evolution in multi-application smart cards by security-by-contract?

WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Security-by-contract: toward a semantics for digital signatures on mobile code

EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Security-by-Contract (S×C) framework has recently been proposed to support software evolution in open multi-application smart cards. The key idea lies in the notion of contract , a specification of the security behavior of an application that must be compliant with the security policy of the card hosting the application. In this paper we address a key issue to realize the S×C idea, namely the outsourcing of the contract-policy matching service to a Trusted Third Party (TTP). In particular, we present the design and implementation of SC2 (Secure Communication over Smart Cards), a system securing the communication between a smart card and the TTP which provides the S×C matching service.