Java card architecture for autonomous yet secure evolution of smart cards applications

Authors:
Olga Gadyatskaya;Fabio Massacci;Federica Paci;Sergey Stankevich
Affiliations:
DISI, University of Trento, Italy;DISI, University of Trento, Italy;DISI, University of Trento, Italy;DISI, University of Trento, Italy
Venue:
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Year:
2010

Citing 8
Cited 1

Verification of a Formal Security Model for Multiapplicative Smart Cards

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Checking secure interactions of smart card applets: extended version

Journal of Computer Security - Special issue on ESORICS 2000
Model-carrying code: a practical approach for safe execution of untrusted applications

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Which security policy for multiplication smart cards?

WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Security-by-contract: toward a semantics for digital signatures on mobile code

EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice

Load time code validation for mobile phone Java Cards

Journal of Information Security and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Open multi-application smart cards that allow post-issuance evolution (i.e. loading of new applets) are very attractive for both smart card developers and card users. Since these applications contain sensitive data and can exchange information, a major concern is the assurance that these applications will not exchange data unless permitted by their respective policies. We suggest an approach for load time application certification on the card, that will enable the card to make autonomous decisions on application and policy updates while ensuring the compliance of every change of the platform with the security policy of each application's owner.