JCSI: A tool for checking secure information flow in Java Card applications

Authors:
Marco Avvenuti;Cinzia Bernardeschi;Nicoletta De Francesco;Paolo Masci
Affiliations:
Department of Information Engineering, University of Pisa, 56126 Pisa, Italy;Department of Information Engineering, University of Pisa, 56126 Pisa, Italy;Department of Information Engineering, University of Pisa, 56126 Pisa, Italy;School of Electronic Engineering and Computer Science, Queen Mary University of London, E1 4NS London, United Kingdom
Venue:
Journal of Systems and Software
Year:
2012

Citing 16
Cited 1

What's in a region?: or computing control dependence regions in near-linear time for reducible control flow

ACM Letters on Programming Languages and Systems (LOPLAS)
Certification of programs for secure information flow

Communications of the ACM
A lattice model of secure information flow

Communications of the ACM
Java Card Technology for Smart Cards: Architecture and Programmer's Guide

Java Card Technology for Smart Cards: Architecture and Programmer's Guide
Context Inference for Static Analysis of Java Card Object Sharing

E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
An Operational Semantics of the Java Card Firewall

E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Java Bytecode Verification: An Overview

CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
Java bytecode verification for secure information flow

ACM SIGPLAN Notices
A logic for information flow in object-oriented programs

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure object flow analysis for java card

CARDIS'02 Proceedings of the 5th conference on Smart Card Research and Advanced Application Conference - Volume 5
Which security policy for multiplication smart cards?

WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Static Program Analysis for Java Card Applets

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
A Load Time Policy Checker for Open Multi-application Smart Cards

POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
Information flow analysis for java bytecode

VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Load time code validation for mobile phone Java Cards

Journal of Information Security and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes a tool for checking secure information flow in Java Card applications. The tool performs a static analysis of Java Card CAP files and includes a CAP viewer. The analysis is based on the theory of abstract interpretation and on a multi-level security policy assignment. Actual values of variables are abstracted into security levels, and bytecode instructions are executed over an abstract domain. The tool can be used for discovering security issues due to explicit or implicit information flows and for checking security properties of Java Card applications downloaded from untrusted sources.