Verification of a Formal Security Model for Multiapplicative Smart Cards
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Checking secure interactions of smart card applets: extended version
Journal of Computer Security - Special issue on ESORICS 2000
Advanced control flow in Java card programming
Proceedings of the 2004 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
Which security policy for multiplication smart cards?
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Security-by-contract on the .NET platform
Information Security Tech. Report
Malicious Code on Java Card Smartcards: Attacks and Countermeasures
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Scheduling execution of credentials in constrained secure environments
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Certification of smart-card applications in common criteria
Proceedings of the 2009 ACM symposium on Applied Computing
On-board credentials with open provisioning
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Multiapplication smart card: Towards an open smart card?
Information Security Tech. Report
Smart card applications and security
Information Security Tech. Report
Attacking smart card systems: Theory and practice
Information Security Tech. Report
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Report highlights: New security issues raised by open cards
Information Security Tech. Report
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
JACK: a tool for validation of security and behaviour of Java applications
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
A Paradigm Shift in Smart Card Ownership Model
ICCSA '10 Proceedings of the 2010 International Conference on Computational Science and Its Applications
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
On-device control flow verification for Java programs
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Application-binding protocol in the user centric smart card ownership model
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
A Load Time Policy Checker for Open Multi-application Smart Cards
POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
JCML: A specification language for the runtime verification of Java Card programs
Science of Computer Programming
Load time security verification
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Cryptography and Security
Application-Replay attack on java cards: when the garbage collector gets confused
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Evaluation of the ability to transform SIM applications into hostile applications
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Combined software and hardware attacks on the java card control flow
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Java card operand stack: fault attacks, combined attacks and countermeasures
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Practical Attack Scenarios on Secure Element-Enabled Mobile Devices
NFC '12 Proceedings of the 2012 4th International Workshop on Near Field Communication
Java card architecture for autonomous yet secure evolution of smart cards applications
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
JCSI: A tool for checking secure information flow in Java Card applications
Journal of Systems and Software
Verifiable control flow policies for java bytecode
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Type Classification against Fault Enabled Mutant in Java Based Smart Card
ARES '12 Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security
Coopetitive architecture to support a dynamic and scalable NFC based mobile services architecture
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
Over-the-air (OTA) application installation and updates have become a common experience for many end-users of mobile phones. In contrast, OTA updates for applications on the secure elements (such as smart cards) are still hindered by the challenging hardware and certification requirements. The paper describes a security framework for Java Card-based secure element applications. Each application can declare a set of services it provides, a set of services it wishes to call, and its own security policy. An on-card checker verifies compliance and enforces the policy; thus an off-card validation of the application is no longer required. The framework has been optimized in order to be integrated with the run-time environment embedded into a concrete card. This integration has been tried and tested by a smart card manufacturer. In this paper we present the architecture of the framework and provide the implementation footprint which demonstrates that our solution fits on a real secure element. We also report the intricacies of integrating a research prototype with a real Java Card platform.