Can we support applications' evolution in multi-application smart cards by security-by-contract?

N. Dragoni, O. Gadyatskaya, F. Massacci

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Java card technology have progressed at the point of running web servers and web clients on a smart card. Yet concrete deployment of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and update of applications by different parties requires the control of interactions among possible applications after the card has been fielded. Yet the current security models and techniques do not support this type of evolution. We propose in this paper to apply the notion of security-by-contract (S×C), that is a specification of the security behavior of an application that must be compliant with the security policy of the hosting platform. This compliance can be checked at load time and in this way avoid the need for costly run-time monitoring. We show how the S×C approach can be used to prevent illegal information exchange among several applications on a single smart card platform, and to deal with dynamic changes in both contracts and platform policy. © IFIP International Federation for Information Processing 2010.
Original languageEnglish
Title of host publicationInformation Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices - 4th IFIP WG 11.2 International Workshop, WISTP 2010, Proceedings
Pages221-228
DOIs
Publication statusPublished - 2010
Externally publishedYes
Event4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices, WISTP 2010 - , Germany
Duration: 12 Apr 201014 Apr 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices, WISTP 2010
Country/TerritoryGermany
Period12/04/1014/04/10

Fingerprint

Dive into the research topics of 'Can we support applications' evolution in multi-application smart cards by security-by-contract?'. Together they form a unique fingerprint.

Cite this