High-level algorithms and data structures requirements for security-by-contract on Java cards

N. Dragoni, O. Gadyatskaya, F. Massacci, A. Philippov

Research output: Contribution to JournalArticleAcademicpeer-review

Abstract

The Java Card technology has progressed to the point of running web servers and web clients on a smart card. Yet concrete deployments of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and update of applications by different parties requires the control of interactions among possible applications after the card has been fielded. The current security models and techniques do not support this type of evolution. We propose in this paper to apply the notion of security-by-contract (S×C), that is a specification of security-related behaviour of an application that must be compliant with the security policy of the hosting platform. This compliance can be checked at the application loading time, avoiding in this way the need of costly runtime monitoring. We show how S×C can be used to prevent illegal information exchange among applications on a single smart card platform in presence of dynamic changes on the card. Copyright © 2012 Inderscience Enterprises Ltd.
Original languageEnglish
Pages (from-to)284-304
JournalInternational Journal of Critical Computer-Based Systems
Volume3
Issue number4
DOIs
Publication statusPublished - 2012
Externally publishedYes

Fingerprint

Dive into the research topics of 'High-level algorithms and data structures requirements for security-by-contract on Java cards'. Together they form a unique fingerprint.

Cite this