Load time security verification
作者: Olga Gadyatskaya , Eduardo Lostal , Fabio Massacci
DOI: 10.1007/978-3-642-25560-1_17
关键词:
摘要: Modern multi-application smart cards can be an integrated environment where applications from different providers are loaded on the fly and collaborate in order to facilitate lives of cardholders. This initiative requires embedded verification mechanism ensure that all card respect application interactions policy. The Security-by-Contract approach for loading time consists two phases. During first phase code is verified compliant with supplied contract. Then, during second contract matched security policy. The paper focuses describes algorithm static analysis bytecode Java Card. also reports about implementation this a real card.
springer.com
sci-hub.st 参考文章(15)
Julien Iguchi-Cartigny, Jean-Louis Lanet, Dieter Gollmann, Smart Card Research and Advanced Application ,(2011)
N. Dragoni, F. Massacci, K. Naliuka, I. Siahaan, Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code Public Key Infrastructure. pp. 297- 312 ,(2007) , 10.1007/978-3-540-73408-6_21
Olga Gadyatskaya, Fabio Massacci, Eduardo Lostal, Load Time Security Verification: The Claim Checker ,(2011)
Marieke Huisman, Dilian Gurov, Christoph Sprenger, Gennady Chugunov, Checking Absence of Illicit Applet Interactions: A Case Study fundamental approaches to software engineering. ,vol. 2984, pp. 84- 98 ,(2004) , 10.1007/978-3-540-24721-0_6
Pierre Girard, Which security policy for multiplication smart cards WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology. pp. 3- 3 ,(1999)
Dorina Ghindici, Isabelle Simplot-Ryl, On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards smart card research and advanced application conference. ,vol. 5189, pp. 32- 47 ,(2008) , 10.1007/978-3-540-85893-5_3
P. Bieber, J. Cazin, P. Girard, J.-L. Lanet, V. Wiels, G. Zanon, Checking secure interactions of smart card applets: extended version Journal of Computer Security. ,vol. 10, pp. 369- 398 ,(2002) , 10.3233/JCS-2002-10404
Marco Avvenuti, Cinzia Bernardeschi, Nicoletta De Francesco, Java bytecode verification for secure information flow Sigplan Notices. ,vol. 38, pp. 20- 27 ,(2003) , 10.1145/966051.966055
Úlfar Erlingsson, Nicola Zannone, Roelf J. Wieringa, Engineering Secure Software and Systems ,(2011)
Samuel Hym, Arnaud Fontaine, Isabelle Simplot-Ryl, On-device control flow verification for Java programs international conference on engineering secure software and systems. ,vol. 6542, pp. 43- 57 ,(2011) , 10.5555/1946341.1946347