On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards
作者: Dorina Ghindici , Isabelle Simplot-Ryl
DOI: 10.1007/978-3-540-85893-5_3
关键词:
摘要: In the multiapplicative context of smart cards, a strict control underlying information flow between applications is highly desired. this paper we propose model to improve usability in such systems by limiting overhead for adding security Java Virtual Machine. We define domain specific language defining policies describing allowed inside card. The are certified at loading time with respect policies. illustrate our approach on LoyaltyCard, card involving four loyalty sharing fidelity points.
springer.com
sci-hub.st 参考文章(22)
Steve Zdancewic, Challenges for Information-flow Security ,(2004)
Pierre Girard, Which security policy for multiplication smart cards WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology. pp. 3- 3 ,(1999)
Vincent Simonet, Flow Caml in a Nutshell ,(2003)
P. Bieber, J. Cazin, P. Girard, J.-L. Lanet, V. Wiels, G. Zanon, Checking secure interactions of smart card applets: extended version Journal of Computer Security. ,vol. 10, pp. 369- 398 ,(2002) , 10.3233/JCS-2002-10404
Dorina Ghindici, Gilles Grimaud, Isabelle Simplot-Ryl, An information flow verifier for small embedded systems workshop in information security theory and practice. ,vol. 4462, pp. 189- 201 ,(2007) , 10.5555/1763190.1763212
J. A. Goguen, J. Meseguer, Security Policies and Security Models ieee symposium on security and privacy. pp. 11- 11 ,(1982) , 10.1109/SP.1982.10014
Marco Avvenuti, Cinzia Bernardeschi, Nicoletta De Francesco, Java bytecode verification for secure information flow Sigplan Notices. ,vol. 38, pp. 20- 27 ,(2003) , 10.1145/966051.966055
Bart De Win, Frank Piessens, Jan Smans, Wouter Joosen, Towards a unifying view on security contracts ACM SIGSOFT Software Engineering Notes. ,vol. 30, pp. 1- 7 ,(2005) , 10.1145/1082983.1083204
George C. Necula, Proof-carrying code symposium on principles of programming languages. pp. 106- 119 ,(1997) , 10.1145/263699.263712
Dorina Ghindici, Gilles Grimaud, Isabelle Simplot-Ryl, Embedding verifiable information flow analysis Proceedings of the 2006 International Conference on Privacy, Security and Trust Bridge the Gap Between PST Technologies and Business Services - PST '06. pp. 39- ,(2006) , 10.1145/1501434.1501481