IRIS

Modern multi-application smart cards can become an integrated environment where applications from different providers are loaded on the fly and collaborate in order to facilitate lives of the cardholders. This initiative requires an embedded verification mechanism to ensure that all applications on the card respect the application interactions policy. The Security-by-Contract approach for loading time verification consists of two phases. During the first phase the loaded code is verified to be compliant with the supplied contract. Then, during the second phase the contract is matched with the smart card security policy. The report focuses on the first phase and describes an algorithm for static analysis of the loaded bytecode on Java Card. We also report about implementation of this algorithm that can be embedded on a real smart card.

Load Time Security Verification: The Claim Checker / Gadyatskaya, Olga; Lostal, Eduardo; Massacci, Fabio. - ELETTRONICO. - (2011), pp. 1-23.

Load Time Security Verification: The Claim Checker

Gadyatskaya, Olga
Primo
;Lostal, Eduardo
Secondo
;Massacci, Fabio
Ultimo
2011-01-01

Abstract

Modern multi-application smart cards can become an integrated environment where applications from different providers are loaded on the fly and collaborate in order to facilitate lives of the cardholders. This initiative requires an embedded verification mechanism to ensure that all applications on the card respect the application interactions policy. The Security-by-Contract approach for loading time verification consists of two phases. During the first phase the loaded code is verified to be compliant with the supplied contract. Then, during the second phase the contract is matched with the smart card security policy. The report focuses on the first phase and describes an algorithm for static analysis of the loaded bytecode on Java Card. We also report about implementation of this algorithm that can be embedded on a real smart card.
2011
Trento
Università degli Studi di Trento, Dipartimento di Ingegneria e Scienza dell'Informazione
Load Time Security Verification: The Claim Checker / Gadyatskaya, Olga; Lostal, Eduardo; Massacci, Fabio. - ELETTRONICO. - (2011), pp. 1-23.
Gadyatskaya, Olga; Lostal, Eduardo; Massacci, Fabio
File in questo prodotto:
File Dimensione Formato  
Report-Disi-11-471.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 659.7 kB
Formato Adobe PDF
Visualizza/Apri
659.7 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/359563
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact